Im getting the impression you guys are making this much harder on yourselves than you need to... Business bank account (suntrust, boa, whatever), bank merchant account (typically backed by first data), and a virtual terminal.
Pci compliance is handled for you for $150 bucks a year through their 3rd party (this is not optional, and required by law depending on where you are). You can take phone payments this way (for large single ticket items you're screening people anyway), or connect a gateway for your online payments... Or both.
$15/mo for the merch acct, 2.**% transactions fees, amex included. You're done, add in PayPal optionally, everyone should be happy. (In my experience, much much better than authorize.net and the like)
A spec E&O policy will protect faulty web entries.
After customer info is entered the first time, it's encrypted and stored on first data's system, so all you have to maintain server side is your SSL.
Okay I'll shut up now.
Pci compliance is handled for you for $150 bucks a year through their 3rd party (this is not optional, and required by law depending on where you are). You can take phone payments this way (for large single ticket items you're screening people anyway), or connect a gateway for your online payments... Or both.
$15/mo for the merch acct, 2.**% transactions fees, amex included. You're done, add in PayPal optionally, everyone should be happy. (In my experience, much much better than authorize.net and the like)
A spec E&O policy will protect faulty web entries.
After customer info is entered the first time, it's encrypted and stored on first data's system, so all you have to maintain server side is your SSL.
Okay I'll shut up now.
