Any merchant conducting financial transactions online absolutely MUST ensure that all sensitive information is encrypted. This includes credit card information, personal information, and customer history, among other things.
This encryption is enabled by using the SSL (Security Sockets Layer) protocol. By using SSL, your customers' information is encrypted when they send it, and it can only be decrypted by those who have the code to do so (your server).
Payment Gateways Offer An Added Level of Protection
Usually, a payment gateway is the intermediary between the merchant and the credit card companies themselved. These gateways process the credit cards, without the actual credit card numbers being transmitted to the merchant.
The merchant gets the details of the product purchased and the amount it was purchased for, but not the credit card numbers. This adds an additional degree of security for the customers, since their credit card number is never seen by the merchant.
The payment gateways follow even higher security standards than the merchant. Their servers are secured even more so than the average ecommerce server. They have multiple firewalls and levels of password protection, and their transactions are usually all handled through dedicated lines that are not accessible by anyone else.
For merchants who aren't able to use the SSL protocol directly on their website, they can redirect customers to the SSL server of the payment gateway service.
This ensures that the customer's information is transferred securely and there is no chance of the information being intercepted on the internet.
A system like this works to everyone's advantage - the merchant is more likely to sell their product because the customer's information is securely encrypted and the payment gateway gets a transaction fee for the service they're providing.
Gaining the Customer's Confidence
From this point, it's up to the merchant to convince their customers that their website is secure. Merchants need to be sure there is plenty of information on their website about the various steps they're taking to protect their customers' information.
Another less technical step that the merchant should take is to offer a professional website that is easy to navigate and familiar to their customers. A shopping site isn't the place to try to be "cutting edge". Sticking with what people know and recognize goes a long way towards building confidence.