Home » Payment Processing » How to Take Credit Card Payments Over the Phone

How to Take Credit Card Payments Over the Phone

✔ Complete a short form, receive free quotes

✔ Get the best rates from our top providers

✔ Your data is 100% confidential

Reviewed by
Mike Smith
Avatar Image
Reviewed by Mike Smith
Mike Smith is an experienced financial professional and serial entrepreneur with over four decades of experience in the financial services industry. He began his career as a financial planner in 1979, and within 11 years, he and his co-directors had grown the financial services business to one of the largest… Read More
Meet Our Experts
February 20, 2024

To take card payments over the phone, you’ll either need a card machine or what is called a virtual terminal. This is a web-based application that allows businesses to process card payments without needing a physical card reader.

With either of these two, taking the payment is simple via inputting what is called a ‘Card Not Present’ (CNP) transaction. In a CNP transaction, the cardholder is not physically present, nor is their card swiped or inserted into a card reader. Instead, the customer provides their payment details over the phone, allowing the merchant to process the transaction remotely.

Let’s find out how it works.

How to Take Card Payments Over the Phone

How to Take a payment by Phone with your Card Machine

Using a card machine to take payments over the phone is a convenient and secure way to process payments from customers who are not able to come to your business in person. Here are the steps involved:


Step 1: Initial setup: Ensure your card machine is configured to accept phone payments, possibly requiring contact with your provider or consulting the manual.

Step 2: Initiate the transaction: Use your card machine to select the manual card detail entry option.

Step 3: Get the customer’s card information: Request necessary card details from the customer, including 16-digit card number, expiry date, and the 3-digit security code (CVV), over the phone.

Step 4: Enter the amount to be charged: Manually input the transaction amount.

Step 5: The machine will ask for: the house number and the numeric digits of the postcode to which the card is registered. Type these in and press ‘Enter’

Step 6: Execute the transaction: Press the button to process the transaction through the card machine, awaiting the result.

Step 7: Send a receipt: After a successful transaction, send a digital receipt to the customer for their records.

AVS and CVV checks

Taking card payments over the phone involves more than just collecting a 16-digit card number and an expiration date to input into your virtual terminal. To ensure these transactions are both secure and compliant with payment processing regulations, businesses must also incorporate Address Verification Service (AVS) and Card Verification Value (CVV) checks into their procedures. These additional steps help protect against fraud and unauthorized transactions, providing an extra layer of security.

Here’s how AVS and CVV checks play a crucial role in the process of taking card payments over the phone:

Address Verification Service (AVS)

AVS is a security feature that compares the billing address provided by the customer with the address on file with the card issuer. This verification process helps to confirm the cardholder’s identity and reduce the risk of fraudulent transactions. When a customer provides their billing address, the AVS system checks the information against the card issuer’s records. If there’s a match, the transaction is more likely to be approved, indicating a legitimate purchase. However, if there’s a discrepancy, the transaction may be declined or flagged for further review, alerting the business to a potential issue.

Card Verification Value (CVV)

The CVV is a 3 or 4-digit code found on the back of most credit and debit cards. This number is not stored anywhere except on the card itself, making it a critical piece of information for verifying that the customer has the physical card in their possession during the transaction. Requesting the CVV during phone payments significantly reduces the risk of accepting payments with stolen card numbers, as it is much less likely for a fraudster to have access to both the card number and the CVV unless they have the physical card.

How to Use a Virtual Terminal for Taking Payments Over the Phone

A virtual terminal is a convenient and secure way for businesses to process credit and debit card payments over the phone. It’s particularly useful for service providers, e-commerce businesses, and any operation that conducts transactions remotely. Here’s how to set up and use a virtual terminal for phone payments.

Step 1: Setting Up Your Virtual Terminal

Before you can start accepting phone payments, you need to set up a virtual terminal with a payment processor. Choose a provider that offers PCI-compliant solutions to ensure security. The setup process typically involves:

  • Signing up for an account with a payment processor that offers virtual terminal functionality.
  • Completing a merchant application, which may include providing business details and financial information.
  • Once approved, you’ll receive access to the virtual terminal through the provider’s web portal.

Step 2: Customer Initiation

The process begins when a customer contacts your business, indicating they wish to make a payment over the phone. Ensure your staff is trained to handle these calls professionally and securely.

