This question is an old one. Here is one little contribution, also look at the SSL tags at ServerFault. I see no reason to focus on Verisign and Thawte, unless you strongly believe that their site seals improve your conversion rate. And if that is the case, then go the whole way, and get a Verisign Extended Validation certificate. My take, in short form, is that your choices are:
I would personally either get a cheap Comodo or similar certificate from:
I'm still on the fence with regards to Extended Validation. What they're trying to do is a good thing, and the extra consumer confidence they can provide is a good thing, possibly lowering abandonment rate. All the big names (Microsoft etc) use EV certs now. On the other hand, I have not seen a definitive usability study showing that the really work, that end users really grok the difference.
The more expensive non-Extended Validation certificates are a bit of a scam, really. They don't add any authentication or encryption beyond what the really cheap ones provide. Don't overbuy, i.e. don't think that the 200 USD non-EV certificate is necessarily better than the 50 USD non-EV cert with the same root.
Last bit of advice: If you take the cheap route, then look at your current domain registrar, DNS host, and web hosts. Sometimes they can sell you a cheap certificate with the same trust root as everyone else, and a streamlined buying process because they already have your domain information.
You would do well to compare the prices of the exact same certificate from Verisign, Thawte, and Comodo. They all offer virtually the exact same service. But their prices vary rather dramatically.
Every current version of Windows (XP, Vista, Win 7, etc) comes with equal built in recognition for certificates from all three provders.
I plan on buying a Godaddy certificate. Not nearly as expensive and the name is there.
+1 for taking a look at Comodo certificates. We've been using them for years.
Most of the other answers here deal mainly with the price.
Another aspect is the security the certificate provides - see this question on ITSecurity for a discussion on that.
Though the bottom line is pretty much "any of the well-known CAs can do the job well enough" (though in some situations there might be some benefit to some).