Fines for taking payments over the phone

Fines for taking payments over the phone

Accepting card payments over the telephone is a simple way of taking funds from your clients and securing an instant transaction to your account. But, it takes a few steps to set up a compliant payment gateway to avoid fines and penalties.

Payment Card Industry Data Security Standards (PCI DSS) regulations were brought in by the Payment Card Industry Security Standards Council (PCI SSC) to protect cardholders against the misuse of their card payment data. In some instances, businesses can receive escalating fines with the possibility of removing the privilege to accept card payments in the future.

PCI Compliancy applies to any engagement which processes, stores, or passes cardholders data to a merchant account or service provider regardless of the industry sector or size of business. The businesses that do not comply with PCI DSS regulations are not truly caring for their customers and with a few changes to the payment process, a best practice security procedure can be implemented.

Secure Telephone Payments

PCI DSS secure payments over the phone can be managed with a cloud-based MOTO payment solution often known as a virtual terminal using the browser on any internet-connected device. The Security Standards Council does not fine the merchants directly, card brands including Visa, MasterCard, American Express, JCB International and Discover hand out the fines for breach of the PCI Compliancy regulations.

The business merchant must demonstrate compliance in two main ways to support their PCI DSS standards to the acquiring bank. Either a self-assessment SAQ which highlights the annual number of card payments that the business takes, along with an outline of how transactions are made i.e. payments taken in-person or over the internet. The alternative is to request a full compliance report from a certified security expert known as a Qualified Security Assessor, their role is to complete a ROC report (Report on Compliance).

The acquiring bank checks any ongoing PCI compliance standards are met by merchants of their services. Both the merchant and acquiring bank can be fined by the leading card brands. In addition, the banks are enforce future PCI DSS compliance and decide how and when to verify and penalise a business for not meeting the PCI standards.

Card brands will investigate a merchants level of compliance in the event of a data breach. If a merchant was in compliance when a breach is made, fines and penalties are handed out. The fine can range from £5,000 to £100,000 depending on the size of the merchant's business, fees and service charges. If a merchant repeats PCI compliancy breaches then the banks have the ability to stop card payment being taken in the future.

For further information on our secure telephone payment solutions or to book a demonstration, contact our specialist team on freephone 0800 043 4383.

Layers icon
CATEGORIES
Latest News