MOTO (Mail Order/Telephone Order) transactions let customers pay remotely, but they come with higher fraud risks and merchant liabilities. Learn how they work, the risks involved, and how to protect your business.
What is this article answering?
- What are MOTO transactions?
MOTO transactions occur when a customer provides their payment details without being physically present, typically through telephone or mail. In these cases, the merchant manually enters the card information into the payment system.
Due to the absence of the card, these transactions are considered high-risk and carry specific responsibilities and liabilities for merchants. - Why are MOTO Transactions considered high risk?
The absence of the card during the transaction and manual entry of details increases the potential for fraud and human error.
As merchants cannot verify the cardholder's identity in person, a lack of physical presence makes MOTO transactions more susceptible to fraudulent activities. - What liabilities do I accept with MOTO transactions?
The liabilities outlined within the waiver, which must be signed by an authorised signatory are:- You understand that MOTO transactions are considered high-risk transactions as the card is not present.
- The chargeback risk of MOTO transactions resides with you, as the merchant, not with the payment provider or the cardholder.
- In the case of a chargeback you, as the merchant, agree to take the liability of the chargeback.
- Where a chargeback is challenged, you, as the merchant, understand it is your responsibility to prove that the actual cardholder authorised the transaction.
- How do I mitigate the risks associated with MOTO transactions?
Terminal Passcodes: Setting a passcode is a best practice to prevent fraud by restricting access to sensitive functions, ensuring that only authorised personnel can perform critical operations.
We recommend implementing access control based on staff roles, providing MOTO passcodes only to senior managers, supervisors and other relevant personnel.
Staff Training: Educate staff on relevant laws and industry regulations, including the PCI DSS, which is sent out via DocuSign.
Ensure that your staff understand the importance of securing sensitive payment details, including avoiding storing credit card numbers or sensitive information on unsecured systems.
MOTO Limits: You can manage your level of exposure by setting the maximum transaction limit. We also recommend limiting how many terminals have MOTO functionality enabled.
Verification Procedures: Request basic information such as the customer's name, billing address, contact details, and payment method. Cross-check these details against the information on file.
For any pickup orders or functions (where physical presence is involved), we recommend cross checking government issued ID with the bank card details.
This extra verification helps ensure that the person placing the order is the legitimate cardholder, reducing the risk of fraud. - What is the default maximum transaction limits for MOTO transactions?
The default maximum limit for MOTO transactions is $1,000, per transaction.
If you would like to increase the maximum limit per transaction, a waiver form will be sent out via DocuSign. Please note that you will need to provide a reason for the increase as well as any supporting documents, i.e. a function or pricing brochure.
Note: Our Compliance Team will need to approve any increase in MOTO. - How do I enable MOTO transactions?
To enable MOTO transactions on your terminals, we will send through a DocuSign containing a Waiver of Liability and the PCI DSS SAQ-B-IP and Attestation of Compliance document.
This will need to be filled in and signed by an Authorised Signatory prior to the enabling of this feature.
Click here to learn more about processing MOTO transactions.