> Thanks for all the tips...It's certainly very clear now from all your > replies that sending details via email is a big NO NO.
... unless you know what you are doing. In our System we use the following method: Store a part of the CC-number in the DB and send the missing digits with eMail. This reduces the risk to an acceptable minimum (in our opinion). The only way to get the complete CC-number is to compare the order_id and find the corresponding DB-entry. Security is the most important thing. If a complete CC-number is stored in a DB on a server that is connected to the Internet it indeed is a risk. So we choose this method. > The client isn't > interested in any 3rd party verification - I imagine I will go for the > database interface option. I could send you the link to our project (GPL'd shop software in PHP using MySQL) when interested. Jan Wildeboer -- | Jan Wildeboer | /\/\/\ seijsener rekreatietechniek bv | | eBusiness/Lotus Notes | \____ Noorder IJ- en Zeeweg 11-12 | | Tel. +49 6203 924903 | \ NL1500 EK Zaandam | | Fax +49 6203 924972 | \/\/\/ http://www.seijsener.nl | _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
