Yes! I think it's one of the most important parts. Users trust you with their data. I don't use any tool but I write tests for critical parts of the applications :). There's also a lot of good practices to make programs more secure. I use OWASP Top 10 as one of my references, you can find it here: https://www.owasp.org/index.php/Top_10-2017_Top_10
I've used Clearbit before and it worked really nice if you don't want to bother users or worry that a challenge like CAPTCHA would impact signups too much. You can check out the Risk API, they have a free plan for low volume https://clearbit.com/risk
I've only used Stripe and only for consumer payments not businesses. I export all payment data from Stripe which gives me the country of the card (whatever that means) and have a script that calculates vat to pay per country :)
Leaving businesses makes it easier. That´s another option to consider.