While many businesses have moved online, service industries still rely on phone-based payments. MOTO transactions are defined by Stripe as mail-order/telephone-order transactions and, according to Visa, are classified in the same category as card-not-present transactions, which include recurring and installment transactions.
MOTO transactions differ from standard card-present payments due to higher risk and compliance requirements. Because MOTO transactions are classified as card-not-present transactions, they have different payment security protocols regarding the Payment Card Industry Data Security Standard (PCI DSS). Furthermore, the provider of the MOTO merchant account may be more cautious about underwriting accounts that have protocols or models for MOTO transactions that may result in the merchant losing money.
What Is MOTO Payment Processing for Service Businesses?
MOTO stands for mail order/telephone order, but in the context of service businesses, it means taking the credit card details over the phone and keying them into the payment system. Mastercard’s merchant quick reference booklet describes MOTO transactions as transactions that do not occur face-to-face between the merchant and the customer. Stripe’s overview of MOTO transactions states that the card details are entered into a supported MOTO workflow.
For service businesses, MOTO means taking card details over the phone to pay a deposit, approve service for the day, pay a service invoice, or purchase a service again without logging into a portal. The convenience of MOTO comes with increased fraud risk and stricter compliance requirements.
Why Service Businesses Use MOTO Payment Processing in 2026
Because customers are ready to pay when they are on the phone with a service business, MOTO is still very useful. It is faster than sending a link and having the customer open it. Stripe provides documentation on its MOTO functionality, including support for one-time payments and saved cards for future bills.
Service businesses also do not want to have to use an ecommerce checkout for every transaction. However, they must have a secure way to process these payments, since they are card-not-present, and if there is ever a question about the transaction, it must stand up to scrutiny from the card company. Mastercard has a chargeback guide for mail order and telephone sales.
Who Needs a MOTO Merchant Account?
A MOTO merchant account is generally most useful for service-based companies that take payments over the phone. This can include companies that have appointments, take deposits, have repeat customers, have to take emergency calls, or issue invoices to customers. The way the company bills its customers and fulfills those bills is just as important as the kind of company it is in the industry. Therefore, if phone calls are used to take orders or receive payments from customers, a MOTO merchant account can be useful for those companies.
For companies that already have a system in place for customers to take payments online in a self-serve manner, however, it may be more beneficial to use the MOTO merchant account as a backup channel rather than as a main channel for taking payments from customers.
MOTO Payment Options Compared
| Option | Best For | Main Strength | Main Tradeoff |
|---|---|---|---|
| Hosted virtual terminal | Staff-keyed phone payments from one controlled workstation | Familiar workflow for service teams | Brings the workstation into PCI scope |
| Reader-assisted MOTO workflow | Businesses using supported terminal hardware for keyed MOTO entry | More structured payment entry flow | Depends on supported devices and setup |
| Saved-card MOTO workflow | Repeat customers and follow-up billing | Faster future collection | Needs strong consent and storage controls |
| DTMF masking or pause-and-resume call flow | Higher-volume phone-payment environments | Can reduce recording exposure if implemented well | More complex to deploy and govern |
The right choice depends on volume, staff process, and how much payment data your environment can safely handle. PCI SSC’s telephone-payment guidance and SAQ C-VT materials make clear that the compliance impact changes significantly depending on whether you are using an isolated virtual terminal, handling recordings, or using more advanced masking controls.
MOTO Merchant Account Approval Timeline
There is no set timeline for a MOTO merchant account, as the provider considers your business category, payment method, phone ordering process, website disclosures, and your ability to handle fraud and chargebacks. Braintree specifically states that merchant account providers collect as much information as possible about a business during onboarding to ensure they are financially liable for any losses the business incurs.
The most common causes of delays in obtaining a merchant account are preventable. If a business cannot explain to the merchant account provider how phone payments are taken, how they avoid storing card data, or how they manage chargebacks, there will be delays in getting the account approved. The smoother and more efficient the MOTO processes are for a business, the less friction it will encounter when trying to get a merchant account approved.
