Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Do I have to use SSL????


beechy

Recommended Posts

If I am not taking payment via credit card on my site, and am limiting transactions to paypal and cash on delivery do I need to use SSL?

 

Any response would be much appreciated.

 

Thanks in advance

 

BB

Link to comment
Share on other sites

If I am not taking payment via credit card on my site, and am limiting transactions to paypal and cash on delivery do I need to use SSL?

 

No, you don't need to use SSL. PayPal information is entered using PayPal's secure SSL servers. Information for C.O.D. orders can be collected and stored without using SSL.

 

Regards,

Daniel

DTOM - mmm' k

Link to comment
Share on other sites

Customers might like to have their name, address, etc sent to you securely.

In olden times the men were made of iron and the ships were made of wood; now it's the other way around. :wink:

Link to comment
Share on other sites

Customers might like to have their name, address, etc sent to you securely.

 

Agreed - SSL certs are so cheap now days, they pay for themselves. You wouldnt want a client to leave because their private information wasnt secure now...?

Link to comment
Share on other sites

Customers might like to have their name, address, etc sent to you securely.

 

Agreed - SSL certs are so cheap now days, they pay for themselves. You wouldnt want a client to leave because their private information wasnt secure now...?

 

There is a much larger picture here than just providing an SSL connection so that the customer can feel warm and fuzzy when they submit their name, address, city, state, zip, phone, etc ... ya know, all the same information you are going to be sending them in their receipts via insecure unencrypted email anyway.

 

The only thing I care about when I shop online is that my payment information be collected securely. Here is where I stand on SSL and orders:

 

::gets on soapbox::

If you are collecting customer name and non-payment personal information under SSL circumstances, only to then send them an email confirmation with this same information via regular email, what purspose was the SSL then serving? Did you want to lead the customer into believing their information was collected and handled securely? What will they think, then, when their confirmation email/receipt arrives not with PGP/GPG, but through good old unencrypted Outlook Express? Is it more ethical to encrypt their information during 50% of its Internet travels and wing it on the other 50% to "make the sale?"

 

... or, is it better to collect and handle that information that is treated securely, from start to finish with SSL connections, and collect the other information that will eventually come back to the customer via plain old email using non-SSL connections? I believe it is more ethical, more prudent, and more respectful to securely collect the information that will be handled securely, and insecurely collect the information that will be handled insecurely following the order. But, that's just me. I would tend to explain this information on an "order policy" page than lead the customer into false expectations.

 

:: steps off soapbox::

:: puts on flame retardant clothing::

 

That being said, yes, SSL certs are becomming less expensive with time (although Verisign and NetSol can bite me -- grrrr, I hate them), but 'You wouldnt want a client to leave because their private information wasnt secure now' just doesn't cut it for me unless you truly keep that information secure from start to finish, which I suspect most of you do not.

 

This is my $0.02 worth. Someone asked me: 'A penny for your thoughts?' -- just then I realised -- hey! somebody's making $0.01 here!

 

Regards,

Daniel

DTOM - mmm' k

Link to comment
Share on other sites

SSL certs are becomming less expensive with time
Shared SSL is basically free; it's included in many hosting plans. Non-technical people (read here potential customers) have told me that they think it's more secure when the URL changes for the secure part of the transaction. They think they are going to a secure server instead of something you did yourself.

In olden times the men were made of iron and the ships were made of wood; now it's the other way around. :wink:

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...