Taking payments over the phone offers businesses flexibility and convenience for customers who prefer not to pay online. With the right tools and processes, accepting card payments by phone is straightforward and secure. To take payments over the phone, you'll need either a virtual terminal through your payment processor or a card machine capable of handling remote transactions.
Phone payments remain popular despite the rise of online shopping. Many customers still prefer speaking with a real person when making purchases or paying bills. Virtual terminals make this process simple by providing a secure online interface where staff can enter customer card details. Alternatively, businesses can use their existing card machines for these transactions.
Before implementing phone payments, ensure your system complies with payment security standards. The process typically involves collecting the customer's 16-digit card number, expiration date, and security code, then entering these details into your payment system. Most providers allow you to accept all major credit and debit cards, including Visa, MasterCard and American Express.
Taking payments over the phone involves handling sensitive financial data, which requires adherence to specific regulations and best practices. Businesses must protect customer information while complying with relevant laws to prevent fraud and build trust.
In the UK, phone payment processing falls under several important legal frameworks. The General Data Protection Regulation (GDPR) requires businesses to protect personal information, including payment details.
The Payment Card Industry Data Security Standard (PCI DSS) sets specific requirements for organisations handling card payments. These standards apply to all cardholder-not-present transactions, including phone payments.
Key legal responsibilities include:
Non-compliance can result in significant fines and reputational damage. Regular audits help ensure the business meets all legal requirements.
When recording payment calls, businesses must clearly inform customers before recording begins. The Regulation of Investigatory Powers Act 2000 (RIPA) requires explicit notification and consent.
A standard approach is to use an automated message at the beginning of calls stating:
Agents should also verbally confirm consent before proceeding with payment collection. This consent should be documented in customer records.
It's important to explain how recordings help protect both parties. Many customers appreciate this security measure when properly explained.
Businesses should establish clear policies on:
The recording system must be secure and comply with data protection requirements.
Secure handling of payment data is essential for preventing fraud and data breaches. Businesses should never store complete card details unless absolutely necessary and properly secured.
Best practices include:
Physical security measures are equally important. Payment processing should take place in areas with restricted access, away from public view and unauthorised personnel.
Staff should be trained to recognise potential fraud indicators during phone transactions. Regular security refresher training helps maintain awareness of current threats and compliance requirements.
Selecting an appropriate payment solution impacts your business efficiency, security compliance, and customer trust. The right system should balance functionality with cost while providing robust security features.
When taking payments over the phone, you'll encounter several system options. Virtual terminals are web-based interfaces that allow you to manually enter card details. They're ideal for businesses without high call volumes.
Payment gateways with phone payment features offer more integration options. These systems typically work across multiple channels, not just phone payments.
MOTO (Mail Order/Telephone Order) merchant accounts are specifically designed for businesses regularly processing phone payments. They often include specialised fraud protection.
IVR (Interactive Voice Response) systems automate the payment process, allowing customers to input their own card details. This reduces staff involvement and potential security risks.
Virtual Terminal
MOTO Account
IVR System
Integration capabilities are crucial for efficient operations. Modern payment systems should connect with your existing accounting software to reduce manual data entry and errors.
Look for solutions offering API access or direct integrations with popular platforms like QuickBooks, Xero, or Sage. This ensures transaction data flows automatically into your financial systems.
Payment processors that provide real-time synchronisation help maintain accurate cash flow visibility and simplify reconciliation. Consider these key integration features:
Some solutions also offer custom integration options for businesses with bespoke accounting systems. While potentially more expensive, these can deliver superior workflow efficiency for complex operations.
Telephone payments face unique security challenges compared to in-person transactions. Strong fraud prevention systems are essential to protect both your business and customers.
Look for solutions that offer:
PCI DSS compliance is non-negotiable for phone payments. Choose systems that offer "de-scoping" features like DTMF masking, which converts touchtone key presses into non-identifiable tones to protect card details.
More advanced solutions incorporate AI-driven fraud detection to identify suspicious patterns before transactions complete. While adding cost, these systems reduce chargeback risks and protect your reputation.
Taking payments over the phone requires a proper setup to ensure security and efficiency. The right combination of hardware, software, and staff training creates a seamless payment experience for both your business and customers.
To begin accepting phone payments, you'll need minimal hardware compared to in-person transactions. A reliable telephone system with good call quality is essential for clear communication with customers. A computer or tablet with internet access will serve as your payment processing station.
