Originally Posted by
Steve_ZA
That would be a really poor way of handling stored card details but it is possible as DYKWIA said a few posts up.
Worryingly, I've had firsthand experience of software developers from the big consultancies employing similar (and, in some cases, even more insecure) techniques.