rocknbil - 2:34 am on Aug 21, 2010 (gmt 0)

much more than a boomerang payment system that bounces a shopper to a different url for payment details.

All of my clients use some form of a gateway - Authorize.net, LinkPoint, NetBilling - and the visitor never leaves their sites during a transaction. None of these clients store anything, save one, who uses autobilling and his system requires the last four and a transaction id. It's done with silent post using curl.

These servers and the programming on them survive regular PCI compliance scans. It doesn't cost 2K/month. Just lots of hair pulling after a scan. :-)