How to Take Credit Card Payments Over the Phone

What Are Phone Credit Card Payments (MOTO)?

Taking a credit card payment over the phone is a card-not-present transaction known as MOTO — Mail Order/Telephone Order. The customer reads their card details to you; you type them into a virtual terminal. No card reader or hardware is needed.

MOTO payments are widely used by tradespeople taking deposits, B&Bs accepting telephone bookings, and consultants billing clients remotely. If your customer can’t pay in person or through an online checkout, a virtual terminal is the route we’d recommend.

The key trade-off: because the card isn’t physically present, the fraud risk is higher and the merchant bears chargeback liability rather than the bank.

UK Finance data shows card-not-present fraud accounted for roughly 70% of UK card fraud losses in 2024. That risk is priced into MOTO transaction rates — expect to pay 0.5–1.3 percentage points more than you’d pay for a chip-and-PIN payment.

What You Need to Take Credit Card Payments Over the Phone

You need three things: a payment provider that supports MOTO, access to their virtual terminal, and the customer’s card details. No card reader or dedicated terminal hardware is required.

We checked every major UK provider and found virtual terminal availability varies significantly. Several include it at no extra cost. Others treat it as an optional add-on or require a separate approval process.

What is a virtual terminal?

A virtual terminal is a secure, browser-based form that lets you manually enter a customer’s card number, expiry date, CVV, and billing postcode, then submit the payment. You access it by logging in to your payment provider’s dashboard on any computer.

Most virtual terminals process a transaction within seconds and display an authorisation code on screen. Some providers also have mobile app versions. No physical hardware is required.

Not all card reader providers include a virtual terminal automatically. SumUp, for example, requires a separate approval process before enabling MOTO. Square and Stripe include it without any additional steps. If phone payments are central to how you operate, check this before signing up.

How to Take a Credit Card Payment Over the Phone: Step by Step

1. Log in to your virtual terminal. Open your payment provider’s dashboard in a browser and navigate to the virtual terminal or manual entry section.
2. Pause your call recording. If your phone system records calls, pause the recording before the customer reads their card details. Capturing CVV in an audio recording violates PCI DSS requirements. If you’re in a contact centre environment, consider DTMF suppression (see PCI compliance section below).
3. Ask the customer for their card details. You need: the 16-digit card number, expiry date (month and year), CVV (3 digits on the back for Visa and Mastercard, 4 on the front for Amex), and their billing postcode.
4. Enter the details and payment amount. Type carefully. Most terminals flag entry errors before you can submit.
5. Submit and confirm. The terminal returns an authorisation code within a few seconds. Confirm this with the customer and send an email receipt if your provider supports it.
6. Resume your call recording if paused.
7. Do not retain card details. CVV must not be stored anywhere after the transaction — not in a CRM note, not on paper, not in a call recording. This is a PCI DSS hard rule, not a suggestion.

Which UK Providers Offer Virtual Terminals for Phone Payments

We reviewed the main UK providers on virtual terminal availability, MOTO rates, and monthly fees. Rates below are from provider pricing pages as of April 2026 and represent standard pay-as-you-go tariffs. Custom pricing is available from Dojo, Takepayments, Worldpay, and Barclaycard for higher volumes.

• Stripe: Virtual terminal included in the standard dashboard at no extra cost. MOTO rate: 1.5% + 20p for standard UK-issued cards (vs 1.4% + 10p card-present). Good default choice for low-volume MOTO with no commitment.
• Square: Standalone virtual terminal product, no monthly fee. MOTO rate: 2.50% flat (vs 1.75% in-person). Simple and quick to set up, though the rate is high relative to other providers.
• SumUp: Virtual terminal available but requires a separate approval before you can use it. MOTO rate: 2.95% + 25p (vs 1.69% card-present) — the steepest divergence of any major UK PAYG provider.
• myPOS: MOTO virtual terminal available with no monthly fee. Rate: 1.30% + 15p for domestic consumer cards. Competitive if you don’t want a contract.
• Dojo: Virtual terminal included. Custom pricing, typically 1.2%–1.9%. Fix plan at £39.99/month. Better suited to higher-volume businesses where custom rates make financial sense.
• Takepayments: Virtual terminal via browser-based MMS dashboard. Custom rates (usually under 1% for domestic Visa/Mastercard). 12-month contract applies. Confirm exit terms before committing.
• Worldpay: Virtual terminal available from £9.95+VAT/month (standalone) or £19.95+VAT/month (gateway). Rates from 1.3% + 20p or custom from 0.75% with volume. Better suited to established businesses.
• Barclaycard Payments (Smartpay Fuse): Virtual terminal available. PAYG rate: 1.6%; custom rates 1.0%–2.5%. Monthly fee: £20. Usually negotiated as part of a broader acquiring relationship.

For most small businesses taking occasional phone payments, we’d point to Stripe and myPOS: no monthly fee, MOTO rates under 1.5%, and no contract. If you’re taking phone payments at volume, Takepayments or Dojo on negotiated pricing will cost less per transaction.

