[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 176
  • Last Modified:

After opinion as to need for SSL in this instance


I've uses SSL for years with a payment solution I wrote myself around 10 years ago that collected everything (account details, amount, pan etc) then passed to a payment provider (datacash) to complete the succeeded/fail and return

I'm now doing away with that and just collecting basic info, such as an account number (their account number with us, not the bank account number) and amount to pay, e.g. 12345678 £25.00 then passing that to an external provider (Capita) to take the card details via HTTPS and finalise etc.

Would anyone see a need to still use SSL in my basic part of the process now? I cant but just wondered what you gurus feel and why?

I'm asking as for easier PCIDSS compliance I want to move the capture part to another server but keep the SSL for the main website (logging in, checking balances etc but NOTHING to do with payments)

Neil Thompson
Neil Thompson
  • 2
1 Solution
Dave BaldwinFixer of ProblemsCommented:
Most payment processors require you to have secured HTTPS page to post the results of the transaction to.  Some people feel that using HTTPS on any pages that submit any personal information is the right way to go.  And they feel it makes the user more confident in your process.

My question is why would you stop using it?
Neil ThompsonSenior Systems DeveloperAuthor Commented:
many thanks
Dave BaldwinFixer of ProblemsCommented:
You're welcome.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now