Regardless of what business you’re in, taking payments over the telephone is becoming increasingly important if:

  • You offer delivery on your products.
  • Your business is mobile or operates on the go.
  • You sell a service and require deposits in order to secure appointments or make a reservation.

The fact is, being able to take phone payments allows you to capitalise on impulse purchases and close down sales quickly before the customer changes their mind. But what steps do you need to take to accept payments over the phone?

Before you can take phone payments

Before you can take phone payments, there are two things you should have in place: a virtual terminal set up for your business and PCI DSS compliance.

Choose a virtual terminal provider

First, you need to choose a payment provider that accepts ‘card not present’ transactions, which is what over-the-phone transactions are classed as. You will often see this referred to as ‘virtual terminals’.

There are several virtual terminal providers in the UK with different pricing and sign-up procedures. The big traditional providers such as Sagepay and Worldpay offer telephone transaction features, but activating the online payment terminal often means monthly fees in addition to transaction fees, which can make phone payments costly.

Let’s compare some well-known providers:

  • WorldPay‘s monthly fee for phone payments starts at £9.95, where transaction fees depend on the plan you choose (ranging from 0.95% to over 2.75%).
  • PayPal offers the service for a monthly charge of £20 and fairly easy sign-up process, but with a higher transaction cost.
  • Square has a virtual terminal, charging just 2.5% per card-not-present transaction, with no monthly fees and a very straightforward sign-up process.
  • SumUp allows phone payments for merchants who already use their card reader SumUp Air for face-to-face sales (you need to contact customer support to activate it). SumUp also has no monthly costs or contract, but charges 2.95% + 25p per transaction.

Make sure you are PCI DSS-compliant

When you’ve chosen the most ideal virtual terminal provider, it’s time to put measures in place to ensure your payments are secure.

Namely: we highly encourage you to comply with the Payment Card Industry Data Security Standard (PCI DSS) when handling confidential data.

Why? Because phone payments are often the most vulnerable to fraud compared to card machine payments where the customer is present.

It is vital you choose a provider that is able to support you in meeting the strict PCI compliance rules in place to protect your customers and business.

Each virtual terminal provider has their own recommendations and systems in place, some costing extra, some included, and some leaving the risk and compliance totally in your hands.

It is generally recommended that small merchants fill in a PCI Self-Assessment Questionnaire and follow the steps recommended by PCI to maintain secure payment processes.

PCI compliance of providers

  • Worldpay: Included in Pay-As-You-Go and Fixed Monthly packages, costs £29.99/year in Standard package.
  • PayPal: You’re responsible for completing the Annual PCI Self-Assessment Questionnaire and a Quarterly Network Scan. Recommends achieving it with a partner e.g. TrustWave (US$250 annually).
  • Square: Doesn’t require you fill in the annual PCI Self-Assessment Questionnaire, but asks you to follow certain security procedures during payments.
  • SumUp: No PCI compliance requirements, although we recommend always following good practice procedures during payments.

If in doubt, your chosen virtual terminal provider can guide you in what to do.

Taking the payment

Once you have a virtual terminal and are set up for secure payments, you can take a phone payment following these steps.

1. Log into your payment provider account and select the correct option for this type of payment. What it is called will vary depending on your provider. It’s often called “Virtual Terminal”.

2. Follow the on-screen prompts given to you. These will usually ask you for the long card number, card expiration date and card security code. The security code can be found on the signature strip on the reverse of your card and is three digits.

3. As the cardholder is not present for the transaction, you will be unable to get them to enter a PIN. Instead, you will usually be asked to provide additional security information, which – depending on the payment provider – may consist of:

  • The cardholder name as it appears on the card
  • The cardholder’s postcode
  • The door number of the cardholder’s address

4. Submit the information for processing using the ‘Submit’ or ‘Complete Transaction’ button. Again, the name will vary depending on your provider. It is important you keep the customer on the phone line while the transaction is being processed. You can use this time to get any other customer information you need or that may be useful to you, for example their email or full postal address.

5. Once the payment has gone through, you will be able to ask the customer how they would like to receive their receipt. Many payment providers give the option to email the receipt to the customer. Alternatively, if you’re shipping a product, you may wish to include it in the parcel. Make sure you remember to write ‘paid by phone’ on your copy of the receipt, in case you need to refer to it at a later time.

That’s it – simple. These steps enable you to start taking payments over the phone, boosting your sales in no time.