MOTO Fees: What Phone Payments Cost

MOTO transaction fees are higher than card-present rates because the fraud risk is greater and the merchant bears the chargeback liability. Here’s what the main PAYG providers charge in 2026:

• Stripe: 1.5% + 20p MOTO vs 1.4% + 10p in-person. Modest uplift; no monthly fee.
• Square: 2.50% MOTO vs 1.75% in-person. 75 basis point uplift; no monthly fee.
• SumUp: 2.95% + 25p MOTO vs 1.69% in-person. Largest uplift of the PAYG providers; requires approval to enable MOTO.
• myPOS: 1.30% + 15p MOTO. No separate card-present rate comparison — priced as a combined product.

Some providers also charge a monthly virtual terminal fee separate from per-transaction costs. Worldpay charges from £9.95+VAT per month; Barclaycard charges £20 per month. If you only take occasional phone payments, a no-monthly-fee provider like Stripe avoids paying a standing charge for something you use infrequently.

On a £500 phone payment: Stripe charges £7.70 (1.5% + 20p); Square charges £12.50 (2.50%); myPOS charges £6.65 (1.30% + 15p). At 20 transactions per month, the gap between Stripe and Square runs to over £90 per year — worth knowing before you commit.

PCI Compliance for Phone Payments

Taking card payments over the phone brings stricter PCI DSS obligations than in-person or online payments, because card data passes through a human rather than directly between the customer and a secure terminal.

PCI DSS v4.0 became fully enforceable in March 2025 and tightened the rules on call recording environments. We’ve seen several small businesses caught out by this — particularly those whose phone systems record calls automatically, not knowing that CVV audio in a recording is a hard violation.

What PCI compliance requires for phone card payments

• CVV cannot be stored. After a transaction is authorised, the CVV must be deleted. This applies to written notes, CRM fields, and — critically — call recordings. If your phone system records calls automatically, you must either pause during card entry or implement DTMF masking.
• Full card numbers cannot be stored in plain text. Your virtual terminal handles tokenisation, but anything written down or typed elsewhere (notepad, CRM) becomes a compliance problem.
• SAQ C-VT applies. Most small businesses using a browser-based virtual terminal from a PCI-validated provider fall under Self-Assessment Questionnaire C-VT. Your provider can confirm which SAQ applies to your setup.
• Restrict access to your virtual terminal login. Use individual logins for each staff member rather than a shared password. Revoke access when staff leave.

DTMF masking: the better option for call recording environments

If your business records calls, DTMF masking (Dual-Tone Multi-Frequency suppression) is more reliable than manually pausing recordings. Instead of speaking their card number, the customer keys it into their phone keypad. The tones are intercepted and replaced with flat mono-tones before they reach your recording system.

The raw card data routes directly to the payment gateway without touching your network. We consider this the appropriate standard for any business with more than one person taking phone payments.

DTMF masking can reduce your compliance scope from SAQ D (329 controls) down to SAQ A (22 controls). UK providers offering DTMF-compliant payment solutions include Paytia, PCI Telecom, Key IVR, and Eckoh.

For a sole trader or micro-business manually keying transactions into a virtual terminal without call recording, SAQ C-VT is sufficient. DTMF becomes relevant once you’re recording calls or running a team of people taking phone payments.

Non-compliance fines range from approximately £3,000 to £80,000 per month (levied by card networks against acquiring banks, then passed downstream to the merchant). A data breach adds forensic investigation costs and per-cardholder-record penalties averaging £20–£50 per record compromised.

Fraud Risks and How to Reduce Them

MOTO transactions carry a higher chargeback risk than chip-and-PIN or 3D Secure online payments. There is no cryptographic authentication. If a customer disputes a phone payment, the burden of proof is on you.

UK Finance data from H1 2025 showed CNP fraud cases rising 22% to 1.65 million incidents in six months. Chargeback fees run £15–£28 per incident, on top of the transaction value and any goods or services already delivered.

First-party fraud — where the actual cardholder disputes a legitimate purchase — now accounts for 45% of all chargebacks (Mastercard). We find this the hardest category to defend: there’s no fraudulent third party, just a customer claiming they never made the payment.

You can’t eliminate fraud risk on MOTO transactions, but you can reduce it:

• Always request CVV. Confirms the caller has the physical card (or a photo of it). Most virtual terminals make this mandatory. Don’t skip it even if the customer pushes back.
• Run AVS (Address Verification Service). Cross-checks the billing postcode against the card issuer’s records. A mismatch is a meaningful signal. Most virtual terminals include this as standard.
• Keep transaction records. Log the date, time, amount, and last four digits of the card. If a chargeback arrives, a contemporaneous transaction log helps your case.
• Watch for fraud signals. High-value first-time transactions, requests to split across multiple cards, or urgency pressure are all warning signs worth pausing on.
• Choose a provider with chargeback support. Some providers offer dispute management tools or representation. That matters if phone payments are a significant share of your revenue.

FAQs

Methodology and Disclosure