'What kind of outfit collects credit card details without using a hired secured encrypted credit card service. There is no person sitting server side, examining the donations to parse the text field, to hand match with the credit card details.'Well, me actually! I have a site that does exactly that. But it only takes 1-3 orders a day, and the company already had their own telephone credit card system. So someone does sit server side once a day and takes down payment details to send through their own credit card authorisation system.
So it can be done, but I can't see anyone setting up a system like that for more than a very few payments.
The form is dodgy, and the payment collection method is unorthodox, but I don't think that would be enough evidence to go for fraud charges (I'm no lawyer!)
