Read these essential practices to ensure safe and secure phone payments.
Apr 29, 2021
4 min read
Apr 29, 2021
4 min read
When businesses were forced to adjust their storefront operations during the pandemic, a major shift occurred in the way payments were processed.
There were two categories of business owners—those who already had an online payment system established and those who had to launch a new set-up for remote payments. For the latter, many businesses who had never utilized online ordering and payments relied on over-the-phone payments.
Contactless and cashless payments weren’t the only methods that skyrocketed over the past year. According to a study conducted by the Federal Reserve Bank of San Francisco, more than 40% of respondents switched to making payments online or over the phone for transactions previously made in person.
While this reality makes sense in the COVID-19 era, processing phone payments requires business owners to take on considerable risk. Data breaches and cybersecurity lapses are among the most dangerous threats to a business’ operations and viability. Those threats become even more precarious when insecure methods like over-the-phone transactions are relied upon. To process phone payments securely and effectively, practice these methods to ensure your business is protected:
1. Manage Risk With Manual Entry
You’re a busy person. So when a customer calls to pay over the phone, it might be easier to just jot the card information down on a scrap of paper and process the transaction later. Such shortcuts are easy to make with phone payments but it’s this kind of quick fix that could land you in hot water.
Since there is no way to verify ID over the phone, it’s important for business owners to rely on their Point of Sale (POS) system or card reader to flag any credit card errors or inconsistencies. Being diligent about manual entry into your system while the customer provides information on the phone keeps them accountable and ensures you can spot any processing errors in real-time.
The greatest risk with phone payments is upholding the Payment Card Industry Data Security Standard (PCI DSS) compliance. PCI DSS refers to the ways business owners can safely and securely accept, store, process, and transmit cardholder data during credit card transactions. Practicing good manual entry behavior is a key step in maintaining these industry guidelines to ensure your business is compliant with handling sensitive information.
2. Choose a Secure Provider
Just like your in-store or online transactions, you need a system to process phone payments. Your current card reader or POS provider likely supports manual entry transactions for phone payments, but you want to be sure you’re giving yourself enough coverage with a verified and secure vendor.
Given the sheer volume of online and e-commerce transactions, there are hordes of payment processors available. Your best bet is to partner with a provider that employs:
Comprehensive data security.
Robust fraud protection and prevention.
Integrated PCI compliance.
Multiple payment options and methods.
Transparent fee policies and practices.
In the unfortunate event of a data breach, your provider could be your best friend. Tasking payment processors with the risk means they field the fallout from an incident, instead of your brand. For businesses that do require keeping confidential payment data on-site, several providers offer guidance on how to store and destroy paper files and records that contain sensitive data.
3. Cover Your Bases
The path to payment is getting shorter and quicker. From Amazon’s one-click ordering to Apple Pay, customers are expecting faster transactions. So even if your card reader or POS system only requires the basics—name, card number, expiration, CVV code—you should obtain complete information, especially for phone transactions.
Getting those important additional details (phone number, billing address, etc.) gives you ample back-up should a customer be suspected of identity theft, fraud, or other suspicious activity. As a business owner, you need all of this information to prove you did your due diligence in processing a legitimate transaction. Be sure to store that information within the payment processor software itself to maintain PCI DSS compliance.
Finally, before your customer phone call wraps up, let the transaction process and complete. This ensures the payment clears before you lose contact with the customer. The lack of face-to-face interaction creates a breeding ground for false claims, but you can cover your tracks with good documentation and certified deliveries to phone-paying customers.
4. Explore Alternative Options
Ultimately, accepting payments over the phone payments not only carries the risk of dubious activity, it can also cost you more in the long run. The majority of payment providers charge additional fees for phone transactions because of the risk of fraud. It’s also an option that fewer customers are demanding anyways, so taking the time to explore alternatives now will put you ahead of the pack when the practice eventually becomes outdated.
Text-to-pay and online payments allow business owners to process transactions with the speed and security that meets compliance and privacy standards. These digital processes help your business streamline operations while providing seamless, modern service to customers.
Ready to leave phone payments in the past? GoSite helps small businesses and entrepreneurs implement digital tools that make online transactions easier than ever.