On Fri, Jan 05, 2001 at 01:32:43AM -0600, Austad, Jay wrote:
> View the source of the page.  If the form submit's the data to an https://
> url, then you should be able to consider it secure.  Many sites outsource
> their card processing, and some card processors will accept data from a POST
> operation to their site from the customers web page.  
> 
> Go over the HTML carefully though to be sure.

A side note on this:

I've encountered one site which had this backwards:  They swore up and down
that their credit card info page was "certified 100% as secure as it gets",
and it was - the page was served via https.  But the submit button was an
http link.  Fortunately, Netscape caught this and warned me about it.  (But,
of course, when I told them about it, they told me I didn't know what I was
talking about, repeated their litany about how secure the form is, and,
ultimately, did nothing about it.)

So cravat empty and all that stuff.

-- 
SGI products are used to create the 'Bugs' that entertain us in theatres
and at home. - SGI job posting
Geek Code 3.1:  GCS d? s+: a- C++ UL++$ P++>+++ L+++>++++ E- W--(++) N+ o+
!K w---$ O M- V? PS+ PE Y+ PGP t 5++ X+ R++ tv b+ DI++++ D G e* h+ r y+