Accepting Payments Without SSL

Notice: In June 2017, the PayPal IPN began requiring SSL/HTTPS on all IPN callbacks. If you are using the PayPal IPN, you will need to obtain an SSL certificate. As such, this is a deprecated article left here only for historical reasons.

While an SSL certificate is a great idea in almost all use cases (especially when entering any personal information), some users may choose not to use one.

Most payment services, such as, require an SSL to receive payments, as the data is processed from within your site. The good news is, this is not the case for the PayPal Standard Add-On.

When submitting a payment through a form using the PayPal Standard add-on:

  1. The user fills out the form that contains their total price.
  2. The pricing and user is then redirected to PayPal’s website to complete the purchase.
  3. After completion, the user and payment completion are then directed back to your website.

Using this method, no payments are being processed directly on your site, and therefore an SSL is not required. Since all sensitive information is being entered directly to PayPal, there is no need for an SSL to encrypt this sensitive data.