Help with Security Breaches

I have an ASP application which was written for me about 10+ years ago.

The application has two levels of membership, Guest and Paid Subscriber.

The Guest Registration Process includes an e-mailed confirmation code they must enter to be able to log in, along with a notification by email to us that a Guest has registered.

Somehow hackers are able to register as a Guest without going through the proper process and we are not notified by email as well. I can go into the back end application and see that they are there.

I have paid a couple of times to some programming teams to remove the holes in the registration forms, but it still continues.

This has only happened with Guest registrations because the paid registration process is either different or since it does not work because an encryption component is not installed on the server. I have also had a programmer write our own encryption process for the credit card information in the database, but it still doesn't work.

I am looking for help with first the Guest issue, and then the Paid Registration Process. I am not looking for free advice, but someone that can do this and we will pay for it.