The “https’ indicates that the site is connected to the internet using SSL or secure sockets layer. This means that data transmission across the web to and from this particular site is encrypted (generally 128-bit encryption). A third part Certificate Authority (CA) is used to identify one or both ends of a transmission. The certificate contains information about the owner such as name, e-mail address, duration, and resource location. Using an SSL certificate lets your site visitor know that sensitive data is being encrypted during transmission as opposed to crossing the internet in “clear text”. The visitor also gets at least a degree of assurance that your site is trustworthy.
If your site is an e-commerce site that collects credit card information, or even if your site does not collect credit card information but collects other sensitive date, then you absolutely need a certificate. Your site visitors need to know that you can be trusted and that you value their privacy and the security of their data. If you are using a 3rd party payment processor such as PayPal where all sensitive information is collected from their securely connected site then a certificate is not necessary. However PayPal has some plans which allow you to collect data on your site in which case you would need a certificate.
If your site is not secured using SSL and you have a login form on your site where a site visitor enters a username and password, this information will transmit across the internet in clear text which renders it vulnerable to attackers. You may find that most login forms are vulnerable but may be secured by using SSL. There are also other technologies that allow you to log in on a secure site and return to your site.
Want to learn more about what your particular situation requires? Feel free to contact us.