A client of ours currently uses VeriSign for online credit card processing. Works just fine. The client now wants to eliminate online payment processing by accepting the customer's billing info (including full credit card number) via a secure web form and then processing the payment using their credit card machine in the office. I am not a security expert -- I leave that up to my programmers -- but I am immediately concerned that any options we have here are not completely secure. Of course I am going to talk to the programmers about it (when they get in later today) but I am looking for some of your advice as well. Why would we take VeriSign OUT of the process?? Please help me understand what (if any) secure options there are out there: storing info in a database (legal??), e-mailing the info to the client (completely non-secure??), etc. THANKS!