It’s important to be able to accept credit card payments over the phone. The COVID-19 crisis has made it even more essential, as much in-store business is now being conducted online or over the phone.
When you’re taking phone orders, you can be more at risk for credit card fraud and need to take additional precautions. You also need to take additional precautions to protect the security of your customers’ credit card information, as required to maintain PCI compliance.
Get as Much Information as Possible
Let’s deal with the fraud issue first. When you’re taking a credit card payment over the phone, you do not have the credit card in hand, which makes the transaction riskier than one where you physically see the card. Chip card transactions offer the best protection against fraud, of course, but even swiped transactions are safer than ones taken over the phone where you do not have physical possession of the card.
To make your phone-based transactions as safe as possible, you need to get as much information as possible from the customer. The more information you obtain, the lower your risk of processing a fraudulent transaction.
At a minimum, you want to get the following information from the customer over the phone:
- Full credit card number
- Full name as it appears on the card
- Expiration date
- CVV security code
- Customer’s complete billing address, including ZIP code
- Customer’s phone number
For an added layer of protection, you can also ask for the same information you require when accepting payment by check. This includes the customer’s date of birth and driver’s license number.
If the customer can’t supply any of this information, it’s a sign that the person making the purchase may not be the legal owner of the card – and you should not accept payment.
Be On Alert for Unusual Details
Many fraudulent phone orders come with questionable details on the part of the “customer.” One common sign of fraud is if the billing address and the shipping address are different. Fraudsters using a stolen card registered to a person in one location will ask for the goods to be shipped to their address, typically a much different location. If the addresses don’t match, beware.
Don’t Record the Call
To accept credit card payments of any type, your business needs to comply with the Payment Card Industry (PCI) Data Security Standards. PCI compliance is all about keeping customers’ credit card data secure from theft, and it applies no matter what types of payments you accept – in person, online, or over the phone.
One of the keys of PCI compliance is that certain customer information, such as the CVV, not be retained post-authorization. For this reason, you can’t record phone calls that contain this information. The recording would be a form of data storage not allowed by the PCI standards.
So if your phone system automatically records all phone calls, turn off the recording when the customer relays his or her credit card information.
Never Write Down Card Information
The prohibition against retaining CVV and other data also applies to any notes you might create while taking a credit card order. It may be tempting to write down the information that the customer provides over the phone, but that puts you at risk for PCI non-compliance. Even if you just jot the CVV down on a Post-it Note that you intend to throw away afterwards, that’s still against PCI regulations.
The better approach is to enter the customer’s credit card information directly into your terminal or POS system without writing it down first. This eliminates the risk of leaving customer data out in the open where it may be found by thieves. If you must write down the customer’s CVV, shred the paper immediately after use.
Train All Employees on the Proper Procedure
Finally, all employees who accept credit card payments over the phone need to be informed of these important procedures. One slip up could put your business at risk of criminal fraud or PCI non-compliance. Make sure everybody knows what they need to do!
Our company
Learn more about what Higher Standards does, and why.
Our team
Meet the Higher Standards management team and our network of expert advisors.
Join our team
Learn how to become an independent Expert Advisor for Higher Standards.
Our GIVE BACK program
Learn how your company’s payment processing can support your favorite church or non-profit.
Credit card processing
Choose the best and most affordable processing solutions for your business.
Ecommerce processing
Grow your business with safe and affordable online payments.
B2B payment processing
Realize significant savings on Level 3 transactions with other businesses.
Electronic check & ACH payments
Accept electronic check and ACH payments quickly and securely.
Merchant cash advances
Tap into future credit card sales to gain access to working capital today.
Gift cards & loyalty cards
Offer gift cards and loyalty cards online and at point of purchase.
Processing for K-12 schools
Accept credit and debit cards for school meals, events, and fundraisers.
Give Back Gateway for non-profits
Software and processing that let churches and non-profit organizations accept online donations.
HS PayBridge
Integrated payment solution for city and state governments, school districts, childcare centers, athletics, and more.
Terminals
Kiosks
POS systems
Complete point-of-sale systems to help you manage your entire business.
