On 27 Jan 2005 at 12:21, Madhu Menon wrote: > What I want to know is: can just the collection of credit card numbers in > this manner be considered an illegal activity in USA? Obviously none of us > put in a real credit card number to test the system. Is there any law there > that says you shouldn't put up a site like this, collecting credit card > numbers, unless you have a fully working setup? Intent is the key. Every state is going to have its own laws, but they are going to be similar to this Ohio statute: http://onlinedocs.andersonpublishing.com/oh/lpExt.dll/PORC/114b3/11 907/1196f/119a2?fn=document-frame.htm&f=templates&2.0# So for intent, you have to look at whether his other sites reek of scam. If the guy is legit, he's going to already have a reseller account set up with a registrar; you cannot possibly develop a site without having the API for that registrar, and all those APIs are different. He's also going to have a merchant account with some bank, to accept the plastic. You obviously need to test your site before you turn your customers loose on it, so it's not unreasonable that the site exists, and I see ads in the paper saying, "Ooops, the supplier couldn't deliver in time, so please ignore the 'new Lexus automobiles for $39.50 with purchase of 5 pounds of hamburger' special splashed across the front page of our flyer", so it not unreasonable that the product isn't ready when the marketing plugs into place. But like you, I'd be suspicious. Why not do a WHOIS on the site, and contact his local district attorney, telling him that you suspect that this guy is phishing for credit card numbers? It'd be *really* easy to look at his software and see what happens to the CC numbers that are being collected. deke -- AmishHosting.Com Lots of space. Lots of bandwidth. Lots of speed. Lots of reliability. Lots of support. Lots of preinstalled scripts. Not a lot of money.