Should I always use HTTPS when users are inputting credit card numbers & billing info? Do you know any sites that don't use HTTPS? I just want to know if it's a total no-no for web applications.
Discuss.
HTTPS/SSL Certificate - Mandatory for CC?
Moderator: General Moderators
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: HTTPS/SSL Certificate - Mandatory for CC?
It is a total no-no to not use encryption when transmitting credit card information. I don't know of and website that does not use HTTPS to submit credit card info.
(#10850)
Re: HTTPS/SSL Certificate - Mandatory for CC?
Thanks for the help! I'll add ssl certificate onto my clients expenses 
- kaisellgren
- DevNet Resident
- Posts: 1675
- Joined: Sat Jan 07, 2006 5:52 am
- Location: Lahti, Finland.
Re: HTTPS/SSL Certificate - Mandatory for CC?
That's right. It's a big no-no, and it would be better if you just used HTTPS all over the site. There are unfortunately sites that do not utilize SSL/TLS and eavesdropping those credit card details is too easy..