Let’s say that I have a website where I want to sell homemade goods. I want customers to be able to pay for the goods without too much hassle.
A common option is to use buttons provided by a payment service like PayPal. The website uses HTTP, however, and the hosting service does not allow SSL certificates without paying for a higher hosting plan. What are the risks of using similar payment methods on my website?
One attack I am aware of, is that of an attacker redirecting the traffic to their own website — which pretends to be the payment service. I am not sure if this is even a concern for this case.
To be clear:
- Purchases on the website will be rare, so there will be little opportunity for an attacker to intercept payments.
- The website is hosted by a hosting service, similar to WordPress.