The secure payment system for the SpryNetwork (USA company that I work with sometimes) is a complete payment core for both pre-built and ad-hoc packages for both credit cards and PayPal. The payment core ties in tightly with the SpryAdmin site, however it is entirely separate and provides very different functionality.
SpryNetwork have a range of sites providing internet services including broadcast streaming, hosting and web-design and designing a separate payment system for each site would not only be time consuming, but all costly. Instead I deciding to opt for a filter funnel type approach where all purchases are made through a single system and any site which wishes to use it filters data through to it. In order to maintain the user interface for each site from which purchases can be made, the ordering system is completely theme-able to the required user interface.
Security is obviously paramount in a site such as this, and I used several techniques in order to make sure the site is locked down tight (obvious ones such as data validation, no 'interesting' data in cookies, auto log-out, encryption - and several more complex methods which I won't list here for security reasons...). Payments are made by interfacing with the Authorize.net credit card payment servers, or through PayPal. Both one off payments and reoccurring payments can be made though the system.