You should not handle the online payments yourself, unless you are a big company that has a lot of previous experience with it and you know exactly what you are doing. On top of that you’d need many acquirer connections and implement all of these in order to be able to process the payments. Also you’d have the need to be PCI Compliant…

And even then you might get hacked (look at what happened to Sony that had his PS3 creditcard database hacked).

So my advice would be to go with an online Payment Provider such as Ogone. They give you a complete API to allow you to receive online payments through many different payment methods and you do not have to worry about any security issues.

That is if you want to develop the entire webshop yourself (which is perfectly possible). If you want to save some time you can make use of several eCommerce solutions such as Magento. They also work together with Ogone, so you won’t have to worry about security issues either this way.

As for the data changes, you should make sure that this is impossible by using a good password and making sure that no SQL injection can be done on ANY page.