A number of customers have asked how we handle credit cards, in light of the slightly changed payment system in the new store. A general overview of how we handle credit cards in our payment engine is given here.
#1 At the point of sale, everything DAZ has implemented is a standard Magento Enterprise. We verify on name, address, Credit Card Number, Credit Card expiration and CVV2. Payment information is passed through a CISP (Cardholder Information Security Program) compliant payment gateway and approved and we receive an authentication back from them which is shown to you the customer in an approval/success message.
#2 For saved Credit Card profiles, we once again use a CISP compliant payment gateway service that handles credit card numbers. This service is not a part of our web servers nor do our web servers have access to this service in any way. The gateway service passes us a token which tells us a payment method has been approved. Credit Card numbers are never stored or accessible by any DAZ employee or website server. Also CVV2 numbers are used to approve a payment method for a subscription to verify the payment method and then not required once we verify. We do not store CVV2 numbers ever.
#3 We are required by our Credit Card Services provider to pass a regular scan and audit of all involved processes, hardware and services.
As we have stated, your Credit Card Information is kept segregated from our other systems and is not available to us.
Hopefully this helps you understand how credit cards are collected and processed.