I'd be very, very careful about using what you know to be broken encryption libraries.

http://abcnews.go.com/Blotter/Madoff/bernie-madoffs-computer-programmers-indicted-conspiracy-falsifying-charges/story?id=10129566


>I know, I know, avoid if at all possible and use something like Authorize.NET.
>
>I'm being asked to store CC info in our DBs to perform recurring billing. "We're compliant" has been said and I've been told to use our broken encryption libraries to encrypt it. I need some info to throw back. Links to laws (state of Iowa), etc.