Should you accept credit cards over the phone?
Card-not-present transactions carry higher fees and higher fraud risk. They also remove a friction point that loses customers. Here's the right way to think about it.
Card-not-present (CNP) transactions — where the customer reads their card number to you over the phone — used to be an exception. In 2026, they're the default for many residential service operations. Customers expect to be able to pay over the phone.
But CNP carries higher fees, higher chargeback risk, and PCI-compliance considerations that face-to-face transactions don't. Here's how to think about it.
The case for accepting phone payments
Customers expect it. A customer asked to drive to your office to drop off a check, or to walk to the mailbox, often becomes a slow-pay or no-pay customer. Phone payment removes that friction.
Faster cash collection. Invoice sent → customer calls in payment same day → cash in your account within 24-48 hours. Compare to mailed check (5-15 days), or even ACH (3-5 days).
Recurring customer convenience. Maintenance plan customers paying monthly want low-friction billing. Phone payment is friction-free.
Reduces collections work. Office staff calling about an unpaid invoice can take payment in the same call. Eliminates the round-trip of "we'll mail a check" → check never arrives → call again.
The case against accepting phone payments
Higher transaction fees. CNP transactions run 0.3-0.6% higher in interchange fees than card-present transactions. On a $400 invoice, ~$1.50 in extra fees.
Higher chargeback risk. Without the customer's signed receipt or chip-card authorization, you have less proof that the customer authorized the charge. Chargebacks favor the customer in disputes.
PCI compliance. Storing or processing card numbers — even verbally — has security obligations. Mishandling can result in PCI fines and breach exposure.
Payment fraud risk. A bad actor calling in with a stolen card number is harder to detect than someone presenting a physical card. Some risk transfer to the merchant.
Office workflow burden. Office staff have to be trained on payment handling, security protocols, and what to record vs not record.
Best practices if you accept phone payments
Use a payment processor that handles PCI directly. Stripe, Square, Authorize.net, and similar platforms can take a card number through a secure form your office staff submits — but the card number itself never gets stored on your systems. This dramatically reduces your PCI compliance burden.
Don't write down full card numbers on paper. No "I'll call you back, just give me the card number" with a Post-It note. Process in the moment, on the secure form. Discard any paper notes immediately.
Don't email or text card numbers. Customers sometimes try to send card details by email or SMS to "save time." Refuse politely; offer the secure phone-payment process or send a payment link.
Send payment links instead of taking phone payments when possible. Most modern payment processors generate hosted payment links that you can text or email to the customer. The customer enters their own card on a secure page; you never handle the number. Lower fees (treated as customer-not-present but secure), zero PCI burden, customer-side convenience.
Set up a recorded payment line. Some operators route payment calls to a dedicated recorded line that explicitly notifies the customer that the call is being recorded. Provides documentation if there's a dispute later.
Get written authorization for recurring billing. Before the first phone-collected payment for a maintenance plan, send the customer a quick form (DocuSign or equivalent) authorizing recurring charges. Reduces chargeback risk on monthly bills.
Where this comes apart
The most common phone-payment failure modes:
Card declined, customer doesn't provide a backup. Office staff has to call back, restart the conversation, hope the customer answers. A payment link makes this self-service.
Wrong card type. Customer reads a debit card number, transaction declines for "insufficient funds," office has to restart. Payment link surfaces this immediately.
Customer disputes the charge later. Without signed authorization, the merchant typically loses chargebacks for $X. Payment link with explicit checkbox creates better authorization trail.
Office staff write down the card "just in case." PCI compliance violation. Often discovered during an audit or breach investigation. Don't.
Recommendation
For most modern residential service operators, the right answer is:
Default to payment links for invoices over $X (e.g., $200). Sent by SMS or email; customer pays self-service. Best fees, lowest PCI risk, lowest staff burden.
Allow phone payment as a fallback for customers who prefer it or for whom payment links aren't working. Use a PCI-compliant payment processor that takes card numbers through a secure form your staff submits.
Set up automatic billing for maintenance plan and recurring customers via card-on-file. After explicit authorization, never need to ask for the card again.
Discontinue card-by-paper-form entirely. The operational risk-to-reward ratio doesn't justify it in 2026.
What to expect
Operators making this transition typically see:
- Day-of-completion payment rates climb (more invoices paid same day)
- AR aging tightens
- Office time on payment collection drops
- Card processing fees stay roughly flat (CNP fee bump offset by lower invoicing labor)
- Chargeback rates stay low if authorization processes are clean
The savings on office time alone usually pay for the slightly higher CNP fees within months.
For more on the broader payment workflow — including how ServiceGrid handles card-on-file, payment links, and Stripe-direct integration — see our pricing page and the related features/invoices overview.