Peter wrote: > I'm setting up a shopping cart for a client who wants to process > credit card purchases "offline", You need to check into something called "PCI compliance," which is a fairly new requirement of (I believe) both Visa and Mastercard for how credit card numbers need to be stored. If your transaction volume is over a certain amount, they actually check your compliance, and if it's under a certain amount they have the right to audit your compliance. In either case, the fines are pretty steep for failing to comply. You can be failing compliance and liable for the fines even if there is no actual security breach. Good luck, Marcia Yudkin Marketing Mentor www.marketingformore.com