How to Take Payments Over the Phone: A Secure and Efficient Guide for Businesses
Taking payments over the phone offers businesses flexibility and convenience for customers who prefer not to pay online. With the right tools and processes, accepting card payments by phone is straightforward and secure. To take payments over the phone, you'll need either a virtual terminal through your payment processor or a card machine capable of handling remote transactions.
Phone payments remain popular despite the rise of online shopping. Many customers still prefer speaking with a real person when making purchases or paying bills. Virtual terminals make this process simple by providing a secure online interface where staff can enter customer card details. Alternatively, businesses can use their existing card machines for these transactions.
Before implementing phone payments, ensure your system complies with payment security standards. The process typically involves collecting the customer's 16-digit card number, expiration date, and security code, then entering these details into your payment system. Most providers allow you to accept all major credit and debit cards, including Visa, MasterCard and American Express.
Key Takeaways
- Phone payment systems require either a virtual terminal or compatible card machine to securely process customer transactions.
- Businesses must follow proper security protocols when handling card information to protect customer data and maintain compliance.
- Well-implemented phone payment solutions can improve customer satisfaction by offering flexible payment options for those who prefer human interaction.
Legal and Privacy Considerations
Taking payments over the phone involves handling sensitive financial data, which requires adherence to specific regulations and best practices. Businesses must protect customer information while complying with relevant laws to prevent fraud and build trust.
Understanding Data Protection Laws
In the UK, phone payment processing falls under several important legal frameworks. The General Data Protection Regulation (GDPR) requires businesses to protect personal information, including payment details.
The Payment Card Industry Data Security Standard (PCI DSS) sets specific requirements for organisations handling card payments. These standards apply to all cardholder-not-present transactions, including phone payments.
Key legal responsibilities include:
- Protecting customer data from unauthorised access
- Informing customers about how their data will be used
- Having a clear privacy policy that covers phone payments
- Keeping records of compliance efforts
-
Non-compliance can result in significant fines and reputational damage. Regular audits help ensure the business meets all legal requirements.
Obtaining Consent for Recording Calls
When recording payment calls, businesses must clearly inform customers before recording begins. The Regulation of Investigatory Powers Act 2000 (RIPA) requires explicit notification and consent.
A standard approach is to use an automated message at the beginning of calls stating:
- That the call may be recorded
- The purpose of the recording
- How the information will be used
Agents should also verbally confirm consent before proceeding with payment collection. This consent should be documented in customer records.
It's important to explain how recordings help protect both parties. Many customers appreciate this security measure when properly explained.
Businesses should establish clear policies on:
- How long recordings are kept
- Who can access them
- When they will be deleted
The recording system must be secure and comply with data protection requirements.
Secure Storage and Handling of Payment Information
Secure handling of payment data is essential for preventing fraud and data breaches. Businesses should never store complete card details unless absolutely necessary and properly secured.
Best practices include:
- Using secure payment processing systems that mask card numbers
- Implementing card tokenisation to replace sensitive data with non-sensitive equivalents
- Training staff to never write down full card details
- Processing payments in secure, private areas only
Physical security measures are equally important. Payment processing should take place in areas with restricted access, away from public view and unauthorised personnel.
Staff should be trained to recognise potential fraud indicators during phone transactions. Regular security refresher training helps maintain awareness of current threats and compliance requirements.
Choosing the Right Payment Processing Solutions
Selecting an appropriate payment solution impacts your business efficiency, security compliance, and customer trust. The right system should balance functionality with cost while providing robust security features.
Types of Phone Payment Systems
When taking payments over the phone, you'll encounter several system options. Virtual terminals are web-based interfaces that allow you to manually enter card details. They're ideal for businesses without high call volumes.
Payment gateways with phone payment features offer more integration options. These systems typically work across multiple channels, not just phone payments.
MOTO (Mail Order/Telephone Order) merchant accounts are specifically designed for businesses regularly processing phone payments. They often include specialised fraud protection.
IVR (Interactive Voice Response) systems automate the payment process, allowing customers to input their own card details. This reduces staff involvement and potential security risks.
Virtual Terminal
- Low Cost Setup
- 1.5% - 3.5% Transaction Fee
- Security - Medium/High
MOTO Account
- Medium Cost Setup
- 1% - 2.8% Transaction Fee
- Security - High
IVR System
- High Cost Setup
- 1% - 2.5% Transaction Fee
- Security - Very High
Integrating with Your Existing Accounting Software
Integration capabilities are crucial for efficient operations. Modern payment systems should connect with your existing accounting software to reduce manual data entry and errors.