Step 3: Access the Virtual Terminal

Log in to your virtual terminal using a secure, internet-connected device. It’s crucial to ensure your connection is secure and that your system adheres to PCI compliance standards to protect customer information.

Step 4: Navigate to the Payment Section

Within the virtual terminal interface, locate the section for entering manual transactions. This area is specifically designed for inputting payment details without a physical card.

Step 5: Enter Transaction Details

Carefully enter the customer’s payment information as they provide it. This includes the card number, expiry date, and CVV code. Accuracy here is key to avoid errors and ensure the transaction proceeds smoothly.

Step 6: Perform Additional Verification (Optional)

Some virtual terminals offer enhanced security features like AVS (Address Verification Service) or CVV checks. Use these options if available to further verify the transaction’s legitimacy.

Step 7: Confirm Details with Customer

Before proceeding, verbally confirm the transaction details with the customer, including the total amount and any additional fees. This step is essential for ensuring clarity and consent.

Step 8: Complete the Transaction

Submit the payment for processing by clicking the appropriate button in your virtual terminal. You should receive immediate confirmation of the transaction’s approval or decline.

Step 9: Email Receipt (Optional)

If your virtual terminal allows, email a receipt to the customer. This provides them with a record of the transaction and enhances customer service.

Step 10: Log Out and Secure Your System

After the transaction, log out of the virtual terminal and take steps to secure your system. This includes closing any sensitive information and ensuring your device is protected against unauthorized access.

Step 11: Update Your Records

Lastly, update your business records with the transaction details. This could involve entering the transaction into your accounting software or a secure log, helping maintain accurate financial records.

Should I Use a Virtual Terminal or a Card Machine to Take Payments Over the Phone?

Choosing between a virtual terminal and a card machine for phone payments depends on your business’s specific needs. Virtual terminals offer the flexibility to process payments from any internet-connected device, ideal for businesses without a physical storefront or those just needing to take payments remotely. They’re easy to set up and operate but come with higher processing fees for manual transactions and require a reliable internet connection.

Card machines, on the other hand, are more suited to businesses with a physical presence that also handle phone orders. They provide lower processing fees for transactions but require an upfront investment in hardware. If you’re already using a card machine for in-person transactions, extending its use to phone payments can be cost-effective and efficient.

In summary, if your business operates mainly online or over the phone, a virtual terminal is likely the better choice for its convenience and flexibility. However, if you have a mix of in-person and phone transactions, a card machine could offer a more integrated and cost-effective solution.

Are There Regulations for Taking Payments Over the Phone?

Yes, there are specific regulations for taking payments over the phone to ensure the security and privacy of credit card transactions. Compliance with the Payment Card Industry Data Security Standard (PCI DSS) is mandatory. This global standard mandates secure handling of credit card information by businesses and their payment processors to protect against data breaches.

In addition to PCI DSS compliance, UK law requires responsible handling of customer data, emphasizing consent for data processing and secure storage practices. When processing phone payments, collect only essential information such as the cardholder’s name, address, and credit card details, and avoid storing this information unless necessary. If storage is unavoidable, data must be encrypted and securely stored in line with PCI DSS guidelines.

Implementing verification procedures is also crucial to mitigate fraud. This can involve simple identity checks, such as confirming the cardholder’s details. For record-keeping, maintain transaction records without storing sensitive cardholder data, unless encryption and PCI DSS standards can be fully met.

Finally, staff training is essential. Employees handling phone payments must be well-versed in these security protocols to prevent data breaches and ensure compliance with legal and industry standards.

Equipment and Software for Taking Card Payments Over the Phone

Before you take card payments, you’ll need some basic equipment. All of this will be provided, in most cases, by the company you choose to sign up with.

If you’re interested in our recommendations for the best business card machines, read our full article to find out.

Here are a few things to consider when choosing equipment and software for taking card payments over the phone:

  • Virtual terminal: A virtual terminal is a software application that allows you to accept credit and debit card payments over the phone. It is typically accessed through a web browser or a mobile app. Virtual terminals are a good option for businesses that don’t need a physical card reader.
  • Payment gateway: A payment gateway is a service that allows you to securely process credit and debit card payments. Payment gateways typically offer a variety of features, such as fraud protection and PCI compliance.
  • Card reader: A card reader is a physical device that allows you to swipe or dip credit and debit cards. Card readers are a good option for businesses that need to accept card payments in person.
  • Software integrations: Some virtual terminals and payment gateways offer integrations with other software, such as CRM systems and accounting software. This can help you streamline your business processes and save time.

