Credit card processing is always performed through HTTPS (Secure Hypertext Transfer Protocol) connections and if you don"t see "https" at the beginning of the URL in the address bar in the browser, run, do not walk, away from the site immediately. HTTPS connections are encrypted so the credit card data is protected in transit to the merchant processor. The page you enter the credit card data in is actually submitted to the merchant processor site, not the merchant"s, so the merchant never receives even the encrypted card data.
The merchant processor server then forwards a URL to the merchant that references an encoded transaction number, whether the transaction was approved, and sometimes some other administrative data (via HTTPS POST behind-the-scenes so it"s not even in the URL). The merchant then serves an encrypted charge results page to the customer that includes the transaction reference number, the amount charged, the approval status, and usually data associated with the order.
It"s actually a much lower-risk process than giving your card to someone who takes it out-of-sight to submit a charge (e.g., at a restaurant), and even point-of-sale terminals (which have been subverted/hacked even in some national-level chain stores at the store/back-office level). We just saw that a merchant processor has been subverted in New York, apparently via cards handled at parking garages, resulting in ~1.5 million accounts being compromised.
As one other commenter here said, you can always call the merchant and provide the same data, which is just typed into exactly the same kind of merchant-processor-submitted web page of which you"re afraid. Your call.
The best things in life aren't things ... but, a Pi comes pretty darned close!
"Education is not the filling of a pail, but the lighting of a fire." -- W.B. Yeats
In theory, theory & practice are the same - in practice, they aren't!!!