My naive understanding was that encrypted web transactions had to take
place via https, via a different port than regular http. Yet I just
encountered a site that claimed, 

        This is the final step in completing your order.
        You are now connected to a secure directory where we
        guarantee your information is being sent in encrypted form.

Yet there was no indication of https, nor any other cue I recognized to
give me confidence in the statement. 

What else might they be using that would still be secure, and how would I
be able to identify it before sending credit card info?

Thanks, 

Andy