Myth: I Use a Payment Gateway Like PayPal So Do Not Need an SSL Certificate

Andy Gambles
Aug 13, 2016 · 2 min read
Caryle Tylkowski

I hear this every single day. “I use PayPal do I need an SSL Certificate?” This is often followed by incorrect advice: “You don’t need an SSL certificate if you use PayPal”, “No need to waste money on SSL if you use a payment gateway”.

From web designers, developers, helpful friends, e-commerce advisers, forum users, twitterati and the man in the pub. It is probably one of the most dangerous pieces of advice I have come across.

Poor Security

E-commerce sites generally collect data from the user before sending them to the payment gateway. This data is usually information like name, address, email. All personal information. This information is being submitted via a non-secure form and is therefore at risk of interception or manipulation.

Customer Confidence: Poor Conversion

These are a couple of recent tweets showing customers who have had second thoughts about purchasing from a website because the order form was not secure. In both cases the payment pages were handled by a payment gateway which was loaded over https. However the order form hosted on the website was just plain old http.

Users are becoming more security conscious. How many customers did not purchase because they did not think the site was secure? You may even want to consider going 100% HTTPS and enjoy the extra conversions that provides.

How many sales are you loosing by not having an SSL certificate?

Servertastic

Stories from the world of servertastic.com

Servertastic

Stories from the world of servertastic.com

Andy Gambles

Written by

Tech, Web Security, Business, Marketing, Housing Board Director.

Servertastic

Stories from the world of servertastic.com