Documents Required for Approval
For most service businesses, the typical business and owner documentation will be requested. For MOTO businesses, additional documentation will be requested for the payment process over the phone, the recording of those calls, the virtual terminal software to be used, and security measures for card data entering the system. Each of these documents is a result of PCI scope and the company’s underwriting for which the MOTO provider will be providing card sales.
In addition to the typical documentation for a business, the MOTO company will also need to provide documentation on its services and products, refund policies, company contact information, and the timing of customer charges for products or services. If the company plans to save customers’ cards for future charges, that will also need to be explained to the MOTO provider.
Quick Compliance Checklist for Service Businesses
Before going live with MOTO payment processing, most service businesses will be able to say yes to the following compliance questions:
- Do we use a real virtual terminal or workflow that accepts payments over the phone?
- Are phone calls recorded, and is customer payment information stored in those call recordings?
- Does our business require a SAQ C-VT form or a broader SAQ form?
- Do our staff members collect customer verification data during each transaction?
- Can we easily associate a refunded or canceled service with the payment method used?
- Do we use saved card billing, and if so, do we have a process and customer consent to use this function?
Cost of MOTO Payment Processing
There is no single price for MOTO payment processing. Because Moto transactions are considered card-not-present, the business’s cost typically factors in the risk and fraud costs associated with those transactions. This is one of the reasons service industries often find that phone transactions cost more than card-present transactions at the point of sale.
The real question is not what the pricing for moto transactions will be before the fraud and charge return risks are factored in, but rather what the cost of the process will be after those costs are considered. A process that seems convenient for MOTO transactions may end up costing the business more when fraud, chargebacks, and security compliance are factored in than an alternative process for establishing MOTO sales.
Common MOTO Payment Processing Mistakes Service Businesses Make
The most common mistake is treating the phone as a shortcut. Business owners often write down card details, which can end up in the recording files or allow their representatives to improvise the verification process. The PCI SSC has guidance regarding telephone payments for this very reason.
Another common mistake is treating authorization as the end of the road. For MOTO, the real world can pose challenges during the fraud and charge dispute phase. If you cannot present proof of the customer’s agreement to the service and payment, when the service was authorized, and how the payment was made, then you will be on the defensive with that transaction.
How to Set Up Compliant MOTO Payment Processing in 2026
Use a Real Virtual Terminal or Supported MOTO Workflow
The safest and most compliant starting point is to use the MOTO workflow supported by your payment provider. PCI SSC says that SAQ C-VT only applies to merchants that process account data through a third-party virtual terminal on an isolated computing device connected to the internet. Stripe’s documentation on MOTO payments also confirms that their workflow uses reader-based MOTO payment flows to collect account data.
Scope PCI Correctly Before You Take the First Payment
Underestimating what is within your PCI scope can quickly become a problem when collecting payment data over the phone. PCI SSC says that PCI DSS applies to all MOTO channels. Furthermore, their documentation on telephone payments states that capturing payment card data through the wrong workstation can bring more of your computing environment into scope under PCI DSS requirements. If you are using a virtual terminal to collect card data over the phone, ensure that your workstation is isolated from the rest of your network.
Control Call Recording and Telephone Data Exposure
If you record the calls that collect card data, you must have a plan for what happens when the customer’s card data is spoken over the telephone. PCI SSC states that storing data containing sensitive authentication information is not permitted. Furthermore, their information on telephone PCI DSS requirements discusses call recording and how DTMF masking and pause-and-resume functions can be used to control this process and limit unnecessary risks. The manuals also state that manual call pause-and-resume functions could fail if the caller and agent do not agree on the appropriate time to pause the recording function on the telephone.
