OK, this looks like its on your own site.
I think you need https at least for this.
As per HarrisOrganic says
If you go to manage extenstions, find card capture, and then allowed zones, you'll need to add the zones which are allowed to post card details.
Personally, I'd avoid this plugin and use something like PayPal, as you're probably contravening all PCI DSS rules hosting the card gateway yourself.
Experience a security breach and a whole can of worms could open up for you.
Just my opinion.