I use Merchant Express + Authorize.net. Best deal I've found for a real merchant account. And yes it allows you to process cards directly in WHMCS.
★ Sam Barrow - CEO @ SQUIDIX(1-855-SQUIDIX)
★ Ask Us About Sponsoring Your Web Site (High Traffic Sites Only)
★ Squidix - Shared, Reseller, Semi-Dedicated, Managed VPS and Managed Dedicated Hosting
★ Midwestern Web - Web Design & Development Services
If you're looking for an actual "gateway" that plugs into merchant accounts Authorize.net is the most popular and widely supported of course. But the most flexible HTML integration gateway that I've seen (lots of flexibility with the buttons, etc) has been ITransact. Plug N Play also has a pretty easy API as does UsaEPay
Quantum Gateway if you are in the United States - they do not charge a monthly / transaction fee. They allow you to store credit card numbers on their secure website for recurring billing. And they have a number of fraud prevention tools (DialVerify, GeoIP, VMV/MSC) to help reduce chargebacks and fraud.
I too need to make a choice here, but Authorize.net won't work for me because in the beginning, I will be doing very low volume, so I can't satisfy their monthly minimum. This would leave me paying a monthly fee as a penalty, comes to $55/month with $99 setup.
Are there any solutions for smaller resellers who are just getting started?
Authorize.net is by far the most popular choice. In Canada, Beanstream is also an excellent choice. Paypal offers both basic and advanced integration, so if you are not happy with Paypal's basic integration, I recommend you look at their advanced integration (Paypal Payflow Pro I believe it's called). Hope that helps!
Unfortunately by just simply trying things without actually learning from others, you may introduce a lot of security holes in your code. If you're just using it for educational purpose and don't intend to commercialize your code, that's perfectly acceptable, but as you continue to learn you'll want to study code of other reputable sources (widely used online sources - think vbulletin, etc.) so that you can learn more about how other developers do things and why it's done that way. For example, without the appropriate security in place, your database could end up being hacked via SQL injection (one of the most common forms of online hacking). Hope this helps!