# SSl certificate



## expo (Mar 22, 2007)

If I use Zen-Cart/cubecart/oscommerce and paypal do I still need an SSL certificate?

If so, can you throw me a link as to why?


----------



## Solmu (Aug 15, 2005)

No, you don't. You can use one to make the entire ordering process secure (customer's address input for example), but PayPal will keep all of the financial information secure.


----------



## expo (Mar 22, 2007)

Thanks for the help


----------



## Arboristsite (Nov 20, 2006)

If you use the high end Paypal, you will. It's just like any other merchant service. Paypal pro I believe you will too cause bill out is on your server. If you use standard paypal or any version of any service that takes you away from your website you shouldn't, they generally take care of the SSL. Many people are so concerned about saftey that 99 bucks a year is worth getting one.


----------



## simplicitywear (Apr 17, 2007)

Arboristsite said:


> Paypal pro I believe you will too cause bill out is on your server.


I'm not sure what the above means ... but in any case, you don't _need_ to use an SSL certificate to use PayPal Pro. I am using CubeCart and when I was first getting my store up and running and doing orders for friends, they were able to process thru PayPal no problem without SSL. However, SSL encrypts your data, authenticates who you are, and gives people peace of mind so that's why I decided to go for it.

-Tom


----------



## Rodney (Nov 3, 2004)

simplicitywear said:


> I'm not sure what the above means ... but in any case, you don't _need_ to use an SSL certificate to use PayPal Pro. I am using CubeCart and when I was first getting my store up and running and doing orders for friends, they were able to process thru PayPal no problem without SSL. However, SSL encrypts your data, authenticates who you are, and gives people peace of mind so that's why I decided to go for it.
> 
> -Tom


I think any merchant account requires you to process transactions over a secure server (SSL). I'm pretty sure this is something that comes direct from the banks (Visa/Mastercard, etc). They have certain security requirements that they pass along to all merchant account providers.


----------



## simplicitywear (Apr 17, 2007)

Rodney said:


> I think any merchant account requires you to process transactions over a secure server (SSL). I'm pretty sure this is something that comes direct from the banks (Visa/Mastercard, etc). They have certain security requirements that they pass along to all merchant account providers.


Do you mean "requires" as in "forces you to use SSL and checks for it" or "requires" as in "you should do this but we don't check it"? Because I know that I was processing cards without SSL on my end (maybe PayPal has something on their end that fulfills this requirement). As a matter of fact, I had to get a new SSL cert and it isn't installed yet, and I can still process cards without a problem.

-Tom


----------



## Rodney (Nov 3, 2004)

> Do you mean "requires" as in "forces you to use SSL and checks for it" or "requires" as in "you should do this but we don't check it"?


I mean as required by their policies and if you are processing credit cards without it, you could lose the option of being able to accept credit cards. Read more here.


----------



## simplicitywear (Apr 17, 2007)

Ok, that clears things up then. So the net of this is: get an SSL certificate if processing credit cards


----------

