[eluser]brightdevice[/eluser]
Thanks for the response. Yes, SSL (https) is definitely in use. And as stated, when the form is successfully submitted (makes it past all of the form validation) the CC info is encrypted and saved temporarily in a database table.
I'm just not clear how that POST data in the form is saved and re-populated during a failed form validation? Is it accessible somewhere, in a cookie or session variable?