>Is https enough to mostly protect the transmission of credit card data?
Very tricky question. Is HTTP enough for CC use. Yes. No doubt in my mind. https secures the channel that the CC num and details are passed through. The REAL security question, is what happens with that CC after it passes securely. Is it stored on an exposed database? Is the CC emailed to somebody? That's actually why I don't store CCs. I run the transaction, let the CC portal (authorize.net) track the CC and I keep the last 6 digits. Enough for our records, not enough to be of value if stolen. Hope that helps mj/v _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
