Credit Card Payment / SSL

[BobbieP]

Hi all,

 

I'm very new to the whole shopping cart, credit card payment, SSL thing :)

 

I want to ask maybe a very stupid question to some of you :D

 

I'm interested in installing the osCommerce shopping cart on our website, so we can process credit card payments (securely of course).

 

So to do that, I've been told I need to have a SSL?

So there a difference between having an SSL and going trough a secure gateaway offered from other providers? Is that possible with the osCOmmerce shopping cart?

 

I would appreciate very much any info or thoughts on this!

 

Best regards,

Bobbie

[Guest]

Yes, if you process the cards yourself you need SSL

 

Yes, there are payment modules available for most popular payment processing gateways - some come standard with osCommerce, while others can be found in the contributions section.

 

 

In my opinion it is good policy to have an SSL certificate regardless of which route you take - people need to enter sensitive personal information before checkout and most like to see the secure padlock in their browser (Many will leave your site if they dont). Gateway providers have their own SSL, but this does not protect your customer while they enter their personal details on account signup, or look at their accounts etc.

 

 

Sonia

[Guest]

So to do that, I've been told I need to have a SSL?

So there a difference between having an SSL and going trough a secure gateaway offered from other providers? Is that possible with the osCOmmerce shopping cart?

 

First - Understand SSL:

SSl certs give your website the ability to encript data transmitted between your users pc and your website (or another site, such as a payment processor).

 

Second: Understand the 2 types of data your store will collect:

There are 2 types of data collected by your store and checkout process, and both deserve to be protected: Personal account information & financial payment information. Obviously the financial information (credit card numbers, etc.) are the most critical to secure with SSL, but it is arguable that collecting your customer's personal information creates equal responsiblity and therefore liabiltiy on your part as a web store owner.

 

3rd Party Payment Proccessors:

Technically, if you plan to use an online payment processor, such as paypal (ugh!) or 2checkout, etc., you don't have to have SSL on your site to protect your customers credit card information during the transaction. In this case, their CC details are all processed on the 3rd party payment processors website that is SSL protected. After that tranaction is processed, your customer will then be tranferred back to your website.

 

However, in this scenario, your customer will still be entering personal data on your osCommerce website to create a login account in order to get to your off-site payment processor. While this data isn't financial in nature, it still you personal and it is still your responsibility as the store owner to secure that data.

 

SSL is the wise choice for all data collection:

That is why you still should use SSL with osCommerce. If you have SSL turned on within osCommerce, it automatically calls for it when your customers enter the login / account creation / checkout process (i.e., "https://yourstore.com/login.php", etc.).

[jpweber]

I agree with the above. SSL is a mandate -- especially for any E-commerce store. See the link in my signature for how to get, install, and implement SSL.