Credit Card security question

My company is holding a raffle and companies like Paypal will not allow us to run the payments through their site because they consider it gambling.

One solution my company has asked me if i'm capable of is having people come to the site to "buy" a ticket, then take their CC information which sends it to our office so we can manually run it and then send the raffle ticket to the customer.

This is pretty easy on the surface but I'm concerned about the customers security (obviously). Would there be something inherently insecure about taking this information and storing it in a DB?

Yes, this is what SSL is for. It's illegal (at least here it is) to store an unencrypted credit card number, so make sure you encrypt it (or don't retain it after you use it).

You could also use another Payment gateway (http://www.google.com/#hl=en&source=hp&q=payment+gateway+comparison&aq=0&aqi=g10&aql=&oq=payment+gateway&gs_rfai=&fp=40427e7cfcee1b3f) besides Paypal.

Thanks.

All I needed. I figured it was over my head but I was asked to look into it. I've never implemented anything like this and I don't think this should be my first attempt.

I believe you need some dataprotection in place in order to store details, if something goes wrong e.g. someones details being misplaced, your company could be liable

I believe you need some dataprotection in place in order to store details, if something goes wrong e.g. someones details being misplaced, your company could be liable

yeah, right ... the amount of companies I've bought stuff online from only to be hit by fraud the next day with someone buying computers and mobile phones in the town next to the company I just bought from ... credit card company doesn't do anything. They just refund me from the fund they build with extortionate fees and interest.

Fraud isn't taken seriously by anyone. They just get honest people to pay for it indirectly like the rest of crime is funded by our tax money.