First, I apologize, if this is not the correct forum to ask this question. However, I felt this was the best source to find an answer for it. :)
I'm trying to understand SSL and payment gateways. I came across a website, whose payment page didn't have a "security lock" (https).
So, I sent support an email to ask them, if something was wrong with their encryption; and if not, do they offer some type of encryption on their check out page?
Support replied, saying they use Authorize.net's payment gateway and everything is 100% secure.
While that may be true, shouldn't there still be some type of SSL connection on their check out page? I thought SSL was a must for a secure session between the customer and the merchant or a 3rd party (Authorize.net?
Per Authorize's website and several forums, everyone appears to be using a SSL session in their payment gateway for the security of their customers.
Anyways... I'm sort of confused now, but I just wanted to get a better understanding for FYI reasons.
Thanks in advance.

Honestly I can't think of a good reason why they wouldn't be using ssl if they are handling any kind of personal information, let alone credit cards, ect.... I'd say stay away from doing business with them.

Depending on how the site is setup you may still be covered under SSL. For instance we have some webforms that are embedded into our sites. The sites themselves aren't https but the embedded portions are so the information is passed securely.
Would it be possible for you to post the site your referring to? It's possible they aren't using any encryption at all.

Personally as someone just about to launch an ecommerce site I decided to run SSL even if it was not required. The benefit of increased customer security and trust far outweighed the rather meagre expense of £25 or so for the SSL certificate.
I'd much rather make these things obvious to the client than try and hide it, any form on an ecommerce site for instance should be behind https if you ask me.

woods01,
redpointfitness.com
Aquarius and Nizumzen,
I agree, why wouldn't they use SSL for a customer's peace of mind?
But, I didn't want to push the issue with the tech. I figured, I've never done a ecommerce website, so he might know something I didn't. That's why I wanted to see, if this was true or a good practice for a website to do.