I feel very naive writing about this, but I took on 2 e-commerce sites and now realize I never ever should have stored the cc data. I don't believe there was any breach of the data as they are very small stores to begin with, but I am just worried from a liability stand point, god for bid, anything happened before I got them on a secure processing gateway and passed them along to someone else - I don't maintain them any more.

Any information would be much appreciated - thank you.

I haven't done any e-commerce stuff but am interested to see what others say about this issue.

Well, this is really a legal question so any response on this forum is just some good ol advice and not to be taken as actual legal advice. That said, according to recent court rulings, yes, if you are the one who is responsible for storing/transporting the data, you may possibly be held liable. And Congress is in the process of trying to pass laws (although the cc companies are fighting them) of making them more strict. You should never store cc info (or soc sec numbers, etc). Let that be handled by a third party formed for that specific purpose. (Although, it seems if you are a government entity, you are not liable at all ... ;-> )

I had to implement the PCI Data Security Standard (https://www.pcisecuritystandards.org/) at a large company, a couple years ago. This is the standard you and the company you made these sites for, could be held against. It is increasingly stringent as the dollar amount you run through credit cards increases (the lowest level is something like up to $100K/year or so). So if you're curious as to how close you are to compliance, you might do some reading out there. At least enough to speak intelligently to your customers if you end up talking to them about this topic :)

Dave

i guess there's 2 questions:

1. Did you inform your customers that you were storing credit card information, and is it published on the site that credit card information will be stored?

2. Did you claim to be PCI compliant?

As long as 1 is yes and 2 is no, you should be ok.