Bland AI is a platform for building AI phone agents that handle real conversations at scale, inbound and outbound, on its own telephony infrastructure. It is used heavily for outbound work: cold calling, appointment reminders, lead qualification, and collections, alongside inbound call handling.
Outbound calling is where payments show up most. A reminder call turns into a bill payment. A collections call ends with the customer agreeing to settle. A sales call closes. But when a Bland agent reaches that moment, card data cannot be allowed to enter the AI pipeline.
This guide covers how to take PCI-compliant payments on Bland AI phone agents using Shuttle, so your agents can collect card payments mid-call without putting your application or Bland's platform in PCI scope.
Bland AI holds PCI DSS certification at the platform level, but it has no native payment-capture product: no built-in way to actually take a card payment during a call. The PCI-compliant approaches on any AI calling platform are the standard ones, pause-resume recording, DTMF masking, and secure handoff to a PCI-compliant payment system. The agent can detect payment intent and follow a conversational pathway, but it cannot capture and process a card itself. If card digits enter the audio stream unprotected, your whole stack falls into PCI scope.
Shuttle provides the payment layer that closes that gap. Your Bland agent triggers the payment, Shuttle captures the card in an isolated PCI-certified environment, and the result comes back, all within the same conversation.
The Payment Challenge for Bland AI
Outbound agents are payment-rich, which makes the compliance problem more acute, not less.
**Card data cannot enter the AI pipeline.** DTMF tones entered during a Bland call are cardholder data under PCI DSS. If they flow through the audio path, your call logs, your analytics, and your backend are all in PCI scope.
Building card capture yourself is not realistic. PCI DSS Level 1 certification costs $500,000+ upfront and $200,000+ per year, with a Qualified Security Assessor, quarterly scans, and annual penetration testing. That is not where an outbound calling operation wants to spend its time.
Sending people elsewhere to pay loses the moment. In collections and outbound sales especially, the commitment is fragile. Telling the customer to call a payment line or wait for a link to arrive is how an agreed payment becomes an uncollected one.
The answer is a payment layer that captures the card in-call, in an isolated environment, and hands a clean result back to your agent.
How Shuttle Integrates with Bland AI
Shuttle is API-driven. Your application orchestrates the payment through Shuttle's API while Shuttle handles every piece of card data inside its PCI DSS Level 1 certified environment.
Your Bland agent runs the conversation: the pathway or prompt drives intent recognition, customer interaction, and amount confirmation.
Your backend triggers Shuttle: when payment is due, your server calls Shuttle's API to create a payment session with the amount, currency, and gateway configuration.
Shuttle captures card data: Shuttle takes control of the DTMF capture channel. Card digits on the keypad are captured by Shuttle and stripped from the audio that returns to Bland and your application.
Payment is processed: Shuttle tokenises the card and routes it to your configured gateway. Authorisation happens entirely inside Shuttle's certified environment.
Result returned to your agent: Shuttle sends a webhook with the outcome, a transaction reference, and a masked card number. Your Bland agent confirms the payment in the conversation.
How It Works: Step by Step
Step 1: Payment intent recognised. Your Bland agent reaches the payment step in the pathway, or your application logic determines payment is due.
Step 2: Amount confirmed. The agent states the total and tells the customer they'll enter their card on the keypad.
Step 3: Payment session created. Your backend calls Shuttle's API with the amount, currency, and gateway config. Shuttle returns a session token.
Step 4: Audio stream splits. Shuttle takes control of the DTMF capture channel. The main audio path is isolated from the card capture path, and tones are masked with flat replacement tones.
Step 5: Card details entered. Shuttle plays a secure prompt and the customer enters card number, expiry, and CVV via the keypad.
Step 6: Tones captured in isolation. Shuttle captures the DTMF in its PCI-compliant environment. The tones never reach Bland or your application, and recordings contain flat tones during this segment.
Step 7: Payment processed. Shuttle tokenises the card and routes it to your gateway for authorisation.
Step 8: Webhook received. Shuttle sends the result: outcome, transaction reference, masked card number.
Step 9: Agent confirms. Your Bland agent confirms the payment and continues the call.
The payment segment takes 20-30 seconds, and the customer stays on the line throughout.
