8 min read

What virtual terminal system is best for card payments over the phone?

Featured Image

It's never been easier or quicker to make payments in person. All you have to do is hold your card or phone over the reader, or use an app with thumbprint recognition and the transaction is done. Whether you're in a shop, getting out of a taxi or paying an electrician or plumber in your home, it's the work of a few seconds.


However, a great deal of our spending is handled remotely, ordering goods, booking tickets or services, perhaps putting down a deposit on a major purchase. Consequently, a sizeable industry has grown up to provide fast, convenient and secure alternative methods of payment. They combine the newest digital technology with one that is almost 150 years old: the telephone.


Despite every guarantee that online payments are safe, many consumers still have more confidence in the telephone. Website links are popular and convenient, but there is something uniquely reassuring about dealing with a human being. People who can be reluctant to entrust their debit or credit card details to a fully automated system seem to be much happier when payment is part of a conversation.


That's not to say that there are no issues. Payment providers such as Paytia recognise they have a responsibility to provide solutions that are as close to foolproof as possible. There is a huge and growing number of companies offering this service and, with a few exceptions, the common denominator linking all of them is the need to use a virtual terminal.


The History of Remote Payments


Credit cards, introduced to the UK in the 1960s and debit cards, which followed in the 1980s, were originally intended to be used only in person. The identity of the bearer was confirmed by matching the signature on the card to the one provided on the payment slip. This seems to be the perfect way to prevent fraud.


However, retailers quickly discovered the increased sales potential in being able to accept payments remotely, for catalogues, travel agents and ticketing services for example. To accommodate the retail industry, the card companies began to authorise card-not-present (CNP) transactions. The level of fraud was higher than for face-to-face payments but by increasing the transaction fees charged to merchants, the card companies mostly covered their losses.


While a degree of fraud may be manageable, it is never acceptable and card companies are constantly working with the retail industry - both traditional and ecommerce - to develop more secure ways of making payments. The virtual terminal has become an essential and increasingly sophisticated tool in that regard.


What is a Virtual Terminal system?


Let's start with what it isn't. The clue is in the word 'virtual', because it is not a physical terminal such as those you would use for contactless payments in the high streets and shopping malls. A virtual payment terminal is best described as a web-based portal designed specifically for payment processing. It is a secure web-page into which a merchant enters a customer's payment card information. The customer phones the merchant to make an order, the merchant's agent takes their details, enters them into the virtual terminal and the payment is processed almost instantaneously.


But how does the merchant come by this facility? The process starts with opening a merchant account. This is different from an ordinary business current account because it functions as a form of holding area into which the customer's money is deposited. Here it needs to receive authorisation from the customer's bank and is subsequently processed within your merchant account. Only then does the money proceed to your main account. This can take one to three days but with some payment providers, it is almost instant.


For any business intending to accept card payments, a merchant account is mandatory. This is to ensure that all parties are protected from fraud and theft. Every payment provider offers this facility and choosing the right one for you will depend on the relatively simple question of the volume of business you expect to do and the more complicated question as to which of the many deals available is the best value.


How to Take a Card Payment Over the Phone


For the merchant and their phone operators, it is fairly straightforward. The complicated work goes on elsewhere, in the data collection, encryption, storage and transmission functions carried out by the payment provider.


When a customer calls to make a purchase or settle an invoice, your agent will open the virtual terminal interface via your internet browser. They then enter the amount of the sale and select 'manual entry' or whichever variation the terminal uses.


The next step is where PCI (payment card industry) compliance needs to be observed. When the customer reads out their card details, your agent must enter them directly into the virtual terminal portal. They should never write down any of the card details unless it is absolutely essential, in which case, the paper on which they write them must be destroyed as soon as they have used them. The details must never be stored, filed or left lying around, even in a bin.


Furthermore, if like many companies using call handlers, it is your practice to record calls for training or any other purpose, you must ensure that the recording is paused or muted while the card details are being read out so there is no record of them outside the portal. For the same reason, your agents must not read the details back to the customer for confirmation as they could be overheard, and sensitive financial information stolen or otherwise compromised.


You then need the address associated with the payment card because virtual terminals used AVS (Address Verification Service) to verify the legitimacy of transactions. Once this process is completed, simply select 'confirm' and the payment will be processed. 


Payment Processing and Security


People are generally wary of sharing their financial details. Often they don't have fears of specific eventualities, just a general sense of unease. Although resistance to internet banking has largely disappeared, with usage increasing from about 30% in 2007 to over 90% in 2022, mobile and phone banking still inspire residual anxieties.