For software, you'll require a secure payment gateway that connects to your merchant account. Choose a PCI-DSS compliant solution to protect customer data.
Many providers offer integrated systems that combine customer relationship management (CRM) with payment processing. This integration helps track customer information alongside their payment history.
Consider these essential software features:
A virtual terminal is the cornerstone of phone payment processing. It's a secure, web-based page that allows you to manually enter customer card details.
Most virtual terminals work through a simple login process. After receiving your credentials, you'll access a URL where you can input customer payment information. The system then processes the transaction in real-time, similar to in-person payments.
Leading payment providers like Lloyds Bank Cardnet offer virtual terminals with additional features such as recurring billing options, which are ideal for subscription-based businesses.
Virtual terminals typically charge per transaction, with fees ranging from 1.5% to 3.5% depending on your provider and transaction volume. Some may include monthly subscription costs for additional features and support.
Proper configuration of your payment software ensures smooth transactions and robust security. Begin by setting up user accounts with appropriate access levels for staff members handling payments.
Configure your transaction limits and risk settings based on your business needs. Many systems allow you to set maximum transaction values and flagging rules for potentially suspicious activities.
Integration with your existing systems is crucial. Many virtual terminals can connect with:
Enable transaction notifications to keep both your team and customers informed. Automated receipts and confirmation emails build trust and provide necessary documentation for both parties.
Thorough staff training is essential for secure and efficient phone payment processing. All team members should understand the importance of data security and how to take payments safely.
Create a standardised script for taking payments that includes verification steps. Staff should know how to confirm customer identity through appropriate security questions before processing payments.
Role-playing exercises help staff practise handling different payment scenarios, including dealing with declined cards or connectivity issues. Regular refresher training keeps everyone updated on best practices and new features.
Key training topics should include:
Document all procedures in a clear, accessible manual that staff can reference when needed.
Taking payments over the phone requires a structured approach to ensure security and accuracy. Following these key steps will help you process transactions efficiently while maintaining customer trust and compliance with regulations.
Begin by explaining to the customer that you're about to take their payment details. Inform them about the total amount to be charged and confirm they're ready to proceed. It's important to process the transaction in a professional manner.
Tell the customer which payment cards you accept. Most businesses handle Visa, Mastercard, and American Express.
Ask for the card details in this specific order:
Speak clearly and confirm each detail as it's provided. If using a virtual terminal or payment app, enter the information directly into your system as the customer provides it.
Before processing the payment, verify the customer's identity to reduce fraud risks. This step is crucial for Card Not Present transactions.
Request the customer's billing address and postcode to perform an Address Verification Service (AVS) check. This matches the address with the card issuer's records.
Double-check all payment details before submission:
For high-value transactions, consider additional verification:
Always remain vigilant for suspicious behaviour such as hesitation when providing information or inconsistencies in details provided.
Once the payment is processed, immediately inform the customer whether the transaction was successful. Enter their card information correctly to avoid errors.
Provide the customer with a transaction reference number and explain when they will receive a receipt. Most businesses send email receipts within minutes of the transaction.
Important details to include in the confirmation:
Ask if the customer would like the receipt sent via email or post. Always thank them for their business and enquire if they need anything else.
Remember to inform customers that their card details will be securely handled and not stored inappropriately, following payment card industry standards.
Effective customer service is essential when handling phone payments. The right support practices build trust and ensure smooth transactions even when problems arise.
When customers call with questions or complaints about phone payments, staff should respond promptly and professionally. Aim to resolve issues during the first call whenever possible.
Create a clear script for common payment queries that includes verification steps and troubleshooting tips. This helps maintain consistency across your team.
Always document inquiries in your CRM system with detailed notes about the customer's concern and the solution provided. This creates a helpful history if the customer calls again.
For difficult complaints, empower staff to offer appropriate compensation where necessary. This might include waiving processing fees or offering a discount on future purchases.
Remember that taking card payments over the phone requires extra patience as customers may be unfamiliar with the process.
A clear, fair refund policy builds customer confidence when making phone payments. Display your policy on your website and ensure staff can explain it clearly.
Your refund policy should include:
Train your team to process refunds efficiently through your virtual terminal. Most systems allow you to issue full or partial refunds directly to the customer's card.
Keep detailed records of all refunds processed, including reasons. This data helps identify potential issues with products or services that might need addressing.
