Quote:
|
Originally Posted by Ostrofpro
if you are using paypal as a payment terminal then you never had to have a ssl to complete a transaction because you were not directly collecting financial information....
|
This is absolutely not true. Common misunderstanding what SSL does and why it is there.
It doesn't matter if you collect payment data on your site or somewhere else - all pages dealing with personal or financial data must be https. How is your customers going to login to store? Or create an account? Or checkout?
They provide personal data - name, address, phone, etc. not to mention username/password.
All these data must be protected.
And to add more to this - Google and I am sure other SE started to flag sites not using SSL for the whole site as insecure and this is visible to customers.
SSL is not an option. It is mandatory unless you have a blog site without asking customers to provide any info.