Being able to take phone payments allows you to close sales on a call, process deposits and ship products ordered by mail, among other things.

But what steps do you need to take to accept payments over the phone? Before you can get started, you need to 1) set up a virtual terminal, and 2) make sure you are PCI-compliant. Only then can you 3) accept a virtual terminal payment.

Let’s go through the steps.

1. Choose a virtual terminal provider

Before you can take phone payments, the first thing you should set up is a virtual terminal.

In the UK, quite a few payment providers accept ‘card not present’ transactions, which is what over-the-phone and mail order payments are sometimes called. They will usually call it ‘virtual terminal’, but you sometimes see it grouped with other ‘online’ payment options.

The virtual terminal providers offer different pricing and sign-up procedures, which are rarely transparent until you contact them. Large providers like Sage Pay and Worldpay offer telephone payments along with other services, often costing a monthly fee in addition to transaction charges.

Let’s compare some of the popular virtual terminals:

ProviderIn a nutshell
SquareQuickest sign-up. No contract. No monthly fees. 2.5% card rate. Easy to use.
Sage Page£15+ monthly fee. Transaction fees negotiable. Different contract options. Advanced analytics.
Worldpay£9.95+ monthly fees. Transaction fees depend on turnover, business and card type. Different contracts.
PayPal£20 monthly fee. High transaction fees. Complicated fee structure. Payments go in to PayPal account.
SumUpOnly for SumUp users with history of card reader payments. No monthly fee. 2.95% + 25p card rate.
ProviderIn a nutshell
SquareQuickest sign-up. No contract. No monthly fees. 2.5% card rate. Easy to use.
Sage Page£15+ monthly fee. Transaction fees negotiable. Different contract options. Advanced analytics.
Worldpay£9.95+ monthly fees. Transaction fees depend on turnover, business and card type. Different contracts.
PayPal£20 monthly fee. High transaction fees. Complicated fee structure. Payments go in to PayPal account.
SumUpOnly for SumUp users with history of card reader payments. No monthly fee. 2.95% + 25p card rate.

All the above providers offer card machines or app-based card readers too. The virtual terminals are typically marketed openly, but SumUp is more secretive about theirs because they only make it available to existing customers with a history of payments. You basically contact them through your SumUp account, and they will review your turnover and activate the virtual terminal if you pass internal checks.

Read more about each option: Best 5 virtual terminals in the UK

2. Make sure you are PCI DSS-compliant

When you’ve chosen a virtual terminal, it’s time to put measures in place to ensure your payments are secure. Namely: we highly encourage you to comply with the Payment Card Industry Data Security Standard (PCI DSS) when handling confidential data.

Why? Because phone payments are often the most vulnerable to fraud compared to card machine payments where the customer is present.

It is really useful to choose a provider that is able to support you in meeting the strict PCI compliance rules in place to protect your customers and business.

Each virtual terminal provider has their own recommendations and systems in place. In same cases, you pay extra for this, but some providers don’t charge you, while others leave the risk and compliance totally in your hands, as you can see in the below overview.

Virtual terminalPCI compliance
SquareDoesn’t require you to fill in the annual PCI Self-Assessment Questionnaire, but encourages following certain security procedures during payments.
Sage PageIf you’re only accepting over-the-phone or card machine payments, you just need to complete an online self-assessment questionnaire. Costs may apply.
WorldpayIncluded in Pay-As-You-Go and Fixed Monthly packages, costs £29.99/year in Standard package.
PayPalYou’re responsible for completing the Annual PCI Self-Assessment Questionnaire and a Quarterly Network Scan. Recommends achieving it with a partner e.g. Trustwave (US$250 annually).
SumUpNo PCI compliance requirements, although we recommend always following good practice procedures during payments.
Virtual
terminal
PCI
compliance
SquareDoesn’t require you to fill in the annual PCI Self-Assessment Questionnaire, but encourages following certain security procedures during payments.
Sage PageIf you’re only accepting over-the-phone or card machine payments, you just need to complete an online self-assessment questionnaire. Costs may apply.
WorldpayIncluded in Pay-As-You-Go and Fixed Monthly packages, costs £29.99/year in Standard package.
PayPalYou’re responsible for completing the Annual PCI Self-Assessment Questionnaire and a Quarterly Network Scan. Recommends achieving it with a partner e.g. Trustwave (US$250 annually).
SumUpNo PCI compliance requirements, although we recommend always following good practice procedures during payments.

It is generally recommended that small merchants fill in a PCI Self-Assessment Questionnaire and follow the steps recommended by PCI to maintain secure payment processes.

If in doubt, your chosen virtual terminal provider can guide you in what to do.

3. Taking the payment

When you have a virtual terminal and are set up for secure payments, you can take a phone payment following these steps.

1. Log in to your payment provider account and select the correct option for this type of payment. What it is called will vary depending on your provider. It’s often called “Virtual Terminal”.

2. Follow the on-screen prompts. Required information usually includes the long card number, card expiration date and card security code. The three-digit security code can be found on the signature strip on the reverse side of the card.

Sage Pay virtual terminal web page

Example of a detailed virtual terminal page, viewed in a desktop web browser. Image: Sage Pay

3. Because the cardholder is not present for the transaction, you will be unable to enter a PIN. Instead, you may be required to provide additional security information, which – depending on the payment provider – may consist of:

  • The cardholder name as written on the card
  • The cardholder’s postcode
  • The door number of the cardholder’s address

4. Submit the information for processing using the ‘Submit’, ‘Complete Transaction’ or similarly-worded button. It is important you keep the customer on the phone line while the transaction is being processed. You can use this time to get any other customer information needed or which may be useful to you, for example an email address or full postal address.

5. Once the payment has gone through, you will be able to ask the customer how they would like to receive their receipt. Many payment providers give the option to email the receipt to the customer. If you’re shipping a product, you may wish to include it in the parcel. Make sure you remember to write ‘paid by phone’ on your copy of the receipt, in case you need to refer to it at a later time.

That’s it – simple. This is how you take payments over the phone, boosting your sales in no time.