CallCentre1 is PCI compliant. They do not store any credit card data in their databases. When a customer makes a payment with their details, it goes straight through their systems over a secured channel to a payment gateway.
Staff at CallCentre1 also get basic ‘PCI compliance’ training which outlines the relevant section to their daily duties. “Don’t tell a customer their Credit Card details for confirmation, get them to tell you” and the like.
So let’s say a hacker were to infiltrate CallCentre1. If the company were PCI compliant there shouldn’t be any sensitive CC data laying around which the hackers could take, right?