5 tips to securely accept credit card payments over the phone

Posted: 25 August 2021

COVID-19 has drastically changed the way consumers shop, with shoppers embracing more ways to engage with brands beyond brick-and-mortar stores to include an increasingly digital lifestyle. 

Restrictions are forcing retailers to have flexible communication tools across the value chain to include voice and digital channels to respond to customer through tools such as web chat for ecommerce, intelligent voice routing to manage click-and-collect and secure payment options. 

As Australians settle into a rhythm of working from home, shopping trends have highlighted the increased adoption of online shopping methods, with many stating that this will be a lasting trend (J.P Morgan, 2020). With more and more consumers shopping through digital channels, organisations should be implementing secure payment technologies and processes to ensure they are not vulnerable to data security breaches.  


Here are 5 tips to securely accept credit card payments over the phone:  

1. Be aware of the Payment Card Industry Data Security Standard  

 The Payment Card Industry (PCI) Data Security Standard ensures that consumers and organisations are protected under a regulatory framework that outlines the standard for which credit card information is processed, handled, and stored.  

Organisations that handle payments, no matter their size or processing methods, are required to follow certain requirements to be PCI compliant. Non-compliance results in large fines, as well as being exposed to greater security attacks.  

The following are the requirements detailed in the PCI Security Standards: 

Build and Maintain a Secure Network

a). Install and maintain a firewall configuration to protect cardholder data

b). Do not use vendor-supplied defaults for system passwords and other security parameters

Protect Cardholder Data

c). Protect stored cardholder data

d).  Encrypt transmission of cardholder data across open, public networks

Maintain a Vulnerability Management Program

e). Use and regularly update anti-virus software or programs

f). Develop and maintain secure systems and applications

Implement Strong Access Control Measures

g). Restrict access to cardholder data by business need-to-know

h). Assign a unique ID to each person with computer access

i). Restrict physical access to cardholder data 

Regularly Monitor and Test Networks

j). Track and monitor all access to network resources and cardholder data

k). Regularly test security systems and processes

Maintain an Information Security Policy

l). Maintain a policy that addresses information security for employees and contractors

2. Understand Payment gateways and how they interact with merchants 

Payment Gateway: The payment gateway acts as an intermediary between the merchant and the business taking payments.  

Merchant: A merchant account is a bank account organisations can use to accept payments from their customers.

When a customer pays with their credit card, the payment gateway connects with the merchant account. It sends the transaction information to the merchant bank and routes the transaction request to the bank and pushes the transaction information to the card network. The bank uses fraud detection measures to confirm the validity of the transaction by either approving or rejecting the transaction. The outcome of the purchase gets sent back through the card network to the merchant bank and the payment gateway. 


3. Factor in customer preferences and implement different purchasing methods 

Businesses should consider implementing options to cater to different customer purchasing preferences. The two most common purchasing methods over the phone are: 


The agent-assisted transaction process allows the employee to maintain voice communication with the customer to guide the customer through the payment process and answer any questions that may arise during the transaction. The employee will only be presented with a visual status when the customer inputs their card details. Audible tones will not be presented to the employee to eliminate the risk of a data breach. Once the payment has been authorised, confirmation of the payment can be sent to the customer while on the call.  


Time-poor customers may choose this option as it is an easy and efficient method of paying through the Interactive Voice Response (IVR), without needing to wait for an employee. Once the customer initiates the payment process, the IVR will prompt the customer for their card number. The customer will simply need to enter their credit card data for it to be processed.  


4. Consider tokenisation to ensure data security  

During a transaction, tokenisation is the process in which sensitive data such as credit card details get turned in a randomised string of characters called a ‘token’. This token has no meaningful value if a data breach were to occur. The tokens serve as a reference to the original data but cannot be used to recover the original data.  

Some key benefits of tokenisation include: 

a). Reduces risks from data breaches and financial ramifications 

The average cost of a data breach equates to $3.7M (AUD), which is an increase of 31% from the previous year (ACS, 2021). Therefore, data encryption options such as tokenisation would remove the risk of such breach.  

b). Foster trust with your customers 

Consumers expect a safe and seamless shopping experience. With 65% of consumers stating that a data breach would negatively impact their trust in the affected company, data encryption options such as tokenisation should be considered by all businesses (Centrify, 2017) 

c). Make compliance easier  

Tokenisation makes achieving PCI DSS compliance easier as it addresses the third requirement of protecting cardholder data at rest (see tip 1). Tokenisation satisfies this requirement by ensuring sensitive data such as credit card details never enters your system.


 5. Consider a comprehensive communication technology vendor 

Complying with the PCI DSS should be a priority to any organisation that takes payments over the phone. Instead of considering a PCI compliant payment solution in isolation, businesses should explore options for a more comprehensive communication solution that can satisfy their data security requirements and their overall customer experience strategy.   

ipSCAPE is an Australian multi-channel contact centre solution that powers leading retailers to power their customer service and sales teams, enabling PCI payments to be taken securing and easily. Over 20 payment gateways are already available in the ipSCAPE Contact Centre solution and more can be created based on client’s need. 

Our team of experts can help understand your customer experience needs and provide information about the ipSCAPE secure payment solution for your Contact Centre. 


ipSCAPE is a cloud customer experience technology that powers the communication for contact centres, sales and customer support. ipSCAPE is a feature-rich, scalable, multichannel solution that offers an integrated PCI compliant solution, ipSCAPE PAY. Want to learn more?  Contact Us 1300 477 227 info@ipscape.com