How does SSL encrypt data from server to client?

The TLS handshake process sets up a symmetric key between both parties, potentially using asymmetric cryptography in the process (the details depend on the exact algorithms that were negotiated between client/server). This way, the communication is encrypted on both ways, not only one-way.

The thing that ultimately protects you from a MITM, though, is the fact that your browser does some form of hostname validation. The certificate presented by the server in the handshake is first checked for its validity. If that succeeds, your browser checks whether the certificate is bound to the exact host it is talking to. If this check would be omitted, a MITM attack would still succeed, even if the rest of the communication strictly followed the protocol, including all the cryptographic elements. The attacker could simply pretend to be any host and execute the rest of the protocol dutifully, you wouldn't know the difference.

You have some wrong assumptions:

• The HTTP data is not always encrypted with public key of the Server, in order to send it to the Server.
• The public key of the Server is just used in the beginning (handshaking protocol) to establish a secure key, for Secure key encryption (Symmetric encryption).
• All the communication is over Secret key or Symmetric Key encryption, where the client (browser) and the Server use the same secret key to encrypt and decrypt data.

TLS (Transport Layer Security) protocol uses a combination of Asymmetric encryption (Public key) and Symmetric Encryption (Secure Key). The main communication with your bank is using symmetric encryption, for which the session keys (secure key) is established safely during TLS handshaking, using asymmetric encryption.

It is all in the TLS (Transport Layer Security) handshake, which is very well explained in this link.