Ideally you should use an online Credit Card Processor such as Authorize.net, in this case you do not need to store or send the CC details to anyone.
However, as is so often the case, the customer is not willing to spend the money to use such a service. Given that scenario, you should NEVER SEND A CC NUMBER IN AN EMAIL! Instead store it in a database using an extemely strong encryption technology such as blowfish. If you have CFMX 7 then blowfish is one of the included encryption tools included, if not I believe there is a tag you can buy. Encrypt the CC info in your database, make sure it is absolutely inaccessible from the outside world and run SSL on the front end and admin areas of your website. I would also include a process somewhere in your system for deleing old CC numbers after a reasonable period of time. This limits your liability if anything happens to your database. Also, this is important, try as hard as possible to convince your client/boss that storing CC numbers in your own database is a really bad idea and can open you up to all sorts of legal action if your data is compromised. HTH =] -- Alan Rother Macromedia Certified Advanced ColdFusion MX 7 Developer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:254053 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
