Everything about card payments over the phone

Accepting card payments over the phone is a transaction method for niche businesses. To accept payments over the phone, virtual terminal has to be set up.

Payment method using virtual terminal enables merchants to accept payments when a buyer is not physically present. Although, this payment method is not as popular as using POS terminal or online via website, it remains a go-to payment method for niche business types.

In this blog post, we cover regulations, security and utilization of card payments over the phone (or by any other means of communication).

What is a virtual terminal?

In order to accept card payments over the phone, business have to setup a virtual terminal. It is a piece of software application which merchants use to submit their customer’s card data and initiates a payment for products or services. To an extent, it is similar to the well-known POS terminals, however a buyer completes a transaction online, without being physically present.

Virtual terminal processes transactions known as “Mail Order/Telephone Order”. Or in short – MO/TO terminal. It works in a simple matter:

Customer sends order and card details to the merchant over the phone (or any other communications device).
Merchant enters all the information in the online payment form of the virtual terminal.
Merchant receives a confirmation whether the card was charged successfully. Customer receives a receipt.

Who should use payments over the phone?

Accepting payments over the phone is a unique transaction method. It is not the most recognizable payment method, however it offers benefits that no other payment method can provide.

It is important to mention, that a virtual terminal works similarly to point-of-sale terminal. However, it’s key difference is that a buyer does not have to be physically available to initiate the transaction. Meaning, both merchant and customer performs their roles online. This provides the opportunity of payments convenience for niche businesses, who have a need to

complete a transaction over the distance.

Accept card payments over the phone is extremely useful when:

A merchant wants to process manual orders, while selling online.
You work on-the-go, leaving no time to take immediate payments or visit customers at a later date.
Both customer and merchant need a quicker processing time than bank transfer.
You need payments in advance.
You don’t like accepting cash.

For example industries like:

Accommodation services	Take-out restaurants, florists	Rental services

What are regulations for card payments over the phone?

For a card payment to be processed there are a set of regulations that a payment service provider has to comply with. However, card payments over the phone are a bit different.

First, talking about safety of payments over virtual terminal, it is important to learn what PCI DSS is:

Payment Card Industry Data Security Standard (PCI-DSS) – is a compliance standard that proves whether a payment service provider provides strict payment data privacy and security. A PCI DSS compliant payment service provider (PSP) ensures proper processes in handling sensitive card information. PCI DSS Level 1 is a highest security standard that a PSP can comply with.

Since MO/TO payments involve card information, it is the most relevant security measure for card payments over the phone. To process payments legitimately, payment service providers must comply with these standards. Violation of these standards can result in huge fines for the PSP. Which in result, damages merchants – to avoid these fines, providers decline the merchants who failed to comply with these standards. This is one of the reasons why there are requirements and regulations that limit who can use payments over the phone.

Payment Services Regulations (PSD2)

Another usual set of regulations that influence online card payments are set by EU Revised Directive on Payment Services (PSD2). It influence payment service providers within the European Economic Area. In addition, it imposes the new standard – Strong customer authentication (SCA). However, it is only applicable for customer-initiated payments. Since using over-the-phone payments are processed by the merchant on behalf of the customer, it is called merchant-initiated.

Meaning, Strong customer authentication and PSD2 does not apply to card payments over the phone.

Buyer rights

Similarly to typical online payments, the same customer rights attributes apply for payments over-the-phone. Merchants should keep in mind that consumers’ always have rights to dispute a chargeback for a payment that was initiated using virtual terminal.

Preventing and disputing chargebacks for over-the-phone payments are the same as for typical online payments. You can read more about it here: https://blog.cardinity.com/chargebacks/how-to-prevent-chargebacks/

Are card payments over the phone safe?

There are two ways to ensure safety for over-the-phone transactions. Either it’s merchant’s responsibility or their provider’s.

Choosing a payment service provider that complies with PCI DSS level 1 standards is a strong indicator of transaction safety. Such providers ensure that every transaction processed using virtual terminal complies with highest security requirements. Usually, their merchants are not liable for being compliant as it is being taken care of by the PSP.

For a merchant to undertake security of card payments over the phone can be a difficult task. They have to spend a lot of time to setup the data privacy and payment security measures. Most merchants’ would rather spend this time working on scaling their business.

In conclusion, safety of payments over the phone should be a matter of your service provider. Security of over-the-phone payments is evidenced by payment service provider’s PCI DSS level 1 compliance and being a part of card networks (VISA or MasterCard). High security of over-the-phone payments can have crucial impact of buyer intent and thus your sales volumes.

Requirements for over-the-phone payments

One of the payment service providers’ goals is a transparent, worldwide payment environment. Therefore, card payments processing is a very responsible task. Since card payments over the phone are merchant-initiated transactions, necessary requirements are set to ensure legitimacy of merchants who undertake this task.

For a merchant to use MO/TO virtual terminal for over-the-phone transactions, they must comply with the following requirements:

Strong processing history;
No excessive chargebacks;
Your company is reliable and functioning for more than 3 years.

Open a merchant account for free
and start processing payments with Cardinity!

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Everything about card payments over the phone