Why must you store, even temporarily the CVV data? If you have to store locally, at least it can be PCI compliant. Does this gateway require the CVV for every transaction?
Cody's right.. this would probably be a deal breaker for us if the client was unwilling to listen. There are lots of negotiables with development, but this isn't really one of them and you could be drawn into it if there is a breach. If it's a customer you really need to keep, at a minimum, I would want a signed liability waiver and acknowledgement that it goes against your recommendation. If there is a breach later on, he can't point the finger at you (or sue you).