1. Avoid paypal. People hate using it. It will deter sales. It takes ages to get paid. The fees are high.
2. You need to get a online merchant facility attached to your bank. Fees are usually around $600 a year + 1% of sales. You need this regardless of whether you use a third party gateway or not.
3. The bank will generally supply an SDK so you can write a payment script, with code examples for php, asp, .net etc.
4. Once your site is built, the bank will check your site to see that it adheres to security standards. You usually require a dedicated ssl – around $100 – $200 a year to be installed and hosted on your server. Some banks will also check you’ve covered other practices like privacy, TOS etc.
5. If you don’t want to write a custom script, most shopping carts will have payment third party gateway integration eway, camtech. There are overheads associated including annual fees and % charges. However you don’t generally require an SSL, but you should have it anyway if you’re capturing private data (peoples contact details etc).
6. Never store credit card information. If you install an online cart system make sure you hide it by using SEF urls wherever possible, or robots.txt to block non-sef cart descriptors from google. This might save you getting trolled or haxed.