Skip to main content
Contact CentrePCI CompliancePhone Payments

How Contact Centres Take Payments Over the Phone

By December 19, 2022January 25th, 2023No Comments

The need for Contact Centres to take different kinds of payments have increased…

in this blog we look at how contact centres take payments over the phone and the ins and outs of doing so.

There are two options for contact centre payments over the phone. One is automated using an Automated Payment Line (APL) or as it has previously been referred to, a ‘Payment IVR’. The other is referred to as ‘Agent Assisted Payments’, this is where a staff member speaks to a customer when taking a payment.

The need for Contact Centres to take different kinds of payments have increased
Automated or IVR Payments

Automated or IVR Payments

Automated Payment lines, or Call Centre IVR payments, have been increasing in recent years as consumers have become more comfortable with paying through automated systems. Companies realise the cost efficiency of reducing contact in their Call Centres and helping their customers with options for self-service anytime day or night.

APL’s have also dropped in price over recent years, making them affordable for small to medium sized organisations, as well as becoming faster to set up.

One drawback many organisations suffer from is that their APL is not integrated with their other payment systems, causing extra backend administration and issues reconciling payments.

A second drawback is poor configuration from the APL provider, making it cumbersome to use for the customer paying. This creates a difficult experience and poor customer satisfaction for those consumers struggling with the system.

Agent Assisted Payments

It may surprise you to know that many Contact Centres today have their agents taking payments over the phone by asking customers to read out their card payment details. The agent then types these details into a physical card terminal, or a virtual card terminal, to process the payment.

While this method is quick and easy, it comes with many drawbacks and is not secure. It makes it practically impossible for the Contact Centre to comply with their obligations under the Payment Card Industries Data Security Standard (PCI DSS). Being PCI DSS compliant is a requirement for all organisations taking card payments over any channel.

Agent Assisted Payments

Furthermore, customers are becoming more data security conscious, and make purchases in non-secure locations, such as paying a bill while on the bus. Consumers are less comfortable reading their card details out over the phone than ever before and demand more secure payment solutions.

Staff are also put at risk as they are exposed to card information. Contact Centre agents have become a target for organised crime to elicit the information they can then use or sell.

If calls are being recorded, this poses a problem as card information can be stored on the recording, which is a clear breach of the PCI DSS. Some Contact Centres attempt to get around this by training the agents to manually pause the call recording when the payment is being taken, but this is not acceptable under the PCI DSS.

There is the possibility of automating the pausing and resuming of calls, but this is used less and less as it is prone to failing. It also still leaves the Contact Centre with more than 300 requirements to comply with.

Believe it or not some organisations are still encouraging customers on the phone to make payments on their website or to make a bank transfer. This may be easy for the company, but the problems here are clear. This is poor customer experience, and cannot compete with other businesses that take a more supportive approach. Contact Centres doing this are not setting themselves up for a bright future.

Many organisations have adopted a hybrid automated model, in which the agent passes, or transfers, the call through to an automated payment line, or a card payment detail collection IVR. This is when a customer reads out their card information that gets processed by an automated system without being seen or heard by any agent.


This hybrid call centre payment solution has some real benefits:

  • It significantly reduces the scope of PCI DSS compliance
  • Looks after staff members by not exposing them to sensitive financial data
  • Has a relatively low cost
  • Plus it’s easy for the agents to use

Problems with this model are if customers run into difficulty and are unable to get help straight away. They may not be transferred at the end of a call to the agent they were dealing with. Call recording on some hybrid models can sometimes fail to pause, which poses a bigger problem than it sounds. Leaving call recording infrastructure in the scope of the PCI DSS, and potentially the entire organisation’s network depending on how it is configured.

Customer experience suffers! Consumers do not like being handed off to a system, even though they know it is to help secure their data. As Customer Experience (CX) is a critical focus for contact centres going forwards, this puts many off from adopting a hybrid approach.

There is a Contact Centre Payment Service Alternative

There is a new breed of financial technology service that focuses on helping Contact Centres take phone payments in a simple, compliant way while boosting the Customer Experience. These have sprung up over the past few years and are being readily adopted by companies as the benefits are clear.


1. One common method is where, upon payment, the customer is sent a link via text message from the live agent they are talking to. The customer clicks the link and submits their sensitive card information. The agent then processes the payment. This classes the transaction as a telephone payment meaning that it is exempt from the 3D Secure v2 requirement, making payment processing easy.

In some cases, the organisation would prefer to trigger 3D Secure v2 to take advantage of the liability shift and cheaper acquiring fees. In this case when the customer submits their card details to make a payment the transaction is classed as an online payment, not a telephone payment.


Another more popular method is called the DTMF method, named after the DTMF tones made by your telephone when you press the numbers on the keypad.
Customers are asked by the agent to enter their card details using their telephone keypad, and the clever technology picks up these tones. These are sent directly to the payment gateway for processing. The great part is these are muted to the agent and the Contact Centre systems cannot hear them, thereby removing them from the scope of the PCI DSS.

Both these Contact Centre payment methods are great for PCI DSS compliance. Neither the Contact Centre staff, nor the Contact Centre phone system or computer network are exposed to customer card information. This means the Contact Centre can achieve a high level of compliance very easily and doesn’t need to keep on top of cumbersome security protocols. They can also reduce card fees for being level 1 compliant.

Furthermore, their customer service can communicate with the caller throughout the process, and assist them through any difficulty, resulting in a positive Customer Experience. Consumers are more familiar with these payment methods now and more importantly expect them. They cite a preference for using them as they feel their card information is more secure, which further improves overall CX.

These methods have been around for several years, but their cost has been prohibitive, only available for very large Call Centres with hundreds of agent seats. This has changed, and offices with just a few people taking payments over the phone a day are adopting these newer technologies as they have become affordable.

Beyond compliance and security, phone payment technologies are also offering more and more features. This makes payment administration easier for organisations as well as making them more cost effective.

These features include:

  • Setting up recurring payments
  • Help to take Pay By Bank (Open Banking) payments
  • Card payments over the phone.

It also enables other payment channels like Web Chat and SMS. Plus it can work with multiple gateways, currencies and integrate with other Call Centre systems for a seamless experience for staff.

Two key drivers pushing this technology into Contact Centres are consumer demands and the increasing complexity of data security. Customers want to be able to pay when they want, over whichever channel they prefer to communicate in a secure way. As Contact Centres seek to turn into Customer Experience Centres, they are acutely sensitive to the consumers’ demands.

Data security is becoming increasingly complex, with a new version of the PCI DSS about to be enforced, more channels to protect and increasing customer expectations.

Contact Centre Payment Service Alternative

Get in Touch to Find Out more...

If you take payments over the phone, or want to, get in touch with us to discuss how PayGuard can help your organisation meet your customers and be secure.

We are always happy to talk through your options and how PayGuard can help take your business to the next level!