PayPal Express vs Standard on nonSSL site?

[cozyfolk]

I’m trying to get a payment method going, and I’ve definitely seen the notices everywhere on ZenCart and in DrByte’s posts that make it very clear that Express is good and Standard is bad. However, I’m concerned about the “confirm order” page that customers arrive at after going through PayPal Express. The added expense of a static IP & SSL certificate is a bit more than my very small business can afford right now starting up, but I feel like having the customer’s name and address displayed on my site is something that really should have an https connection (I removed the login/register links from my site to stop the other opportunities for secure data to be entered/displayed).

I just got off the phone with a support person from my (very excellent and honest) hosting service, who strongly recommended I not waste my money buying an SSL certificate from them at this point and instead just go with a PayPal solution that keeps all the sensitive data off my site and operates entirely on PayPal’s end. That solution appears to be Standard, not Express.

So now I’m not sure what to do - I’m told here that Standard is just the evil twin of Express that I should stay away from, but are there any circumstances, like not wanting an SSL, where using Standard might be a better decision? Is a nonsecure order confirmation page not something I should be worrying about in the first place? I’ve been staring at this forum for hours all week and some things just get more confusing the more I read..

Thank you in advance for any advice you can offer!

[DrByte]

Standard has no benefits over Express in terms of any of the issues you've mentioned. Express is by far the more reliable approach.

What exactly is your concern about the information on your "non secure confirmation page"? What sensitive data are you specifically concerned about?

[cozyfolk]

Thank you for responding. By "sensitive data" I mean the customer's full name and billing/shipping address that appear at the top of the Step 3 page - is this data not vulnerable when displayed like that on a nonsecure site?

[DrByte]

No more vulnerable than when the customer types it into the login or create-account screen themselves earlier in checkout.

[cozyfolk]

I mentioned in my original post that I did away with the login/registration features on my site so that there would be no entering of data by the customer except when they are on PayPal..Anyway, thank you for your help, I'm sure I'll figure something out.

[DrByte]

I did away with the login/registration features on my site so that there would be no entering of data by the customer ...

So you could just delete the output from the confirmation screen too if that's a major concern to you.