Cardstream offer two forms of integration...
With direct integration, your website (complete with secure certificate) captures the user's personal and credit card details and then forwards these behind the scenes to the secure Cardstream gateway. Cardstream then performs any necessary fraud and security checks, clears the payment with the acquiring bank and sends a response back to your website. Your website then delivers a formatted response back to the customer.
With the hosted form method, your user is passed to the Cardstream gateway where they then enter their card details and receive a response for the transaction, before being re-directed back to your website. In this scenario, no secure certificate is necessary but the process is not seamlessly integrated with your website.