Announcement

**Mike Hughes** · 25-Aug-2010, 08:05 AM

However it occurred to me that customers mainly telephone their order because they don't want to enter their card details online for fear of fraud.

That might be a bit of an assumption for someone who hasn't taken a telephone order yet.

There are lots of reasons a customer might want to phone in the order:

- They might want to check you're a real business.
- They might want to check the items are in stock.
- They might like dealing with people rather than computers
- They might not trust computers
- They might worry that their computer could have been hacked.
- And yes, there is a concern that the internet isn't safe.

There should be a world of difference between them entering the card details on their PC and you doing it on yours. If you are going to enter card details via your PC then you have to have satisfied the PCI-DSS requirements and have your computer/network scanned for vulnerabilities. This should make it a far more secure operation than a typical customers computer.

Mike

**cbarling** · 25-Aug-2010, 08:12 AM

I think Mike has put it well.

Just one further thought. If you call most companies, and certainly any large ones, the authorisation of the payment will travel over the Internet at some point. In that respect, Actinic is no different.

In fact, with the exception of maybe some people like GCHQ, pretty much all company computer systems run over IP networks that are connected to the Internet, including the banks. They will be connected via a firewall, but the point remains. If someone really wanted to avoid any remote possibly of Internet fraud happening, they would need to go round personally to the vendor and pay with cash.

Chris

**pinbrook** · 25-Aug-2010, 08:33 AM

I thought website owners used MOTO to take phone orders, isn't babystudio infering they will input the order via the website as if they were the customer?

**Duncan Rounding** · 25-Aug-2010, 09:41 AM

Originally posted by pinbrook View Post

I thought website owners used MOTO to take phone orders, isn't babystudio infering they will input the order via the website as if they were the customer?

I think you may be right Jo - that's the way I read it too.

If so of course it is tantamount to possible fraud if the PSP becomes aware. In fact I expect that PSPs monitor user IPs and if they see different card details from that same IP will suspect something is wrong.

**cbarling** · 25-Aug-2010, 10:33 AM

Dewent, just to clarify you shouldn't be entering your telephone orders at your web site (if you are). You should be entering them on your desktop through Actinic. If you use Actinic Payments then taking payment for these telephone orders is fully integrated.

Chris

**Mark H** · 25-Aug-2010, 10:44 AM

Interesting comments on the fraud aspect here:

http://community.actinic.com/showthr...t=34718&page=5

In my view not fraud at all. We don't have the option of using MOTO in Actinic as we are on V7, so we put the order through our website but don't pay, and then as a matter of good practice we pay via our PSP's virtual terminal. I say good practice simply because I still haven't seen any "proof" that it is unacceptable for a merchant to process a MOTO entirely through their own website (3D permitting).

**cbarling** · 25-Aug-2010, 11:14 AM

There are two possible issues with processing a MOTO order as though it is a web order:

- the banking system asks for all MOTO and Ecommerce orders to each be identified as such. You can't do this if you put them through the same form

- 3D Secure is compulsory for Maestro and growing for other card types. It is an utter no-no to ask the cardholder for their 3D Secure password

Chris

**zgap111** · 25-Aug-2010, 11:47 AM

We normally tell customers to do the order online and to choose "card details sent separately", then call us with the order number.

Some customers don't want to enter anything online, I can understand, there are all sorts of nasties online, but also there is also the possibility of a root-kit baddie (eg. keystroke capture) installed on the customer's machine for which they don't know about.. very scary!

It's not many, some of our customers just don't have web access/computer, so when I do take an order, I used to do it directly in Actinic - but in v8 I found it very slow after entering the 3rd item in (we're on Multi User), it seems to hang whilst moving data (we're on Gb network and I look at the network graph to guage the next screen, whilst apologising to the customer for the wait), all different in v10 (may try it one day, once MOTO for Actinic Payments is setup)

So, currently I do it directly on our website (I tell the customer that I'm placing the order on our website and ask for their approval), I know, it's not ideal. However, doing so gives me the customer's point of view of our online system.

Tak.

**Duncan Rounding** · 25-Aug-2010, 11:54 AM

A lot of people do this but I don't think it's correct. The payment should rather go through as cardholder not present in that case.

Announcement

Telephone orders - are still online orders

Telephone orders - are still online orders

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment