The incredibly quick one-word answer to this is, yes.
Taking card payments over the phone is a great way to scale your business, connect with customers near and far, and speed up billing cycles. That said, we get you don’t want to do anything that could infringe you or your customers’ financial safety - but the good news is virtual terminals are all pros and no cons.
So, in this article, we’ll give you peace of mind by explaining the measures in place to safeguard phone payments and what you can do to help, but first...
A few things to bear in mind
- You can only be sure your phone payments are secure if the terminal you choose is PCI compliant, and that means it’s passed all the standards needed to prove it takes card payments safely and securely.
- As well as choosing a card payment option that’s PCI compliant, your business needs to comply too. If you need help with this, check out our PCI compliance service.
- The final safety net is the legitimacy of the customer. You can have passed the PCI checks with flying colours but if the person on the other end of the phone’s a fraudster, you could be subject to some pretty hefty chargeback fees from their payment provider.
- Bear in mind some customers might be wary of giving their card details out over the phone. Statistics do show card-not-present transactions have a higher fraud rate than machine-based payments, so make sure you present yourself as legit and do your due diligence to make sure they are too.
Now we’ve covered all the housekeeping, let’s take a closer look at the measures in place to protect phone payments for everyone.
What is it? It’s short for Payment Card Industry Data Security Standards and it’s a set of measures businesses must take to show they’re storing, transmitting and processing cardholders’ data safely and securely.
In a sentence, the aim of the standards is to prevent and reduce fraud.
There are three ways you can become PCI compliant:
- Onboard the help of a PCI SSC-Qualified Security Assessor (QSA),
- Choose a payment provider who does the work for you (we include this for free as part of your set up), or
- Go through the steps yourself - you can find an in-depth breakdown of them here.
Going back to phone payments and PCI compliance, our virtual terminals (and all our solutions full stop, for that matter) are fully compliant as standard, so that’s one less thing for you to worry about.
AVS and CVV checks
When you take card payments over the phone it’s as simple as asking for the 16-digit card number and expiration date and popping them into your virtual terminal.
But, any decent virtual terminal or card machine will request additional security information, adding another layer of safety for you and your customers
Address Verification System (AVS): this marries up the billing address the customer gives you with the address they’ve registered with their bank. If it’s not a match you’ll be told and it’s probably a wise idea to stop the transaction there.
Card Verification Value (CVV or CV2): these are the three or sometimes four digits found on the back of the customer’s credit or debit card and is entered to ensure the code corresponds with what’s on the credit issuer’s file.
In case you’re wondering, our virtual terminals come with both these security measures.
How you can help
Outside of the part and parcel features you get with virtual terminals, there are things you can do yourself to tighten your own safety set-up too.
- Make sure all your staff are fully clued up on your processes and run regular (say, annual) security awareness sessions to keep key information front of mind.
- Use your gut. If something doesn’t feel right, don’t be afraid to question it or refuse the transaction. Outside of failed AVS and CVV checks, a red flag could be a female using a male’s card, for example.
- Don’t ever leave a customer’s card number or security code lying around on a paper or digital document, either at home or in your store.
- If you’re printing merchant receipts remember to make sure they don’t include all the customer’s card details. Generally speaking, this shouldn’t be a problem - most payment providers only show the last four digits, but it’s definitely worth double-checking.
- If you’ve got more than one person taking card payments, set them up with different login details so you can trace transactions back to individuals. That way, if something does go wrong, you can easily get to the bottom of it.
- Keep your computer, tablet or mobile phone safe by making a point of running regular malware and spyware checks.
- If you’ve got invoices, quotes or anything with your customer’s credit or debit card details on, make sure it’s properly destroyed - i.e. by shredding or burning it.
- Let your employees know the onus is on them to spot suspicious activity too and encourage them to raise any concerns.
Is it time to get on the phone?
If you’re ready to broaden your payment horizons give us a call and we can talk next steps. And if you’re still on the fence, here are a few quick facts about phone payments with us:
- We’re fully compliant,
- Our system’s super easy to use,
- You can add as many users you like,
- We don’t lock you into long contracts,
- We don’t charge you to join or leave, and
- All our pricing packages are personalised.