I have been working on getting out site PCI compliance and I have made some manual adjustments to the code to pass McAfee Secure test. But I was wondering if there was a PCI compliance version of aMember in the works? I know XSS, sanitizing $_SERVER var, and autocomplete="off", hashed passwords are a few fixes I would like to see. But I am sure others have found more. We are using a payment gateway where users CC information is not stored in the admin so this helps us a lot. Here is a link to someone you have helped in the past: http://www.amember.com/forum/showthread.php?t=13113&highlight=compliance