The payment card industry has worked ceaselessly for decades to keep ahead of the criminals, whose tactics develop as security measures become more sophisticated. The industry places the responsibility squarely on the shoulders of merchants, with regulations in place to establish this in law. External payment providers have designed their services so that compliance is built-in, largely by the use of end-to-end encryption so that no human agent is in control of sensitive data at any point in the transaction process from when it leaves the customer to the moment when the funds pass into the merchant account. 


However, there is clearly a weak spot in the telephone payment process in which card details pass from customer to agent, and Paytia is at the forefront of developments to eliminate this weak spot.


Virtual Terminal vs Secure Virtual Terminal


The procedure we've just described is currently as secure as it gets for taking payments over the phone using speech. It is safe and, if conducted correctly, compliant with PCI-DSS (Payment Card Industry Data Security Standard) and GDPR (General Data Protection Regulation). By using a third-party payment processing service, you discharge most of your compliance responsibilities, provided that you don't keep independent records.


However, voice communication has unavoidable vulnerabilities. A hacker with only fairly basic abilities could potentially break into the merchant's phone system and collect customer data as it is read out. This is where the secure virtual terminal represents a significant advance. Instead of the customer having to share their details with the call handler, in what seems to be an outmoded process, they can use the keypad on their phone to submit their card details.


This cuts out one more stage in the process and one more potential security risk because the customer enters the information directly into the payment portal. It doesn't need to be seen or heard by the agent, and is, therefore, also hidden from any hackers. The agent and customer remain in contact throughout the procedure and although the details are not visible, the agent is still able to track submission, verification and authorisation.


Some of the benefits of the secure virtual terminal are obvious, chiefly the added protection against accidental disclosure. However, these protections are also extremely valuable to the merchant because they minimise the possibility of unwitting non-compliance with payment security standards and privacy laws. It only takes a small error in an imperfect system to expose your business to significant penalties. With a secure virtual terminal, the customer's financial details are never in your possession so it is impossible for you to be in breach of the collection, storage and processing rules.


Costs and Alternatives


Whatever third-party payment method you choose, one of your foremost considerations will be the cost. As you would expect in an increasingly competitive market, the fee structures vary and it can be difficult to make direct comparisons, because packages offer different services, discounts for scale and other features to try to distinguish themselves from their rivals.


For example, some merchant services providers will charge a monthly fee simply for maintaining the service. This can range from £9.99 to £80, with transaction fees on top. Others have done away with this idea of a standing charge so that costs are simply chargeable on each transaction. Even here there is variation, with some providers charging a percentage of the transaction value - anything up to 3 or 7% - but adding on a fixed fee as well. 

Others operate complicated sliding scales with merchants whose total transaction value over a month is below, say, £1,500, paying higher percentages and fees. As the financial volume increases these charges reduce. These economies of scale make perfect sense for the payment providers, but they tend to penalise smaller businesses at a time when they are seeking to scale up and can be the most vulnerable to unfavourable terms.


For a relatively new business with its sights set on growth, the best virtual terminal services are those which have the lowest charges and where the customer has no need to read their private and sensitive details out loud.


Payment Links


There are many small businesses which still elect to use payment links instead of telephone payment. Essentially these remove one link in the transaction chain because they don't require you to employ a call handler. In its broadest sense, a payment link is any link or button on a website or in a text, email, app or social media post that a customer can click on to make a payment for goods or services. In its narrower sense, it is a link that is sent to the customer requesting payment after the ordering or delivery of those goods or services. These are usually sent via SMS or email and can be time-limited or open-ended.


If payment is required upfront, then a link is often a very efficient way of collecting money but if it is sent in the manner of an invoice, this potentially introduces the need for a credit controller to chase the payment and could mean the money is received late or not at all. It is problems of this kind that the use of virtual terminals by phone are ideal for solving.


Neither is a payment link particularly advantageous in any other way because you will still need a merchant services provider to supply the link and to process the transaction. The processing is secure and compliant but attracts similar transaction fees without giving your business the certainty that payment has been made. Taking telephone payments at the time of ordering eliminates cashflow concerns and the need for credit controllers to pursue outstanding amounts.


So What System is Best?


All telephone payment options entail costs. They also provide varying degrees of security, designed to comply with legal and regulatory obligations as well as inspiring confidence in your customers. The best system is clearly the one which offers the tightest security, the strictest compliance and the lowest costs. Balancing these features may seem like a challenge, but at least you now have a clear idea of what you're looking for. 


Discover Secure Virtual Terminal