We are pretty strict on security here at Mebsites Development and webhosting. While we are a little over the top in some cases there are minimum standards we should all be sticking to for eCommerce websites. The industry standard when gathering client information, Sensitive client information, payment gateways and checkouts is PCI compliance. PCI compliance is a set of standards for web services providers to adhere to at a minimum to keep users data safe.
If you are hosting a gateway yourself often you will need to be compliant just to host the gateway. However I have noticed many instances where this is not the case. This means the website is exposing the users to potential hackers and exposing themselves legally. Not to mention the fallout from bad press if it makes the media or social media rounds, such as with recent Ashley Madison security breach.
Most common misconfigurations with Magento checkout
By far this is the most common mistake I see.
Some of the most common errors are:
Correct Broken Note: Updates can often re-break your https so alway check, don't assume.
Often the problem here is not all users browsers will accept the certificate as being trusted. Therefore users are flashed a very scary looking message that a glance looks like they are about to load some virus ridden cesspool of internet computer killing death. If you have this and your cart abandonment is through the roof 99% of the time this is the issue. A correctly configured EV SSL certificate is the best type of accepted certificate and self signed being the least accepted. Pay the 20 or 50 dollars and get at least a 90%+ accepted certificate.
Not all but some gateway providers require the right domain be listed in there system. This can include whether it is running under https or not, www. or not. Make sure it is working by doing a transaction.
Make sure you check all your shipping calculations are working, especially if it is using ajax or using an SOAP API system.
I hope that gives you all something to check and improve on. If you need help just give us a call or email at mebsites