Look for solutions offering API access or direct integrations with popular platforms like QuickBooks, Xero, or Sage. This ensures transaction data flows automatically into your financial systems.
Payment processors that provide real-time synchronisation help maintain accurate cash flow visibility and simplify reconciliation. Consider these key integration features:
- Automatic transaction recording
- Customer profile syncing
- Invoice matching capabilities
- Detailed payment reports
- Tax calculation support
Some solutions also offer custom integration options for businesses with bespoke accounting systems. While potentially more expensive, these can deliver superior workflow efficiency for complex operations.
Fraud Prevention and Detection Systems
Telephone payments face unique security challenges compared to in-person transactions. Strong fraud prevention systems are essential to protect both your business and customers.
Look for solutions that offer:
- Address Verification Service (AVS) - Checks if the provided address matches the card issuer's records
- Card Security Code (CSC/CVV) verification - Verifies the card is physically present with the customer
- Transaction monitoring - Flags unusual patterns in real-time
- Velocity checks - Identifies multiple failed attempts from the same source
PCI DSS compliance is non-negotiable for phone payments. Choose systems that offer "de-scoping" features like DTMF masking, which converts touchtone key presses into non-identifiable tones to protect card details.
More advanced solutions incorporate AI-driven fraud detection to identify suspicious patterns before transactions complete. While adding cost, these systems reduce chargeback risks and protect your reputation.
Setting Up Your Phone Payment System
Taking payments over the phone requires a proper setup to ensure security and efficiency. The right combination of hardware, software, and staff training creates a seamless payment experience for both your business and customers.
Required Hardware and Software
To begin accepting phone payments, you'll need minimal hardware compared to in-person transactions. A reliable telephone system with good call quality is essential for clear communication with customers. A computer or tablet with internet access will serve as your payment processing station.
For software, you'll require a secure payment gateway that connects to your merchant account. Choose a PCI-DSS compliant solution to protect customer data.
Many providers offer integrated systems that combine customer relationship management (CRM) with payment processing. This integration helps track customer information alongside their payment history.
Consider these essential software features:
- End-to-end encryption
- Fraud detection capabilities
- Receipt generation and delivery options
- Transaction reporting and analytics
Virtual Terminals
A virtual terminal is the cornerstone of phone payment processing. It's a secure, web-based page that allows you to manually enter customer card details.
Most virtual terminals work through a simple login process. After receiving your credentials, you'll access a URL where you can input customer payment information. The system then processes the transaction in real-time, similar to in-person payments.
Leading payment providers like Lloyds Bank Cardnet offer virtual terminals with additional features such as recurring billing options, which are ideal for subscription-based businesses.
Virtual terminals typically charge per transaction, with fees ranging from 1.5% to 3.5% depending on your provider and transaction volume. Some may include monthly subscription costs for additional features and support.
Configuring Payment Software
Proper configuration of your payment software ensures smooth transactions and robust security. Begin by setting up user accounts with appropriate access levels for staff members handling payments.
Configure your transaction limits and risk settings based on your business needs. Many systems allow you to set maximum transaction values and flagging rules for potentially suspicious activities.
Integration with your existing systems is crucial. Many virtual terminals can connect with:
- Accounting software
- Inventory management systems
- Order processing platforms
- Email marketing tools
Enable transaction notifications to keep both your team and customers informed. Automated receipts and confirmation emails build trust and provide necessary documentation for both parties.
Training Staff in Payment Processing
Thorough staff training is essential for secure and efficient phone payment processing. All team members should understand the importance of data security and how to take payments safely.
Create a standardised script for taking payments that includes verification steps. Staff should know how to confirm customer identity through appropriate security questions before processing payments.
Role-playing exercises help staff practise handling different payment scenarios, including dealing with declined cards or connectivity issues. Regular refresher training keeps everyone updated on best practices and new features.
Key training topics should include:
- Data protection regulations (GDPR, PCI-DSS)
- Fraud detection and prevention
- Troubleshooting common issues
- Customer service during payment processing
Document all procedures in a clear, accessible manual that staff can reference when needed.
