SSL / HTTPS for Paypal

manofdogz · 22 September 2017 11:14

Does anyone have a definitive answer as to whether a simple paypal button requires https? my feeling is that as the transaction and personal data is on Paypal servers, SSL should not be necessary. However, there are conflicting views out there! I jave raised a similar question last year but not answers - maybe someone is clearer now.

willwood · 22 September 2017 11:33

Currently (September 2017) I don’t think you do. Because after the button is pressed, the customer is taken through to the PayPal website to enter their data and complete the transaction.

SSL would be required if you are collecting data before the customer goes through to PayPal. And you would also need to be something termed ‘PCI compliant’ too.

For a simple button or ‘PayPal.me’ link, you do not appear to require SSL. Ultimately that may change in future, if PayPal updates their policy for ‘buy now’ buttons or web browser software determines a site matches the criteria for needing a security certificate.

dylan · 22 September 2017 11:45

Just an add on to what Will said: https://developer.paypal.com/docs/classic/paypal-payments-standard/integration-guide/encryptedwebpayments/

1611mac · 22 September 2017 12:29

However, you might like to konw that:

Chrome will note your site soon as not being SSL and even though checkout is secure customers may not understand that and avoid purchase.
There are two levels of SSL. Most free and low end ones are “shared.” This would be fine for your Paypal checkout. If you ever have your own cart and private info is taken on your site you need a “private” SSL account.

For details just search web for “shared vs private ssl”

manofdogz · 22 September 2017 12:34

I think this gets to the heart of the issue. As suspected, a Paypal button doesn’t need SSL, but perception of the buyer is clearly very important. Seeing as Google is clear in it’s intention to rank secure sites higher it may be best to run with it. Another expense for the client but that’s the way it is.

teefers · 22 September 2017 13:03

Next month, with the new release of Chrome users will get a not secure warning if you collect any input on the page. That includes a email address, name etc. Many hosting companies are offering free certificates from let’s encrypt (https://letsencrypt.org).

You can also use a free CloudFlare account to add ssl(HTTPS).

dylan · 22 September 2017 13:08

I’d say start putting SSL on every site you do as a standard. It ain’t much more of a task anyway.

Topic		Replies	Views
HTTP vs HTTPS - What's the Consensus? General	3	608	10 July 2017
SSL, RapidCart Pro, Indexing and Robots Plugins	5	716	11 June 2017
SSL Certificate with Paypal IPN Classic	0	380	27 September 2016
Paypal set up with RapidCart Pro General	6	683	12 October 2017
How much is your SSL costing you? Classic	69	4632	30 July 2018

SSL / HTTPS for Paypal

Related topics