Welcome to the Q&A Forum

Thanks very much for your answer Dirk! Yes, I'm not totally sure this is going to work but canonical is the best solution that came to my mind... It's a difficult situation. This is why I want to be totally transparent to Google to show that I don't want to do spam, but only searching for a solution. Your idea regarding the products it's really smart, thanks! Please if somebody thinks that it exists a better solution I want to know it!

Do not change the URLs unless necessary. The URLs you've described above are perfectly fine. Look at Amazon's URLs to see that it is absolutely OK to not have /product-name-here style URLs.

As long as you properly redirect all pages to the https version, you should be fine. Google released an update a while back stating that secure sites could perform better in search results as it offered users additional security and trust. If you are going through the trouble of updating your site to an SSL, I would set the entire site to fall under the https, not just the payment pages. Google will like it, users will like it. The only drawback I can see is if your account is set up to use shared IP's, in which case you may have to make some modifications if required by your development team. Here is the quote from Google on this subject: "Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google. Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites. We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web. We’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging. For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web." It's worth mentioning that if the SEO on the site stinks, an SSL will not rescue it from the bowels of page 10 ranking status. Hope this helps!