We've done something similar here - where we pass to a 3rd
party, or act as a 3rd party. We use a mixture of SSL and
encryption - either Blowfish or PGP (depending on the 3rd party).
PGP is more secure, and we purchased the CFX_PGP tag to do
this. It was the only tag available and has worked well thus far.
Although, if you are using CF8 there may be some .Net solutions you
could now integrate (not speaking authoritatively there).
You'll need a copy of PGP desktop to create your public and
private keys - you can give the private key to the 3rd client party
, exachange the data, have them decrypt then do the same for the
round trip.
Cheers,
Davo