Millions of insurance calls happen every day. Renewals. Collections. Claim queries. Policy changes.
A significant percentage of those calls involve a payment moment — the policyholder needs to pay a premium, settle an excess, or clear an overdue balance. And in most insurance call centres, that moment is handled badly.
The agent says: "I'll transfer you to our automated payment line." Or: "Can you read me your card number?" Or: "I'll send you a link — please check your email after we hang up."
Every one of these is a failure mode. The IVR transfer drops calls. Reading card numbers creates PCI exposure. Sending a link after the call means the payment might never happen.
The underlying problem isn't the agents. It's the infrastructure.
The PCI Problem
The moment card data enters the audio stream of a call centre, everything is in scope.
The agent's headset? In scope.
The call recording system? In scope.
The quality monitoring feed? In scope.
The desktop where the agent works? In scope.
The network connecting all of those systems? In scope.
PCI DSS doesn't care that the contact centre is an insurance operation, not a payments company. If card data is present — spoken, keyed, or displayed — the full compliance framework applies.
For insurance contact centres, this creates an impossible position. They can't avoid payment conversations. And they can't handle card data without massive compliance overhead.
The result: most insurance call centres punt payments to somewhere else. Transfer to IVR. Redirect to a website. Mail a payment slip. Every alternative adds friction. Every one loses conversions.
The Architecture That Fixes It
The fix is architectural, not procedural. Card data must never enter the contact centre's audio environment.
Here's how it works:
1. The agent reaches the payment moment. The policyholder confirms they want to pay.
2. The call enters a secure payment segment. The agent triggers the payment flow — from their desktop, their CRM, or the core platform's interface.
3. The policyholder enters card details via DTMF. Keypad tones are captured within a PCI-certified environment — not the contact centre's telephony stack.
4. DTMF tones are stripped from the audio stream. The agent hears silence or a masking tone. Call recordings capture no card data. Quality monitoring feeds are clean.
**5. The payment processes through the carrier's PSP.** The transaction routes to whichever processor the carrier uses — Stripe, Adyen, Worldpay, or a regional acquirer.
6. The agent receives confirmation. "Payment approved" appears on screen. The conversation resumes.
The agent never hears card data. The recording never contains it. The contact centre's PCI scope drops from SAQ-D (300+ requirements) to SAQ-A (22 requirements). The difference in annual compliance cost is hundreds of thousands of pounds.
Allianz Is Already Doing This
Allianz runs call centre payments through Shuttle across 3 countries. Each country routes to Allianz's contracted processors. Agents trigger payment capture mid-call. DTMF tones are captured in Shuttle's PCI DSS Level 1 certified infrastructure. The contact centre stays at zero scope.
This isn't a pilot. It's production.
What About AI Voice Agents?
The same architecture extends to AI voice agents — and this is where insurance gets interesting.
AI voice agents from companies like PolyAI now handle insurance conversations at scale: renewals, collections, policy queries. When the AI agent reaches a payment moment, it triggers the same secure capture flow. The policyholder enters card details via DTMF. The payment processes. The AI confirms. No human involved.
PolyAI achieves a 75% voice payment completion rate with zero human handoffs: "Shuttle let us treat legacy payment providers as a modern SaaS service. It enabled us to support the gateways our customers required and fully automate high-value transactions across regulated industries."
For insurance call centres processing thousands of renewal and collections calls daily, AI voice payments represent a step change in efficiency and conversion. For a deeper look at the architecture, see How AI Voice Agents Take PCI-Compliant Payments.
What This Means for Insurance Core Platforms
If you're building an insurance core platform — policy admin, billing, claims — voice payment execution should be native to your platform. Not a separate system. Not a partner the carrier manages independently.
When voice payments are embedded in the core platform:
Every carrier's contact centre (or AI agent) captures payments through the platform
Each carrier routes to their own PSP — no carrier is forced to switch
PCI compliance is handled by The Payment Layer — the platform stays at zero scope
The platform captures revenue on every transaction
The billing module tracks what's owed. The Payment Layer collects the money. The call centre is where it happens.
For the full guide to adding payment execution to your insurance platform, see Payments for Insurance Core Platforms.
*Shuttle is The Payment Layer for insurance platforms. PCI DSS Level 1 certified. 40+ PSPs. Voice, links, and embedded checkout. See how it works or book a discovery call.*