A virtual terminal is a web-based application that lets you process credit card payments by typing card details into a form on your computer, tablet, or phone, with no card reader or physical hardware required. It turns any internet-connected device into a payment terminal. Businesses typically use virtual terminals when the customer isn’t standing in front of them, such as when taking orders over the phone, processing mailed-in payments, or billing for services after the fact.
How a Virtual Terminal Works
You log into a secure web page provided by your payment processor. From there, you see a payment form where you manually enter the customer’s card number, expiration date, CVV, billing address, and the transaction amount. Once you hit submit, the virtual terminal sends that information through the same payment network that a physical card reader would use. The processor contacts the card-issuing bank, checks for available funds and fraud flags, and returns an approval or decline within seconds.
The key difference from a traditional checkout is that the card is never swiped, tapped, or inserted. The industry calls this a “card-not-present” transaction, which is the same category as online purchases. That distinction matters for both fees and security, which we’ll cover below.
Who Uses Virtual Terminals
Virtual terminals are popular with businesses that take payments remotely or on an irregular schedule. A landscaping company that bills clients after each visit, a nonprofit collecting donations by phone, a law firm invoicing for hours worked, or a B2B supplier processing purchase orders by email are all common users. They’re also useful for small retail shops that want a backup payment method without investing in a second card reader.
If most of your sales happen face to face with customers handing you a card, a physical point-of-sale terminal will give you lower processing fees and faster checkout. Virtual terminals shine when the card isn’t physically present or when transaction volume doesn’t justify buying dedicated hardware.
What You Need to Get Started
The equipment list is short: a computer, tablet, or smartphone with a web browser and an internet connection. There’s no card reader to buy, no dedicated phone line, and no software to install. Your payment processor hosts the virtual terminal on their servers, so you simply log in through a URL they provide.
To get access, you sign up for a merchant account or payment processing account that includes virtual terminal functionality. Most major processors offer it, though some bundle it into specific plans while others charge an additional monthly fee. Setup typically takes minutes once your account is approved.
Processing Fees
Card-not-present transactions cost more to process than in-person swipes or taps because the fraud risk is higher when no one physically presents a card. Credit card processing fees generally fall between 1.5% and 3.5% of the transaction amount, and virtual terminal transactions tend to land in the upper portion of that range.
The exact rate depends on your processor’s pricing model, the card brand, and the type of card used. Standard consumer cards are cheaper to process than business or corporate cards. American Express cards typically carry higher rates than Visa or Mastercard. On top of the percentage, most processors add a per-transaction fee, commonly around 10 to 30 cents.
Some processors also charge a monthly fee for virtual terminal access, ranging from $0 to around $25 per month depending on the provider and plan tier. When comparing options, look at the full cost: the percentage rate, the per-transaction fee, and any monthly or annual subscription charges.
Features Beyond Basic Payments
Modern virtual terminals do more than process one-off charges. Most offer a set of tools that help you manage billing and customer relationships without needing separate software.
- Recurring billing: You can set up automated charges on a weekly, monthly, or annual schedule. This is useful for subscriptions, memberships, retainers, or installment plans. You create a plan that defines the amount, frequency, and duration, then assign customers to it.
- Customer vault: Instead of asking a repeat customer for their card number every time, you can store their payment details securely in an encrypted vault. The virtual terminal provider handles the sensitive storage so the card data never sits on your computer.
- Invoicing: Some virtual terminals let you send digital invoices with a payment link, so the customer can pay on their own rather than calling in their card number.
- Batch uploads: If you need to create many subscriptions or process a large number of transactions at once, some platforms let you upload a spreadsheet rather than entering each one manually.
- Reporting: You can pull transaction summaries, view declined payments, and in some cases receive daily emailed reports listing successful and failed charges.
Security and PCI Compliance
Anytime you handle credit card numbers, you’re subject to the Payment Card Industry Data Security Standard (PCI DSS), a set of rules designed to protect cardholder data. The good news is that virtual terminal users who meet certain conditions qualify for a simplified compliance process called SAQ C-VT, which is one of the shortest self-assessment questionnaires.
To qualify for that simplified path, your setup needs to meet a few conditions. Your only card processing must happen through the virtual terminal (not through a separate e-commerce site or card reader). The virtual terminal itself must be hosted by a PCI-validated third-party provider, not software you built or installed. The computer you use to access it should be isolated from other systems on your network, meaning it isn’t connected to inventory databases, shared drives, or other locations that handle cardholder data. And you should not store card numbers electronically on your own machines. Paper receipts or paper records are fine, but no spreadsheets or local files with card details.
In practice, most of the heavy security lifting is done by your payment processor. They encrypt the data in transit, tokenize card numbers so the actual digits aren’t exposed, and maintain the secure servers. Your responsibility is to keep the computer you use reasonably secure: use a firewall, change default passwords, keep your browser and operating system updated, and limit who has login credentials to the virtual terminal.
Limitations to Keep in Mind
Virtual terminals require manual data entry, which makes them slower than a tap or swipe for high-volume, in-person sales. If you’re processing dozens of transactions per hour, a physical terminal or full POS system will be far more efficient.
Because every transaction is card-not-present, you’ll pay higher processing fees on every sale compared to businesses that use chip readers or contactless terminals. Over thousands of transactions, that difference adds up. For a business doing $10,000 per month in sales, even a 0.5% rate difference means an extra $50 in monthly fees.
There’s also a higher chargeback risk with card-not-present transactions. Without a chip read or PIN entry to verify the cardholder, disputes are harder to defend. Keeping good records, such as signed contracts, order confirmations, or call logs, helps protect you if a customer later claims they didn’t authorize a charge.
How to Choose a Provider
Start by looking at your transaction volume and average sale size. If you process a small number of high-dollar transactions (consulting fees, wholesale orders), a provider with lower percentage rates but a monthly fee may save you money. If you process many small transactions, a provider with no monthly fee but a slightly higher per-transaction rate might be simpler.
Check whether the features you need are included. Recurring billing, customer vault storage, and invoicing are standard with many providers but may require a higher-tier plan with others. Make sure the platform works on the devices you already own and that it supports the card brands your customers use.
Finally, confirm that the provider is PCI DSS validated and that their virtual terminal is hosted on their servers rather than requiring you to install software locally. This keeps your compliance obligations manageable and your customers’ card data out of your hands.