< Return to the Advice Hub

How to Take Card Payments Over the Phone: A Comprehensive Guide


The Ultimate Guide to Taking Payments Over the Phone Securely


Step-by-Step Process for Accepting Payments Over the Phone

The first step, for any business that is looking to accept debit or credits card payments, whether that is face to face, online or over the phone is to create a merchant account.


Ensuring PCI Compliance for Phone Transactions

If you already have a merchant account in place and are accepting card payments then please read on. If you’re completely new to accepting credit or debit card payments, though, you’ll need to apply for a merchant account before you can start. Merchant Accounts are normally sourced from a Merchant Acquirer or an Independent Sales Organization (ISO)​ whom will provide you with a Merchant ID (MID), which is unique identification number assigned to the business.

Merchant Acquirers, tend to be a financial institution that processes a payment transaction, such as credit or debit card payments, on behalf of a merchant.​ Simply put the Acquirer will ‘Acquire’ the money from the customers bank account and ‘settle’ it into​ the business account associated with the merchant ID (MID)​. The Acquirer will charge a percentage on the transaction value for providing this service (Merchant​ Service Charge). These rates can vary between card types (Visa, Mastercard, AMEX etc) and whether​they are debit, credit or commercial/business cards.

It is very important that a business understands the charges associated with a merchant account.

Gala Technology can provide some free and independent advice, cutting through the industry jargon and help you set up the right merchant account for you, with the right provider. Click here to find out how.

Taking Payments over the phone.

These types are payments are known in the industry as MOTO (mail order/telephone)

Sometimes these are also referred to as 'Cardholder Not Present' or CNP for short. This means that the cardholder/customer is not present to use Chip & Pin to authenticate the transaction as they would in a physical shop, often using their 4 digit pin code to prove the card belong to them.

So what are your options for taking payments over the phone.

Option 1:

Use your card terminal. (Non-Secure Process)

Whilst card machines are generally used for 'face to face' or 'cardholder present' transactions in physical locations, they can be used for telephone payments.

In order to do so, the cardholder would need to read out their sensitive card data, typically their long card number, expiry date and the 3 digits on the reserve of the card, to which the business will key in to the card terminal.

Pin Entry Device
Non Secure Payments

You should be aware of the associated risks and costs of accepting telephone payments in this manner. Two simple checks, behind the scenes will occur, to check whether the card has been reported lost or stolen and whether there is enough funds in the account to complete the transaction. At this point you will get an authorisation or decline notification.

You must clearly understand that an authorisation does not guarantee payment.

Because, the business has no idea of whether the voice on the other end of the phone, is indeed the genuine cardholder or a fraudster using compromised/stolen data, they become liable for fraud related chargebacks, should the cardholder challenge the transaction, claiming that they never authenticated the payment.

Last year (2019) in the UK, over £620.6m was lost to fraudulent transactions using UK payment cards. It is therefore suggested that you should only deliver goods or service to the 'registered cardholders address'

Because of the associated risk of fraud, acquirers will tend to charge you a higher rate to process the transaction. This is often referred to as a 'non-secure' transaction rate.​Another consideration, is that by asking the cardholder to read their details out to you, triggers your PCI DSS requirements to protect them and increases your risk of reputational damage.

If you cannot evidence to your acquirer that you are PCI DSS compliant​, you may be charged additional fees each month.

Option 2

Use a Virtual Terminal. (Non-Secure Process)

A Virtual Terminal is a web based portal that can be accessed through a desktop, tablet or mobile device. Designed for merchants to use when taking mail order or telephone payments to process credit and debit card payments, as well as refund transactions, all in real time.

The process for taking payments over the phone will vary, depending on your provider. You’ll need to:



  1. Log in to your virtual terminal with the account details your provider has given you.
  2. Follow the on-screen prompts to enter the customer’s details. Usually, you’ll need their long card number, the card’s expiry date, and the card security code.
  3. You might be required to ask for further information for security purposes, such as the name on the card, or the billing address.
  4. Submit the transaction and keep the customer on the phone while it is being processed
  5. Once the payment has been approved, your can dispatch the goods to the customers postal address.


