The Rebirth of Secure MOTO Payments: From Regulatory Exception to Authenticated Telephone Order

AYBYCALL infographic showing the evolution from traditional MOTO payments to secure authenticated telephone payments with PBC 3DS, 3-D Secure and voice commerce.

For more than two decades, MOTO paymentsMail Order / Telephone Order — have occupied an ambiguous position within the European payments ecosystem.

On one hand, they have been necessary, widely used and especially relevant in industries where the customer journey does not begin on a screen, but in a conversation.

On the other hand, they have historically been perceived as a higher-risk payment channel: less authenticated, more exposed to disputes, and harder to protect against fraud than a standard e-commerce transaction.

This tension is not accidental.

It is the result of a structural gap between regulation, technology and real customer behaviour.

With the adoption of PSD2 — Directive (EU) 2015/2366 — the European payments industry entered a new security phase. One of its central pillars was Strong Customer Authentication, or SCA, designed to increase the security of electronic payments and reduce fraud in remote transactions.

The technical framework was later developed through Commission Delegated Regulation (EU) 2018/389, which defined the Regulatory Technical Standards for SCA and secure communication. These rules became generally applicable from 14 September 2019.

Since then, European e-commerce has evolved towards a much stronger security model: strong authentication, risk-based analysis, frictionless flows, issuer challenges, tokenisation and the widespread use of 3-D Secure as a trust layer for card-not-present payments.

However, one channel remained outside this transformation.

MOTO.

And more specifically, Telephone Order: payments made by phone.

Why MOTO remained outside the PSD2 SCA perimeter

This point is often misunderstood.

MOTO payments were not left outside SCA because they were safer than e-commerce. Nor because they represented a particularly protected or lower-risk channel.

They remained outside the standard SCA perimeter because, from a regulatory perspective, traditional mail order and telephone order transactions were not considered electronic payment transactions initiated by the payer in the same way as a web or app payment.

The logic was clear: PSD2 and SCA were designed for electronic transactions.

In an online checkout, the customer interacts with a digital interface. The customer can be redirected, challenged by the issuing bank, authenticated through 3-D Secure and returned to the merchant environment.

In a traditional telephone payment, the reality is very different.

The customer is not navigating a checkout.

The customer is speaking.

The payment is born inside a conversation.

The card data may be entered through an agent-assisted flow, an IVR, a virtual terminal or a secure payment platform.

And the interaction does not naturally fit the electronic authentication model for which SCA was designed.

That is why MOTO remained outside the standard SCA perimeter.

But this exception was not a competitive advantage.

It was, in reality, the regulatory expression of a technological limitation: at the time, there was no practical, scalable and operationally viable way to apply the logic of 3-D Secure inside a live telephone conversation.

The MOTO exception was not an advantage. It became a risk signal.

In theory, some merchants could have seen the exclusion of MOTO from SCA as operationally convenient. If SCA was not required, there was no additional authentication friction. No issuer challenge. No redirection. No strong authentication step.

But in practice, the absence of authentication made Telephone Order structurally weaker than authenticated e-commerce.

An online payment protected by 3-D Secure may include issuer validation, risk analysis, authentication evidence and, in certain cases, a more robust framework against fraud and disputes.

Traditional telephone payments did not have an equivalent native layer.

This had important consequences.

Many banks and acquirers began to perceive MOTO-enabled virtual terminals or telephone payment acceptance as higher-risk capabilities. The concern was understandable: a non-authenticated Telephone Order transaction could generate more exposure to fraud, disputes and chargebacks than an e-commerce transaction protected by 3-D Secure.

From the bank’s perspective, this caution was logical.

If the cardholder denies the transaction, if fraud occurs, or if a merchant accumulates high chargeback ratios, the traditional telephone channel offers less structural protection than an authenticated online payment.

For this reason, the industry’s usual response was to push merchants towards channels considered safer:

e-commerce,
mobile apps,
payment links,
authenticated digital checkouts,
customer self-service.

On paper, this recommendation made sense.