Collect Strong Verification Data Every Time
As with all card-not-present transactions, you should ensure that the verification data is collected with every transaction. Visa’s developer documentation states that MOTO and card-not-present transactions using CVV2 values are both supported by their payment system. Stripe’s documentation on MOTO also states that CVC is mandatory for MOTO transactions using their current payment processing workflow. For service businesses, collecting this data is the easiest way to ensure that you have a strong foundation to deny any potential chargeback disputes before the transaction occurs.
Save Cards for Future Billing Only With Clear Consent
Many service businesses will want to use MOTO payments to take a card and save it for future billing. Stripe does allow merchants to save a card that was used in a MOTO transaction for future orders. However, only within the context of a stored card payment workflow with user consent. Otherwise, you will quickly open yourself up to chargeback and dispute scenarios.
Build a Fraud and Dispute Process Before Volume Scales
Any MOTO payment processing system should have a fraud and chargeback prevention process in place. Mastercard does allow some flexibility in defending against chargebacks for MO/TO transactions, but only if you have the proper documentation and records of the transaction. Service companies will need to have order details, service descriptions, timestamps of the service delivery, and refund policies listed in alignment with the MOTO transaction for easy reference in the event of a chargeback dispute.
FAQs
Q: What is a MOTO merchant account?
A: A MOTO merchant account is used to support mail-order and telephone-order transactions. These are transactions in which the merchant manually enters the card information rather than the card passing through the merchant’s POS terminal. Both Mastercard and Stripe classify these as non-face-to-face transactions.
Q: Is MOTO payment processing PCI compliant?
A: It can be, but only if set up correctly. The PCI Security Standards Council states that PCI DSS applies to mail-order and telephone-order transactions. However, a service business that uses a third-party virtual terminal on an isolated device does not need to complete a Service Assessment Questionnaire C-VT.
Q: Can service businesses record calls and still take card payments over the phone?
A: They can, but this is where many encounter problems with complying with the MOTO security standard. Recording phone calls requires service businesses not to retain sensitive data after creating the authorization for the transaction. Additionally, using DTMF masking will prevent the business from recording payment information on the phone.
Q: Why is MOTO considered to be more risky than card-present transactions?
A: It is riskier because the MOTO transaction is classified as card-not-present. When taking a card-present transaction, the merchant gains some protection from the payment card that is swiped and read by their POS machine.
Q: What kind of fraud checks are used for MOTO transactions?
A: The most important fraud checks for MOTO transactions are verifying that the merchant uses a virtual terminal or MOTO transaction support. Additionally, ensure that the CVV and postal code information is collected from the cardholder when using the telephone order transaction. Visa and Stripe both support collecting this information for MOTO transactions.
Q: Can a service business save a card that is used over the phone?
A: They can save the card, but only through their merchant account’s stored card workflow. Stripe specifically states that it supports saving a card used in an MOTO transaction for future purchases from that business.
Conclusion
The safest way to use MOTO is to treat it as a channel that does not require the physical presence of a cardholder but does require a level of control over that channel. Using the appropriate virtual terminal or MOTO setup with the right payment processing software and avoiding any recording or note-taking of card data will allow your business to implement this payment method as needed during each transaction.
If you are a service business considering acquiring a MOTO merchant account or improving your MOTO payment processing, the Payment Nerds can help you find the best solution for your business needs. It’s not about acquiring the first MOTO payment, but about ensuring the process scales with your current and future business growth.
Sources
- PCI Security Standards Council. “Protecting Telephone-Based Payment Card Data.” Accessed April 2026.
- PCI Security Standards Council. “PCI DSS SAQ C-VT.” Accessed April 2026.
- Visa Developer. “How To Use VisaNet Connect - Acceptance.” Accessed April 2026.
- Mastercard. “Chargeback Guide Merchant Edition.” Accessed April 2026.
- Stripe. “Mail Order and Telephone Order (MOTO) Payments.” Accessed April 2026.
- Braintree. “Underwriting Overview.” Accessed April 2026.