Businesses need to be aware that these are often promoted as a 'secure' way to process MOTO transactions.

In our opinion, this is a little misleading as transactions processed through a Virtual Terminal, may be processed as and charged at a 'non-secure' transaction rate​, by your merchant account provider. Again, the cardholder needs to provide their sensitive card data, typically their long card number, expiry date and the 3 digits on the reserve of the card, to which the business will key in to Virtual Terminal. Additional checks such as 'Address Verification Services' (AVS)​, are often commonplace, however if you use a Virtual Terminal, your business is liable for fraud related chargebacks, should the cardholder challenge the transaction, claiming that they never authenticated the payment. It is therefore suggested that you should only deliver goods or service to the 'registered cardholders address'. PCI DSS requirements are also triggered, causing additional time, effort and cost.

Option 3:

Use our multi-award winning, SOTpay technology.

SOTpay User
Secure Payments

Ensuring Security and Compliance in Telephone Transactions

How does our innovation help?

Our cloud​-based technology does not require any additional hardware or amendments to existing telephony or ​network set up and is Acquirer and Payment gateway agnostic. Totally eliminating the need for capital expenditure, SOTpay can support businesses of all shapes and sizes in any sector.

SOTpay​ eliminates the risk of fraud related chargebacks for businesses, by authenticating MOTO and ​Omni channel CNP transactions and processes the payment in a PCI compliant manner, converting a risky ‘non​-secure’ transaction into a ‘secure, authenticated, compliant’ ​transaction in the eyes of the acquiring partner, the merchant can see significant savings in their​ Merchant​ Service Charges.​ We have seen businesses save in excess of £40,000 per annum,​following the deployment of SOTpay.​

SOTpay enables you to send out an electronic payment request in real time, via email, SMS, web chat or electronic invoices.

The flexibility of the SOTpay technology enables the merchant to accept secure and compliant​ transactions across numerous channels, boosting business by allowing cardholders to complete​ transactions in their desired channel of engagement. For example, if someone is engaging with the​ business on Facebook, SOTpay allows the business to take payment within the Facebook Messenger​ environment.

By preventing cardholder data in its entirety from entering the merchant environment, SOTpay makes achieving and​maintaining PCI DSS compliance easier and more manageable for your business. With liability for fraud related chargebacks eliminated the merchant can also deliver to an alternative​ delivery address, instead of just to the registered cardholder’s address.

As a disruptive payment technology, the PCI SSC updated their Global ‘Protecting Telephone Payments’​ guidelines to include our innovative approach, which gave us tremendous credibility within the​ acquiring industry. We have subsequently become partners to some of the largest payment​ organisations in the world, helping to protect and support​ their merchants against the challenges that business face.


Some Frequently Asked Questions:-

How do I securely take card payments over the phone?
As a merchant, the safest way is to NOT handle the payment card data at all. This can be accomplished by using a specialist third party service such as SOTpay from Gala Technology.
CNP or Card Not Present means that the cardholder/customer is not present to use Chip & Pin to authenticate the transaction as they would in a physical shop, often using their 4 digit pin code to prove the card belong to them.
A Virtual Terminal is a web based portal that can be accessed through a desktop, tablet or mobile device. Designed for merchants to use when taking mail order or telephone payments to process credit and debit card payments, as well as refund transactions, all in real time.



Need secure payment services? Request a priority callback!

Fill out the form, and a professional payment advisor will contact you.






Armor Secure Hosting    DMARC - Email Protection    PCI Compliant

Gala Technology Limited, Unit 10 Farfield Park, Manvers, Rotherham, South Yorkshire, S63 5DB
what3words location ///balance.buyers.shrug


Articles | Support | PCI-DSS | Chargebacks | Advice | Articles | Switch To SOTpay | Jobs

         



Copyright © 2015 - 2024 Gala Technology Limited. All Rights Reserved.

Privacy Policy  |  Merchant Support  |  Complaints Procedure

Trustpilot

BEGIN YOUR FREE TRIAL