SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information).
It does this by making sure that any data transferred between users and sites, or between two systems remain impossible to read. It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. This information could be anything sensitive or personal which can include credit card numbers and other financial information, names and addresses.
TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL from Symantec you are actually buying the most up to date TLS certificates with the option of ECC, RSA or DSA encryption.
HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.
Why SSL is not sufficient
SSL is great, but it is simply not enough. The interception the data packets flowing between visitor and website is only one way internet criminals gain access to sensitive information.
If SSL has not been properly implemented, some content on a site may NOT covered by the encryption expected. So even though the browser is indicating a secure connection, some of the interactions may not be secure or encrypted at all. There are also potential exploits that can endanger this data exchange. Examples include:
All of these are well-known methods used by internet bad-actors to extract information being exchanged between websites and users. But all of these can be effectively defended against using a relatively simple website security best practices.