I have a client who has a product and I'm tasked to create a landing page to promote this. The client is now asking me to create an order form that will take the user's name, address, (shipping, billing), email and credit card, coupon code, etc. I said we should use paypal/authorize.net/formsite or something to take these info esp. the credit card but she just wants it sent to her email and that way she can process the info manually and let it go through the call center. I have a feeling this goes against PCI security standards.
Is it okay to have users enter their credit card info on this site and just send it to her email? What should I do?