What is it?
SSL and Secure Certificates provide security for your website by encrypting communications between the server and the person visiting the website.
In order to use SSL, you need to have an SSL Certificate (also known as a Secure Certificate) installed on your server, a dedicated IP address, and visitors to your website need to use a modern web browser, such as recent versions of Internet Explorer, Firefox, Safari or Google Chrome.
What is it used for?
There are two main reasons why you would need an SSL Certificate. The first and most common reason is because you want to accept credit card payments on your website. The second reason is that you may have confidential information that you want to keep secure while it is being accessed via the web. SSL Certificates also help to protect your passwords from being intercepted, when typed into a secure login page.
Do I need one?
If you are accepting credit card payments online via a merchant account, the credit card associations and networks require that you use SSL whenever you transmit credit card information, such as the card number, cardholder's name, expiration date, CVV code, etc. (such as when a customer enters their credit card on your shopping cart order form or payment page). This is an important part of making your website PCI compliant (a set of rules that must be followed in order to accept credit card payments).
In addition to being PCI compliant (which is required by Visa, MasterCard, Discover Network, American Express, Diners Club International, JCB and your payment processing company), your customers also look to see if your order form or shopping cart is secure before entering their credit card information. You can easily lose sales if your customers see that your site is not secure.
If customers are not entering credit card information directly on your website, but rather entering it directly on a payment processing company's website, such as PayPal, Google Checkout or Amazon Payments, then you do not need an SSL Certificate, since you are not transmitting or storing credit card information.