In the world of card payments, transactions are categorized based on how a customer's card information is captured. While many are familiar with inserting a chip or tapping a card, "card-not-present" (CNP) transactions have their own important distinctions. This guide clarifies what a MOTO transaction is and how it compares to a standard e-commerce sale.
What is a MOTO Transaction?
A MOTO (Mail Order/Telephone Order) transaction is a type of "card-not-present" payment where a merchant manually keys in a customer's payment details. This occurs when the customer provides their card information over a non-digital channel.
- How it works: The customer shares their card number, expiry date, and CVV with the merchant's staff over the phone, through the mail, or via fax.
- The Process: The merchant then uses a virtual terminal (payment software) or an EFTPOS machine to manually type in this information to process the payment.
- Key Feature: The defining characteristic is that the merchant or their staff performs the manual data entry, not the customer.
This type of processing is common for businesses that take orders remotely, such as takeaway restaurants, professional services, or catalogue retailers.
MOTO vs. E-commerce: What's the Difference?
While both MOTO and e-commerce are "card-not-present" transactions, the key difference lies in who enters the payment details.
| Feature | MOTO Transaction | E-commerce Transaction |
| Who enters the data? | The merchant or their staff. | The customer enters their own details. |
| Where is it entered? | Into a virtual terminal or EFTPOS machine. | On a website's payment page or gateway. |
| Security Protocol | Often bypasses 3D Secure authentication. | Typically uses 3D Secure for identity verification. |
| Associated Risk & Fees | Higher risk of fraud, leading to higher processing fees. | Lower risk due to security layers like 3D Secure. |
Correctly flagging a transaction as MOTO is a critical responsibility for the merchant, their Payment Service Provider (PSP), and the acquiring bank.
Types of MOTO Transactions
MOTO transactions can be further classified based on how stored card details are used for future payments:
- MOTO Recurring Transaction: This applies when a customer's stored card is charged for the same amount at the same frequency (e.g., a monthly subscription of R200).
- MOTO Merchant-Initiated Transaction (MIT): This occurs when the charge is for a different amount or at different intervals, based on a prior agreement with the customer (e.g., utility bills or ad-hoc service top-ups).
Your Responsibilities: Managing MOTO Risk and Compliance
As a merchant accepting MOTO payments, it is essential to understand that your responsibilities are different from when you process standard e-commerce or in-person transactions. Because the card and cardholder are not present and security features like Chip & PIN or 3D Secure are bypassed, the risk of fraud is significantly higher.
Protecting your business requires you to be proactive. Here’s what you need to focus on:
1. Understand Your Liability
For MOTO transactions, the risk of fraud-related chargebacks rests almost entirely with you, the merchant. Without the protection of 3D Secure (like an OTP sent to the customer), it is very difficult to prove that the legitimate cardholder authorised the payment. This means:
- Higher Processing Fees: Your payment provider charges more for MOTO transactions to cover this increased risk.
- Increased Chargeback Risk: You are more likely to lose a chargeback dispute for a MOTO transaction claimed as fraudulent.
2. Correctly Flagging Transactions is Non-Negotiable
You must ensure every transaction is flagged correctly. Using the wrong classification can have serious consequences.
- Never process an online order as MOTO: If a customer enters their card details on your website, it is an e-commerce transaction and must be processed as such, with 3D Secure enabled. Processing it as MOTO to bypass a failed 3D Secure check is a violation of your merchant agreement and card scheme regulations.
- Why it Matters: In South Africa, intentionally mis-categorising transactions to bypass security checks contravenes regulations set by the South African Reserve Bank (SARB) and the card schemes (Visa, Mastercard). Doing so can result in hefty fines, higher transaction fees, or even the termination of your merchant account.
3. Best Practices for Accepting MOTO Payments
To protect your business, implement these security measures:
- Always Ask for the CVV: The 3-digit (Visa/Mastercard) or 4-digit (Amex) code on the back of the card is a vital security feature.
- Use Address Verification Service (AVS): AVS checks if the billing address provided by the customer matches the address on file with their bank.
- Train Your Staff: Ensure anyone on your team who takes payments over the phone or by mail understands these procedures and the importance of protecting customer data.
- Be PCI DSS Compliant: Even for MOTO transactions, you must adhere to the Payment Card Industry Data Security Standard (PCI DSS) to ensure you are handling and storing sensitive card information in a secure manner.
By understanding your responsibilities and diligently applying these security measures, you can safely offer the convenience of MOTO payments while protecting your business from unnecessary risk.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article