TL;DR
A virtual terminal allows you to process card payments through a web browser or app when the customer isn't physically present.
Payment providers must explicitly enable Mail Order/Telephone Order (MOTO) permissions on your merchant account before you can manually type in card details.
Key security features such as AVS and CVV checks are essential for protecting your business from fraud and chargeback liabilities.
Teya provides secure payment links as a low-risk alternative for managing all your remote sales in a single dashboard.
Imagine that your client calls to place a large corporate order and wants to settle the balance immediately over the phone. If your business is primarily set up for face-to-face counter sales, your physical card machine won't help you here. You need a reliable way to process the transaction securely without the customer or their card being physically present.
The traditional tool for this job is a virtual terminal. Here's a breakdown of how these systems work, the security obligations that come with manual data entry, and what features to look for in a provider, so you can handle remote revenue safely without disrupting your cash flow.
How virtual payment processing works
A virtual terminal is a secure webpage or app interface that allows your team to manually enter a customer’s card details to process a payment. During a phone order, the customer reads out their card number, expiry date, and CVV code.
Your staff member enters these details into the terminal, which sends the data through the payment gateway to be authorised by the issuing bank.
Because the physical card, chip, and PIN are absent, these are classified as Card-Not-Present (CNP) transactions. This changes your legal standing as a merchant: if a transaction turns out to be fraudulent or is later disputed, the financial liability shifts from the card issuer directly to your business.
UK Finance data shows card-not-present fraud accounted for £395.7 million in losses in a single year, making up the vast majority of all UK card fraud. Understanding this shift in risk is the vital starting point for handling remote payments safely.
What your provider must activate first
Most payment providers do not turn on virtual terminal access automatically. MOTO permissions need to be explicitly enabled on your merchant account before manually entered card numbers can be processed correctly.
Without this activation, transactions may be declined outright or processed at incorrect interchange rates, which affects both your cost per transaction and your reporting.
Before using a virtual terminal, confirm three things with your provider: that MOTO access is active on your account, that end-to-end encryption applies to all CNP transactions, and that AVS verification is switched on. These are the baseline requirements for processing remote card payments safely.
What to look for in a virtual terminal
If you are reviewing traditional virtual terminal providers, ensure the platform includes these five main features to protect your cash flow and reduce admin:
Address Verification Service (AVS)
This compares the billing postcode and house number provided by the customer against the records held by their card issuer. It is your primary defence against fraudulent card use.
End-to-end encryption
Card data must be fully encrypted in transit using TLS 1.2 or later, and your provider should hold PCI DSS Level 1 certification.
CVV verification
Checking the three-digit code on the back of the card confirms the customer has physical access to the card, serving as an essential secondary security check.
Unified settlement
Your remote transactions and countertop card machine sales should settle on the same timeline, into the same bank account. Splitting them creates hours of extra bookkeeping at month-end.
No separate contract
Remote payment capabilities should be a standard feature of your processing account, not a separate service with its own long-term contract or hidden fees.
Security and PCI DSS compliance on virtual payment processing
Manually entering card numbers into a virtual terminal puts your business strictly in scope for the Payment Card Industry Data Security Standard (PCI DSS). Because your staff is handling live card numbers over the phone, compliance rules become incredibly strict:
Card numbers can never be written down on paper or sticky notes.
Phone recording software must be paused before the customer reads their details out loud.
No card data can ever be stored in emails, spreadsheets, or local folders.
Breaking these rules risks data leaks and heavy non-compliance fines from your acquirer.
A more compact option: payment links
There's an interesting alternative to the traditional terminal for Independent businesses that want to avoid these rigid phone-handling compliance risks: Payment Links.
Instead of your staff taking down sensitive card numbers over the phone, you simply generate a secure payment link directly from your Teya app or dashboard and send it via text or email.
The customer securely enters their details on their device and authenticates the payment via Strong Customer Authentication (SCA). Because your team never touches the card data directly, we keep your business perfectly secure without the administrative burden.
Simplifying your payment operations
Whether you choose a traditional virtual terminal setup or an alternative such as payment links, the ideal scenario for any UK SME is to keep all your revenue under one roof. Juggling separate providers for phone orders and face-to-face card machines results in split settlement timelines, separate statements, and fragmented accounting.
We built Teya to bring your entire cash flow into one clear view. It doesn't matter if a sale comes from your countertop card machine or a secure remote payment link; the money behaves exactly the same way. Funds settle the next morning, including weekends and bank holidays, straight into your Teya Business Account.
You can also integrate Teya with your accounting software, syncing up to 12 months of data to Xero and 24 months to QuickBooks to eliminate manual reconciliation. With a flexible, rolling monthly contract and free PCI compliance support, we give you the tools to take remote payments securely, without the hidden overheads.
See how it all fits together and find the best plans for your business.
Take full control of your payments with Teya
Team Teya
•