An SSL certificate will encrypt the information exchanged between your customer and your website.
It doesn't guarantee your customers intent is not malicious, and an SSL certificate DOES NOT make your site PCI Compliant. Your site will likely fail PCI Compliance if it doesn't have an SSL certificate, but just getting one doesn't absolve a Merchant of further responsibility.
Our plugin does not require an SSL certificate on your website to securely capture your customers credit card details, but the checkout experience for your customer will be improved if you get an SSL certificate installed.
If you are using one of our Hosted Checkout plugins, you can choose to flip a setting which will send your customers to Vantiv for entering their payment details. This is similar to how PayPal and other hosted checkout provides handle security, and it ensures your customers experience a fully secured checkout transaction. The Merchant site never touches credit card data.
If you are running your site with an SSL certificate*, you can also keep your customers on your website by loading the payment fields securely into your website. Customers will reach the yoursite.com/checkout page and from there they are sent to yoursite.com/order-pay where they are presented with encrypted fields where they enter their payment details. These fields are served by Vantiv and are sent directly to Vantiv. The Merchant site never touches the credit card data.
You may add the SSL certificate after you install the plugin with no impact to plugin functionality. You may also install the plugin without an SSL certificate on your development server and then move it to your live site with SSL and you shouldn't experience any issues.
If you need an SSL certificate, there are many choices. We recommend:
Let's Encrypt offers free certificates, and NameCheap has some as low as $9/year. More expensive options also exist if you wish to verify your business as well as the domain.
Many hosting companies also provide free or inexpensive SSL certificates. You should ask your hosting provider if they offer SSL certificates and can set them up for you.
If you need assistance installing your SSL Certificate, we can do so for a flat fee. Please note that installing your certificate and configuring WordPress to run via that Certificate can be two very different things.
*Technically you can also run the plugin without an SSL certificate and keep the payment fields 'on your site' but the customers brower will not show that the site is secure. It may note that some of the data is secure, but the customer won't know which data is encrypted in transit.