For businesses of all sizes and across all industries, being able to efficiently and securely process card payments is a must. Hiring or buying a card reader are two options businesses can choose from, but there is another – using a virtual terminal.
But what is a virtual terminal, what are its benefits, and what costs are regulations are involved? Read on to discover all you need to know about this card payment option.
What is a virtual terminal and when would you need to use it?
In the UK, businesses are increasingly processing more and more card payments year on year. Since 2019, card payments have increased by a staggering 51% with many experts believing that the coronavirus pandemic and the effect on how and where people are shopping will simply increase this figure even more in the coming years.
- Great for entrepreneurs
- Powerful data analytics
- Manage sales and data
- Cutting-edge marketing
- Ideal for teams or solo use
- Measure sales conversions
- Great for startups
- Powerful web page builder
- E-commerce available
- Great for marketing
- Better than lists or sheets
- Manage social media
- Launch your website fast
- Powerful data intuitive
- No coding skills needed
And it’s not just about card payments in shops or other locations. Remote banking is also increasing, with nearly three quarters of customers with a bank account choosing to use their bank’s online banking system.
With a 15% drop in cash payments, don’t be too ready to dismiss coins and notes though. If someone can’t pay by card, they are still using cash. In 2019, cash payments total value stood at just over £9 billion.
When someone makes a payment by card, they are usually present. This means they can either swipe their card, use their secure PIN or, if the total value of the transaction is below £45, use the contactless payment option.
So why would a business need a virtual terminal?
Many businesses take phone orders and choose to take payment at the time of purchase. That means being able to take a payment over the phone, by card, with the payment being authorised via a virtual terminal.
A virtual terminal is a secure, web-based system that allows a business to do just that. With a reliable and secure connection to the internet, you enter the customer’s card details online and take payment.
Taking payments over the phone is a transaction carried out by businesses for various reasons. It could be to take full payment for an item or service, to secure an appointment with a deposit or, for many businesses, being able to settle invoices over the phone is also a reason to invest in a virtual terminal.
Setting up a virtual terminal with your chosen service provider is a straightforward process:
- You’ll be sent log in details also with a specific URL that you will use to access your virtual terminal
- When a customer wants to pay over the phone, you’ll log in to your virtual terminal
- You’ll take customer details over the phone, inputting them in the correct fields
- Once approved and submitted, the transaction will complete, and the amount deposited in your business account
Taking payments over the phone, however, often raises questions around security. With your customer name and card details inputted, you just need to add the CVC code – the three digits on the back of the card – along with digits from the customer’s postcode. These two checks make up an instant security check.
How is the transaction processed?
Payments made via virtual payments are processed in a similar way to chip and PIN payments. The money leaves the customer’s account instantly and sits in a holding account whilst the payment is processed. When clearances are passed, the money is passed to your business account. This usually takes between one and three days, although the exact time depends on the provider you have opted for.
Are there benefits to accepting over the phone payments?
There are several key advantages for accepting over the phone payments:
- Accessible – there are times when customers simply cannot get to your premises to make a payment. Taking payments over the phone, especially deposits to confirm appointments or service delivery, is an accessible way for people to pay and for merchants to securely offer services and products.
- Quick, easy and straightforward to set up – if you already use a payment processing provider such as SumUp, iZettle or Square, to name just three, the opportunity to take over-the-phone payments will already be available to you. Setting up a virtual terminal is a straightforward process and once ready, is very easy to use.
- No longer waiting for invoice payments – there are 5.9 million small to medium sized enterprises in the UK and in total, they are owed £50 billion in late payments. Not paying invoices on time cripples these businesses but with the ability to take payments over the phone, performing credit control and squeezing full or part payments from late payers is a little easier.
- Scalable solution – with most providers, adding virtual terminals is free. You can use a virtual terminal URL across a range of internet enabled devices, making this payment solution a scalable solution for a growing business.
Important things to remember, regulations and rules
For many merchants and retailers, the thought of taking payments over the phone is an uneasy one. There are security measures as well as rules and regulations that a company, business or organisation who takes payments over the phone must adhere to.
- Payment Card Industry Data Security Standard compliance
The immediate regulation that all companies processing payments need to adhere to is the Payment Card Industry Data Security Standard (PCI DSS). These are a series of compliance regulations and if a business does not comply, it could face a series of crippling fines. They may be forced to stop accepting card payments too.
