Payment SecurityMay 23, 2019

The Risks of Over-the-Phone Credit Card Transactions: How To Stay Safe

With the arrival of the digital age, more merchants than ever are accepting credit and debit card payments. Small brick and mortar merchants that before only accepted cash now use mobile card readers, while small eCommerce merchants are using aggregator accounts...

The Risks of Over-the-Phone Credit Card Transactions 

In the digital age, more merchants are accepting credit and debit card payments. Small brick and mortar merchants that before only accepted cash now use mobile card readers, while small eCommerce merchants are using aggregator merchant accounts. For merchants that don’t fit into either of those categories (tow trucks, law firms, medical offices, independent contractors), accepting credit card payments over the telephone is still a common practice. In addition to this method’s obvious inefficiencies, giving and accepting sensitive information of any kind over the phone poses serious security risks to merchants and customers alike. We have put together 3 tips for merchants and 3 tips for customers for keeping information safe in the risky, over-the-phone transaction world.

3 Tips for Merchants

For merchants, protecting the information of customers is not just something that is necessary for maintaining their trust and loyalty, but it is also required by the Payment Card Industry Security Standards Council, or the PCI SCC. Unfortunately for merchants there is an unavoidable contradiction in regulations that is making accepting credit and debit cards over the phone even more difficult.

According to the PCI SCC, “a number of regulatory bodies are requiring some companies to record and store telephone conversations. The Payment Card Industry Data Security Standard (PCI DSS), however, stipulates that the verification code printed on the card…cannot be retained after authorization, and full primary account numbers (PANs) cannot be kept without further protection measures. As such, there is a risk that organizations taking customer payment card details over the telephone may be recording the full cardholder details to comply with various regulatory bodies, thereby causing them to be in contravention of PCI DSS requirements.” So what are merchants to do? There are a couple actions merchants can take to stay within regulations and protect their customer information:

  1. Ensure that payment card data is stored only if absolutely necessary. Ensure that the validation code (the 3 or 4 digit code on the back of the card) is never stored digitally.
  2. Take care to make sure your call-center environment is very “sterile.” That is, design it such that the phone operators receiving the information cannot—accidentally or otherwise—give themselves or someone else future access to customer card information.
  3. Or…Use PaidYET and stop accepting credit and debit cards over the phone! PaidYET is completely PCI compliant, easy to use, and your employees never handle or store any credit card information! Sign up and process payments FREE for your first month using discount code “FIVEOFF” at signup.

3 Tips for Customers

Customers should be wary of giving their credit card information over any unsecured medium, including email, social media, or telephone.  In fact, 54% of the $1.7 billion lost by self-reported victims of fraud in 2014 was lost due to fraud perpetrated over the telephone. Email fraud only accounted for 23% of the $1.7 billion. While there will always be some risk of fraud during telephone transactions, here are some steps to mitigate it:

  1. Make sure there is no one within earshot of you when saying your information out loud. This may sound obvious, but social engineering and eavesdropping is one of the top methods of theft.
  2.  Always initiate the call. Or at least be certain of who you’re speaking with before giving your sensitive payment information.
  3. Recommend modern, more secure methods to your merchants. One of the most effective ways to change a business is by providing it with your personal input. PaidYET payment links are a perfect replacement for phone based transactions. They don’t require you to give your card information to the merchant; you simply enter it on the merchant’s secure, encrypted paypage. With discount code “FIVEOFF“, PaidYET is free to use for the first month so you can recommend it to your merchants knowing it won’t cost them anything to try. After that, processing is only $5 /month.

At the end of the day, accepting payments over the phone is no longer worth the risk and inconvenience. With PaidYET, there is no reason merchants should risk violating PCI standards, or make their customers worry about the security. Find out if payment links are right for your business, or a business you buy from, at