Store the transaction ID you send to Credo in case you need to follow up on a transaction and they must all be unique.
As a matter of Credo security policy, you should refrain from putting the Credo Gateway page within an iFrame as it has a security implication, one of which is cross-site scripting.
It is advisable that your website talk to Credo in TLS mode during payment authorizations most especially on production.
Your website MUST provide a callback page for a failed transaction in case of network/internet problem while expecting a response from Credo Gateway.
Live tests using live card information should never be used in a demo environment.