Being able to take phone payments allows you to close sales on a call, accept orders for pick-up, process deposits and ship products ordered by mail, among other things.

But what steps do you need to take to accept payments over the phone? Before you can start, you need to 1) set up a virtual terminal, and 2) check you are PCI-compliant. Only then can you 3) accept a virtual terminal payment.

Let’s go through the steps.

1. Choose a virtual terminal provider

Before you can take phone payments, the first thing you should set up is a virtual terminal.

In the UK, quite a few payment providers accept ‘card not present’ transactions, which is what over-the-phone and mail order payments are sometimes called. They will usually call it ‘virtual terminal’ or ‘MOTO’ (Mail Order/Telephone Order) payments, but you sometimes see it grouped with other ‘online’ payment options.

The virtual terminal providers offer different pricing and sign-up procedures, which are rarely transparent until you contact them. Large providers like Sage Pay and Worldpay offer telephone payments along with other services, often for a monthly fee in addition to transaction charges.

Let’s compare some of the popular virtual terminals:

Provider In a nutshell Link
Square No monthly fees. No contract. 2.5% card rate. Quickest sign-up. Easy to use.
Worldpay £9.95+ monthly fees. Different contracts. Card rates subject to turnover and card type.
PayPal £20 monthly fee. Complicated fee structure. Payouts in PayPal account.
SumUp Subject to application and approval. No monthly fee. 2.95% + 25p card rate.
Sage Pay £15+ monthly fee. Different contract options. Card rates negotiable. Advanced analytics.
Provider In a nutshell
Square

  • No monthly fees or contract
  • 2.5% card rate
  • Quickest sign-up
  • Easy to use
Worldpay

  • £9.95+ monthly fees
  • Different contracts
  • Transaction fees depend on turnover and card type
PayPal

  • £20 monthly fee
  • Complicated fee structure
  • Payouts in PayPal account
SumUp

  • Subject to application and approval
  • No monthly fee
  • 2.95% + 25p card rate
Sage Pay

  • £15+ monthly fee
  • Different contract options
  • Transaction fees negotiable
  • Advanced analytics

You can read more about these options in our overview of virtual terminals here.

All the above providers offer card machines (Sage Pay, Worldpay) or app-based card readers (Square, PayPal, SumUp) too.

The virtual terminals are typically marketed openly, but SumUp is more secretive about theirs because it is subject to an application whereas their other payment methods are available as standard. If you pass their internal checks and turnover requirements, SumUp may then activate the virtual terminal in your account.

Man taking a payment over the phone


No monthly fees, PCI compliance included, fixed transaction rate, very easy to use:


Square offers the simplest phone payments

2. Make sure you are PCI DSS-compliant

When you’ve chosen a virtual terminal, it’s time to put measures in place to ensure your payments are secure. That is: we highly encourage you to comply with the Payment Card Industry Data Security Standard (PCI DSS) when handling confidential data.

Why? Because phone payments are often the most vulnerable to fraud compared to card machine payments where the customer is present.

It is really useful to choose a provider that is able to support you in meeting the strict PCI compliance rules protecting your business and customers.

Each virtual terminal provider has their own recommendations and systems in place. In same cases, you pay extra for it, but some providers don’t charge for it and instead carry that burden for you. Others leave the risk and compliance totally in your hands, as you can see in the overview below.

Virtual terminal PCI compliance
Square Doesn’t require you to fill in the annual PCI Self-Assessment Questionnaire, but encourages following certain security procedures during payments.
Worldpay Included in Pay-As-You-Go and Fixed Monthly packages, costs £29.99/year in Standard package.
PayPal You’re responsible for completing the Annual PCI Self-Assessment Questionnaire and a Quarterly Network Scan. Recommends achieving it with a partner e.g. Trustwave (US$250 annually).
SumUp No PCI compliance requirements, although we recommend always following good practice procedures during payments.
Sage Pay If you’re only accepting over-the-phone or card machine payments, you just need to complete an online self-assessment questionnaire. Costs may apply.
Virtual
terminal
PCI
compliance
Square Doesn’t require you to fill in the annual PCI Self-Assessment Questionnaire, but encourages following certain security procedures during payments.
Worldpay Included in Pay-As-You-Go and Fixed Monthly packages, costs £29.99/year in Standard package.
PayPal You’re responsible for completing the Annual PCI Self-Assessment Questionnaire and a Quarterly Network Scan. Recommends achieving it with a partner e.g. Trustwave (US$250 annually).
SumUp No PCI compliance requirements, although we recommend always following good practice procedures during payments.
Sage Pay If you’re only accepting over-the-phone or card machine payments, you just need to complete an online self-assessment questionnaire. Costs may apply.

It is generally recommended that small merchants fill in a PCI Self-Assessment Questionnaire and follow the steps recommended by PCI to maintain secure payment processes.

If in doubt, your chosen virtual terminal provider can guide you in what to do.

3. Taking the payment

When you have a virtual terminal and are set up for secure payments, you can take a phone payment following these steps.

1. Go to web page

Log in to your payment provider account and select the correct option for this type of payment. What it is called will vary depending on your provider. It’s often called “Virtual Terminal”.

2. Enter card and transaction details

Follow the on-screen prompts. Required information usually includes the long card number, card expiration date and card security code. The three-digit security code can be found on the signature strip on the reverse side of the card.

Sage Pay virtual terminal web page

Example of a detailed virtual terminal page, viewed in a desktop web browser. Image: Sage Pay

3. Enter security information

Because the cardholder is not present for the transaction, you will be unable to enter a PIN. Instead, you may be required to provide additional security information which may consist of:

  • The cardholder name as written on the card
  • The cardholder’s postcode
  • The door number of the cardholder’s address

4. Wait until transaction is finalised

Submit the information for processing using the ‘Submit’, ‘Complete Transaction’ or similarly-worded button. It is important you keep the customer on the phone line while the transaction is being processed. You can use this time to get any other customer information which may be useful, for example an email address or full postal address.

5. Send a receipt

Once the payment has gone through, you will be able to ask the customer how they would like to receive their receipt. Many payment providers give the option to email the receipt to the customer. If you’re shipping a product, you may wish to include it in the parcel. Make sure you remember to write ‘paid by phone’ on your copy of the receipt in case you need to refer to it at a later time.

That’s it – simple. This is how you take payments over the phone, boosting your sales in no time.

Best virtual terminals in UK

Compare the most affordable virtual terminals:

What are the best phone payment options in the UK?