Is HTTPS required when integrating a payment gateway?

Can you answer this question?



Answer
Rubin Sabharwal
Rubin Sabharwal
  • Answer written
  • 2 Years ago

Yes, it is always suggested to have SSL when your payment gateway is integrated with your e-commerce website. When integrating a payment gateway, if you do not have access to the customer’s account information and do not handle credit card information, then HTTPS is not a requirement.

 

It is entirely possible to run an e-commerce website safely without resorting to HTTPS. In this case, all you would be doing is having people put together a list of items their way and sending that list or the total to a secure service to deal with the sensitive bits and they send back a token as a receipt.

 

This being said, customers are less likely to trust a non-HTTPS site, even if you follow all security protocols and set it to work flawlessly. Setting up payment gateways with HTTPS is much easier and well-worth using either a self-signed SSL certificate or one available for as cheap as $60, valid for 2 years.

 

To handle credit card information, it becomes imperative to use SSL for the exchange as part of the merchant services agreement. More specifically, if you handle payment card information (PCI), the merchant services will generally require you to follow PCI-DSS.

 

You should use SSL with your e-commerce website to protect your customers’ login information and their client sessions from being hijacked (cookies will be sent in plain text) and to prevent your customers from being taken to a whole different fake website (DNS spoofing).

 

Even storefronts using SSL often opt to use a payment gateway to handle credit card data so they do not have to fret about the finer points of PCI-DSS.


Unknown

Related Questions

Popular Products
EBS

EBS

Price : Custom
Know More >>
PayPal

PayPal

Price : Custom
Know More >>

Click here for more products

© analyzo.com