First time Building E-commerce site: quick question in regards SSL certificate

Just get a POSITIVE SSL for $9 or so.
Payments are held by third parties anyways.

You may not need an EV SSL, but that doesn't mean a DV SSL provides enough security, or that an EV SSL would even provide enough security.

To be PCI compliant, you need to verify that enough data security measures are in place by filling out a questionaire. One method of meeting PCI requirments is using a web application firewall for your site.

E-commerce sites are often targeted for all kinds of hacks like price manipulation (paying $1 for a $2000 shopping cart) IMHO skimping out on security for an e-commerce site just doesn't make sense.

Most low-cost SSLs are fine for eCommerce. If you are using a hosted shopping cart like Shopify, 3DCart or BigCommerce, their free shared SSL works just fine.

If you just have PayPal as your payment processor, you don't need an SSL at all. Customers are redirected to the PayPal site to make their payment and PayPal is on their own SSL.

More than anything, check with your payment processor and see what is required.

First, let me clear about SSL types and where to use it.

Domain Validation SSL certificate

A Domain Validation (DV) SSL certificate is highly recommended to informative, blog or forum websites because they don't carry out business/financial transactions (such as credit/debit card information, social security numbers, etc.).

If webmaster only encrypts their website with an SSL, then DV SSL certificate is enough, it only displays HTTPS. A DV SSL certificate issued within minutes, no need to submit any business document for company verification means visitors can't trust on it due to their authentication process. The cost of DV SSL certificate is between $7 to $50.

An Organization Validation SSL Certificate

An Organization Validation (OV) SSL certificate is more secure than domain validated SSL. A certificate authority verifies domain ownership, also carry out additional vetting of the company and individual applying for the certificate. A Certificate Authority checking your company address where it is registered and the name of a specific contact during the verification process.

After issuing an OV SSL certificate, users can show the company name by clicking on certificate details. Users can understand that the business is genuine and no need to worry about their sensitive information. It takes 1-3 business days for issuance.

If you are using third party payment gateway for payment section, then I will recommend to purchase and install an OV SSL certificate. The cost of DV SSL certificate is between $50 to $100.

An Extended Validation SSL Certificate

This is the high level of assurance SSL certificate in SSL industry. It has very strict validation process. The certificate authority verifies the domain ownership and required legal documents of business existence as per the Certificate Authority/Browser Forum. An EV SSL certificate has a green address bar along with company name in web address bar.

EV SSL certificate is highly recommended for E-commerce sites and websites handling credit card and other sensitive data. EV SSL certificate Increase user trust and lower bounce rates and shopping cart abandonment. It takes 1-5 business day for issuance. The cost of DV SSL certificate is between $85 to $250.

Hope this can help you!!!

If you only want to secure only checkout web page then domain validation (DV) SSL is good for that. No need for EV SSL certificate. But as per website's factors you should decide with which ssl certificate you should go. You should check article based on which ssl certificate is the best for ecommerce business. I hope it will work for you as well as solve your confusion between to select dv (domain validation) ssl certificate and ev (extended validation) ssl certificate.

If all you need is Domain Validation level SSL, it is available for free from LetsEncrypt.org and this has extensive certificate compatibility across browsers.

Josh Aas and Eric Rescorta (of Mozilla) started the Internet Security Research Group last year as a non-profit organization with a goal to make sites more secure. This initiative is sponsored by many large companies including Mozilla, Akamai, Cisco, Electronic Frontier Foundation, Google, Facebook, and more.

Not all hosting providers are supporting this integration (as they profit from selling SSL certificates) but support is growing. You will need shell access (SSH) to the server to install, but support can be requested if your provider does not offer this.