My suggestion is to have your order page submit to an internal CGI on your server... then parse out any invalid information and do your error-checking on it - and the do a "behind the scenes" POST of the information to the gateway server.
If you code in Perl, you can use LWP::UserAgent libraries and if you code in PHP, you could use CURL. (Other programming languages have their own equivalents.)
The other thing that you can do is set a referring URL check on either your script and/or on the gateway side if this is allowed. However, the cleanest and most secure option is usually to go ahead and check everything internally before submitting it behind the scenes to the gateway.
Hope that info is helpful!