For many businesses taking card payments over the phone is critical.

It’s a quick way to accept payment. But not all is clear as laws born to combat fraud tighten their grip.

Regulators have been busy over the last 18 months forcing small and large organisations alike to take stronger measures to protect financial and personal information.


While many businesses complain about the additional regulation, it is worth considering that card fraud extends to over £4bn annually. Incredibly, on average in 2018 UK businesses suffered an average of 633 attacks to breach their networks every day.

In the last quarter of 2018 alone breaches occurred in many well-known companies such as FIFA, Facebook and Uber. While Equifax got fined just £500,000, the estimated, eye watering breach cost to the company was £3.5bn.

But do smaller businesses really need to worry about all this?

Yes, because unfortunately they are more of a target today than ever, and they are less likely to survive if breached.

61% of breach victims are SMB’s, which is increasing year on year, as smaller companies have not had the headspace or the resources to secure themselves. More concerning is that 60% of SMB’s that experience an attack go under within 6 months.

Case Study: Restaurant – 2017 – a breach of payment card information resulted in £21,000 of audit expenses and an additional £66,000 in fines and penalties from the credit card companies.

What regulations apply to me?

Card issuers and the governments are forcing organisations to improve security. If you take card payments, you are subjected to the following:

  • Feb 18: The Payment Card Industry Security Standard Council (PCI SSC) enforces a new version of their Data Security Standard, version 3.2.
  • May 18: The GDPR came into effect, along with the new Data Protection Act which makes Company Directors personally liable.
  • Dec 18: The PCI SSC issues stricter guidance on phone payments.

3 common misconceptions

  1. I don’t record phone calls, so I’m compliant. Unfortunately, no.
  2. We only take a few payments. Sure … but you still need to comply with the regulations even if you take just one card payment.
  3. My staff type the card information straight into a terminal/virtual terminal. Great … this helps but doesn’t make you compliant.

Remember, Company Directors are compelled not to neglect their duties around compliance. Under the new law they face personal liability of up to £500,000.

Case Studies: a Travel Agency, a Dental Practice and a Bowling Alley – 2018 – breaches of personal data and payment card information resulted in a total of £105,000 of expenses and fines.

A glint of hope

Affordable technology is keeping pace with regulatory changes.

Fusion offer PayGuard®, and phone and online payment application that allow businesses of all sizes to tick all the compliance boxes while processing payments securely, and all at a reasonable cost.

PayGuard® not only allows your staff to continue to speak with your customer throughout the payment, but also helps you set up payment schedules and make refunds easily. On top of this Customers surveyed report feeling more secure and prefer paying with PayGuard® too.

The tools are out there to remove the ever-increasing, personal and professional risk of breaches and non-compliance. Take the time to familiarise yourself with your options. Now is the time to act!