The Virtual Terminal is a web based portal and can be easily accessed through a desktop, tablet or mobile device. Designed for merchants to use with ease when taking mail order or telephone payments and allows a user to process credit and debit card payments, as well as refund transactions, all in real time.
Users are able to operate the system under different permissions providing ideal solution for call centres, sales clerks and larger organisations who wish to restrict the ability to view transaction information or process refunds.
Our solutions enable you to store the cardholders data in a PCI DSS compliant manner.
This is perfect for companies who have recurring customers. With the cardholders permission, you can take subsequent payments with a few simple clicks, without them needing to do anything.
Card on File & Tokenisation
Recurring & Subscription Transactions
By using our PCI DSS compliant card storage facility, our gateway allows you to create bespoke recurring payment plans, giving you the flexibility you need.
You can determine how much, how often and how long you would like to set up payment plans for, making the solution perfect for subscription or membership payments.
How to take payments over the phone.
These types are payments are known in the industry as MOTO (mail order/telephone)
Sometimes these are also referred to as 'Cardholder Not Present' or CNP for short. This means that the cardholder/customer is not present to use Chip & Pin to authenticate the transaction as they would in a physical shop, often using their 4 digit pin code to prove the card belong to them.
So what are your options for taking payments over the phone?
Option 1: Use your card terminal. <Non-Secure Process>
Whilst card machines are generally used for 'face to face' or 'cardholder present' transactions in physical locations, they can be used for telephone payments.
In order to do so, the cardholder would need to read out their sensitive card data, typically their long card number, expiry date and the 3 digits on the reserve of the card, to which the business will key in to the card terminal.
You should be aware of the associated risks and costs of accepting telephone payments in this manner.
Two simple checks, behind the scenes will occur, to check whether the card has been reported lost or stolen and whether there is enough funds in the account to complete the transaction. At this point you will get an authorisation or decline notification.
You must clearly understand that an authorisation does not guarantee payment.
Because, the business has no idea of whether the voice on the other end of the phone, is indeed the genuine cardholder or a fraudster using compromised/stolen data, they become liable for fraud related chargebacks, should the cardholder challenge the transaction, claiming that they never authenticated the payment.
Last year (2019) in the UK, over £620.6m was lost to fraudulent transactions using UK payment cards. It is therefore suggested that you should only deliver goods or service to the 'registered cardholders address'
Because of the associated risk of fraud, acquirers will tend to charge you a higher rate to process the transaction. This is often referred to as a 'non-secure' transaction rate.Another consideration, is that by asking the cardholder to read their details out to you, triggers your PCI DSS requirements to protect them and increases your risk of reputational damage.
If you cannot evidence to your acquirer that you are PCI DSS compliant, you may be charged additional fees each month.
Option 2: Use a Virtual Terminal. <Non-Secure Process>
A Virtual Terminal is a web based portal that can be accessed through a desktop, tablet or mobile device. Designed for merchants to use when taking mail order or telephone payments to process credit and debit card payments, as well as refund transactions, all in real time.
The process for taking payments over the phone will vary, depending on your provider. You’ll need to:
Log in to your virtual terminal with the account details your provider has given you.
Follow the on-screen prompts to enter the customer’s details. Usually, you’ll need their long card number, the card’s expiry date, and the card security code.
You might be required to ask for further information for security purposes, such as the name on the card, or the billing address.
Submit the transaction and keep the customer on the phone while it is being processed
Once the payment has been approved, your can dispatch the goods to the customers postal address.
Businesses need to be aware that these are often promoted as a 'secure' way to process MOTO transactions.
In our opinion, this is a little misleading as transactions processed through a Virtual Terminal, may be processed as and charged at a 'non-secure' transaction rate, by your merchant account provider. Again, the cardholder needs to provide their sensitive card data, typically their long card number, expiry date and the 3 digits on the reserve of the card, to which the business will key in to Virtual Terminal. Additional checks such as 'Address Verification Services' (AVS), are often commonplace, however if you use a Virtual Terminal, your business is liable for fraud related chargebacks, should the cardholder challenge the transaction, claiming that they never authenticated the payment. It is therefore suggested that you should only deliver goods or service to the 'registered cardholders address'. PCI DSS requirements are also triggered, causing additional time, effort and cost.
Option 3: Use our multi-award winning, SOTpay technology.
How does our innovation help?
Our cloud-based technology does not require any additional hardware or amendments to existing telephony ornetwork set up and is Acquirer and Payment gateway agnostic. Totally eliminating the need for capital expenditure, SOTpay can support businesses of all shapes and sizes in any sector.
SOTpay eliminates the risk of fraud related chargebacks for businesses, by authenticating MOTO andOmni channel CNP transactions and processes the payment in a PCI compliant manner, converting a risky ‘non-secure’ transaction into a ‘secure, authenticated, compliant’transaction in the eyes of the acquiring partner, the merchant can see significant savings in theirMerchant Service Charge's. We have seen businesses save in excess of £40,000 per annum,following the deployment of SOTpay.
SOTpay enables you to send out an electronic payment request in real time, via email, SMS, web chat or electronic invoices.
The flexibility of the SOTpay technology enables the merchant to accept secure and compliant transactions across numerous channels, boosting business by allowing cardholders to complete transactions in their desired channel of engagement. For example, if someone is engaging with the business on Facebook, SOTpay allows the business to take payment within the Facebook Messenger environment.
By preventing cardholder data in its entirety from entering the merchant environment, SOTpay makes achieving andmaintaining PCI DSS compliance easier and more manageable for your business. With liability for fraud related chargebacks eliminated the merchant can also deliver to an alternative delivery address, instead of just to the registered cardholder’s address.
As a disruptive payment technology, the PCI SSC updated their Global ‘Protecting Telephone Payments’ guidelines to include our innovative approach, which gave us tremendous credibility within the acquiring industry. We have subsequently become partners to some of the largest payment organisations in the world, helping to protect and support their merchants against the challenges that business face.