> Thank you for the reply. I understand the reasoning behind your > response. My company and I were thinking about storing the numbers > permanently but I guess that will not be a good idea. There is a > firewall being deployed also. However, I do see the point. > > >Can I safely store multiple customer credit card numbers in a table > that is InnoDB, if I use an Encrypt() .... > No. The Encrypt function is too weak. AES_Encrypt/AES_Decrypt or > DES_Encrypt/DES_Decrypt are stronger. However I would strongly recommend > that credit card numbers not be permanently stored in the table. One way to think about storing multiple customer credit card numbers is to consider them as a liability or perhaps toxic waste. An individual like me may be off the hook with my credit card company if my account number is stolen once. However your company may not be off the hook if thousands of account numbers are released to an international crime group should you be hacked or a trusted employee turn bad. Such data also needs 'meta' data associated with it. Invoice number, customer ID, Date/Time, paid/pending, timer for return policy and so on. There are also some accounting standards that must be adhered to. Any encryption will have a key. Some design process needs to exist to re-encrypt the data should you find that the key is at risk or discover that the algorithm is hackable. Then there is the issue of backups.... -- T o m M i t c h e l l May your cup runneth over with goodness and mercy and may your buffers never overflow.