From a colleague:
If a patron asks us to enter the number on the credit card that they hand us and it turns out to be stolen, what is the staff member's liability?
Response: Oh my, I wouldn't recommend staff touch patron credit cards or enter the credit card numbers at all! Even if the card isn't stolen, I see a swarm of potential liability problems. You enter the card number, and the site itself is a fraud. Or you enter it and somehow it gets entered twice. Or ...
What is the experience of readers on this issue?