If your business takes payments over the phone, you have two practical options: capture card details during the call using DTMF tones, or send the customer a payment link they complete on their own device. Both approaches can be made PCI compliant. Both have trade-offs.
This article compares the two approaches side by side — security, conversion, integration cost, and customer experience. For the canonical explainer on how DTMF capture works (clamping, masking, suppression, and PCI scope reduction), see our dedicated guide to DTMF payments.
What Are Payment Links?
A payment link is a URL that takes the customer to a hosted, PCI-compliant checkout page. The agent generates a link during or after the call and sends it to the customer via SMS, email, or messaging. The customer opens the link on their phone or computer, enters their card details on a secure form, and completes the payment independently.
Payment links bypass the phone channel entirely. Card data is entered into a web form served from a PCI-certified environment — the contact centre never touches it. This makes payment links inherently PCI compliant from the contact centre's perspective, with no need for DTMF infrastructure.
Read more about the approach in our guide to secure payment links for card authorisation.
DTMF Payments vs Payment Links: Security Comparison
Both DTMF payments and payment links can achieve full PCI DSS compliance when implemented correctly. The security differences lie in the attack surface, the infrastructure required, and where the risk sits.
DTMF payment security:
Card data travels through the telephony layer but is intercepted before reaching the agent or recordings. Security depends on the quality of DTMF suppression and clamping.
The payment environment must be PCI DSS Level 1 certified and the integration with the telephony platform must be correctly configured.
Potential vulnerabilities include incomplete tone suppression, misconfigured audio routing, and legacy telephony systems that pass tones before the payment layer intercepts them.
When implemented well, DTMF is highly secure — the card data exists only momentarily in the certified payment environment and is never stored.
Payment link security:
Card data never enters the voice channel. The customer enters details on a TLS-encrypted web form hosted by the payment provider.
The contact centre is completely de-scoped — there is no telephony integration to misconfigure.
Potential vulnerabilities include phishing (customers receiving fraudulent links), link interception if sent over unencrypted channels, and link expiry management.
Payment links use the same security standards as e-commerce checkout — well-understood and widely audited.
The bottom line: payment links have a smaller attack surface because card data stays in the web channel. DTMF payments add telephony as an extra layer to secure. However, DTMF with proper suppression and clamping is considered equally secure in practice and is the industry standard for PCI-compliant phone payments.
Pros and Cons of Each Approach
DTMF payment advantages:
Payment is completed during the call — no drop-off from sending the customer elsewhere.
Higher conversion rates for phone-first customers, especially in collections and insurance where the call is the primary interaction.
Works for all callers regardless of device type or internet access — the customer only needs a phone keypad.
Agent can guide the customer through each step in real time and confirm the result immediately.
DTMF payment disadvantages:
Requires telephony integration — the payment system must sit in the audio path, which adds implementation complexity.
Some customers find entering 16+ digits on a keypad awkward, especially on mobile devices.
Miskeyed digits require re-entry, which can extend call duration.
Ongoing maintenance of DTMF suppression and clamping configurations as telephony infrastructure changes.
Payment link advantages:
Simpler to implement — no telephony integration required. Generate a URL and send it.
Supports saved cards, digital wallets (Apple Pay, Google Pay), and other modern payment methods that DTMF cannot.
Works across channels — the same link can be sent via SMS, email, WhatsApp, or in-app messaging.
Completely de-scopes the contact centre from PCI with zero telephony configuration.
Payment link disadvantages:
Breaks the call flow — the customer must switch to another device or channel to complete payment, which increases abandonment.
Requires the customer to have a smartphone or internet access. Not all demographics have this, particularly in collections and public sector scenarios.
Payment may not be completed during the call — the agent cannot always confirm the outcome in real time.
Customers may be suspicious of links received during calls, reducing trust and completion rates.
When to Use DTMF Payments
DTMF payments are the right choice when the payment must happen during the phone call and breaking out to another channel would hurt completion rates or customer experience. Common scenarios include:
Debt collection calls — the debtor is on the line and ready to pay. Sending a link and hoping they complete it later significantly reduces recovery rates. See our guide on AI voice payments for debt collection.
Insurance premium collections — customers calling to renew or settle balances expect to complete the transaction in one interaction.
IVR self-service payments — automated phone systems where the caller navigates menus and enters card details without speaking to an agent at all. DTMF is the only input method available.
High-volume call centres — where average handle time (AHT) matters and completing payment during the call avoids follow-up contacts.
Callers without internet access — elderly customers, rural areas, or any situation where the caller cannot easily access a web browser.
When to Use Payment Links
Payment links work best when the payment does not need to happen in real time during the call, or when you want to offer a richer checkout experience. Common scenarios include:
Post-call payments — the agent sends a quote, invoice, or payment request after the call and the customer pays at their convenience.
Multi-channel collections — sending payment links via SMS or email as part of an outreach sequence. The link can be sent proactively before the customer even calls.
Complex transactions — where the customer needs to review an itemised total, select payment options (instalments, partial payment), or use a digital wallet.
Chat and messaging channels — agents communicating via live chat, WhatsApp, or social messaging can embed a payment link directly in the conversation.
Businesses without telephony infrastructure — if you do not have a cloud-based telephony platform that supports DTMF integration, payment links are the faster path to secure phone payments.
The Hybrid Approach: DTMF and Payment Links Together
The strongest payment operations do not choose one method over the other — they offer both. A hybrid approach gives agents the flexibility to match the payment method to the situation:
Customer is on the phone and ready to pay right now? Use DTMF to capture the card during the call.
Customer prefers to pay later or wants to use Apple Pay? Send a payment link via SMS.
Customer is struggling with the keypad or keeps miskeying digits? Switch to a payment link mid-call.
IVR self-service system encounters an error? Fall back to a payment link sent to the caller's mobile number.
This is exactly the model Shuttle supports. As a payment layer for platforms, Shuttle provides both Voice Checkout (DTMF payments via Twilio) and Payment Links through a single integration. Platforms and contact centres get PCI DSS Level 1 compliance across both channels without building or maintaining the payment infrastructure themselves.
The payment method becomes a routing decision, not an architecture decision. One integration, two channels, full PCI compliance.
Frequently Asked Questions
Are payment links more secure than DTMF?
Payment links have a smaller attack surface because card data never enters the voice channel. However, properly implemented DTMF with suppression and clamping is equally secure and is the industry standard for phone payments. The choice is usually driven by customer experience rather than security.
Can I use both DTMF and payment links in the same contact centre?
Yes. A hybrid approach is increasingly common for organisations handling a mix of inbound and outbound calls. Shuttle provides both DTMF-based Voice Checkout and Payment Links through a single integration. Book a discovery call to see how it works.