Created in 2004, PCI DSS came into being as a piece of legislation to prevent credit card fraud. The responsibility for preventing credit card and payment fraud is placed firmly at the door of the merchant. This is why it is essential for a business to follow the rules.
There are four merchant levels. The level assigned to a business is determined by the number of transactions a merchant processes every year. And it is these levels that also determine the level of compliance too. But it is important to note, whether you process card payments with a reader or with a virtual terminal, that no business is exempt from PCI DSS compliance.
- GDPR & Data Protection
Data protection is nothing new in the UK. Businesses are expected to take reasonable steps to protect and secure customers sensitive information, including payment and banking details. Likewise, businesses are expected to be transparent in how they use, store and archive customer information and data.
This relates to payment details and whether they are stored and if so, how.
What this means for over the phone payments with a virtual terminal?
As a merchant, you are expected to take all reasonable steps not to accept fraudulent payments. It is for this reason that some merchants are not keen on taking payments over the phone. But it can be done safely.
When processing payments via a virtual terminal, the card number and CV2 number (the three-digit security code on the reverse of the card) must match the postcode to which the card is registered to. CV2 codes should not be recorded either as to do so means that your company has the key security information needed to process unauthorised payments.
Is call recording an issue?
Some business record phone calls for training and security purposes but, if you are accepting over the phone payments, this does present an anomaly that needs to be resolved. There are solutions that could help you to do so, however;
- You could opt to pause the call recording when customers are passing over their card details
- You could mute or mask the CV2 number
- Some merchants also use a series of keypad entries made by the customer, meaning that they don’t record any card information
Taking credit card payments over the phone is entirely possible but merchants need to be aware of not just this compliance, but around GDPR and data protection issues too. Falling foul of data protection laws can not only land you in trouble with the ICO, but could result in hefty fines.
Who provides virtual terminal services?
There are a number of card processing providers who provide virtual terminal services, allowing a business to take advantage of this convenient way for people to pay. These are just five of the providers who offer virtual terminal payments. We’ve listed the details of how much these are likely to cost (although we’d urge you to check for updated fees before signing up).
|Square||No monthly fees|
2.5% processing fee per transaction
|Highly rated for the number of free features it offers|
|Worldpay||£9.95 + VAT per month|
Transaction fees for cards vary
|Great for high volume payments|
|PayPal||£20 per month|
2.9% transaction fee +20p
|Ideal for European/domestic cards|
|SumUp||No monthly fee|
2.95% + 25p per card fee
|Can be accessed in both app and browser|
Telephone card payments FAQ
The exact process of taking payments on a card machine over the phone will vary slightly from one provider to another. In most cases, you sign in to an app or a specific URL. The customer is prompted to give various snippets of information at certain times to complete a range of payment fields. If these fields are not completed or the information is incorrect the payment will be declined. Double check the information with the customer and press either ‘submit’ or ‘charge’. Within seconds, the sale will be approved.
The amount leaves the customer’s account straight away and is held in a holding account whilst various checks are made. Within days, the money arrives in the business account.
Yes, card payments made over the phone are safe but there are issues that a business needs to be aware of:
• If you record calls you will need to have some kind of system in place that prevents the recording of all or some parts of the conversation. For example, masking or not recording the CVV number during the call is important.
• Businesses need to be aware of PCI compliance. This places emphasis on the merchant to prevent fraud with reasonable security checks.
• Data protection also needs to be taken into account, as well as possible implications from GDPR.
Payments cannot be processed if the information is incorrect. For example, the CVV code needs to match the postcode listed on the account, otherwise, the payment will be declined. With appropriate security measures in place, taking payments over the phone is secure, proving you and your customers with a convenient payment method.
No, but there are compliance issues that every merchant who takes payments, whether over the phone or face-to-face in a premises, needs to be aware of. Not being PCI compliant, for example, can lead to heavy fines. Depending on the severity of the security or non-compliance issue, a business may be forced to suspect taking payments too. NO business is exempt from PCI compliance issues, regardless of how they take payments.
The rules for taking payments over the phone are straightforward:
• If your store customer payment details, they must be held securely and encrypted. This information needs to be held and archived securely.
• Businesses need to be aware of which level of compliance they must meet with PCI DSS regulations.
• GDPR and data protection rules must also be followed.
• If you record phone calls, you’ll need to be aware of the information that is recorded (and the parts that shouldn’t be) as well as who has access to these recording. How these recordings are stored and accessed will also need to be considered.