tachyon makes some great practical points. Personally, I've created many e-commerce sites and not experienced the problems mentioned. However, I have found that the authorization gateway (the entity that intercedes between your site and the merchant acct. to actually validate the card) can have various protocols, some of which can be tricky.

My favorite gateway provider allows a very easy to implement LWP:: UserAgent and HTTP::Request::Common interaction. You and your customer needs to decide what degree of validation is needed and just plug in the correct gateway codes.

Of course, you will need to purchase a secure certificate and have it installed on your server. Also, you will need to create and encrypt a key on the server, which you should store in a non-public area of your site. Here's a sample of a simple transaction in Perl:

use HTTP::Request::Common;
use LWP::UserAgent;

my $ua = LWP::UserAgent->new;
my $req = POST 'https://secure.authorize.net/gateway/transact.dll',
   [    
   x_version        => '3.1',
   x_delim_data     => 'True',
   x_relay_response => 'False',
   x_login          => 'somepassword',
   x_tran_key       => $decrypted,
   x_amount         => $totalamt,
   x_card_num       => $ccnumber,
   x_exp_date       => $month.$year,
   x_type           => 'AUTH_CAPTURE',
   ];

my $reply;
my $response = $ua->request($req);
if ($response->is_success) {
   $reply = $response->content;
   } else {    
   print STDERR $response->status_line, "\n";
   } 

#parse $reply for authorized/decline codes and echo messages back to p
+urchaser...

my @replies = split(/,/, $reply);
my $reason = $replies[3];
SWITCH: for ($replies[0]) {
   /2/ && do { &declined; last; };
   /3/ && do { &error; last; };
   $replies[0] = 0;
 }
[download]

Good luck!