Ordering by phone is not a problem, many stores do it. There is of course a level of trust, many people are unwilling to do so but frankly it's no different that giving your CC card to pay at a restaurant etc. The site can process cards offline (I am assuming they have a card swipe or whatever that thing is called). However they must have a secure certificate and a secure gateway to collect the CC number, they would then view that info on the secure (admin) side of the site, not email the number. They can choose not to process the order live but I believe it may for instance validate the card number and perhaps pre-auth the charge. There is no getting around the secure apparatus for online CC card sales even if the card is charged offline later. If they do not want to pay for all that, then have a third party like PayPal handle the payment or make orders payable by check, money order, C.O.D., etc. The company I work for processes cards offline but we have SSL for each webstore and a gateway for handling the transaction. Even if what you are thinking of doing is not illegal, it is extremely foolish and IMHO unethical.