There is no one standard practice when it comes to handling credit card information. Most companies are pretty diligent about handling your credit card information, and they often rely on third-party payment processors who specialize in those sorts of things. But there is no guarantee that any given website will keep your personal information safe, especially in the event that they're compromised.

Google sql exploits or sql injection. Since most databases on websites use MySql, or something similar the majority of exploits are SQL based. This has been ongoing for the past 10 years. clever use of wildcards (*) used to allow anyone who barely knew SQL to run these commands. Not too mention SQL is probably the easiest "Programming" language there is.



Remember it is pronounced S-Q-L, not Sequel. A common mistake made by SQL folks, but in the early days of computers it was a hardware language if I remember correctly. Later on there was another version of Sequel that was a database language, but it is not SQL.



Another point is that many SQL programs have a "backdoor" login in case someone forgets their administrator password. Usually something like user accounts name SA, DBA_Admin, or similar. Companies sometimes forget to disable these accounts or change the passwords to them. Very similar to the Windows 2000 Pro Administrator account that shipped with no password. When Network admins had to install hundreds of workstations, many forgot to add a password to the administrator account to their unattended install. Ask Duke, Purdue and many other universities. Their networks served up thousands of movies on IRC for many years before someone decided to write a tutorial on how to break into .edu computers using this method and X-Scan. Many XDCC bots and DDOS bots were on our college networks for years because of this.



Good luck. Use pre-paid credit cards online.

Yes it is possible but so very unlikely the chances are it will never happen. All Paypals information is stored on computers which also encrypt their data so even if someone was to somehow manage to steal it they would have a jumble of nonsense so they would also need to crack that code to succeed.

"shane..." nails this one.

SQL injection attacks are responsible for the spate of Sony hacks, and many, many others, both divulged and some that were hushed up, in order not to taint the publics image.

Wyndham Resorts was one such hack;

Wyndham computers hacked into again for credit card names, numbers

http://travel.usatoday.com/hotels/legacy/2010/03/wyndham-hotels-computers-hacked-into-3d-time-this-year-hackers-nab-names-credit-card-info/1

Huge hack, that hardly anyone heard about, and it affected tens of thousands worldwide.



One problem is laziness on the part of the security departments, who neglect to encrypt the data after it gets to their servers.

Stored as 'plaintext', they are immediately accessible and exported for use.