Certifying the Participants
The service provider can only legitimately protect the clients' information if it's what it claims to be. As described earlier, establishing the participant's authenticity with certificates is currently the preferred method in establishing secure channels.
Both the client and the server can pass certificates, but servers usually don't expect a certificate from the client. E-commerce (through an Internet storefront) usually certifies the server, while the client remains uncertified. Banking and stock brokering do require client certification. The reason stems from the question, "Does the peer need to see confidential information?" If the client needs to see bank records (clearly confidential), it needs to be certified. On the other hand, the Internet storefront doesn't share any confidential information, but since it requests a credit card (confidential), the client expects a certificate.