I keept getting potential members asking me (via my help desk) if the connection is secure. When I try paying with Stripe, it appears that my credit card info is typed into an unsecured page. Any thoughts on how to SSL secure this?
The main advantage of Stripe is your site do not deal with sensitive data (CC info) at all. CC info submitted from user browser to secure stripe server directly. It is most secure approach nowadays. In same time it is good idea to enable https on your site. It will not increase security but your customers will feel more comfortable to pay on your site. I suggest to contact either your system administrator or hosting support and ask to enable https for your site. Then you can set secure url (https) in aMember settings aMember CP -> Configuration -> Setup/Configuration (License and Root Url) Best Regards.
I am a bit confused. When a customer enters their credit card number from my membership site, the sensitive data is not secure: Isn't this a big security issue if I do not have an SSL certificate?
Your site does not matter here. These fields with CC info has not names. It means browser never send it to your site/server. We uses special javascript library that send this data directly to secure stripe server. Your server never deal with CC info. Only user's browser and Stripe server deal with user's CC info.
I am still confused; If my customer types their credit card info at my unsecured server, can't their numbers get stolen when amember hands off their numbers to stripe's site? In other words, shouldn't my customer type in their credit card information on Stripe's site? I am pretty sure this is how PayPal does it.
Client fill in Credit Card info on his computer in his browser (It is not your server, browser just retrieve page from your server and show it to user. user interact with this page in his browser). Then his browser send it to stripe server directly. Stripe return special token to browser and then browser send this token to your server. Your server do not transfer/store/process Credit Card info. You can read more detailed description on stripe site here https://stripe.com/docs/custom-form I can recommend to setup https on your server as well but current configuration is secure without it. Best Regards.
it is secure as you have it, but good luck trying to convince users of this. You should save yourself the headaches and just get an SSL certificate and call it a day.