I have a question regarding payment processing safety.
In order to take credit card payments, usually, you have to apply for a merchant account in which you are asked questions regarding your business, products you sell, amounts, etc… Once approved, you download a 3rd party plugin and input API tokens to take payments.
I am wondering what security is in place from someone using the account approved for a website that sells clothes for example and then taking the information and using it to take payments on a website selling a different product.
Is there something in place to defend against this since I have looked at different providers and it seems the actual domain never gets back to the merchant provider. I am also thinking about people that operate in a high risk business that most processors are not willing to accept to take on and this person applying for a merchant account saying he sells something else then what he sells?
Anyone know more on this subject and cares to explain more in detail?
Thanks.