Is it safe to download my mail via Pop3 ?

No, it isn't, but to be honest, if you are accepting CC details via email, the security of the last hop (pop3 to you) is likely to be the least of your worries.

You can use secure pop3 (pop3s or pop3-tls, pretty much the same thing) but that mail has still gone unsecured from isp to isp all the way to your mailbox, and at any step, someone could have intercepted and read it.

really, CC data should not be sent via email at all unless encrypted; it is easier and more convenient to get it entered on a website (via https) and simply referenced in an email than to supply cc data via an insecure channel every time. Email encryption tends to be prohibitively difficult for the average user, and thus is not a wise business decision (even if it would be a good technical one)

Thanks for the reply... but let me explain a little further....The CC is entered in our Web Site, on a secure page https,  that is hosted be the hosting company. Up to the point to where the credit card reaches our web site it is secure but the problem is we dont host the web site and I am looking for a solution to get that informatin to me from the web site. Presently our web host has given us a pop3 account and we download the info via email. I am trying to find out if there is a better way for him to get that info  to me instead of sending it to me via pop 3.

However, note that for most merchant account providers (cc processors), they offer a scriptable component that will allow you to contact the merchant bank directly you receive the CC data, and obtain a "fulfilment code" - this code, when presented back to the merchant, will cause it to process the payment you have "reserved" from the card during the first contact, and transfer the money to your account.  It has no other purpose, and can be used for no other task (so someone obtaining the code couldn't transfer money to their own account or alter the payment amount, but *could* trigger payment to you before you wished this to happen. Not much value to an attacker there, I feel...)

"finally, if you *must* use pop3, you could pull using the secure (encrypted) forms of pop3. encrypted pop3 is, again, supported by most email clients, down to something like outlook express"

assumeing that I have to use pop3....would I have to have my hosting company change anything on there end  so that the mail is encrypted ?    If so , what ?
and how do I configure Microsoft outlook to accept the encrypted pop mail and decrypt it ?

Setting up the hosting company end would require creating and installing a tls certificate - they will know how to do this.

configuring outlook to use it is simply a case of ticking the box that says "this server requires a secure connection" in the config.

would I also have to use  port 995 for a secure connection ?

its convention that you do so, but you are not required to - using "TLS" would usually allow you to use the usual 110 port, but I don't think outlook supports that (just explicit pop3s on port 995)

the person to ask would be your support provider at the hosting site - ask them to set up secure pop3, and what settings to use on your client to match what they have set up there.

ok  cool..thanks for you help....