PCI DSS Level 1 Certified

MOTO Payments Secure card-not-present payments without the PCI scope

A MOTO payment — Mail Order, Telephone Order — is any card payment you take when the customer isn't physically with you and their card isn't either. Phone orders, fax invoices, mail renewals, call-centre sales. You pay a higher interchange rate than card-present and carry the chargeback liability. We handle the card capture so the number never reaches your agents or your systems, and your PCI scope drops to SAQ A. Works with your existing merchant account. Lives within our PCI DSS Level 1 environment.
Book a demoTalk to us

What is a MOTO payment?

A MOTO payment is a card transaction where the cardholder isn't physically present and neither is their card. The customer reads or keys their card details by phone, letter, fax, or email, and you process them without seeing the card. MOTO stands for Mail Order / Telephone Order — an old term from the catalogue-sales era that card schemes kept for anything card-not-present that doesn't go through an ecommerce checkout.

Today MOTO covers phone orders from a website catalogue, invoice payments after a service call, mail-order renewals, trade-counter deposits, collections calls, insurance premiums, medical billing. Anywhere the customer is on the other end of a phone or a form and the card isn't with them. The card schemes bundle all of it under the same rules: higher interchange, full chargeback liability, stricter fraud expectations.

Paytia handles the capture step. The customer types their card on their own phone keypad, the tones are masked before they reach your agent or your recording, and the card goes straight to your payment gateway. Your business processes the MOTO transaction without ever touching the card number.

How MOTO payment processing works

Same call, same agent, same customer. Just a different path for the card data.

1

Agent takes the order

Your agent talks to the customer the way they always have. When it's time to pay, they click the Paytia action inside your CRM or agent dashboard.

2

Customer keys the card

The customer types the card number, expiry, and CVV on their phone keypad. Every tone is replaced with a flat sound before it reaches your agent or your recording.

3

Gateway authorises

We send the card to your acquirer — Barclaycard, Worldpay, Tyl, Elavon, whoever. Approval or decline in seconds. Confirmation to the customer by voice, SMS, or email.

Why MOTO payments cost more — and what we do about it

MOTO interchange sits roughly 0.1–0.3% above card-present because issuers see card-not-present as higher fraud risk. You also carry the chargeback liability — if the customer disputes the transaction later, there's no signature or PIN to show the issuing bank. Some of this is baked into the card schemes and nobody's getting round it. But fraud and scope both cost money, and those are the levers we can actually move.

Tokenisation cuts repeat exposure. Every card that passes through Paytia gets replaced with a token in your system. If you're running subscriptions, instalments, or ad-hoc repeat charges, you never store a card number — the token does the work, and the real card sits in our PCI-certified vault. One breach of your systems doesn't equal a breach of your customers' card data.

3DS2 works for MOTO whenever the customer has a mobile to hand for the step-up. Where it doesn't, our fraud screening flags the high-risk transactions so you can decide whether to run them or ask for an alternative payment method. It's not perfect — no MOTO setup is — but it cuts the easy fraud and leaves your team to focus on the hard edge cases.

MOTO and PCI DSS scope

A MOTO call without protection is a PCI nightmare. With us, it's an SAQ A line item.

PCI DSS Level 1 Service Provider certification

PCI DSS Level 1

We carry the highest level of PCI certification. Plug us in and your scope drops the moment the card data stops reaching you.

A typical unprotected MOTO call puts your call recording, your agent's desktop, your CRM notes, and any paper forms in PCI scope. Every one of those becomes a control you have to document, audit, and staff. With Paytia, card data never reaches any of them. Your SAQ shortens from 329 controls to 22. Your recording system drops out of scope entirely because there's no card data in the audio to protect.

AreaWithout PaytiaWith Paytia
Self-assessmentSAQ D (329 controls)SAQ A (22 controls)
Call recordingsContain card data — redact or pauseCard-data free
Agent workstationIn scope, full lockdownOut of scope
Annual auditFull QSA assessmentEvidence of integration only

Who takes MOTO payments

Anyone whose customers ring up to pay. Which, in 2026, is still most businesses.

Retailers with phone orders

Catalogue sales, out-of-stock call-backs, click-and-collect deposits. Sits alongside your online checkout on the same merchant account.

B2B and trade desks

Wholesale orders, trade counter deposits, pro-forma invoices paid by phone. Your sales team closes the call and the payment together.

