justgowithit - 2:57 pm on Aug 24, 2007 (gmt 0)

Since you are developing for a client you carry some liability. Read up on the Cardholder Information Security Program (CISP) [usa.visa.com].

More specifically, take a look at this file for CISP payment application best practices guide [usa.visa.com] (the link points to a .doc file). This document will outline what data can be stored, what cannot, and restrictions for both.