To put it bluntly; if you are processing any “confidential information” on your website, then YES you need and SSL Certificate! Not only do SSL certificates provide your customers with a higher level of trust in your business, they also add a much needed layer of security for processing sensitive data.
SSL stands for Secure Socket Layer it works by encrypting data entered from your customers as it travels from their machine to your website’s server. This type of encryption is commonly used to process credit card payments, user login and passwords, medical information, and other sensitive data. Any website that is using a SSL certificate will have a lock at the beginning of the website address and adds an “s” to the “http” portion of the URL, for example;
http://www.example.com is NOT secure, where as
https://www.example.com IS a SECURE site.
SSL certificates work by using a Certificate Signing Request or CSR on the website’s server. The CSR file is then sent to a SSL Certificate Issuer also known as a Certificate Authority or CA, this process creates an unique public key to identify the website. The CA then uses the CSR file to create a data structure to match the website’s private key. In order to obtain these keys a website owner and business must be verified before the certificate is granted. The most important part of this process is that the CA be “trusted” by the browser. All browsers contain a list of trusted CA’s that comply with security and authentication standards.