I'm trying to decide between Paypal PayFlow for a transaction processing service or a service like BrainTree.
BrainTree's service intrigues me because they will actually return a token to you for a credit card which can be used in future transactions. This token acts like a GUID for the credit card, but is useless if stolen. BrainTree is the only service I have come across that uses such a system - but I'm not sure if they are unique or not.
I heard some praise for BrainTree on a recent podcast, and had not heard of them before.
I wondered if anyone has any general advice on picking between the two - from the perspective of how much programming I will need to do or PCI concerns.
I'm based in Europe, and it sounds like you're based in the US? That being so I can only mention that there are certainly service providers on this side of the pond (and I imagine that one too) that offer pretty decent tokenised payment solutions. Tokenisation is fast becoming the standard way for payment service providers (PSP's) to help merchants with their PCI compliance.
If you want to take advantage of a token solution to help with PCI compliance then its inevitable that you'll end up redirecting users to a third party site. Most PSP's allow the payment page to be styled, to look as close to your source site as possible. The redirecting is necessary to ensure that your source site has no involvement at all with the capture and transmission of card number data. It also means you dont have to worry about integration with Verified By Visa, or MasterCard SecureCode.
Once the third party site has completed the transaction you'll be left with a token value, and again - different PSP's allow different things, but I know some here allow for (eg) card capture only, or authorisation only (allowing settlement to take place at a later time).