It appears that the Blockbuster Total Access "Rent It, Like, Keep It" payment processing system does not encrypt credit card information submitted by customers.
After seeing "http", and not "https", momentarily flash on my screen while making a purchase from my phone's web browser, I confirmed this from a computer.
As can be seen below, the purchase form is loaded using insecure HTTP instead of encrypted HTTPS.
Firebug shows that pressing the "Submit Purchase" button sends a request over HTTP (not secure) that contains all the information I entered into the form -- including the credit card number.
And, just to be sure there wasn't something encrypting the data that I wasn't seeing, I tried again through a proxy server. The proxy server recorded the following HTTP request body passing though it.
I can't help but wonder what leads to a national company being so careless with their customer's personal information.
Note: Other purchase forms/pages on the Blockbuster web site appear to use SSL over HTTPS to encrypt financial transactions.