no i would never email credit card numbers (unless i wanted it to be stolen).
however - im not understanding how you are referring to this as illegal.
i have inherited a few sites that use cart32 for thier cart/checkout.
and it has the option to store orders and credit card info (no payment gateway).
these 2 clients use it this way.
so that cart system was built with the option in it to just store the info.
believe me i dont like this setup, but i dont see how its illegal. especially if she is clearing the credit card info within a few days of the order being placed.
i realize this isnt your job to discuss this, its very off topic.
i need to meet the clients needs but at the same time i dont want to do anything that is illegal.