SSL certificates explained
SSL certificates are small data files that are installed on website servers that encrypt any data that is sent from a visitor viewing/using the website to the server. Sites that have SSL certificates display the security padlock on their web browser.
You'll need an SSL certificate if your customers are entering sensitive information directly onto your website (like credit card information), or if you are participating in third party programmes like the Google Trusted Stores Programme. Our recommendation is that the benefits of an SSL certificate are huge and so we do recommend that you have one, you can read the full article here.
Hosted payment pages
Most payment gateway providers (the companies that process card payments) use a system called a hosted payment page.
When a customer is on your website and clicks a button to enter their card details, they are actually taken through to your payment gateway provider's website. This means that they are actually not entering their card details onto your site, but onto another website.
Using this system you, as the store owner, and us (as the platform provider and your website host) never actually see your customer's card information. So you don't need to worry about security on your website. This also means that your website doesn't need to be PCI compliant, as that standard only applies if your website is handling credit card information.
When do I need an SSL certificate for my website?
If you are using a hosted payment page (as described above) then you don't need an SSL certificate for your website (except for the reasons listed below).
However, some payment gateway providers don't offer hosted payment pages. Other payment gateway providers give you the choice of whether or not to use a hosted payment page or instead keep the customer on your own website.
Where the customer is entering card information on your own website you will need an SSL certificate.
Where the customer is entering card information on your website through a secure iFrame, it is our recommendation, although not mandatory, that you should have an SSL certificate.
If you are participating in programmes made available by third parties (like Google) in certain circumstances they will require you to use an SSL certificate on your website. For example, if you are participating in the Google Trusted Stores Programme or submitting listings to Google Shopping you'll need to have an SSL certificate.
More information should be sought from your third party provider.
How do I get an SSL certificate?
SSL certificates are provided by us free of charge on all packages. To configure an SSL certificate for your domain name please follow the instructions here.