Secure Payment Gateway Integration
Payment gateways require personally identifiable contact information and sensitive payment instrument details to process a payment. Both these types of information need to be protected by the merchant to preserve customer trust as well as required by law.
There are TWO ways your website's order processing code interacts with the payment gateway server:
- Preparing the order and price information on your website and sending it to the payment gateway server to execute the payment.
- When the payment gateway server notifies your website about the result of the payment attempt via IPN/Webhook.
It is always recommended that your website connect to the payment gateway server using a secure https channel when sending order and price information. This ensures that the information cannot be intercepted during transmission between servers via the public Internet.
Payment gateways now mandate that you provide a https-enabled IPN/Webhook for the payment gateway to securely transmit the result of the payment attempt to your website in the background.
As you can see, your website requires a SSL certificate for a proper two-way payment gateway integration.