PayPal Community

ardecydesigns · ‎Jun-02-2018

What does this mean for merchants who only have a regular http address as opposed to a https address for their business website? All I use are regular Add to Cart buttons. Does this mean I need to purchase an SSL certificate? Thanks for any assistance.

Anonymous_User · ‎Jun-02-2018

I believe as a Payments Standard user, you should be OK - since the Payments Standard buttons redirect to PayPal for secure transaction processing, having an HTTP site won't be an issue. Also as you are not collecting or processing any credit card info, PayPal assumes the PCI requirements for you.

If you were using a different PayPal Product like Pro, using APIs and keeping your customer on your site for the checkout process, then you would need ensure your servers protocols are up to date. You would also be responsible to ensure that your site is PCI compliant .

At least that's the way I'm reading into this stuff.

Something you may want to consider is some changes coming to Google Chrome. Google will identify insecure sites in the Chrome browser beginning mid-Summer. For customers that use Chrome, they may get a little spooked when their browser shows them that the site is not secure - as people really don't realize that PayPal does all the secure processing, they might be reluctant to browse your site. Just my thoughts on this of course. You can find several articles such as this one that explains what I'm referring to.

View solution in original post

Anonymous_User · ‎Jun-02-2018

I believe as a Payments Standard user, you should be OK - since the Payments Standard buttons redirect to PayPal for secure transaction processing, having an HTTP site won't be an issue. Also as you are not collecting or processing any credit card info, PayPal assumes the PCI requirements for you.

If you were using a different PayPal Product like Pro, using APIs and keeping your customer on your site for the checkout process, then you would need ensure your servers protocols are up to date. You would also be responsible to ensure that your site is PCI compliant .

At least that's the way I'm reading into this stuff.

Something you may want to consider is some changes coming to Google Chrome. Google will identify insecure sites in the Chrome browser beginning mid-Summer. For customers that use Chrome, they may get a little spooked when their browser shows them that the site is not secure - as people really don't realize that PayPal does all the secure processing, they might be reluctant to browse your site. Just my thoughts on this of course. You can find several articles such as this one that explains what I'm referring to.

ardecydesigns · ‎Jun-02-2018

Thank you so much; I think I will simply post a disclaimer on my site pages for Chrome users and see how that works. I just didn't see the sense of purchasing a Security Certificate when the transactions are supposed to be secured through PayPal's protocols anyways.

Anonymous_User · ‎Jun-03-2018

No problem, I'm dealing with the same issue myself and looking at my options - my hosting service has a basic secure package (https://) that's reasonable so it's something I'm considering.

ardecydesigns · ‎Jun-03-2018

I am using GoDaddy; if you are using a different host, could I ask who you are using? Thank you once again.

PayPal Community

New Protocols HTTP 1.2 TLS 1.2

Haven't Found your Answer?