You must now host all Stripe payments on a HTTPS site. If you don't do so, your ResDiary widget will not be able to take payments and will redirect to your secure ResDiary microsite. See below for why this is important for your business.
What is HTTP & HTTPS?
HTTP (Hyper Text Transfer Protocol) is an online procedure for exchanging information between two computers. Any information that is sent over HTTP can be intercepted and read by a third party. For customers sending their credit card details to you, sending said details via HTTP is a security risk and will create a barrier to booking on your site.
The addition of HTTPS ( Hyper Text Transfer Protocol Secure) to your website means that any data exchanged between two computers is encrypted so even if the transaction is intercepted by a third party, it cannot be read.
How do I change my website from HTTP to HTTPS?
See our article on changing over here.
I use a widget for my bookings. Is that secure?
The ResDiary booking widget always uses HTTPS. However, our payment provider Stripe now says that you must host all payments on a HTTPS site. This means that if your site is not HTTPS, your booking widget will not work for payments. Until you change this over, it will automatically redirect to your ResDiary.com microsite via a ResDiary book button.
How do you safeguard online payments?
The payments of deposits and secure storage of credit card details via ResDiary Guarantees (aka tokenization) are all processed securely via Stripe. Stripe is the leading international payment provider giving you and your customers ultimate protection and peace of mind.
Please note: Google Chrome Autofill
If a customer is viewing an HTTP site on Google Chrome and uses autofill functions to fill in their credit card details, Chrome will warn them about an insecure connection through the booking process. This will definitely result in a high level of abandoned bookings where the booking requires credit card details or payments.
To overcome this, you must make the following changes to your website:
- Change the iframe src property on the restaurant website to use https e.g.
<iframe frameborder=”0″ src=”https://widget.resdiary.com/CheckAvailability.aspx?Id=3861&theme=rd” allowtransparency=”true” style=”width: 300px; height: 460px”></iframe> AND
- Change the restaurant website to https and install the correct ssl certificate on the server.Ensure that this is done for all pages on your site, particularly the page that contains the booking widget.
- OR re-direct from the restaurant website to the restaurant’s own (free) mobile optimised web page on www.resdiary.com
Only once both of those things are done will users be able to use Google’s autofill for CC details. Otherwise Chrome will warn about an insecure connection. Just doing point 1 above is not enough and only doing point 2 will mean the widget iframe will not load.
Useful links for more on best practices when using HTTPS
- ResDiary Stripe announcement. Learn More
- From Google Support ‘Secure Your Website with HTTPS’ Learn More
- Ignite Visibility – ‘Guide to switching from HTTP to HTTPS for SEO’ Learn More
- designModo- ‘How to Move a WordPress Website from HTTP to HTTPS’ Learn More
- There’s almost no excuse for restaurants to not have https now. There’s a free service available that can grant certificates so they don’t need to pay for them: https://letsencrypt.org/. A restaurant can install a simple tool on their website that handles their certificates and renewals for them automatically.