Shopping Cart Operations > Security
What is the need for HTTPS? I have PayPal Standard acct but may add others
DavidLIR:
Do I need to have HTTPS activated on my domain? It will cost me $30/ year with my hosting package. I have PayPal standard account and I know that they process all the card information, however there is personal information on the personal account pages where individuals sign in for my store. Is this information already secure or do I need to have https in order to have that be secure for my customers?
Can someone please enlighten me on this question?
Thank you,
Davd
abantecart:
It is recommended to have HTTPS if you operate with customers personal information. You can find rapidssl certificate for about $10 per year
DavidLIR:
Abantecart,
Thank you for the reply. I have tried to find the answer to this question...perhaps you know. I have AbanteCart cart installed on an add-on domain. would I install the ssl certificate on the main domain...and then it would apply to all the domains under it? Or, would it only apply to one domain...I believe if I do it through my domain hosting plan it applies to all the domains.
Thank you ,
I appreciate any help with this.\
David
llegrand:
Hi David LIR,
Let me added my opinion to this and it does vary from Abantecart's. But after more than a decade of running online sites for ecommerce, directories, blogs, and content management I have developed from guidelines for my operation that seem to work.
In my opinion you only need a real SSL when you are capturing and/or keeping credit card or bank account info on YOUR server. If you are passing transactional information to PayPal or some other gateway BEFORE the customer has to input the credit card information then you don't need to have SSL on your site.
If you are only storing your customers name/address/phone these pieces of information are easily found in many, many places and don't require SSL in my opinion
In addition to the increased cost of having the SSL, there is a cost in the delivery speed of your site pages also.
Here's a link to an good article that explains it better.
http://support.exware.com/ssl.html
You will need to check with your hosting - but a shared SSL usually doesn't provide enough protection for running the PCI for the credit card processing.
But I do often used the shared SSL (or a self-signed certificate) for the email portion of my sites. In my experience shared ssl or self-signed certs do not show on your public links - that means they don't need the https for the URL.
The shared SSL certificate is intended to be used in situations where you wish to have a secure connection to the server that is not typically seen by the general public. For example, when logging into the administration area of your website.
Shared SSL is not recommended for e-commerce sites, because customers expect to see your domain in the URL. And if you attempt to use your domain name with the shared certificate, it is not guaranteed to work. Even if visitors can see your site, the shared SSL warnings will make customers uncomfortable submitting their credit card information through your website
In summation - if you determine you do need a SSL for your customers "peace of mind" you will need to use a private SSL rather than a shared one.
Lee
DavidLIR:
Very useful information, Lee, Thank you. Looks like we would not need the ssl at this time because all the 'sensitive information' is being collected on PayPal Site....
David
Navigation
[0] Message Index
[#] Next page
Go to full version