Is it safe to give out my card details over the phone?

There are many situations where you may be asked to provide credit card information over the phone. You could be setting up new internet or phone service at your home and asked to put down a deposit, or perhaps you’re making a big purchase with a company that doesn’t have an online payment system.

Whatever the reason, sharing private credit card details on the phone can feel risky and even scary. Your card details could easily get in the wrong hands when you’re sharing your card number, expiration date and more with someone who could be writing them down on their end. What happens next will largely be out of your control, which is the crux of the problem.

Risks of paying over the phone with a credit card

The risks of paying for something with a credit card over the phone can vary depending on the situation. However, they may include the following:

• Your information could be shared. Sharing your card details over the phone leaves you vulnerable to an increased risk of fraud. Your information could be published online or shared with bad actors who could use your data for fraud, phishing attempts or worse.
• Your card details may not be secured. Even if your information is not shared intentionally, you don’t know where your card details are kept after they’re used. Your information may not be kept in a secure location, thus it could end up in the wrong hands.
• Fraudulent purchases could show up on your account. If your credit card information is compromised, criminals may use it to make fraudulent purchases on your account.

Taking card payments over the phone is also risky for merchants

While giving your card details over the phone adds another layer of risk for you as the consumer, similar risks apply when merchants agree to accept card-not-present (CNP) payments. One major issue is that companies thinking they’re speaking with the cardholder when it’s actually a criminal. This is part of the reason merchants pay more in swipe fees to accept card-not-present transactions.

Considering this risk — and because they can’t see your card — merchants involved in phone transactions are likely to ask you for a considerable number of card details when completing a transaction. For instance, they may want to know:

• Your full credit card number
• Your name as it appears on the card
• The card’s CVV (card verification value) or security code
• The expiration date on the card
• Your billing address with zip code
• Your phone number

They may even ask for information that would be on a driver’s license, such as your date of birth and license number.

Security standards for credit card transactions over the phone

While paying over the phone with a credit card means you won’t physically swipe your card, these purchases differ from in-person and online purchases in other ways, as well. For starters, you are conducting the transaction with a human agent — which leads to some additional security concerns. There is a possibility that the agent could compromise your data, either intentionally or unintentionally, or your data could be intercepted by a third person while you are on the call. That’s why calls should always be conducted over secure networks.

Major card issuers have set up the Payment Card Industry Security Standards Council that maintains a Data Security Standard (PCI DSS) governing how merchants should deal with customers’ card information that they receive. The PCI DSS also lays out how to protect information gathered through phone-based transactions.

The PCI standard says that merchants should not retain your card’s CVV or other sensitive authentication data after use (unless there’s any government regulation that supersedes the PCI standard). Also, whenever possible, they shouldn’t store your full primary account number. If storing your full number is necessary, businesses should not store it without taking adequate protections (such as making sure it cannot be read). They can store other input such as your name and the card’s expiration date.

Guidelines for phone call recordings during transactions

PCI standards also set some basic rules that govern recordings for card-not-present transactions. For example, merchants should not record sensitive details you give them over the phone. If a call is being recorded while you deal with an agent, as it might be for customer service purposes, the recording should be paused while they gather that input. This precaution could prevent third parties from accessing the recording and intercepting the information.

If a recording cannot be paused while you are providing sensitive card information, the agent should delete that part of the recording after the purchase is processed. If the information cannot be erased, the merchant should have adequate security protections in place to ensure outsiders cannot search for and retrieve this sensitive information. For example, they could use enhanced encryption to keep customer information and credit card details secure.

How to protect yourself

If you want to protect yourself from credit card fraud but you still want to be able to make some purchases over the phone from time to time, there are steps you can take to increase security. Consider the following tips to ensure your card-not-present purchases don’t cause any issues.

• Make sure you’re dealing with a legitimate company. Never give your card details over the phone with a company you’re not sure you can trust. Make sure to check out company profiles online and check sites like the Better Business Bureau (BBB) and Trustpilot to read over customer complaints and reviews.
• Don’t provide card details on calls you didn’t initiate. Scammers may call you and try to trick you into giving your card details for a purchase over the phone. You should only give out card details to companies you trust if you are the one who called them in the first place.
• Use a credit card when paying over the phone, not a debit card. Credit cards offer better fraud protections than debit cards, and the vast majority of cards offer $0 fraud liability protection. This perk makes it so you won’t be on the hook for a dime in fraudulent purchases if a criminal uses your card number to buy something over the phone or online.
• Get confirmation. If you’re buying something over the phone with a credit card, you’ll want to know for sure exactly how much you’re being charged. From there, you should write down the amount of the charge and your confirmation number. Store this information in a safe place so you can confirm the charge is correct on your card statement at a later time.
• Monitor your account for fraudulent charges. It’s important to check your credit card accounts for fraudulent charges at least a few times per month. If you see any suspicious activity, be sure to report it to your card issuer immediately.
• Consider using an identity theft protection service. In addition to signing up for account alerts from your issuer, consider using an identity theft protection service. These services monitor your personal information and help protect you from fraudulent activity. Many of them also provide identity theft insurance and other assistance in the event your information is stolen by criminals.

The bottom line

As online and phone shopping has grown in popularity, card-not-present transactions have also increased dramatically. Fortunately, credit cards are safer than ever due to the $0 fraud liability protections they offer. This benefit means you’re not on the hook for fraudulent transactions made with your physical card or your card number provided you report the fraud to your card issuer so they can remove the charges from your account.

Also be aware that federal protections for credit card fraud are much better than you’ll get if you pay with a debit card. According to the Federal Trade Commission (FTC), federal liability for fraudulent transactions on a credit card is capped at $50 for consumers.