You're not supposed to go to the gateway from that page. Wait til the confirmation page.
er, well, you're not supposed to use that "onsite" mode (it's not a PCI-compliant approach). To collect card data offsite, you're supposed to only use the "offsite" approach, where ALL the payment data is collected by the gateway and none of it via your site.
Don't.
Yes, that's where you send them.
In the strictest sense it's best to never hold it -- ever. But most solutions, even those PCI certified, typically do end up reading and forwarding it, but with a number of very important secure processes protecting those operations (too much detail to go into here).



Reply With Quote
