After opinion as to need for SSL in this instance
Posted on 2014-09-01
I've uses SSL for years with a payment solution I wrote myself around 10 years ago that collected everything (account details, amount, pan etc) then passed to a payment provider (datacash) to complete the succeeded/fail and return
I'm now doing away with that and just collecting basic info, such as an account number (their account number with us, not the bank account number) and amount to pay, e.g. 12345678 £25.00 then passing that to an external provider (Capita) to take the card details via HTTPS and finalise etc.
Would anyone see a need to still use SSL in my basic part of the process now? I cant but just wondered what you gurus feel and why?
I'm asking as for easier PCIDSS compliance I want to move the capture part to another server but keep the SSL for the main website (logging in, checking balances etc but NOTHING to do with payments)