What are MOTO payments and how do they work?

By: Ryan Gibbons


Mail Order / Telephone Order (MOTO) payments have existed in the commercial landscape for years. These electronic transactions occur when a merchant uses a virtual terminal to manually process a payment that a customer has made by mail or over the phone. Because these are often perceived by the merchant services provider as more vulnerable to fraud, it benefits you as a seller to learn how they work and how you can protect the security of your customers and your business.

How do MOTO payments work?

There are many times when a customer makes their own payments directly to a merchant, either in person by tapping or swiping a card or wearable device through the store’s card reader or via an ecommerce shopping cart or secure gateway after an online purchase. Although these may be the most common ways to settle a bill, MOTO still remains a viable and frequently utilized method as well.

During a MOTO payment, the merchant or third-party payment processor manually inputs details such as the customer’s card number, expiration date, and CVV code. The person’s full name and zip code are often also required. In order to protect the cardholder’s data, the party entering the MOTO transaction must comply with the Payment Card Industry Data Security Standards (PCI DSS) just as would be the case for in-person or online transactions. Additionally, a seller can often take steps to verify a customer’s identity if the need arises through the use of ID checks and signature verification.

3-D Secure.

When a merchant has activated the 3-D Secure protocol for their ecommerce site, it provides an extra layer of protection during the purchase process for both buyer and seller. The protocol can even be customized so that it is only required during certain types of high-risk transactions. Programs such as Mastercard Secure Code, Verified by Visa, American Express SafeKey, and J-Secure are services sponsored by some of the main card companies that feature 3-D Secure.

The 3-D Secure process works with the following steps.

  • The customer completes an ecommerce purchase using their credit card.
  • They are then asked to enter their Verified by Visa, J-Secure, or other card company 3-D Secure code.
  • If the customer is not registered for one of these services, they are prompted to enroll. If they choose not to do so, they can opt out and still complete the purchase. However, some card companies only allow a set number of deferrals.

Using 3-D Secure, the liability for a fraudulent transaction shifts from you the merchant to your issuing bank. Furthermore, all Visa transactions with 3-D Secure have automatic chargeback protection. Finally, you might save on interchange fees and receive better payment terms.

How MOTO enhances 3D Secure.

As we stated above, merchants or third-party providers who are manually entering customer payments into the system have the option to take further steps to verify a buyer’s identity. As a result, a MOTO transaction can be considered to be doubly protected from identity theft and other types of fraud. Therefore, if a customer were to dispute a valid card-not-present MOTO payment after it had passed 3-D Secure tests or if any fraud occurred during the payment’s authorization window, the merchant would not be liable for any costs.

Protecting yourself from MOTO payments fraud.

In spite of the data safety barriers that 3-D Secure furnishes in order to protect a customer’s data, fraud can still occur. One of the best ways to battle fraud is to prevent it from happening in the first place. Below are some of the red flags you and your staff should be on the lookout for.

  • Order irregularities, including unusually large orders or requests for multiple quantities of the same item.
  • Orders using multiple credit cards. Often the first 12 digits of the card number are even the same.
  • Orders where the first card is declined and the customer immediately attempts the same transaction with a second card.
  • Customer requests that you make a payment to a third party for services such as freight costs.
  • Customer requests “urgent” delivery to a third party or a post office box.
  • Overseas orders, particularly from high-risk countries.
  • Orders from free email addresses like Hotmail or from clients who only provide a mobile phone number.
  • Orders from a customer who does not own the card.
  • Orders from people claiming that they cannot be contacted or that they do not have the CVV.

In addition to knowing how to spot warning signs of fraud, there are other actions you can take to protect your business, such as the following.

  • Educate your staff about secure ways to take customer payments from mail order forms or over the phone. For instance, show them how to verify with 3-D Secure before letting the purchase go through.
  • Require additional identity authentication from customers.
  • Use automated monitoring systems to track customers’ MOTO payment behaviors over time.
  • Use advanced analytics tools to examine large data sets for shopping and behavioral patterns. These can identify the risks represented by specific customer profiles so that you can then ask for additional information before any criminal behavior occurs.

As technology and the security protocols that shield it continue to advance, MOTO payments appear to have an ongoing place in the commercial landscape. They provide a way for businesses to take payments from customers quickly and securely even if a physical card is not present. Implementing stringent fraud prevention protocols with all staff will help to ensure that this valuable way of accepting money from your clients remains safe and reliable for the foreseeable future.