Is It Safe To Make Payments Over The Phone?
When making payments over the phone, merchants and consumers may be concerned about security. However, with the right regulations in place such as both parties using security measures and the customer making sure they have checked the company they are buying from is legitimate, making payments over the phone is actually very safe for both merchants and consumers.
This blog post will outline some of the perceived risks with making payments over the phone as well as the best practices for ensuring phone payments are secure.
What are the risks?
One of the risks associated with taking card payments over the phone is fraud. This is because the card is not present in the transaction so these types of transactions have a higher rate of fraud than card machine payments. Although fraud could occur from hackers breaking into databases, it is much more likely that fraud might happen due to staff misusing card details.
In contrast to online payments which are done automatically by a computer, card payments over the phone involve an element of human interaction so there is always a chance the staff handling the data could write the details down and risk them being exposed to others - whether accidentally or otherwise.
According to research by the Ponemon Institute which analysed the Cost of Insider Threats, the risk of fraud over the phone involving insiders was more than one in five security incidents.
Due to the human element of card payments over the phone, there is a risk of human error from employees which is not the case with online payments. This may happen if they make a note of a customer’s card details and then not dispose of it properly.
Some other risks that may come from taking card payments online involve staff not handling or keeping records properly, as well as a duplication of records or card information.
Phone Payment Security Measures & Best Practices
There are many security measures and practices you can implement so that phone payments are as secure as they can be for all parties involved. These measures involve making sure you are complying with PCI DSS as a merchant and you know what is required of you and also using security systems like virtual terminals during payments. You can read more about the best practices for ensuring phone payments are secure below.
PCI DSS Compliance
Payment Card Industry Data Security Standard (PCI DSS) helps maximise security of card payments and reduce fraud associated with these payments.
PCI compliance operates through the requirements it sets regarding the storage, transmission and processing of cardholder data. PCI Standards apply to all organisations that accept card payments, whether this is in person, online or over the phone.
PCI DSS can be set up by a Qualified Security Assessor or by the company themselves. It contains 12 core requirements that cover technological solutions, processes, policies and staff awareness requirements. The aim of these is to allow businesses which take card payments to protect cardholder data, build a secure network, implement strong access control measures and maintain an information security policy.
The benefits of being PCI DSS compliant include improving security measures across the board, preventing data breaches and building trust with your customers. This is important to help your business continue to grow.
Virtual Terminal Standard Security
Virtual Terminals include standard security features in order to ensure the security and validity of payments. Virtual Terminal providers request security information during payments such as the card number and expiry date as well as the security code (also known as CVC or CVV). The virtual terminal provider then checks that the security code matches the one on file.
Afterwards an address verification system (AVS) may be implemented as another level of approval. This is an anti-fraud system which checks the billing address’ house number and postcode against the address on file with the card issuer. This creates an additional level of security and validity during the process of taking card payments to give both merchant and consumer peace of mind.
Best Practices for Secure Over-The-Phone Payments
There are many practices you can follow as a merchant to ensure secure over-the-phone payments. This should be followed by all staff to reduce the chance of human error or even data breaches involving insiders within the company.
Creating a culture of security within the business by implementing security awareness training and regular checks for all staff so they all know the best practices they should be following to make card transactions safe and secure.
Never asking for a CVV/CVC number over the phone from customers.
Using a secure phone line to protect the company against data breaches.
Never storing card numbers or security codes, whether on paper or electronically.
Choose a payment provider which is compliant with PCI DSS and has protection against fraud.
Run virus checks regularly on computers to protect against malware and make sure your antivirus software is updated often.
Taking steps to ensure you are conducting safe card payments over the phone as a merchant is a key way to prevent fraud and build trust with all your customers.
If you want to read more about card payments over the phone from a merchant’s point of view you can read Opayo’s guide to accepting mail and telephone order payments.
At Opayo we offer a MOTO Solution, a virtual terminal which allows you to take card payments over the phone. With our service you can receive orders and send deliveries efficiently, easily and quickly by taking payments via one of our standalone card machines or our virtual terminal. Visit our website to see which of our MOTO Solutions is the right option for your business. You can apply for an Opayo account here.
For more information on the various other services we provide at Opayo, view our other recent blog posts. For further guidance on ensuring your over-the-phone card payments are secure, get in touch with a member of our team today.