GDPR replaced PCI in January 2021, from my understanding the methods used by the overseas call centres don’t follow either framework.

I also strongly suspect that from a UK consumer perspective handing over all the card details would be green lighted by the banks.

Again please comment, I am pretty sure for a number of years payments taken over the phone in the UK have had to be secured.