3 min read

Taking card details over the phone: how to keep your customers data safe

Featured Image

It's an unfortunate fact that with the increasingly digitised nature of today's trading environment, there is also the constant spectre of threat from cyber criminals looking to capitalise on your customers' valuable personal data, with the number of attacks rising year on year.

With so many stringent financial regulations for businesses to adhere to, the whole question of taking payments securely and managing card details can seem fraught with the potential for disaster. Luckily, there are some simple steps that can be taken today, which will help alleviate your concerns and allow you to keep trading with confidence.

Although there have never been so many payment options available, many of the older generations still prefer to pay over the telephone. Even though paying via an online portal is simple and secure, the familiarity and control felt by such customers when able to pay over the telephone makes it a useful way to enhance their experience with your brand and to keep their loyalty. Allowing telephone payments can also be important for visually impaired customers, and others.

The onus, therefore, is on your organisation to find an effective means of establishing a secure, customer-friendly process for handling these payments.

Making Contact Centres Secure

One of the primary difficulties with taking telephone payments is that it can be difficult to assess who will have access to the financial details taken, and customers may rightly feel hesitant about sharing such information, especially in the light of recent high-profile data breaches. This is where online payment methods, and the perception of anonymity they afford, can be seen to have the advantage.

However, steps can be taken to ensure that telephone payments can also be made securely, and in a way that actively builds on your organisation's reputational trust.

For businesses large enough to operate their own contact centres, the need for appropriate financial security measures is, of course, paramount. Contact centres are an excellent means of continuing your branding and ensuring that customers receive an optimal service experience, and a set of strong protocols for handling customer data will enhance this.

Customers may call your centre, or interact via live chat, but if payment is handled over either of these mediums, the transaction is classified as card or cardholder not present (CNP), and as such must adhere to PSI DSS compliance regulations. These compliance requirements may be harder to meet now that many contact centre staff are now working from home.

Taking advantage of an automated service can ensure this vital compliance, as your customer service team member can simply transfer the customer to a secure line where they can enter their card details. It's quick and seamless and means that your staff avoid having to deal with sensitive personal financial information. This offers both you and your customers valuable peace of mind.

In these new days of remote working, where guaranteeing compliance may be a significant challenge, it's an especially valuable service to consider. It's also good practice to have customer calls recorded, as this engenders transparency in the way in which transactions are conducted, and helps you to shape any future protocols.

Maintaining customer data

If your organisation offers subscriptions or other card-on-file services, you will need to be especially mindful of security. The requirements relating to GPDR and compliance mean that its best to sign up to a third-party service that negates the need for you to handle card details at all. Instead, these services operate a vault and token system, whereby they hold the customer's card details securely, and you can bill their account by using a token linked to it. This token is unique to your organisation, and cannot be used to access or process payments from your customer's card elsewhere, making it extremely secure.

Prevention is key

Anyone can fall victim to a data breach, as the last few years have proved, with major airlines and telecoms firms in the news and suffering catastrophic losses from cyber attacks. Simply reacting to a security breach isn't good enough: your organisation needs to have preventative strategies in place if you hope to keep your customers' financial data secure. The best strategy of all is to choose solutions that take away the need for you to enter or store customer card details.

Rather than stop accepting telephone payments, or end any subscription billing services, why not look at the option of working with third-party providers. Taking advantage of automated services can give your organisation the edge in providing a secure, seamless telephone payment platform that helps to build valuable trust with your customers. These services can not only offer security, but also greater efficiency and swifter order processing, another substantial benefit for those buying from you.

Furthermore, such services can save you significant sums of money, as by removing the handling of sensitive financial data, you may sidestep the requirements for meeting PSI DSS compliance regulations.


Would your company benefit from being able to take credit card payments over the telephone - without the need for the customer to read out their confidential details?

NO integration required - Quick - Easy to implement - Low cost solution - FULLY PCI DSS compliant


Request a Demo