If the system stores credit card numbers on the consumer’s computer, are they stored encrypted? They should be. Otherwise, a person who has access to the consumer’s computer will have access to personal, valuable, and easily abused information.

If the system uses credit card numbers, are they stored on the server? They should not be stored unless recurring charges are expected. If the numbers are stored, they should be stored encrypted. Otherwise, anyone who has access to the server will be able to steal hundreds or thousands of credit card numbers at a time.

Are stored credit card numbers purged from the system after the transaction is completed? If a transaction is not recurring, they should be. Otherwise, a customer could be double-billed either accidentally or intentionally by a rogue employee.

Does the system test the check digit of the supplied credit card number when the numbers are entered? It should, as it is easier to correct data-entry errors when they are made (and, presumably, while the customer’s card is still out), than later, when the charges are submitted.

Can the system do preauthorizations in real time? This is a feature that depends on your situation. If you ...