[shib71]

I can only offer my experiences: If you have a merchant account it is relatively easy to sign up with a processing gateway and process transactions. The ones I've worked with had clients we installed on our servers, but I believe they were just wrappers for encrypted web services. The whole process is complicated by two things: regulations about user information (particularly credit cards), and international credit cards.

Storing credit card numbers - some countries have regulations around online transactions. Simply not storing the numbers (or only the last 4 digits, for auditing) was fine for us (Australia FYI). I think the alternative was a number of encryption schemes. We also had to do an expensive audit of our network/website security (because of our revenue? I can't remember).

International customers/cards - take this with a grain of salt (we were mostly targeting domestic users), but I believe this depended on your gateway and bank. I suspect it's because of the difficulty of identifying fraudulent transactions - it's much simpler if the pool is a single country.