[lsiunsuex]

Depends on how you write the code

(generally - theres a lot of coding specifics involved) Authorize.net via their API absolutely requires PCI compliance and an SSL certificate on your site. Stripe recommends an SSL certificate with their basic JS code. And unless your sending a user directly to Paypal's website to login via Paypal, if you use their API, you should have an SSL certificate and be PCI compliant.

IE: if the CC info is entered on a page you built, on your server, yes - SSL and PCI. If your sending the user to another site (ie: Paypal or using Stripes JS code) - no, it's on them.

Most programmers should at least read the parts of OWASP that pertain to their language (https://www.owasp.org). If it gets entered into a form and stored in some sort of DB, you should at least code with basic precautions.