.jpg "A call centre operative takes a secure payment by telephone, using Securafone by SOTpay")
For decades, businesses have relied on taking card payments over the phone. Whether through a call centre, a small office setup, or a dedicated IVR system, the telephone was once considered a convenient way to handle card-not-present transactions. But in 2025, that model is crumbling fast.
Fraud, PCI compliance failures, chargebacks and rising costs mean that old-style telephone card payments are no longer safe or sustainable. Visa’s VAMP 2025 rules now make systems that capture cardholder data via voice channels or DTMF tones non-compliant, forcing companies to rethink how they take payments.
If your business is still relying on staff writing down card numbers or using DTMF keypad masking, this article will show you the risks, the alternatives, and how to find the most secure and cost-effective solution.
Why Businesses Still Use Phone Payments
There are good reasons telephone card payments have stuck around. Some customers prefer the reassurance of speaking to a human being, especially for higher-value transactions. Older demographics may not feel comfortable with online checkout systems. Businesses also like the speed of being able to close a deal while the customer is still on the phone.
But convenience comes at a cost. Traditional phone payment systems expose sensitive card data to environments where it shouldn’t exist, opening businesses up to fraud, fines, and reputation damage.
The Risks of Taking Card Payments Over the Phone
1. PCI DSS Compliance Failures
PCI DSS is clear: if your staff can hear or see card data, or if card data passes through your phone network, your business is in PCI scope. That means expensive audits, costly controls, and major liability if anything goes wrong. Most small and mid-sized businesses cannot realistically meet the requirements if they’re handling card data by phone.
2. DTMF & IVR Systems Are Obsolete
Dual-tone multi-frequency (DTMF) masking — where customers enter card details using their phone keypad and the tones are suppressed — was once seen as a workaround. But Visa has now ruled that these systems are inadequate. With the VAMP 2025 rules, any system that allows cardholder data to touch the voice channel is non-compliant. IVR menus that capture card data are in the same boat.
3. Fraud and Chargebacks
Telephone transactions are card-not-present payments, which already carry higher risk of fraud. Fraudsters exploit the fact that card data is shared verbally or via keypad, leading to unauthorised use and chargebacks. Each chargeback costs not only the transaction value but also fees, time, and damage to your merchant reputation.
4. Customer Experience Issues
Phone payments can frustrate customers. Long IVR menus, poor line quality, and confusing processes lead to abandoned transactions. In a world where digital convenience is expected, forcing customers to wait on a phone line makes little sense.
5. Hidden Costs
Legacy phone systems aren’t cheap. Telecom hardware, IVR setup, maintenance, PCI audits, staff training — all of it adds up. Add the high transaction fees associated with card-not-present payments and you’ve got a payment method that’s expensive as well as insecure.
What a Secure Telephone Payment Solution Looks Like
Taking card payments over the phone isn’t disappearing altogether. But if you want to continue offering it, you need to do it in a way that removes sensitive data from your environment. Here’s what to look for in a secure telephone payment solution:
-
No Card Data in Voice Systems: A compliant system ensures cardholder data never passes through your phone lines or agent headsets.
-
PCI DSS Compliance Built-In: Providers should remove your business from PCI scope, not add to it.
-
3-D Secure Authentication: Liability for fraudulent transactions should be shifted to the issuing bank, not left with you.
-
Real-Time Processing: Customers get instant confirmation, improving satisfaction and trust.
-
Integration with Business Systems: Payments should flow directly into your CRM, ERP, or accounting software like Xero and QuickBooks.
-
Omnichannel Options: Customers who don’t want to pay over the phone should be able to switch seamlessly to SMS, email, or WhatsApp payment links.
Cheapest Phone Payment Providers: What to Consider
Price matters, but focusing only on per-transaction fees can be short-sighted. The “cheapest” solution may cost more in the long run if it increases fraud exposure or requires expensive PCI audits.
When comparing providers, consider:
-
Transaction Fees: Card fees, Open Banking options, or blended rates.
-
Setup and Maintenance Costs: Hardware vs hosted solutions.
-
Compliance Costs: Are you still in PCI scope? If so, audits will eat into any savings.
-
Chargeback Liability: Does the provider offer authentication that shifts liability away from your business?
-
Flexibility: Can you offer multiple payment channels to suit customer preferences?
The cheapest provider is the one that reduces fraud, eliminates unnecessary overheads, and prevents you from paying for compliance headaches.
Secure Alternatives to DTMF and IVR
Businesses don’t need to abandon phone payments altogether, but they do need to modernise. Secure alternatives include:
-
Pay-by-Link: Agents stay on the call while sending a secure, branded payment link by SMS or email. The customer enters card details privately, and the payment is processed in real time.
-
WhatsApp and Web Chat Payments: Offer customers the ability to pay directly through the channels they already use.
-
Open Banking Payments: Customers can pay directly from their bank account with lower fees and stronger authentication.
-
Recurring Payments and Card-on-File: For regular customers, securely store credentials with the acquirer and automate future transactions.
All of these remove card data from your environment, keeping you out of PCI scope and eliminating the risks of legacy systems.
Why SOTpay is the Right Choice
SOTpay and SOTpay Connect are designed specifically to solve the problems of telephone and multichannel payments:
-
No DTMF, No IVR: Card data never passes through your phone systems.
-
PCI DSS Compliance Simplified: With SOTpay, your agents can take payments securely from anywhere, without handling card data.
-
3-D Secure Authentication: Liability for fraud is shifted to the bank, protecting your business from chargebacks.
-
Omnichannel by Design: Send secure links by SMS, email, WhatsApp or web chat while staying engaged with the customer.
-
Seamless Integration: Sync payments directly into Xero, QuickBooks, Sage, or your CRM for effortless reconciliation.
-
Hosted and Scalable: No on-premise hardware, no costly IVR menus, no maintenance headaches.
FAQs
Is it still legal to take card payments over the phone?
Yes, but you must use a system that ensures card data doesn’t touch your voice environment. Old DTMF/IVR systems will not be compliant under Visa’s 2025 rules.
What’s the cheapest way to take phone payments?
It depends on more than fees. The cheapest long-term solution is one that removes PCI scope, reduces chargebacks, and offers lower-fee alternatives like Open Banking alongside cards.
Do customers trust Pay-by-Link?
Yes. Customers prefer entering their details privately on a secure page, especially when links are branded and accompanied by an agent on the call.
What is DTMF masking?
DTMF is where customers type their card numbers into their phone keypad and the tones are masked. It was once considered secure, but it no longer meets compliance standards.
How quickly can I migrate away from IVR?
With cloud-based solutions like SOTpay, migration can be completed quickly, often without new hardware.
Conclusion
Taking card payments over the phone has always been a balancing act between convenience and risk. In 2025, the balance has tipped — DTMF and IVR systems are obsolete, compliance rules have tightened, and fraud risk is higher than ever.
Businesses that fail to modernise will face fines, chargebacks, and lost customers. Those that adopt secure telephone payment solutions can cut costs, improve customer experience, and remove compliance headaches altogether.
With SOTpay, you can keep offering the personal touch of a phone call while protecting your business and your customers. It’s time to retire DTMF, say goodbye to insecure IVR menus, and embrace the future of secure, multichannel payments.
