Is An SSL Cert Needed For PayPal Transactions?

One of the questions eCommerce webmasters ask us quite often is, do I need an SSL certificate for my store that accepts only PayPal? Well, the answer is No & Yes! Let us explain…

SSL certificates are needed to protect your customers information, so if your website does not collect any information, and uses only PayPal as the payment gateway, then NO, you DO NOT need an SSL certificate because all of your customers information is being passed through the PayPal website, which is already protected by their SSL. As long as you’re not storing credit & debit card details on you website, there is no need to be spend extra money on something you don’t need.

Although in some cases an SSL cert is needed for websites using certain eCommerce platforms, especially ones that use Payflow Pro. Payflow Pro is a PayPal service that allows your customers enter their payment information on an order form that you host on your server. In order to protect their information, you must install an SSL certificate.

As a webmaster you should also be aware that SSL certificates are needed for eCommerce websites that have user logins and save email addresses, names, physical addresses, and order history. In these cases the immediate savings of not purchasing an SSL cert might end up costing you much more in the long run. Remember, an SSL certificate shows your customers that you respect their privacy! If you need help purchasing and installing an SSL certificate to your websites server, contact us!

  • This is totally straight forward and makes sense. I can see why PayPal charges so much because of all the risk with identity theft and stolen credit card info. Its tough for the small guy to buy ssl certs all the time so there is a drawback.

  • Debbie McAlister

    How do I obtain an authenticating mark via VeriSign for PayPal users ? What is the cost ?

  • Joseph A’Deo

    An excellent topic. Indeed, Paypal shopping carts are equipped with ssl (and often extended validation ssl) so no further encryption is needed. I work for VeriSign, where this question is often asked in relation to our security marks, which up until a certain point were only available to our certificate customers. Now, however, even if you use Paypal, you can obtain an authenticating mark and daily malware scanning via the VeriSign Trust Seal (we developed this specifically for individuals who don’t need ssl, or who use Paypal like in the scenario you’re describing above). The point being that Paypal takes care of encryption but that might not be all that is needed – looking into other security solutions (especially anti-malware ones) is a good way to cover all bases.