What to do?
Try this : code review(s) by independent experts followed by software build done b said experts. Hire a company with a good reputation to do this. Keep sole control of authentication credentials (said good company will advise on how to do this easily). Do not store user information in unencrypted form.
Sure it'll cost some money. But nowhere near as much as you might lose if you don't.
Say thank you for my free consultancy advice here.
Biting the hand that feeds IT
