SSL had been around for 6 years already, credit card transactions were quite common, especially with known, reputable hosts (Network Solutions can be safely be assumed to have qualified at the time)
Unfortunately, not all websites used https or enforced it on pages that should have had it. It was very common to see payment forms submitted over http. That is why browsers evolved to the point where Chrome now won’t submit certain types of html form fields over non-https.