Taking card payments over the phone
As more and more businesses move towards digital payment methods, it's important not to forget about traditional payment options, such as taking card payments over the phone. Many customers still prefer to pay over the phone, and it can be a convenient option for businesses that don't have an e-commerce platform or who need to process payments quickly.
However, taking card payments over the phone comes with its own set of security challenges. It's essential to ensure that customers' payment card information is secure and protected from fraud or theft. In this guide, we'll explore the best practices for taking card payments over the phone securely.
Understanding PCI-DSS
To take card payments over the phone securely, it's important to first understand the Payment Card Industry Data Security Standard (PCI-DSS). PCI-DSS is a set of security standards that all businesses that process payment card information must comply with. The standards were created by the major payment card brands, including Visa, Mastercard, and American Express, to help businesses protect payment card data from fraud or theft.
​
PCI-DSS includes twelve requirements that businesses must meet to be considered compliant, it doesn't matter if you are looking for a small business solution or a call centre payment solution. The requirements cover a range of security measures, including firewalls, encryption, and access control. It's essential that businesses that take card payments over the phone comply with PCI-DSS to ensure that customer payment card data is protected.
Set up secure processes for taking card payments over the phone.
To take card payments over the phone securely, businesses must have the right processes and systems in place. Here are some key steps to consider:
​
-
Use a PCI-DSS Compliant Payment Processor: Businesses that take card payments over the phone should use a payment processor that is PCI-DSS compliant. This ensures that the processor has the necessary security measures in place to protect payment card data.
-
Use a Secure Virtual Terminal: A secure virtual terminal is an online application that allows businesses to process payments from customers over the phone. Virtual terminals are usually provided by payment processors and are secure and easy to use, however most require a customer to read their card details out loud on a phone call. A Secure Virtual Terminal enables customers to type their card data in using their phone keypad.
-
Limit Access to Payment Card Data: Only authorized personnel should have access to payment card data. Businesses should implement strict access controls to ensure that payment card data is only accessible by authorized personnel.
-
Use Encryption: All payment card data should be encrypted to prevent unauthorized access. Businesses should ensure that they are using the latest encryption standards to protect payment card data.
​
Training your employees to take card payments over the phone
Training employees is essential to ensure that they understand how to take card payments over the phone securely. Employees should be trained on the following:
​
-
PCI-DSS Compliance: All employees should understand the requirements of PCI-DSS and how to comply with them.
-
Payment Card Data Security: Employees should understand how to protect payment card data and how to recognize potential security threats.
-
Process for Taking Card Payments Over the Phone: Employees should be trained on the process for taking card payments over the phone, including how to use the virtual terminal and how to limit access to payment card data.
-
Customer Service: Employees should be trained on how to provide excellent customer service while also protecting payment card data.
-
Other data protection regulations to be aware of such as GDPR and HIPAA. Data protection regulations vary between countries.
How do I take card payments over the phone?
Here are some best practices for taking card payments over the phone securely:
​
1. Use Secure Phone Lines
​
Businesses should use secure phone lines to ensure that the call is not being intercepted. The phone lines should have end-to-end encryption to prevent hackers from stealing customer data. Calls should be recorded for quality and training purposes, but these recordings should be stored securely.
​
2. Verify Customer Information
​
Employees should verify the customer's name, address, and payment card information before processing the payment. This verification process can help prevent fraudulent transactions.
​
3. Don't Record Payment Card Information
​
Businesses should never record payment card information over the phone. If payment card information needs to be written down, it should be done on paper and then immediately shredded or destroyed. This reduces the risk of payment card data being stolen or used for fraudulent purposes.
​
4. Use a Payment Gateway with a Virtual Terminal
​
A virtual terminal is a web-based payment processing platform that allows businesses to process payments from anywhere with an internet connection. It is a secure way to accept payments over the phone, as the customer's payment card information is entered directly into the payment gateway, rather than being recorded by an employee.
​
5. Use Tokenization
​
Tokenization is a process of replacing sensitive payment card information with a unique token that can be used to process future payments. This process helps to reduce the risk of payment card data theft, as the actual payment card information is never stored by the business.
​
6. Train Employees on Security Best Practices
​
Employees who take payment card information over the phone should be trained on security best practices. They should understand the importance of keeping payment card data secure and the risks of data breaches. They should also be trained on how to recognize and prevent fraud.
​
7. Conduct Regular Security Audits
​
Businesses should conduct regular security audits to ensure that their payment processing systems are secure. These audits can help identify vulnerabilities and areas for improvement.
​
By implementing these best practices, businesses can take card payments over the phone securely and reduce the risk of payment card data theft and fraud.