So you have a new ecommerce application eh? You say you've done your homework. You are using a reputable gateway. You think you are PCI compliant. You are not storing Credit card numbers anywhere and you are using SSL (plus you have new snazzy haircut). Life is good. Hmmmm.... do you ever stay awake at night wondering if you forgot something? One of the things that you might have overlooked is the web log files. I'm sure you are aware of these files... the ones that your customer is always running reports on so he can marvel at the ip geocoding and exclaim "Well would you look at that" about the 4 people from Uzbekistan that visited the site yesterday. Web logs come in a number of flavors, but most of them are able to track the URL "query_string" variable in the log. Many of them are set up this way by default. This can be helpful to figure out traffic patterns. If you handle credit cards a certain way however, they can lead to the pit of despair. Take this example....
This form collects the information:
See the easily recognizable CC number and expiration date? Very handy eh. This occurs whether your site is SSL secured or not. Please note, allowing CC Numbers to end up in the log files is a bad thing. Most admin types do not pay particular attention to securing the log files. Indeed, I have worked with some web hosts that zip them up into a folder (like /weblogs) off of your web root for easy downloading.
The moral of the story is two-fold. First, know what is in your web logs! Find out what's being stored there. Take a gander at them periodically and just sort of blithely peruse them with an open mind (chanting might also help) to see what turns up. Secondly, handle CC data as a POST request. Post requests are not stored in log files and will not show up in your web logs.
Finally, whenever you are working with CC numbers take the time to test all the things that are happening on the web server from start to finish. Don't neglect background processes like web logging or database logging. The end game is to know everything that is going on so there are no surprises.