by loren_d_c » Thu May 03, 2012 10:00 am
If you are using a payment gateway such as Authorize.net to process the credit card orders in real-time and you don't really need to see the shopper's full credit card info for anything, then you can go to Orders -> Security -> Credit Card Storage and set it to 'Do not store Credit Cards', then ShopSite will not save the credit card info at all (just hands it off to the payment gateway) and your cart will be at the highest security level as far as credit card storage goes (because it simply is not storing it).
As far as your AVS settings in your Authorize.net account goes, that can vary by type of business because the fraud rates can be higher for certain kinds of business (jewelry stores, electronics, etc). Most people are used to providing the CVV code these days, so they should be expected to get that one right. Just be aware that for some non-US cards they may not be able to verify the CVV code, and for most non-US cards they probably won't be able to verify the address. I think Authorize.net has settings to allow for those scenarios.
-Loren