I read your question again. If users are putting credit cards numbers into your website then you will need to complete SAQ D on the PCI compliance. Its very complicated. https://www.pcisecuritystandards.org/security_standards/documents.php?category=saqs
The easist option is to redirect the user to authorise.net or paypal to eneter the credit card details.