But in the operational reality of many businesses, it created a serious problem.

Some payments are born in the phone call

There are many industries where the need to pay does not originate in an online shopping cart.

It originates in a call.

A citizen calls a public administration to pay a tax, a fine or a municipal service.

A utility customer calls to regularise an overdue bill.

A passenger contacts an airline or travel company to resolve a booking issue, recover a failed payment or complete a change.

A customer speaks with an insurer, a collections team, a charity, a BPO or an enterprise contact centre and decides to pay during the conversation.

In these cases, the telephone is not a residual channel.

It is the place where payment intent appears.

The decision to pay often emerges because of explanation, trust, assistance or urgency created during the call. The customer is ready to pay precisely because there is a conversation supporting the decision.

This is why Telephone Order has not disappeared.

Not because it is technologically superior to e-commerce, but because it reflects a real commercial reality: some payments require human or conversational assistance.

When the customer is already speaking and wants to pay, the most natural payment experience is not always to remove them from the conversation.

Very often, the right experience is to allow the payment to be completed inside the same voice journey.

Pay-by-link: useful, but not always enough

Faced with the difficulty of authenticating payments inside the telephone channel, the industry found a practical shortcut: pay-by-link.

The process is simple. If a customer is on the phone and needs to pay, the agent sends a link by SMS, email or messaging app. The customer leaves the conversation, opens the link, accesses a web checkout and completes the payment in a digital environment where 3-D Secure can be applied.

This solution has clear advantages.

It uses standard e-commerce payment infrastructure.

It allows strong authentication where required.

It reduces direct exposure of card data in the telephone environment.

And it aligns better with the security expectations of banks and acquirers.

But pay-by-link does not truly solve the Telephone Order problem.

It moves it elsewhere.

The payment need is born in the call, but the payment itself is transferred outside the call.

That channel switch introduces friction.

The customer must trust the message.

The customer must open the link.

The customer must navigate the checkout.

The customer must authenticate alone.

The customer must remain focused.

The customer must not abandon.

In some cases, this works well.

But in many assisted-payment scenarios, this is exactly where conversion is lost.

A citizen may distrust a payment link received during a call.

A vulnerable customer may need support at the exact payment moment.

A traveller resolving an issue may not want to interrupt the conversation.

A collections customer may only be willing to pay because the call has created trust and urgency.

A donor may decide emotionally during the conversation and lose momentum when moved to another channel.

The voice channel is powerful because it is contextual, immediate and guided.

Pay-by-link, while useful, often weakens those advantages.

It digitalises the payment, but it does not turn the telephone channel itself into an authenticated channel.

It simply moves the transaction somewhere else.

The technical gap: why 3-D Secure did not naturally fit Telephone Order

3-D Secure was designed for a digital environment.

The cardholder is in a website, app or checkout. There is a session. There is a screen. There may be device information. A challenge window may be opened. The issuing bank may request biometric confirmation, in-app approval or a one-time code. Once authentication is completed, the customer can return to the merchant journey.

A live telephone conversation does not naturally provide the same context.

The customer may be calling from any phone.

There may be no browser.

There may be no app.

There may be no screen.

The customer may be assisted by an agent.

The call may be recorded.

The merchant wants to avoid exposure to card data.

And the transaction is still a card-not-present payment.

For this reason, the native application of 3-D Secure to the Telephone Order channel was considered impractical for years.

Not because it was conceptually impossible forever, but because there was no operational architecture capable of doing it securely, scalably and compatibly with contact centre reality.

This created a vicious circle.

Because MOTO was outside SCA, the industry did not need to solve 3-D Secure inside the voice channel.

Because the industry did not solve 3-D Secure inside the voice channel, MOTO remained outside the authentication architecture.

And because MOTO remained outside that architecture, banks and acquirers continued to perceive the channel as riskier.

This is the circle Pay by Call aims to break.

PBC 3DS: from regulatory exception to technological invention

Pay by Call’s vision starts from a simple idea:

The problem is not that customers want to pay by phone.

