Reply To: Payment through credit cards.

At view and edit reservation.
It’s encrypted by a definable password in base64.
Because the password is stored in a .txt file on the server an Attacker can’t get the credit cards if he has only the database, which is most often the case.

But of course if a good hacker really wants them he will get them, as it’s obvious after the attack on Sony and other major companies. They’ll have a much better security and couldn’t avoid it. In reality your most effective security is that amount of data on your site will be far to low for these commercial driven attacks.

I would delete the data after the payment process.
Regards feryaz