Conducting the Payment Process
Taking payments over the phone requires a structured approach to ensure security and accuracy. Following these key steps will help you process transactions efficiently while maintaining customer trust and compliance with regulations.
Guiding the Customer through the Payment Process
Begin by explaining to the customer that you're about to take their payment details. Inform them about the total amount to be charged and confirm they're ready to proceed. It's important to process the transaction in a professional manner.
Tell the customer which payment cards you accept. Most businesses handle Visa, Mastercard, and American Express.
Ask for the card details in this specific order:
- 16-digit card number
- Expiry date (month/year)
- Security code (CVV)
- Cardholder name
Speak clearly and confirm each detail as it's provided. If using a virtual terminal or payment app, enter the information directly into your system as the customer provides it.
Verifying Customer Identity and Payment Details
Before processing the payment, verify the customer's identity to reduce fraud risks. This step is crucial for Card Not Present transactions.
Request the customer's billing address and postcode to perform an Address Verification Service (AVS) check. This matches the address with the card issuer's records.
Double-check all payment details before submission:
- Card number
- Expiry date
- Security code
- Billing address
For high-value transactions, consider additional verification:
- Ask for the customer's contact telephone number
- Confirm previous purchase history
- Verify email address on file
Always remain vigilant for suspicious behaviour such as hesitation when providing information or inconsistencies in details provided.
Providing a Payment Confirmation
Once the payment is processed, immediately inform the customer whether the transaction was successful. Enter their card information correctly to avoid errors.
Provide the customer with a transaction reference number and explain when they will receive a receipt. Most businesses send email receipts within minutes of the transaction.
Important details to include in the confirmation:
- Transaction amount
- Date and time of payment
- Order or service details
- Expected delivery date (if applicable)
- Reference number
Ask if the customer would like the receipt sent via email or post. Always thank them for their business and enquire if they need anything else.
Remember to inform customers that their card details will be securely handled and not stored inappropriately, following payment card industry standards.
Customer Service and Support
Effective customer service is essential when handling phone payments. The right support practices build trust and ensure smooth transactions even when problems arise.
Handling Inquiries and Complaints
When customers call with questions or complaints about phone payments, staff should respond promptly and professionally. Aim to resolve issues during the first call whenever possible.
Create a clear script for common payment queries that includes verification steps and troubleshooting tips. This helps maintain consistency across your team.
Always document inquiries in your CRM system with detailed notes about the customer's concern and the solution provided. This creates a helpful history if the customer calls again.
For difficult complaints, empower staff to offer appropriate compensation where necessary. This might include waiving processing fees or offering a discount on future purchases.
Remember that taking card payments over the phone requires extra patience as customers may be unfamiliar with the process.
Implementing a Refund Policy
A clear, fair refund policy builds customer confidence when making phone payments. Display your policy on your website and ensure staff can explain it clearly.
Your refund policy should include:
- Timeframe: How many days customers have to request a refund
- Documentation: What proof of purchase is required
- Process: Steps customers must follow to initiate a refund
- Exceptions: Any products or circumstances that aren't eligible
Train your team to process refunds efficiently through your virtual terminal. Most systems allow you to issue full or partial refunds directly to the customer's card.
Keep detailed records of all refunds processed, including reasons. This data helps identify potential issues with products or services that might need addressing.
Ensuring Continuous Staff Training
Regular training ensures your team stays current with payment technologies and security protocols. Schedule quarterly refresher sessions covering both technical skills and customer service techniques.
Training should cover:
- Payment security standards (PCI DSS compliance)
- Fraud detection and prevention
- System updates to your telephone order system
- Data protection regulations
- Conflict resolution techniques
Role-playing exercises help staff practise handling difficult payment scenarios. Create scenarios based on real customer interactions for authentic practice opportunities.
Consider creating a knowledge base with answers to common questions about your payment process. This resource helps new staff get up to speed quickly and serves as a reference for everyone.
Monitor calls occasionally to identify training needs and provide constructive feedback. This quality assurance process maintains high standards across your team.
Monitoring and Improving the Phone Payment System
A robust payment system requires ongoing attention to function effectively and securely. Regular assessment helps businesses identify vulnerabilities and enhance customer experience.
Regularly Reviewing Transaction Records
Transaction monitoring serves as your first line of defence against fraudulent activities. Daily reviews of payment records can help identify unusual patterns or suspicious transactions that might indicate fraud attempts.
