Merchants using a service such as PayPal do not see credit card data, due to safety features, notes PayPal. The PayPal payment button loads PayPal's site for payment input. Other merchants use a payment gateway to validate credit card purchases, with data maintained directly on the site, explains Netregistry.
Merchants who handle credit card information must meet Payment Card Industry security, states the Open Web Application Security Project. Merchants may only store encrypted credit card numbers, and cannot display the full number. Online processors never store validation codes, and must delete those codes immediately after use. PCI also involves rules for network security, system updates and process monitoring.
Visa recommends that users look for trustworthy merchants. A user who does not know the seller should check the merchant's security policy or verify the merchant with the Better Business Bureau.