2) Despite the fact that it is NOT a PCI compliant payment option of processing credit cards, you can still choose to have guests enter their credit card information for manual processing or to guarantee the reservation.
In this case, part of the sensitive data is sent by e-mail to you and the rest of the details can be accessed through the admin panel. This means that the full details won't be stored on your server and this is by far the most secure way to collect card details for manual / offline processing.
While collecting card information for manual processing may be a matter of cost-savings and convenience for you, doing so may be a violation of PCI compliance or even violation of the Terms Of Service of your merchant account agreement, and may not even be legal in your country.
It is YOUR responsibility to ensure suitability before using this option for collecting payment information.
Also, in case of collecting card information for manual processing , it is mandatory to use an SSL certificate in order to secure the channel from the guest browser to the server where the Online Booking Manager product is hosted.
The SSL certificate is not mandatory for the system to work but of course is mandatory if a secure channel (100% recommended) have to be established between guest's browser and your server. For the system's functionality it doesn't matter if you have or not an SSL certificate. We recommend that the administrative part and all the booking pages that work with credit card information should be SSL secured.
This SSL certificate should be purchased independently by you from an SSL certificate provider or your hosting company could offer you a secure space
Concluding, it is highly recommended to use PCI-DSS compliant solutions for handling online payments.