Card Over The Phone | PCI Booking

Card Over The Phone

Keeping your business PCI Compliant requires strict levels of care when directly handling payment card data. While online transactions are protected by PCI Shield, requesting card details from customers over telephone calls raises its own unique range of challenges. These challenges are resolved through the development of Card Over The Phone, a solution designed to ensure that merchants remain PCI compliant when accepting payment card details via telephone.

Receiving phone calls requesting bookings is undoubtedly a frequent occurrence for those in the travel industry, with normal procedure involving the customer verbally communicating their card details to an employees who transcribes the data before processing the order. While commonplace, this raises multiple areas of concern in regard to both data security and PCI compliance.

Card Over The Phone allows merchants to accept payment data from their customers without the need to directly handle the sensitive information themselves, enabling the merchant to bypass any PCI compliance issues relating to telephone transactions. The captured card data is held on the servers of PCI Booking, as is the case with all PCI Booking features, therefore removing the requirements associated with storage of such details.

For an in-depth view of the Card Over The Phone tool please review the technical documentation.

How does Card Over The Phone work?

Card Over The Phone is a simple process which allows merchants to request payment card details from customers by sharing a card capture page to their phone and/or email address.

Personal details and booking information are taken during the phone call, as is currently the case, with the payment details now submitted by the customers themselves to confirm the reservation. Both the merchant and customer receive a notification confirming the successful transaction.


  1. Call between merchant and card holder is initiated.
  2. Merchant collects all non-secure data (personal details, reservation details, etc.)
  3. Merchant enters contact details required (email or phone number).
  4. Message that includes a link to branded card capture page is sent to customer.
  5. Customer enters card details and submits complete form to the merchant.
  6. The card is stored in PCI Booking.
  7. Merchant receives notification of successful tokenization and token ID.

For card capture pages shared through SMS there is an additional cost for each SMS sent, which varies by country. Click here to view pricing details.