Multi-PSP Support
Shuttle connects to 30+ payment gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, Square, and Mollie.
Per-client gateway configuration: each client or business unit can route to its own PSP
Single integration: integrate with Shuttle once; gateway routing is configuration, not code
Multi-PSP routing: route by currency, region, card type, or custom rules
Failover: automatic fallback to a secondary gateway if the primary is unavailable
For agencies and BPOs running outbound campaigns for multiple clients on Bland, per-client routing is essential, and it is configuration rather than code.
PCI Compliance
Shuttle is a PCI DSS Level 1 certified Service Provider.
What stays in your application / Bland: conversation logic, amount calculation, session initiation, and handling of non-sensitive webhook results. None of this is cardholder data, so your application and Bland's platform stay out of PCI scope.
What stays in Shuttle: DTMF capture and decoding, card tokenisation, gateway communication, and secure prompt playback, all inside the certified environment.
Call recordings: DTMF tones are stripped before they reach Bland or your application. Stored recordings contain flat masking tones during the payment segment, so there is no cardholder data in your recordings, logs, or analytics.
With Shuttle handling all card data, your application qualifies for SAQ-A rather than the SAQ-D obligations that handling card data yourself would trigger. This matters for collections and outbound operations, where call volumes and recording retention make in-house card handling especially risky.
Beyond Voice: Payment Links
DTMF is the primary in-call method, but Shuttle also supports payment links. Mid-call, your Bland agent can say it has sent a secure link by SMS; the customer opens a hosted checkout page, pays, and the result returns to your agent in real time. Links suit higher-value payments, mobile-first callers, and post-call payment plans, which are common in collections.
Use Cases
Collections
Collections agents need to capture payment the instant the debtor agrees. Shuttle takes the card in-call, and payment links handle agreed instalment plans, so commitments convert into collected funds.
Outbound Sales
Outbound sales agents close and collect in the same call, with no callback and no link left unclicked.
Appointment Reminders and Bill-Pay
Reminder calls that prompt a bill payment can take the card in-call instead of directing the customer to a portal.
Order and Renewal Confirmations
Agents confirming orders or renewals can collect payment at the point of confirmation, optionally tokenising the card for future charges.
Developer Integration
API-driven. Create payment sessions, configure gateways, and receive webhooks via REST API.
No telephony changes. Shuttle integrates at the audio/DTMF layer, so you add payment capability without changing how your Bland agent handles calls.
Pathway and prompt friendly. Trigger Shuttle at the payment step of a conversational pathway or from a prompt-driven flow, and resume on the result webhook.
Test mode available. Run the full payment flow with test card numbers before going live.
**$0.20 per transaction.** No setup fees, no monthly minimums, no per-seat licensing.
FAQ
**Can I build PCI-compliant payment capture myself on Bland?** Technically, but PCI DSS Level 1 certification runs $500,000+ upfront and $200,000+/year. Shuttle provides the same capability at $0.20 per transaction.
**What payment gateways does Shuttle support?** 30+ gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, and Square.
Does this work for outbound campaigns? Yes. Bland is outbound-heavy, and the same integration captures payment during outbound calls for sales, collections, and reminders.
Can I take instalment or payment-plan payments? Yes. Payment links and tokenisation support agreed payment plans, which is common in collections.
Does the customer hear the agent during card entry? During DTMF capture, Shuttle plays secure prompts and the agent's voice is paused. Once entry is complete, the agent resumes.
Related Reading
Retell AI Payments: PCI-compliant payment capture for Retell AI voice agents
Vapi Payments: secure payment capture for Vapi voice agents
How AI Voice Agents Take PCI-Compliant Payments: the technical architecture for secure payment capture during AI voice calls
What Are Voice Payments? The Complete Guide: IVR, agent-assisted, and AI voice payment models compared
The Payment Layer for AI Agents: why AI agents need a dedicated payment layer
Phonely Payments: PCI-compliant payment capture for Phonely AI phone agents
Add Payments to Your Bland AI Agents
Shuttle is Twilio's official payment partner and a PCI DSS Level 1 certified Service Provider. If you're building phone agents on Bland AI and need PCI-compliant payment capture:
See Voice Checkout | Book a discovery call