Credit Card handling over internet for service provider
I've been delving through the knowledge on the site, and still seem to be having trouble locating the answer for my exact situation. A company i consult with is accepting credit cards via email or fax. They provide a service for their customers, so they store the card information and then they use it to pay for various things, like storage of belongings, or other services. Kind of like giving your credit card number to your wife, so she can buy something for you. So, what category does this put them in for PCI compliance? I assume they are a service provider. But... I'm trying to get them to implement a web solution for accepting the card numbers, so it is encrypted during transmission over the internet. And it will need to be encrypted in the database where it is stored. So does this now become a Payment App? or a Payment Gateway? The picture is blurry right now, and I need to clear it up some. I appreciate the help.