To view videos on this PHP Site, we'll call Vsite, visitors select a link to paypal, from Vsite, to pay for credits. The credits are added to their Vsite account. They use the credits to view videos at Vsite. All payment transactions take place at paypal.
Only basic registration info, name, address, password, username, etc. is entered on Vsite and of course stored on the server/database, along with the amount of credits a user account has.
Does Vsite need an SSL certificate? Or is that overkill? I'm not sure what the benefit would be to have an SSL certificate in this case.
I look forward to being enlightened.
Yes. Whenever a site stores personal or financial information, it's pretty much an automatic yes.