Responsible Handling of Billing Information?

moving on asks: "I've been asked by a client to build a fee based subscription service using surepay as the vendor for processing credit card transactions. Subscribers to the service will be billed X amount per month and that is the rub. Surepay does not offer recurring billing so I will need to store credit card numbers and related info. The question is then, how does one best do this in the most responsible manner?" The trick here is giving consumers the service they have come to expect from most websites, without exposing their personal information to would-be thieves. Do you think such a system is possible?

Simple

Just use a flat file plain text database on your webserver. Then your billing application can easily read and supply the necessary information to surepay. A simple robots.txt file will prevent it from being indexed and it will be 100% secure because it will be hidden!!! Simple, elegant, and secure!

Information wants to be free

[Dionysus]

Why encrypt it? Kinda parasitic to keep information from people, isn't it? And they're not thiefs. They're information liberators.

Re:Paper

[Skirwan]

Yeah, and when you take a cold shower, you probably turn on the hot water for 20 minutes until it's cold.

Abusing unintended timeouts in your hot water supply to access cold water through hot-water channels may be a violation of the DMCA. Please be advised that hot-water channels are to be used solely for the transport of hot or lukewarm water, and that any other use is prohibited by your license agreement. Sharing information that may allow others to mis-use common hot-water channels in unintended and undesired fashions is irresponsible and may leave you liable for criminal damages.

--
Damn the Emperor!