> I was wondering if there are any legal issues > saving the last 4 digits and expiry dates of a > CC as part of a transaction? Should they be > encrypted?
See the PCI-DSS (Payment Card Industry Data Security Standards). There are a lot of contractual regulations that have to be met if you're processing credit card transactions. https://www.pcisecuritystandards.org/ https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml http://en.wikipedia.org/wiki/PCI_DSS -Justin Scott ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:310109 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4