Paypal Virtual Terminal, 3rd Party SSL questions

[monkeytastic]

I'vre been reading through all the threads re: paypal's website payment pro/virtual terminal but would like to ask some questions relating to my circumstances.

I've been accepted by Paypal for website payment pro/virtual terminal but don't have a SSL. My host requires a dedicated IP which costs a fair bit, then £79 for the SSL p/a. My idea is to get customers details and use the virtual terminal to process payment. Is it common practice to get a 3rd party SSL instead or is it safe do to the middle numbers blanked and the outside numbers emailed thing?

[kobra]

Is it common practice to get a 3rd party SSL instead or is it safe do to the middle numbers blanked and the outside numbers emailed thing?

This should not be the major question as if your customers do not feel safe and this is by remaining on your site (url in the browser) they will pack up and leave.

[DrByte]

You must have SSL active if you plan to accept that kind of data.
However, you can get away with shared SSL until such time as your business can afford the dedicated SSL costs. Does your host offer shared SSL support?
For some folks it's an image thing ... dedicated SSL looks more professional, but shared SSL provides the same protection for less cost.

A good rule of thumb ... if you're collecting *any* personal information from *anybody*, you should be protecting those pages with SSL too. Zen Cart automatically activates SSL on sensitive pages if you have enabled SSL support on your site and also within Zen Cart.

[kobra]

For some folks it's an image thing ... dedicated SSL looks more professional, but shared SSL provides the same protection for less cost.

Both statements completely correct. It does make for a more professional/safer image. But functionally either actually provides the same encryption

[monkeytastic]

Yep I sort of know the SSL should be the way to go - If you look at skateboardstickers.co.uk I'm currently only taking paypal and mention that paypal's site uses ssl and that customers can feel safe because of the lock at the bottom of their page. I guess I'm just trying to find the correct solution - think I'll get on with sorting out a proper SSL.

The site I'm with don't offer shared SSL so can I confirm that it's fine to keep with them for all the non-ssl stuff and then move the customers over with no problem?