Regular training ensures your team stays current with payment technologies and security protocols. Schedule quarterly refresher sessions covering both technical skills and customer service techniques.
Training should cover:
Role-playing exercises help staff practise handling difficult payment scenarios. Create scenarios based on real customer interactions for authentic practice opportunities.
Consider creating a knowledge base with answers to common questions about your payment process. This resource helps new staff get up to speed quickly and serves as a reference for everyone.
Monitor calls occasionally to identify training needs and provide constructive feedback. This quality assurance process maintains high standards across your team.
A robust payment system requires ongoing attention to function effectively and securely. Regular assessment helps businesses identify vulnerabilities and enhance customer experience.
Transaction monitoring serves as your first line of defence against fraudulent activities. Daily reviews of payment records can help identify unusual patterns or suspicious transactions that might indicate fraud attempts.
Look for these red flags:
Set up automatic alerts for transactions that exceed certain thresholds. This allows your team to verify legitimacy before processing.
Create a monthly report to track key metrics such as transaction volume, average order value, and decline rates. Tracking these metrics helps identify trends and potential issues before they become serious problems.
Customer insights can highlight strengths and weaknesses in your phone payment process. Establish multiple channels for collecting feedback, including post-transaction surveys, follow-up emails, and occasional phone calls.
Pay particular attention to complaints about payment friction or security concerns. These often signal areas needing immediate improvement.
Categorise feedback to identify recurring themes. Common issues might include:
Compare customer satisfaction scores before and after implementing changes to measure improvement effectiveness. This data-driven approach ensures modifications genuinely enhance the customer experience rather than simply changing procedures.
Payment security standards evolve constantly to counter emerging threats. Schedule quarterly reviews of your security protocols to ensure they remain effective and compliant with PCI DSS requirements.
Train staff regularly on security practices and recognition of social engineering attempts. Even experienced team members benefit from refresher training every six months.
Consider implementing more secure technology solutions such as:
Conduct annual security audits with third-party specialists to identify vulnerabilities that might be missed internally. External perspective often reveals blind spots in your security approach.
Maintain detailed documentation of all security updates and compliance checks. This creates an audit trail that proves your commitment to transaction security.
Taking card payments over the phone involves specific processes, security measures, and regulatory considerations. Businesses have several options for processing these transactions safely and efficiently.
Businesses can accept credit card payments over the phone using several methods. The most common approach is using a virtual terminal provided by a payment processor.
Another option is using a standard card machine with manual entry capabilities. Some businesses also use integrated payment systems that connect with their CRM or order management software.
Mobile payment solutions have also become increasingly popular for small businesses needing flexibility in how they accept payments.
When using a card machine for telephone payments, the process is straightforward. The merchant must manually enter the customer's card details into the terminal.
First, select the "manual entry" option on your card machine. Then input the 16-digit card number, expiration date, and security code as provided by the customer over the phone.
The machine will process the payment and produce a receipt which can be sent to the customer via email or text message.
When taking debit card details, businesses should ensure they're using encrypted connections and secure payment systems. Staff should be properly trained on data protection policies.
It's important to never write down or store card details after the transaction. Businesses should also consider using technologies that mask card numbers during the transaction process.
Customers should be informed about the security measures in place to protect their information, which helps build trust and confidence.
Yes, businesses can use services like SumUp for telephone payments. SumUp provides a web-based portal that connects to the merchant account.
To process a payment, merchants log into their SumUp account and access the virtual terminal feature. They can then enter the customer's payment details and complete the transaction securely.
These services typically charge a slightly higher fee for manual entry transactions compared to chip and PIN payments due to the increased risk.
When requesting card information, businesses should ask for details in a structured manner. First, explain why the information is needed and how it will be protected.
Ask for the card number, expiration date, and CSV code in that order. Never request unnecessary information such as the customer's PIN.
It's good practice to inform customers when you're entering their details and when the transaction is complete. This transparency helps maintain trust throughout the process.
In the UK, businesses taking phone payments must comply with PCI DSS (Payment Card Industry Data Security Standard) regulations. These standards ensure cardholder data is processed securely.
The GDPR (General Data Protection Regulation) also applies to any personal data collected during transactions. Businesses must inform customers how their data will be used and stored.
Additionally, businesses should follow FCA (Financial Conduct Authority) guidelines regarding fair treatment of customers and transparent fee structures.