In 2020 and beyond, the simple answer is: yes. Yes, you need an SSL/TLS certificate.
In theory, you can get away without a certificate if you use Eway’s Responsive Shared Page. This means that the customer fills out your form, then Gravity Forms passes them to an Eway web page which has SSL/TLS encryption. Once they’ve finished the transaction, Eway passes them back to your website. You need Gravity Forms Eway Pro to use Eway’s Responsive Shared Page.
An SSL/TLS certificate is technically only required when you have a Credit Card field on your form. It allows your website to encrypt all communications with the customer’s web browser, so that nobody can sniff their credit card details off the Internet.
In practice, however, web pages without a certificate will now be marked as not secure for visitors using modern web browsers. For example, Firefox shows a lock crossed out when you visit a page with HTTP and not HTTPS.
It is therefore a really good idea to use an SSL/TLS certificate — it makes customers feel more comfortable about submitting their name and address data, even before they get to Eway to enter their credit card data. If you’re just trying to get everything going and don’t want to worry about such things right now, then it’s OK to leave it to later, but it’s no longer acceptable on a live website.
If you need Recurring Payments, or you use the Direct Connection method, then you absolutely must have an SSL/TLS certificate. Both of those payment methods require a Credit Card field on the form, and that means customers will be entering their sensitive credit card details on your website. You need an SSL/TLS certificate if you use the Gravity Forms Eway free add-on.
This isn’t simply a good idea any more, it’s a requirement: Eway demands it; your bank demands it; and your customers will run away from you very fast if you try to get their credit card details without the little lock on the top of their browser!