If you're going to handle the payment service yourself, the first thing I would do is learn everything you can about the PCI standards: https://www.pcisecuritystandards.org...ards/index.php
Then you're going to want to read up on owasp's php security guide. This may not sound like fun, but it's way better than getting hacked and someone stealing the personal info of your customers.
https://www.owasp.org/index.php/PHP_...for_Developers