Babaluji, 13 et al, thanks for that incisive code peer review. I too can code and you are right Babaluji. But consider this. What kind of outfit collects credit card details without using a hired secured encrypted credit card service. There is no person sitting server side, examining the donations to parse the text field, to hand match with the credit card details. On the server side, the donations are being routed directly to the secure payment server, and thence to the Rawat bank.
No one deals in unsecured credit card details directly from a web form.
I think this is enough to have a case to bring of fraudulent intent.
The argument is that it is always the practice to automatically rout credit card payment details to a payment server, and automatically to a bank.
The audit trail to do the serverside checking would be so extremely thin as to be virtually lost.
It is fair legal argument to allege fraud.
PS Thank you for your clear consistent coding analysis Babaluji, and also for yours too 13. Between the two of you it made an easy read for me.
