Yes... all credit card payments are made on secure encrypted connections.
When the customer is viewing your web site and inputting delivery address details the URL in the browser address bar will be something like: http://www.your domain.com/default.asp. This is not encrypted, and does not need to be.
If you have enabled the option and the customer wishes to pay by cheque then again their is no need for encryption as the customer is not imputing any financial details.
However, if the customer selects to pay by credit card they will forward on to WorldPay or PayPal to make the payment and the URL changes to something along the lines of: https://select.worldpay.com/wcc/transaction or https://www.paypal.com/uk/cgi-bin/webscr?cmd=something. This is a secure encrypted connection. You will see the http:// has changed to https:// and a padlock will be shown on the internet browser page.
Secure connections are slightly slower then normal connections, and require a security certificate for your domain name which is expensive, so, we will only take the customer to a secure connection when required.
Try it out... go through your web site as a customer right up to the credit card payment page, and you will see the security level change when financial details need to be added.