Collecting secure payments on your website: SSL certificates

To collect payments on your website, you’ll need two things: an SSL certificate, and a payment gateway.  This article discusses SSL certificates. For information on payment gateways, read this post.

Note: Some payment gateways also offer hosted checkout, which means payments are processed on their website, not yours. (You may have seen an example of this with PayPal.) With hosted checkout, you don’t need the SSL or dedicated IP address, as you are not collecting sensitive information. 

What are SSL Certificates?

An SSL certificate allows your website to process payments securely by encrypting information entered in the site. So when your customer inputs her credit card info, it’s safely inaccessible.

A site with an SSL certificate has a url that starts https (instead of http), and a bright green lock symbol:

Both of these indicate to users that your site is secure.

Cost

SSL certificates cost approximately $50-$75 per year, and can be purchased from your web host. You’ll also need to purchase a dedicated IP address through your web host, which costs a few dollars per month. (In layman terms, it gives your website a permanent address for the SSL certificate to attach to.)

When comparing website hosting plans, bear in mind the costs of an SSL certificate and dedicated IP address. It’s possible that the added costs will make a higher-level plan the best value.

You’ll notice that some hosts offer a “shared SSL certificate” in their plans. Don’t pay attention to that :) You only want a private SSL certificate. Shared SSL isn’t as secure, and will pop up with a warning message to users. You want to go with private SSL, although if your web host is offering several choices for private SSL certificates, the cheapest is usually fine.