A certificate authority is a trusted third party dealer of SSL certificates. They use rigorous testing and top notch security to earn that trust. SLL certificates issued by a certificate authority are implicitly trusted for their security. You web browser has a list of the biggest most trusted certificate authorities so before you start transferring sensitive data, or making a purchase your browser checks to make sure that the connection is secure.
How Certificate Authorities Work
While it is difficult to explain certificate authorities succinctly, a few generalizations can be made. First a certificate authority tests a domain for both legitimacy and security. Next they issue a certification if the domain passes inspection. Finally they monitor the SSL certification they issued and communicate with the end user if a domain proves nefarious. Through vigilant security checks certificate authorities help keep data transfer secure.
How You Remain Secure
When you begin a secure transaction, like online shopping, your browser checks the SSL certificate. If the site is insecure or illegitimate, the certificate authorities revoke their SSL certificate. Your browser sees an invalid certificate and issues a warning that the site is no longer safe.
Something similar to this image would be presented, warning you that it is unsafe to continue. Since the certificate authorities are known to be secure your data is safe.
You can view more information about certificate authorities here.