<snip lots of good stuff> > Are there any employees who have access to this PC? What sort of > background checks have you run on every employee? > > Do you REALLY want to run the risk of having to DESTROY your > reputation with all your customers? > </snip> Not only all that, but suppose one of your customers has his CC info stolen somewhere else, not even on your site. He reports it to the CC company, and they investigate. They're going to ask him where he used his card online. Your site pops up. The CC company contacts you and asks you to describe what you do to protect their customer's CC numbers. You say 'I wrote an encryption routine that I think is pretty good...' :-/ So, even if your site is bulletproof, you are going to have to be ready to back up your claim that the data is safe. The first question an investigator is going to ask is "Where is the data stored?". Your answer? "A shared server at some hosting company." :-/ The good news is, there is no reason to handle credit cards in an online store. There are tons of third party processors that will take on all these risks for you. JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php