CARD OVER THE PHONE

Remain PCI compliant while accepting payment card data over the phone

CARD OVER THE PHONE

Keeping your business PCI Compliant requires strict levels of care when directly handling payment card data. While online transactions are protected by PCI Shield, requesting card details from customers over telephone calls raises its own unique range of challenges. These challenges are resolved through the development of Card Over The Phone, a solution designed to ensure that merchants remain PCI compliant when accepting payment card details via telephone.

Receiving phone calls requesting bookings is undoubtedly a frequent occurrence for those in the travel industry, with normal procedure involving the customer verbally communicating their card details to an employees who transcribes the data before processing the order. While commonplace, this raises multiple areas of concern in regard to both data security and PCI compliance.

PCI Compliant

Bypass PCI DSS concerns regarding verbal communication of payment details by allowing your customer to enter the data themselves. 

Tokenized

Customer enters data into a secure iFrame which captures and tokenizes all sensitive payment information before securely storing it on PCI Booking servers.  

Remove unease

Allow customers to take control of the payment process and remove any unease about sharing their payment details with an unknown person. 

How does Card Over The Phone work?

Card Over The Phone is a simple process which allows merchants to request payment card details from customers by sharing a card capture page to their phone and/or email address.

Personal details and booking information are taken during the phone call, as is currently the case, with the payment details now submitted by the customers themselves to confirm the reservation. Both the merchant and customer receive a notification confirming the successful transaction.

For card capture pages shared through SMS there is an additional cost for each SMS sent, which varies by country.

FLOWCHART

  • CALL INITIATED
    Call between merchant and card holder is initiated.

  • DATA COLLECTION
    Merchant collects all non-secure data (personal details, reservation details, etc.)

  • DATA ENTRY
    Merchant enters contact details required (email or phone number).

  • MESSAGE SENT
    Message that includes a link to branded card capture page is sent to customer.

  • SUBMIT
    Customer enters card details and submits complete form to the merchant.

  • STORED
    The card is stored in PCI Booking.

  • STORED
    Merchant receives notification of successful tokenization and token ID.

CUSTOMERS

Stay in Touch

Sign up to our newsletter to stay informed about PCI compliance news, and updates regarding new PCI Booking features.