Re: based on experience of SMEs
"c) the company where customers were talked through giving their card details over the phone so staff could enter details into website if customers couldnt use it ."
This isn't a major issue if done securely, many call centres do something similar. As long as there is no call recording or the recording system they have is PCI compliant and the connection to the web server is fully secure and no 3D Secure details are passed over.