My fiancee was browsing a website (www.medievalbridalfashions.com) and about to make a purchase when I noticed something. During checkout, everything appeared to be getting sent over plain HTTP.
I made a dummy account, went through the checkout process, fired up Wireshark and looked at the packet that was sent and the CC info was in plain text, along with expiration date, and security code.
Is this as big of a problem as I'm making it out to be? I am by no means a security expert, but sending unencrypted credit card information over the Internet makes me a bit uneasy.
EDIT: I appreciate everyone's answers. We're going to call her bank tomorrow to get a new card issued. We'll also try to contact the merchant and notify them. Thanks!