Hi Zaxo
Yes in a ideal world I would agree, I am unfortunately stuck in a bad situation as I would ideally have some online payment gateway to use but thats not the case and the powers that be are happy. With access to the database, thats locked down pretty tight and everything is encrypted so I dont think thats a real risk, the risk is the users who have access to the billing system but thats the same for many other systems as well that staff can view users details... I just want to reduce the risk as much as I can