Any equipment you buy in this area needs to comply with the Payment Card Industry Data Security Standard (PCI DSS).

What it costs to take phone payments in the UK

Taking card payments over the phone can be a convenient way to do business, but it is important to understand the costs involved. Here are some of the factors that can affect the cost of taking phone payments:

  • Transaction fees: Payment processors charge a fee for each transaction processed. This fee can be a flat rate or a percentage of the transaction amount.
  • Monthly or annual fees: Some payment processors also charge a monthly or annual fee for their services. This fee may cover things like customer support, fraud protection, and reporting.
  • PCI compliance costs: The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that businesses must follow to protect cardholder data. Complying with PCI DSS can involve costs, such as implementing security measures and undergoing audits.
  • Chargeback fees: If a customer disputes a charge, the merchant may be charged a chargeback fee. These fees can be costly, so it is important to take steps to prevent fraud.
  • Additional security features: Some payment processors offer additional security features, such as AVS and CVV checks. These features can help to reduce fraud, but they may come with additional costs.

The total cost of taking phone payments will vary depending on the specific payment processor and the features you choose. It is important to compare the costs of different payment processors before choosing one.

Here are some tips for reducing the cost of taking phone payments:

  • Choose a payment processor that charges low transaction fees.
  • Look for a payment processor that does not charge monthly or annual fees.
  • Take steps to prevent fraud, such as implementing security measures and requiring AVS and CVV checks.
  • Negotiate lower fees with your payment processor.

Is it safe to take card payments over the phone?

Taking card payments over the phone can be a safe process if appropriate measures are in place. The cornerstone of these measures is compliance with the Payment Card Industry Data Security Standard (PCI DSS). This globally recognized set of security requirements is crucial for any business that handles credit or debit card transactions, encompassing the acceptance, storage, processing, and transmission of cardholder data.

To achieve PCI DSS compliance, businesses must implement a variety of security measures, such as:

  • Using strong passwords and security measures to protect their computer systems.
  • Keeping cardholder data encrypted at all times.
  • Only transmitting cardholder data over secure networks.
  • Regularly monitoring their systems for security vulnerabilities.

Businesses can demonstrate their PCI DSS compliance by undergoing an audit by a qualified security assessor (QSA). QSAs are independent organizations that have been certified by the PCI Security Standards Council (PCI SSC) to conduct these audits.

In addition to PCI DSS compliance, businesses should also take steps to verify the legitimacy of their customers when taking card payments over the phone. This can be done by asking for information such as the customer’s name, billing address, and phone number. Businesses should also be wary of any customers who seem suspicious or who are asking to make large purchases.

Alternatives to taking card payments over the phone

While taking card payments over the phone is a common practice, there are several alternative methods that businesses can consider to enhance customer convenience and security. Here are some noteworthy options:

  1. Email Invoicing: You can send invoices to customers via email with a payment link included. Customers can then pay the invoice using their credit card through a secure online payment gateway. This method is ideal for businesses that deal with regular billing or service-based transactions.
  2. Mobile Payment Apps: Utilising mobile payment apps like Apple Pay, Google Pay, or PayPal offers a secure and quick way for customers to make payments. These apps can be used for in-person transactions as well as online purchases, providing flexibility to both the customer and the business.
  3. SMS Payments: Some payment processors offer the ability to accept payments via SMS. After a phone order is taken, you can send an SMS to the customer with a secure link to complete the payment.
  4. Direct Bank Transfers: Offering the option for customers to pay via direct bank transfer can be a straightforward alternative. This method is particularly useful for B2B transactions or in scenarios where regular, recurring payments are involved.
  5. QR Code Payments: Generating a QR code that customers can scan to make a payment is becoming increasingly popular. This can be used for both in-person and remote transactions and is particularly user-friendly for mobile users.
  6. Subscription and Recurring Billing Systems: For businesses with regular, repeat transactions (like subscription services), setting up an automated billing system like Go Cardless can streamline the process. Customers provide their payment details once, and charges are automatically applied based on the agreed schedule.