Setting up online payments
I did this a few months ago and one of the things I found invaluable was to get in touch with whomever is your countries equivalent of the Association for Payment and Clearing Service (ours is at http://www.apacs.org.uk/ ) to find out the current trends in card no present fraud and also to find out what various online payment services are doing about them.
http://www.ftc.gov/ is also helpful.
Also, it's worth auditing your internal processed (as Soggybottom mentioned) to make sure you are minimising opportunities for errors and internal fraud.
Dumb things people often do without realising it:
(1) Sending credit card details in full as part of the receipt sent to the customer
(2) Storing cc details unencrypted on customer databases (which may or may not be secure
(3) Revealing all fields as a default within a database (so instead of just seeing either financial or personal data, you can see everything).
(4) Holding data for too long.