Why MOTO Payments Carry Higher Risk for Merchants

For years, Mail Order and Telephone Order (MOTO) payments have been a familiar fallback for businesses that need to take payments remotely. A customer calls. They read out their card details. The payment goes through. Job done.

At least, that’s how it looks on the surface.

Behind the scenes, MOTO payments carry a level of risk that many businesses underestimate. Fraud exposure, higher chargeback rates, compliance gaps and operational strain all add up over time. That’s why Atoa has taken the decision to disable MOTO card payments across the platform and guide merchants towards safer alternatives.

Before looking at safer alternatives, it is worth understanding what MOTO payments actually are and why they are inherently high-risk.

What is a MOTO payment?

A MOTO payment is a card-not-present transaction where a customer shares their card details over the phone or via email, and the merchant manually enters those details on behalf of the customer to process the payment.

Because the customer is not physically present, there is no PIN, biometric check or banking app confirmation. These transactions are also exempt from Strong Customer Authentication under UK and EU regulations, which removes a key layer of protection.

That exemption is exactly where the risk begins.

Why MOTO payments expose businesses to risk

Let’s take a look at what some of these risks entail. 

Fraud is harder to prevent

Without a physical card or in-app authentication, it is difficult to verify whether the person making the payment is the legitimate cardholder. Stolen card details can be used with relative ease, especially knowing there are fewer checks involved.

In the UK alone, fraudulent MOTO transactions amounted to £63.7 million in 2021. Since then, fraud levels have continued to rise. In 2024, total card-not-present fraud reached record highs, with remote purchase fraud alone approaching £400 million in losses. The real cost is often higher once chargebacks, admin time and lost trust are factored in. 

Chargebacks fall on the merchant

If a customer disputes a MOTO transaction, the burden of proof sits entirely with the business. Even with call recordings or signed forms, disputes are harder to defend because authentication is weak by design. Chargebacks do not just reverse the payment. They can also lead to penalties from processors and damage your merchant standing.

Data handling risks

Taking card details over the phone or through email increases the risk of accidental exposure. Written notes, call logs or internal systems can all become points of vulnerability. Meeting PCI DSS requirements in a MOTO environment requires strict processes and constant staff training. Even then, human error is hard to eliminate.

Higher processing fees

Because of the elevated risk profile, processors often charge more for MOTO transactions. Over time, these higher fees quietly erode margins, especially for businesses processing regular remote payments.

Operational strain

Manually handling payments takes time. Staff are tied up on calls, payments are slower to process, and mistakes are more likely during busy periods. As volumes grow, MOTO becomes less scalable and more disruptive. Taken together, these challenges make MOTO payments increasingly difficult to scale and increasingly disruptive to day-to-day operations.

Taken together, these issues make MOTO payments one of the riskiest and least efficient ways to accept remote payments today.

Why Atoa no longer supports MOTO card payments

Atoa’s approach is built around reducing risk, not passing it on to businesses. Disabling MOTO card payments is part of maintaining strong security standards and helping businesses move away from payment methods that create unnecessary exposure. 

Safer ways to collect remote payments

Modern alternatives allow businesses to collect payments remotely without asking customers to share sensitive card details verbally.

Instead of requesting card numbers over the phone, businesses can send a secure payment link directly to a customer’s phone or email. That link can support both Pay by Bank payments and card payments.

• With Pay by Bank, the customer completes the payment inside their own banking app. The payment is authorised by the bank using a PIN, Face ID, fingerprint, or in-app approval.
  
  
• With card payments via payment link, customers may receive a one-time password (OTP), SMS, or push notification from their bank to authorise the transaction under Strong Customer Authentication rules.

Both of these flows involve real-time customer authentication. MOTO payments do not perform such checks. This distinction is important. Authentication happens with the bank and the customer directly, not verbally through the merchant. That significantly reduces fraud risk and strengthens evidence of customer consent.

Payment links also provide operational benefits. Businesses can see when a link has been opened, when payment has been completed, and when funds have settled. There is no need to handle sensitive data internally, and the experience is cleaner and more professional for customers.

(Atoa continues to support card payments, but Pay by Bank links are recommended wherever possible for their security, speed and lower fees.)

The bigger picture

MOTO payments were built for a different era. One where remote payments were the exception, not the norm. Today, customers expect secure, app-based payment journeys. Regulators expect stronger authentication. And businesses need payment methods that scale without increasing risk.

Final thoughts

MOTO payments may feel familiar, but familiarity does not equal safety. The combination of fraud risk, chargeback liability and operational overhead makes them increasingly difficult to defend. The financial services sector is doing its part. £1.45 billion of unauthorised fraud was blocked in 2024. But even with advanced security systems, 3.13 million cases still slipped through. That’s why merchants need to double down on secure payment flows, especially for remote payments.

Pay by Bank payment links offer a safer, compliant and modern alternative that aligns with how customers already bank today. If you have been relying on MOTO for remote payments, this shift is an opportunity to reduce risk rather than react to it.You can start sending secure payment links directly from your Atoa dashboard today. Book a demo with our Care team to get a better understanding of our solutions.