Is there anything like Authorize.net CIM in Canada? The CIM piece is awesome because you don't store any credit card information on your server, which takes all the PCI hassle out of the equation.
Solutions like CIM only simplify PCI compliance. You're still handling the card info, just not storing it. To completely get away from handling card data you have to send your customer over to another site like PayPal to enter their payment info. A sub-optimal user experience.
That being said, it's less likely for someone to sniff the info as it passes through your server's RAM than if it was stored on disk.
