How to safely take card payments over the phone

While contactless and chip and PIN payments are super handy for speedy customer service, taking card payments over the phone is a great way to connect with more people who can’t visit your business in person.

But with nearly half of UK landline users receiving suspicious phone calls imitating or ‘spoofing’ well-known businesses or government departments, it has never been more important to follow the right steps to reassure your customers that their details are safe.

In this guide, we’ll show you how to securely take card payments over the phone, meet compliance requirements, and protect your business and customers.

Is it easy to take card payments over the phone?

Accepting card payments is the lifeblood of any successful business, so you’ll be pleased to know that, yes, taking card payments over the phone couldn’t be easier! All you’ll need is either a:

• card machine – a physical card machine that has the functionality built-in or set up to accept payments over the phone (spoiler: all our card readers come with this as standard).
• or a virtual terminal – the online equivalent of a physical card machine, so the only hardware you need is an internet-enabled device to access your secure pay page. From there, you simply enter the necessary details to process a transaction.

The process for both is really straightforward: with the customer on the phone, fire up your card machine or virtual terminal (you’ll need to be logged in for the latter), enter their card information, and submit the transaction.

Usually, you’ll need their 16-digit card number, card expiry date, and security code. You might also have to input some of their billing information too.

Which businesses can benefit from over-the-phone payments?

The value of debit card payments hit £65 billion in September 2024, highlighting how over-the-phone payments are still an incredibly beneficial option for many businesses.

This is especially true for those that operate traditionally, such as:

• Takeaway restaurants 
• Hairdressers and salons
• Catalogue businesses

Phone payments may also be a handy option for a number of specific situations, like:

• Your customer calls up to enquire more about your goods or services and decides to purchase then and there
• If you need to take a deposit from your customer when they call up to make a booking
• Your customer wishes to renew their policy or contract over the phone

Over-the-phone payments may not be for every business, but you never know when a customer could come calling. 

How to take a payment over the phone with a card machine

Unlike the process of going through a normal face-to-face transaction, there are a few extra things to do when taking an order over the phone. 

Just follow these simple steps:

Step 1: Navigate to the 'Sale' or 'Transaction' section on your A920 terminal and change the payment method to 'Card not present'.

Step 2: Type in the cost of the item and then press 'Enter'.

Step 3: The machine will ask to present the card. Type in your customer’s 16-digit credit or debit card number and press 'Enter'.

Step 4: You'll then be asked to type in your customer’s card expiry date. Once done, press 'Enter'.

Step 5: It'll ask if the customer is present. Press 'Clear'.

Step 6: You'll be asked to type in the 3-digit security code, which is on the back of the card. Once done, press 'Enter'.

Step 7: It'll ask for the house number and the numeric digits of the postcode to which the card is registered. Type these in and press 'Enter'.

If the registered address has a house name instead, you will need to enter '0'.

Step 8: Once done, the card machine will start to process the transaction.

Step 9: It will then automatically print the customer copy of the receipt.

Step 10: Once printed, tear this off the machine and press 'Enter'.

Step 12: It will then automatically print the merchant copy of the receipt.

Step 13: Once printed, tear this off the machine, keep it for your records, and press 'Enter'.

How to take a payment over the phone with a virtual terminal

If you’re taking a payment over a virtual terminal, it’s even simpler:

Step 1: Make sure you have access to the internet, like with a computer, tablet, or phone.

Step 2: Log-in to your virtual terminal.

Step 3: You take your customer’s details over the phone.

Step 4: Submit the transaction and get money in your account.

It’s really as simple as that!

Discover more ways that you can take payments online here.

Is it safe to take card payments over the phone?

Yep, taking card payments over the phone can be completely safe — as long as you follow the correct measures to avoid any potential security issues.

If you process card payments, the most important thing is to make sure you’re compliant with the Payment Card Industry Data Security Standard (PCI DSS). This is a set of security requirements that all businesses must meet to handle credit or debit card data safely at every step in a card transaction. This includes accepting, storing, processing, and transmitting the transaction data.

PCI compliance isn’t just a box to tick — it’s your best defence against fraud. It aims to create a secure environment for all card transactions to protect your customers’ payment information from data breaches. This is why it’s essential for businesses that take over-the-phone transactions.

Individual businesses can’t apply for or receive a PCI DSS-compliant certificate. Instead, they must prove they are PCI DSS compliant by following the latest official regulations. These are updated every few years, but the most up-to-date version can be viewed at the PCI Security Standards Council website here. 

Non-compliance doesn’t just leave your business vulnerable to fraud — it can result in monthly fines ranging from around £4,000 to £81,000. Worse still, you could be putting your customer’s sensitive details at risk.

One of the best ways to be sure that your phone payments are secure is by choosing a payment terminal that’s PCI compliant, like takepayments. PCI compliance is built into the set-up of all of our card machines and technology, so they’ve passed all the standards needed to prove they take card payments safely and securely.

Our dedicated PCI compliance team is also available to guide you through all the requirements, so contact them today for more information.

