Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
February 09, 2012, 05:05:21 PM

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Wordpress / SSL / TransFirst checkout  (Read 2044 times)
mickey00
Newbie
*
Offline Offline

Posts: 1
« on: December 23, 2009, 06:20:46 AM »
Hello-

   We have been working with a web designer who is creating a site for us using WordPress to manage the main content. 
   We have products and a cart to use to be sell some products.  For this, the checkout implementation uses TransFirst's checkout which directs outside of our lunarpages site to enter the CC information, process the submission and then forwards the response back to our site for notification.   (not a big fan of this implementation from a user experience perspective, but that's what it is for day one)
   We were told that we should purchase an SSL certificate for our lunarpages site for this.
   
    Our questions are:
(primary question)
     1- Would having our own SSL certificate for our domain, while TransFirst's certificate has its own for its domain, cause any issues for security or warnings to users due to the different certificates?

     2- For our main site, since on potential purchase / redirect, a user would be redirected to our https site, should we just forward all users coming from http://www.oursite.com to https://www.oursite.com

     3- Do we need to anything different for the http and https sites

(secondary question)
     - Is there a better solution using WordPress and TransFirst that anyone knows of to avoid leaving our primary site to process checkout?

    Thanks everyone!!!!  Happy holidays!
Logged
MrPhil
Berserker Poster
*****
Offline Offline

Posts: 5083
« Reply #1 on: December 23, 2009, 08:40:36 AM »
If you're using a third party payment system, such as TransFirst or PayPal, to handle credit card transactions, you don't have to have SSL on your site. Your site never sees the customer's credit card information, right? However, customers will feel more comfortable handing over personal information such as name and address if they see that the page is SSL protected.

Be aware that if a page accessed under SSL (https) in turn pulls in non-SSL material (e.g., a standard image file, using http), customers will get a warning that a page has mixed secure and non-secure content. Be careful to make all references (images, etc.) https. You may need to copy those files over to an SSL-protected domain, rather than going "outside" to non-SSL. If TransFirst pulls anything from your site (your logo, for instance), for use on their SSL page (as a live reference, not copied to the TF site), it will need to be under SSL or customers will get a browser warning.

I don't see any problems with having different certificates for different sites, but as I said above, mixing SSL and non-SSL on the same page will give warnings. As for forwarding to https:, I'm not sure what you're getting at there -- can you give a for-instance? Remember that your SSL certificate will be issued for a specific domain: oursite.com is covered while www.oursite.com is not (or vice-versa). You may be able to get a "wildcard" certificate that covers both, probably at extra expense, if your site structure is such that you can't get around that.

If you're a small site, I would stick with a third-party payment system (that goes off your site). To get a proper merchant account and payment gateway costs quite a bit more (for small volumes -- once you get fairly big, it may be cheaper). Plus, with a merchant account (handling credit cards on your site) you become subject to a huge number of regulations (PCI-DSS) regarding site security, encryption, how and where you store credit card information, etc. That alone is a huge hassle, so I would suggest leaving the handling of credit card numbers to the pros.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: