Hi All,

I currently use sagepay on my website and paypal but wanted to know if any of you take payment over the phone and what advantages and disadvantage their may be.

I wouldnt get into it, online business pay online, although with payoffline clients can go to local pay point and pay. Also some people just don't like giving card details over phone, and not sure what the regs are now a days concerning 'Customer not present' authorisations.:rolleyes:

We do. In fact at least 50% of our business is closed over the phone.

We accept payments over phone using Sagepay. I think you have to be crazy not to accept details over the phone. Some people are just more comfortable doing this.

I suggest you just test it. Open a MOTO account, if it doesn't work out just close it again.

Hi,

One of the reasons i am thinking about getting a terminal for use with the phone is the comfort for the customers as some people do not like the long process over the internet and 3d secure just adds more confusion.

I am also now offering high priced dresses so i am not to sure about card holder not present and fraud levels.

We also take payment over the phone.

All of our business comes from the website but the majority of transactions are completed over the phone.

The natural limit for online orders seems to be around £1500 for us (£4k once went through)

Taking orders through sagepay terminal allows us to accept larger orders and also more power to close the sale while on the phone rather than send them back to the site with a discount code

Definitely do it.
Why close off one method of letting people buy your goods or services? Make it as easy as possible for people to buy. Bananas not to.

We use MOTO with RBSWorldpay, its easy to use and can account for up to 25% of our daily revenue total.

On balance if you can afford the time to answer the phone then its a must, but a couple of things to consider;

1. Do you have the personnel or man-hours to be available to answer the phone during your working day? If not it can eat into time set aside for other duties such as order fulfillment. Do you have the time to call back those callers you missed who left a message? A phone number is not just an order number, it is also used by existing customers as a customer service line.

2. Fraud prevention. You are opening your business up to social fraud attacks, that is, a fraudster phoning up and pretending to be the card holder asking for an alternative delivery address. Can sound convincing, if in any doubt simply take their details and double-check them on-line before processing the order.

3. Software, does your Ecommerce software have telephone order processing capacity and if not, would you be looking to put an order through your shop on behalf of your customer?

Our new site has a feature to manually enter customers details and order details in the admin panel. Its great knowing that all our details are still in one place.

We then process the card while the customer is on the phone with our virtual terminal :)

All those that take payments over the phone are you aware of the new banking regulations and fully compliant with written policies available for inspection? one of the reasons i stopped taking phone orders because it's not worth all the hoops you have to jump through.

All those that take payments over the phone are you aware of the new banking regulations and fully compliant with written policies available for inspection? one of the reasons i stopped taking phone orders because it's not worth all the hoops you have to jump through.

Have you got a reference please?

Have you got a reference please?
I'm amazed this thread has gone this far without somebody mentioning PCI-DSS compliance. It's straight-forward if you're only taking online payment through an coompliant payment provider, but as soon as you add in MOTO payments using a virtual terminal you're down the route of setting up security procedures and having a network scan by a consultant.

https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Hello Again,

Thanks for all your replies. The type of terminal I was thinking about was one of the handheld terminals that i could take with me to shows also.

Would this need any special security training ? As lots of shops use them daily I doubt everyone all their staff is fully trained.

I am guessing when we take payment for using a terminal we will not be holding onto their details ? But what about Card holder not present transactions ?

I'm amazed this thread has gone this far without somebody mentioning PCI-DSS compliance. It's straight-forward if you're only taking online payment through an coompliant payment provider, but as soon as you add in MOTO payments using a virtual terminal you're down the route of setting up security procedures and having a network scan by a consultant.

https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Those seem to be guidelines from an industry based body. What are the legal requirements?
Wouldn't Worldpay, (lets call it Worldpay or RBS rather than MOTO shall we? I had no idea what MOTO was and I use the damned thing), have these extra security settings as default or alert you to them?

The requirements themselves strike me as verging on the blathersome: what does:

"Requirement 7: Restrict access to cardholder data by business need-to-know"

actually mean? Who defines that need to know? What is it? Can you be nicked for not needing to know? By whom?

I've just being to a business exhibition and none of the three corporate lawyers touting for biz knew anything in the law about this.

More info needed.

Hand-held terminal is fine. I specifically mentioned virtual terminals as being a problem. The PCI-DSS standards are concerned with handling and storing of card details in a networked environment.

Those seem to be guidelines from an industry based body.
Yes they are.
What are the legal requirements?
There is nothing in law about this, however, my understanding is that there are severe penalties if card information is compromised as a result of non-conformance with PCI DSS.