Many banks also insist on you having security protocols in place for your online business, such who has access to your databases, complexity of passwords, plus vetting and security monitoring of staff that have access to your online systems.

Using PayPal or Google tranfers the security side at least, directly onto the payment providers themselves. If there were multiple compromises of anyone's credit card data through a system malfunction, or dishonest staff, that could ultimately result in loss of credit card processing facilities. An extremely important consideration when considering payment options for a web site presence.

Exactly. I am always thinking about my liability in these ventures as well. That's why I like the CC Shopping Cart. It’s easier to implement and safer to use than a database system.

And in the event of a catastrophic meltdown, you can always upload the cart again in a manner of minutes.

The above confused me a little bit. Is an SSL certificate required for my server? I thought all entering of data for the payment was done on the processor side (Paypal, Google, Authorize.Net) so that i didnt have to have an SSL on my server. Did I read this all wrong?

George,

SSL is not required for the cart program. It is only for those merchant accounts that take direct payment over the internet. Places like Paypal are third-party entities - they take care of the security part.

Thanks Eric

SSL certificates are only needed if you take sensitive information directly from the customer and store it directly on your own site's database. All SSL does, is encrypt the information that is sent, so it cannot be read by third parties during transmission. What a SSL certificate does not do however, is guarantee that the people you are dealing with are genuine, or that the web site you are viewing is legitimate.

Most hosting companies will offer a SSL certificate for a few dollars extra with no background checks of any kind on the person requesting it. Subsequently there are tens of thousands of bogus sites out there complete with SSL certificates that only exist to harvest people's credit card details, with no intention of ever supplying any goods. At least by utilising payment providers like Google and PayPal, potential customers can shop in relative safety, knowing that their credit card details are never going to be passed onto an unknown merchant. From a shop owner's perspective, that is a major selling point in any sites that you build.