SSL needed for webstore?

JGBR · 16 Jul 2011 at 13:30

Do i need to encrypt my entire web store i've made for a customer if i have a 3rd party host actually dealing with the credit/debit card transactions?

I presume the only downside is that SSL will cover the card transaction, but not say customer login page etc.

daz · 16 Jul 2011 at 13:37

If you're using a third party hosted payment gateway to handle the credit card transactions, then whilst you wouldn't technically need an SSL to encrypt user data, it's just a good idea to have an SSL certificate for reasons of trust and visitor confidence in your site.

You'll probably find the increase in conversion rate by having SSL across the site more than pays for the cost of the SSL.

GravyMonster · 16 Jul 2011 at 13:40

It depends on the 3rd party who is taking care of the transactions and the setup you have.

If you are happy for your customers to leave your site and go to the providers' to enter their credit card details etc, then you won't need SSL.

If you want people to enter their details on your site, or do the above but have the provider return information about the transaction to you, then you will need SSL - only on a specific folder or subdomain though, not the entire site.

TBH I would get SSL. It's not expensive and it's a reassurance for the customer.

Danthus · 16 Jul 2011 at 13:44

I would get an SSL cert if your customers register on your site, if nothing else just for the warm and cosy feeling it gives.

JGBR · 16 Jul 2011 at 13:49

Many thanks guys

the company we are going to use to deal with the banking is "sage pay" but the storage of user areas, order managemnet etc is done on our site, so obviously that wouldn't be encrypted.

Also they have offered multiple different SSL options, we felt it was silly go for the full green bar option when we just want customer passwords etc encrypted not the full kit.

GravyMonster · 16 Jul 2011 at 13:52

SagePay (or PROTX as they were known) is one of the best to use. I've done a couple of sites with them and they're a doddle.

Unlike HSBC who have no documentation, their API is crap and their support, once you've got through the 15 phone menus and service desks, are a bunch of knuckle dragging, window licking retards.

But I digress.

JGBR · 16 Jul 2011 at 13:56

Simple SSL

Low cost security ideal for any small business website

• Provided by GeoTrust

• 40-bit to 256-bit SSL encryption

• $10,000 warranty

Price: Only £49.99 per year

Standard SSL

Perfect for business start ups & small sites looking for personalised security & to give visitors extra reassurance.
Extended Verification SSL

• Provided by GeoTrust

• Domain authentication

• 40-bit to 256-bit SSL encryption

• Basic GeoTrust® True Site Seal

• $10,000 warranty
GeoTrust

Price: Only £149.99 per year

ExtendedVerification SSL

Maximum security with the green address bar & a warranty of $150,000
Extended Verification SSL

• Provided by GeoTrust

• Green bar in web browsers

• Domain, business and extended checks

• 40-bit to 256-bit SSL encryption

• GeoTrust® True Site Seal with company name, date/time stamp

• $150,000 warranty
GeoTrust

Price: Only £249.99 per year

I think the basic one is fine just for protecting user passwords to gain their account order management?

GravyMonster · 16 Jul 2011 at 14:01

Hard to tell the differences in that list, as most of the items are just complete fluff. They all cover 40-256 bit SSL, so the cheapest one will do you fine.

Also, LOL at 'Green bar in web browsers' as a selling point of the £250/yr option.

JGBR · 16 Jul 2011 at 14:16

I've only got to protect a user logging into their account, which holds no financial data anyway.

Now the webhost say they have a shared SSL.,,, wondering if that would be good enough instead of forking out for own licence...