As post #3 states ... they ARE using a secure server (SSL/ HTTPS).
The CC information is the last thing to get ...
And if you're using iDEAL as an AIM (Advanced Integration Method), you'll
be providing them with the CC information plus the amount (that's it).
Your database will have the invoice (items, qty, shipping, etc), plus all of
the customer's data .. name, address, shipping address, etc.
I agree with post #9 that you should be using a "true and tried" script that
comes with a gateway for iDEAL. Not sure if OSCommerce has it, but you
can easy check it out. You will still be using your own secure server and your
own database, as even with OSCommerce or Magento, the method will be AIM.