I'll just add in that you do *not* want to ever have access to the credit card numbers. That obligates you to be PCI-DSS compliant, and that's not something you want to deal with if you don't have to. So yes, use a trusted third-party as everyone else has already said. Not just because they already have the infrastructure, but because of PCI.
Shawn -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
