Ok, Here is the situation,
A client of ours has asked us to design a site for them because their current web master never returns calls and takes forever on changes, a common story. In any case they offer a section on their site to sell 3 widgets. We had assumed the old webmaster had used a merchant account, a SSL cert, etc.

Well in talking to our client yesterday, we found out that she simply recieves an email for each order made, and she manually inputs the CC info into their physical CC scanner. I checked into the old site and they do have a thawte SSL cert on their site. The problem is that the only way the CC number is being validated is by a small section of coldfusion script that I guess makes sure it has the corrent number of characters in the CC info.

My concern is that emailing CC info is a bad thing, but being with the work we have completed and charged this client already, and the fact that they do have a merchant account with a small local bank, I really cant think of a way of charging them more for a seperate merchant account from Authorize or somewhere else.

Also, our client, although not exactly computer literate, also claims that they purchased the SSL Cert from Thawte and not the web designer. Being that the SSL Cert has been purchased, can we transfer that over to our server in some way shape or form?

Thanks for any help, take care