Look for these red flags:
- Multiple failed payment attempts
- Unusually large transactions
- Several transactions using different cards but shipping to the same address
- Orders from high-risk countries
Set up automatic alerts for transactions that exceed certain thresholds. This allows your team to verify legitimacy before processing.
Create a monthly report to track key metrics such as transaction volume, average order value, and decline rates. Tracking these metrics helps identify trends and potential issues before they become serious problems.
Analysing Customer Feedback
Customer insights can highlight strengths and weaknesses in your phone payment process. Establish multiple channels for collecting feedback, including post-transaction surveys, follow-up emails, and occasional phone calls.
Pay particular attention to complaints about payment friction or security concerns. These often signal areas needing immediate improvement.
Categorise feedback to identify recurring themes. Common issues might include:
- Long processing times
- Confusion about payment steps
- Concerns about providing card details verbally
- Staff knowledge gaps
Compare customer satisfaction scores before and after implementing changes to measure improvement effectiveness. This data-driven approach ensures modifications genuinely enhance the customer experience rather than simply changing procedures.
Updating Security Measures and Compliance
Payment security standards evolve constantly to counter emerging threats. Schedule quarterly reviews of your security protocols to ensure they remain effective and compliant with PCI DSS requirements.
Train staff regularly on security practices and recognition of social engineering attempts. Even experienced team members benefit from refresher training every six months.
Consider implementing more secure technology solutions such as:
- Tokenisation systems that replace card data with unique identifiers
- End-to-end encryption for all transaction data
- Two-factor authentication for payment processing systems
Conduct annual security audits with third-party specialists to identify vulnerabilities that might be missed internally. External perspective often reveals blind spots in your security approach.
Maintain detailed documentation of all security updates and compliance checks. This creates an audit trail that proves your commitment to transaction security.
Frequently Asked Questions
Taking card payments over the phone involves specific processes, security measures, and regulatory considerations. Businesses have several options for processing these transactions safely and efficiently.
What methods are available for accepting credit card payments over the phone?
Businesses can accept credit card payments over the phone using several methods. The most common approach is using a virtual terminal provided by a payment processor.
Another option is using a standard card machine with manual entry capabilities. Some businesses also use integrated payment systems that connect with their CRM or order management software.
Mobile payment solutions have also become increasingly popular for small businesses needing flexibility in how they accept payments.
What is the process for using a card machine to take telephone payments?
When using a card machine for telephone payments, the process is straightforward. The merchant must manually enter the customer's card details into the terminal.
First, select the "manual entry" option on your card machine. Then input the 16-digit card number, expiration date, and security code as provided by the customer over the phone.
The machine will process the payment and produce a receipt which can be sent to the customer via email or text message.
What precautions should be taken when accepting debit card details over the phone?
When taking debit card details, businesses should ensure they're using encrypted connections and secure payment systems. Staff should be properly trained on data protection policies.
It's important to never write down or store card details after the transaction. Businesses should also consider using technologies that mask card numbers during the transaction process.
Customers should be informed about the security measures in place to protect their information, which helps build trust and confidence.
Can businesses utilise payment services like SumUp to take payments over the phone, and if so, how?
Yes, businesses can use services like SumUp for telephone payments. SumUp provides a web-based portal that connects to the merchant account.
To process a payment, merchants log into their SumUp account and access the virtual terminal feature. They can then enter the customer's payment details and complete the transaction securely.
These services typically charge a slightly higher fee for manual entry transactions compared to chip and PIN payments due to the increased risk.
What are the best practices for securely asking for card information during a phone transaction?
When requesting card information, businesses should ask for details in a structured manner. First, explain why the information is needed and how it will be protected.
Ask for the card number, expiration date, and CSV code in that order. Never request unnecessary information such as the customer's PIN.
It's good practice to inform customers when you're entering their details and when the transaction is complete. This transparency helps maintain trust throughout the process.
Are there specific regulations that need to be followed when processing phone payments in the UK?
In the UK, businesses taking phone payments must comply with PCI DSS (Payment Card Industry Data Security Standard) regulations. These standards ensure cardholder data is processed securely.
The GDPR (General Data Protection Regulation) also applies to any personal data collected during transactions. Businesses must inform customers how their data will be used and stored.
Additionally, businesses should follow FCA (Financial Conduct Authority) guidelines regarding fair treatment of customers and transparent fee structures.
