Why Card on File is Better Than MOTO Payments for UK Businesses

Taking payments over the phone has been standard practice for UK businesses for decades. A customer calls, reads out their card number, expiry date, and CVV, and the business keys it in manually. It works, in the sense that money changes hands. But card on file vs MOTO payments is not really a close comparison when you look at the risk involved on both sides.

MOTO (Mail Order/Telephone Order) payments carry a level of exposure that many businesses have simply accepted as the cost of doing things the old way. That exposure is no longer necessary. Here is why card on file is the more secure, more compliant, and more customer-friendly alternative.

The problem with MOTO payments

MOTO transactions are card-not-present payments with no chip-and-PIN, no biometric verification, and no Strong Customer Authentication under PSD2. A fraudster with a stolen card number can use it over the phone as easily as the genuine cardholder.

The consequences fall on the merchant. Because MOTO transactions are exempt from SCA, disputed payments are typically the business’s liability rather than the bank’s. According to UK Finance’s Annual Fraud Report, remote purchase fraud saw losses increase 11% to just under £400 million in 2024, with case numbers up 22%. This is the category MOTO falls under. When a chargeback occurs on a MOTO payment, it is almost always the business that absorbs the cost.

There is also the data handling issue. When a customer reads out their card details, those details have to be processed somehow. Staff members who write them down, enter them into a spreadsheet, or store them temporarily in any form are handling sensitive financial data in ways that fall short of GDPR and PCI-DSS requirements. Even with the best intentions, manual handling of card data creates compliance risk.

How card on file works differently

Card on file removes the manual handling entirely. The customer saves their card details once through a secure payment platform, verified with a one-time passcode. Future charges are made against that stored card without any card data passing through staff hands at any point. The customer consents explicitly to the arrangement, the data is stored within the payment provider’s secure infrastructure, and the business charges when needed.

Every payment made this way is tied to a specific customer who has actively authorised the arrangement. That is a fundamentally different risk profile to a MOTO transaction, where the business has no way to verify that the person calling is the genuine cardholder.

Card on file vs MOTO: a direct comparison

Which businesses should make the switch

Any business currently taking card details over the phone for repeat or recurring payments is a candidate for card on file. This includes law firms managing retainer billing, private clinics charging for treatment packages, accountants billing on monthly retainers, and service businesses with regular clients. In all of these cases, card on file replaces the MOTO process with something that is safer for the business, cleaner from a compliance perspective, and more convenient for the customer.

Card on file vs MOTO payments is not really a debate about preference. It is a question of whether the risks that come with MOTO are worth carrying. This includes fraud exposure, chargeback liability, and data handling obligations. Especially when a more secure alternative exists. For most UK businesses, they are not.

How Atoa handles this

Atoa has taken the decision to disable MOTO card payments across its platform, guiding merchants towards safer alternatives instead. For businesses that previously relied on MOTO for repeat payments, Atoa’s card on file feature covers the same use cases without the associated risk. The customer saves their card once, the business charges when needed, and no card data is ever handled manually. Card on file is available to Atoa businesses with card payments enabled on their account.