Healthcare billing

Patient co-pays, outstanding balances, treatment plan instalments. Tokenisation handles repeat charges without storing card data.

Professional services

Solicitors, accountants, consultants invoicing by phone. No more reading card numbers back to confirm they got them right.

Insurance and pensions

Premium collection, renewals, excess payments. 3DS2 applies where the customer can authenticate, tokenisation where they can't.

Charities and membership

One-off donations, recurring gift setup, subscription renewals. Donors never read their card to a volunteer on a landline.

Frequently asked questions

What is a MOTO payment?

A MOTO payment is a card transaction where the cardholder isn't physically with you and their card isn't either. MOTO stands for Mail Order / Telephone Order — the original category the card schemes used for catalogue orders, phone sales, fax orders and invoice payments. Today it covers anything where the customer reads or keys their card details across a phone line, an email, a fax, or a written order form. The card schemes treat it as card-not-present (CNP), which means higher interchange rates and full chargeback liability for you.

What's the difference between MOTO and card-present payments?

Card-present means you've got the card and the cardholder in front of you — chip and PIN, contactless, swipe. MOTO means neither the card nor the cardholder is with you; the customer shares their details remotely. Interchange fees for MOTO run roughly 0.1–0.3% higher than card-present because card issuers see it as higher fraud risk, and chargeback liability sits with you rather than the customer's bank.

What's the difference between MOTO and IVR payments?

IVR is one flavour of MOTO. A MOTO payment is any card-not-present transaction taken over a phone or written channel. An IVR payment is specifically a MOTO payment taken by an automated voice response system with no agent on the call. If you want the agent to stay on the call and help the customer through, that's agent-assisted MOTO with DTMF masking. If you want it fully automated, that's IVR. Both are MOTO, both use the same card schemes, both need the same PCI thinking.

How do I take MOTO payments securely?

The risky way is: your agent reads the card number aloud, writes it on a form, or your call recording captures it. Any of those and you're in full PCI DSS SAQ D scope — 329 controls, annual audits, trained staff, secure rooms. The safer way is to route the card capture through a PCI-certified provider. With Paytia, the customer types their card on their own phone keypad, we mask the tones so the agent hears nothing, and we send the card straight to your gateway. Your scope drops to SAQ A (22 controls) and nothing sensitive ever lands in your systems.

Can MOTO payments be recurring?

Yes, and they often are. We tokenise the card on the first transaction and use the token for every subsequent charge — subscriptions, payment plans, instalments, renewal invoices. The customer only reads or keys their details once. Every charge after that runs off a token that lives in our environment, not yours, so you can bill every month without storing a single card number.

Do I need a special merchant account for MOTO?

You need a merchant account set up for card-not-present transactions. Most UK acquirers (Barclaycard, Worldpay, Tyl by NatWest, Elavon, and others) offer MOTO as an add-on to a standard card-present account, sometimes as a separate MID. Pricing is usually a per-transaction uplift. We plug into any of them — you keep your existing acquirer, we handle the capture and tokenisation layer on top.

Does MOTO work with 3-D Secure?

Yes — 3DS2 works for MOTO where the customer has a mobile handy for the authentication step. Where they don't, MOTO falls back to non-authenticated CNP, which is why fraud screening and tokenisation matter more. Our platform applies 3DS2 when it can and flags high-risk transactions when it can't, so you're not flying blind on fraud.

Ready to take MOTO payments without the PCI headache?

We'll walk you through how MOTO payments work on your existing phone system and gateway. Most customers are live within a week — your agents don't need training because there's nothing for them to learn.

PCI DSS Level 1
Cyber Essentials Plus
Book a demoTalk to us

Trusted by law firms, insurers, healthcare providers and regulated businesses worldwide. Learn more about Paytia

Related solutions

Other ways to take payments in this channel.

DTMF Masking

Also called DTMF suppression. The customer types their card on their phone keypad. We mask the tones in the live audio so the agent doesn't hear them and the recording stays clean.

Learn more

Agent-Assisted Payments

Your agent stays on the live call while the customer keys their card. We mask the tones so no card data reaches the recording or the agent's audio.

Learn more

Taking Card Payments Over the Phone

How to take card payments on a call legally, securely, and without landing in SAQ D. Covers agent-assisted, IVR, and outbound options.

Learn more