Tips for ensuring safe and secure over-the-phone payments

Along with the part and parcel features you get with our card terminals, there are additional things you can do yourself to tighten your safety set-up.

1. AVS and CVV checks

Any decent virtual terminal or card machine will request additional security information, adding another layer of safety for you and your customers. This may include:

• Address Verification System (AVS): This matches the billing address the customer gives you with the address they’ve registered with their bank. You'll be told if it’s not a match, and it’s probably a wise idea to stop the transaction there.
• Card Verification Value (CVV or CV2): These are the three, or sometimes four, digits found on the back of the customer’s credit or debit card, and they are entered to ensure the code corresponds with what’s on the credit issuer’s file.

In case you’re wondering, our card and virtual terminals come with both these security measures.

Learn about more types of card payment security here.

2. Security awareness training

Make sure all your staff are fully clued up on your processes and run regular (say, annual) security awareness sessions to keep key information front of mind.

Accidental breaches of sensitive information can occur when your employees don’t know about or forget the proper protocols. If business is booming, it can be easy to let standards slip, but frequent training can be a handy refresher.

Here’s a quick cheat sheet of things to remember:

• Never write down sensitive credit card details on paper or electronic systems. Personal data should never be kept for any longer than necessary; storing these details after they have been used in a transaction could be breaching one of the core GDPR principles on storage limitation.
• Make sure your receipts do not print the customer’s full card details. Usually, only the last four digits are printed.
• Install anti-virus software on your business computer or devices and run regular malware checks.
• Always follow good document hygiene practices by shredding and disposing of documents with customer details on.

How to protect your customers against phone scams

It’s worth bearing in mind that some customers might be wary of giving their card details out over the phone. 

UK Finance’s Half Year Fraud report showed that criminals scammed consumers out of £571.7 million in 2024, with a 26% increase in card not present (CNP) cases, which includes scams carried out over the phone.

Presenting yourself as legitimate to your customers can help reassure them that their details are secure and that it’s safe to complete a transaction over the phone. However, it may also be beneficial to make your customers aware of the tactics scammers use to help protect them. 

When attempting phone fraud, also known as vishing, scammers often:

• Impersonate businesses — From government and official organisations to retail companies, scammers will attempt to gain the victim's trust by pretending to represent a well-known business. This is called Caller ID spoofing.

It’s recommended that companies should always contact customers via their official registered trading phone number. Additionally, your customers should be told that they will only be contacted by this number.

If you want to go one step further, you can use Call Line Identity (CLI). CLI gives customers information about who is calling them, such as their phone number, location, and business name. These details can reassure customers that they’re speaking to your official business and not an impersonator.

• Ask for sensitive information — Fraudsters will request sensitive financial information from their victims to hack bank accounts and access personal funds. To combat this, businesses should let their customers know that certain details will never be requested when completing over-the-phone transactions.
  
  These include:
• four-digit card PIN 
• full password or online banking information
• one-time passcodes
  
  
• Have a sense of urgency — Scammers often rush victims into handing over their financial details, using techniques like offering limited-time-only offers. Customers should never be rushed into providing payment information, and this should be a red flag that the situation is unusual.
  
  Let your customers know that if they sense even a slight doubt about who they are really on the phone with, the best course of action is to hang up the call and get in touch with your business using your official number from your website or Google Business Profile. 

Stay up-to-date with the other popular scams and how your business and customers can avoid them.

FAQs

How’s the transaction processed with a virtual terminal?

The same way as chip and PIN – through a merchant account. In Layman’s terms, this just means the money sits in a merchant account while it’s being checked and processed, and then once it’s passed those clearances, it’s transferred to your account for you to access.

How many people can use a virtual terminal?

As many as you want. Whether you’re a one-man-band or a team of 20, additional users can be added to your virtual terminal at zero expense, and, better yet, you can grant different authority levels to dictate how much people can and can’t see.

How secure are card machines?

Very. They come with all the same security checks (AVS and CV2) as virtual terminals and mirror the merchant account process, too.

Along with giving your business a secure method of accepting over-the-phone payments, you’ll also benefit from:

• Giving your customers a way to pay when you’re not face-to-face
• Saying goodbye to waiting around for invoices, as they’re created instantly
• You can upgrade your set-up and meet the payment needs of more of your customers

Is it safe to share CVV numbers over the phone?

Scam-conscious shoppers will probably be aware of the warnings about sharing personal payment information through unofficial channels – which is why it’s understandable that some customers may be hesitant to give you their card’s CVV number over the phone.

However, any PCI-compliant business should have the proper measures in place to securely store CVV information without putting it at risk to fraudsters. And letting your customers know that they’re speaking to your business, and not someone pretending to be you, can help to put their minds at ease.

Is it time to get on the phone?

If you’re ready to broaden your payment horizons, call us, and we can talk next steps. 

Whether it’s phone payments, other online payment solutions, or card terminals that we can help you with, get in touch with our team of experts on 08082 393254.

Jodie Wilkinson

Head of Strategic Partnerships