I'll just add in that you do *not* want to ever have access to the credit card numbers. That obligates you to be PCI-DSS compliant, and that's not something you want to deal with if you don't have to. So yes, use a trusted third-party as everyone else has already said. Not just because they already have the infrastructure, but because of PCI.
Shawn -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
