SSL Certificate

I.d get ssl anyway if you.re selling online in whatever way. It gives customers confidence. This ain.t so expensive any more.

No it isn't necessary but as diafol pointed it gives customers a good impression about the securities techniques the site uses , and more over (that I found more important also) really adds one more security layer. Having only that security layer doesn't say much but it is a plus if you have others as well. SSL trusted authorities , is a big joke , in fact the only thing they do is taking our money in order to be recognized by web browsers not as “self signed” but as signed by a trusted authority. This talk is on the way , and I believe that things will change over the next years about what a “trusted authority” (there are allready some open source implementations) over “self signed” means , maybe this is why some of them have already made their “services” (what are those really ?) cheaper.

Thanks guys... a decent SSL certificate is indeed pretty cheap nowadays, so money is not the issue here. I'm also trying to figure out what other steps I have to do... did some research and found subjects about caching & performance. Initially I read it is slower then http, but I also read, if configured right, https can even be faster for visitors with a modern browser. Anyway... I think I might just go for it with this client.

Actually, there would be an issue if and only if 1)your site takes critical information and passes it to the 3rd party (I guess you don't do that) and 2)your website is being targeted/monitored. I believe you don't handle any information when paying and your website is very unlikely to be targeted. Thus, real benefit for https over http is slim to none (besides, SSL has flaws by its nature).