[qingcharles]

Not in '94, sure. But a couple of years later it was common and SSL was still uncommon, for a bunch of reasons, and also everyone was storing the card numbers in plaintext on their servers too.

Telnet was sniffed. IRC was being sniffed and logged.

[icedchai]

Yes, I worked on some early ecommerce sites. Often, we'd accept credit cards with SSL and then send them out with email (plain text SMTP) to the customer, for manual entry. Very secure.