The problem is that Telephone Order has historically lacked a security and authentication architecture equivalent to e-commerce.

The PSD2/SCA exception revealed that gap.

The banking market responded with caution.

The payments industry responded with payment links.

Pay by Call responded with invention.

That is the purpose of PBC 3DS, Pay by Call’s patent-pending international technology, designed to bring the logic of 3-D Secure into the Telephone Order channel without forcing the customer to leave the call and without relying on pay-by-link as the primary payment path.

This is not only a user experience improvement.

It is a category shift.

Traditional MOTO accepted that telephone payments were a non-authenticated exception.

Pay-by-link accepted that the customer had to leave the voice channel in order to access e-commerce security.

PBC 3DS challenges both assumptions.

The customer can remain inside the call.

The agent can continue guiding the operation.

The merchant can reduce exposure to sensitive card data.

The payment can be orchestrated within secure PCIaaS infrastructure.

And the Telephone Order channel can move towards an authentication model comparable to e-commerce.

The key is not to preserve the historical MOTO exception.

The key is to make it unnecessary.

From MOTO to Authenticated Telephone Order

Perhaps the term MOTO has become too small.

Mail Order / Telephone Order describes how the transaction is initiated, but not how it should be protected.

That view belongs to an earlier stage of remote commerce.

In an environment shaped by PSD2, SCA, 3-D Secure, tokenisation, AI assistants and agentic commerce, the relevant question is no longer only whether a payment is remote or face-to-face.

The relevant question is whether the payment is authenticated, protected, auditable and adapted to the channel where customer intent is created.

That is why the industry needs a new concept:

Authenticated Telephone Order.

Authenticated Telephone Order is not old MOTO with a few additional controls.

It is a voice-native payment architecture where the customer remains inside the conversation, the merchant reduces PCI exposure, the payment is processed securely and the authentication logic can approach the standard expected in e-commerce.

This is important for today’s contact centres.

But it will be even more important for the AI-assisted and conversational commerce environment that is now emerging.

Why this matters for Agentic Voice Commerce

The payments industry is already preparing for agentic commerce.

AI agents will be able to search, compare, recommend and execute transactions on behalf of users. Payment networks, PSPs, issuers and major technology companies are working on trust frameworks to verify intent, identity and secure execution.

However, much of the current debate remains screen-centric.

It assumes that AI agents will browse websites, interact with digital checkouts and complete purchases through online rails.

That will happen.

But it will not be the whole market.

Many high-value, high-friction or assistance-heavy transactions will remain conversational.

Some will involve human agents.

Some will involve enterprise voice agents.

Some will involve personal AI assistants.

Many will be hybrid.

In that scenario, the secure payment layer cannot depend only on links.

If commerce becomes conversational, authentication must follow the conversation.

If voice agents participate in the customer journey, the voice channel must be able to support secure and authenticated payments.

If personal assistants help users resolve, negotiate, book or pay through spoken interfaces, the old MOTO problem will reappear in a new form.

The question will no longer be simply:

Can we take card details over the phone?

The question will be:

Can we authenticate and execute a payment securely inside a voice-mediated commercial interaction?

That is the foundation of Secure Agentic Voice Commerce.

Conclusion: the rebirth of MOTO is not a return to the past

The rebirth of MOTO does not mean defending the old telephone payment model.

That model was fragile.

It relied too heavily on manual trust.

It exposed merchants and contact centres to unnecessary risk.

It lacked a native authentication layer.

It made banks and acquirers cautious.

And it created a permanent tension between commercial reality and security requirements.

The future cannot be old MOTO.

The future must be authenticated, PCI-compliant, voice-native and AI-ready.

That is the transition Pay by Call is building.

From MOTO as a regulatory exception.

To Telephone Order as a secure payment channel.

From pay-by-link as a compromise.

To PBC 3DS as a native voice authentication architecture.

From manual trust.

To authenticated trust.

That is the real rebirth of secure MOTO payments.

And it may become one of the key infrastructure layers for the next era of voice commerce.