> But seriously, +1 for PCI-DSS, make it mandatory. My understanding is that PCI-DSS is mandatory for all CC merchants that store credit card details. You choice is get audited etc or outsource to someone that already has been. Craig.