bookmark_borderAccepting Payments Without SSL
Notice: In June 2017, the PayPal IPN will begin to require SSL/HTTPS on all IPN callbacks. If you are using the PayPal IPN, you will need to obtain an SSL certificate.
While an SSL certificate is a great idea in almost all use cases (especially when entering any personal information), some users may choose not to use one.
Most payment services, such as Authorize.net, require an SSL to receive payments, as the data is processed from within your site. The good news is, this is not the case for all payment processors.
The PayPal Standard Add-On
This is where PayPal Standard comes into great use. Here’s what happens when submitting a payment through a form using the PayPal Standard add-on:
- The user fills out the form that contains their total price.
- The pricing and user is then redirected to PayPal’s website to complete the purchase.
- After completion, the user and payment completion are then directed back to your website.
Using this method, no payments are being processed directly on your site, and therefore an SSL is not required. Since all sensitive information is being entered directly to PayPal, there is no need for an SSL to encrypt this sensitive data.