Bland AI is a platform for building AI phone agents that handle real conversations at scale, inbound and outbound, on its own telephony infrastructure. It is used heavily for outbound work: cold calling, appointment reminders, lead qualification, and collections, alongside inbound call handling.
Outbound calling is where payments show up most. A reminder call turns into a bill payment. A collections call ends with the customer agreeing to settle. A sales call closes. But when a Bland agent reaches that moment, card data cannot be allowed to enter the AI pipeline.
This guide covers how to take PCI-compliant payments on Bland AI phone agents using Shuttle, so your agents can collect card payments mid-call without putting your application or Bland's platform in PCI scope.
Bland AI holds PCI DSS certification at the platform level, but it has no native payment-capture product: no built-in way to actually take a card payment during a call. The agent can detect payment intent and follow a conversational pathway, but it cannot capture and process a card itself. If card digits enter the audio stream unprotected, your whole stack falls into PCI scope.
Shuttle provides the payment layer that closes that gap. Shuttle has no native integration with Bland AI. Instead, your application code invokes Shuttle's Twilio-based payment setup (Shuttle is Twilio's preferred payments partner). At the point of payment, the call is handed to a secure PCI DSS Level 1 capture via Twilio Pay. The card digits are captured inside Shuttle's certified environment and never reach Bland, the LLM, or the agent. To use this path, you need to be a Twilio customer, and your team builds the orchestration that triggers the handoff.
The Payment Challenge for Bland AI
Outbound agents are payment-rich, which makes the compliance problem more acute, not less.
Card data cannot enter the AI pipeline. DTMF tones entered during a Bland call are cardholder data under PCI DSS. If they flow through the audio path, your call logs, your analytics, and your backend are all in PCI scope.
Building card capture yourself is not realistic. PCI DSS Level 1 certification costs $500,000+ upfront and $200,000+ per year, with a Qualified Security Assessor, quarterly scans, and annual penetration testing. That is not where an outbound calling operation wants to spend its time.
Sending people elsewhere to pay loses the moment. In collections and outbound sales especially, the commitment is fragile. Telling the customer to call a payment line or wait for a link to arrive is how an agreed payment becomes an uncollected one.
The answer is a payment layer that captures the card in-call, in an isolated environment, and hands a clean result back to your agent.
How Shuttle Works with Bland AI Today
Shuttle has no native integration with Bland AI. The handoff is API-driven: your application code triggers the Shuttle payment handoff, and the card is captured by Shuttle inside its PCI DSS Level 1 certified environment, never by Bland. To use the secure voice capture, you must be a Twilio customer, because today the capture runs over Twilio Pay, where Shuttle is Twilio's preferred payments partner.
Shuttle provides ready-made interfaces for payment links plus the capture/IVR and the APIs. Your team builds the agent-side orchestration that triggers the handoff. You can build and validate the flow against Shuttle's sandbox gateway and demo app before going live. A deeper, native Bland integration is possible only as a paid project.
Your Bland agent runs the conversation: the pathway or prompt drives intent recognition, customer interaction, and amount confirmation.
Your backend triggers Shuttle: when payment is due, your server calls Shuttle's API to create a payment session with the amount, currency, and gateway configuration.
The call is handed to a secure PCI capture: at the point of payment, the call is handed to a secure PCI DSS Level 1 capture via Twilio Pay. The customer enters their card on the keypad, and Shuttle captures the digits inside its certified environment, so they never reach Bland, the LLM, or your application.
Payment is processed: Shuttle tokenises the card and routes it to your configured gateway. Authorisation happens entirely inside Shuttle's certified environment.
Result returned to your agent: Shuttle sends a webhook with the outcome, a transaction reference, and a masked card number. Your application records the result, and your Bland agent confirms the payment.
One honest caveat to set expectations on up front: the secure capture at the point of payment is live now via Twilio Pay. Shuttle being present for the entire call, or cleanly returning the caller to the same Bland agent afterwards, is not yet turnkey. A carrier-agnostic version, which removes the Twilio requirement, is landing later in 2026.
How It Works: Step by Step
Step 1: Payment intent recognised. Your Bland agent reaches the payment step in the pathway, or your application logic determines payment is due.
Step 2: Amount confirmed. The agent states the total and tells the customer they'll be connected to a secure line to enter their card.
Step 3: Payment session created. Your backend calls Shuttle's API with the amount, currency, and gateway config. Shuttle returns a session token.
Step 4: Secure capture triggered. At the point of payment, the call is handed to a secure PCI DSS Level 1 capture via Twilio Pay, with Shuttle as the certified connector. The card capture happens inside that secure environment, not inside Bland.
Step 5: Card details entered. Shuttle plays a secure prompt and the customer enters card number, expiry, and CVV on the keypad.
Step 6: Digits captured in isolation. Shuttle captures the card inside its PCI DSS Level 1 certified environment. The digits never reach Bland, the LLM, or your application.
Step 7: Payment processed. Shuttle tokenises the card and routes it to your gateway for authorisation.
Step 8: Webhook received. Shuttle sends the result: outcome, transaction reference, masked card number.
Step 9: Agent confirms. Your application records the result, and your Bland agent confirms the payment.
The customer stays on the line throughout. Note that cleanly returning the caller to the same Bland agent after payment is not yet turnkey today; talk to us about your flow and we will give you the honest current state.
Multi-PSP Support
Shuttle connects to 30+ payment gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, Square, and Mollie.
Per-client gateway configuration: each client or business unit can route to its own PSP
Single integration: integrate with Shuttle once; switching gateways is configuration, not re-integration
Multi-PSP routing: route by currency, region, card type, or custom rules
Failover: automatic fallback to a secondary gateway if the primary is unavailable
One gateway caveat worth knowing: a few gateways (Braintree, for example) do not work for voice capture, because they will not allow raw card data to be passed, but they do work for payment links. For agencies and BPOs running outbound campaigns for multiple clients on Bland, per-client routing is essential, and it is configuration rather than code.
PCI Compliance
Shuttle is a PCI DSS Level 1 certified Service Provider.
What stays in your application / Bland: conversation logic, amount calculation, session initiation, and handling of non-sensitive webhook results. None of this is cardholder data, so your application and Bland's platform stay out of PCI scope.
What stays in Shuttle: card capture during the secure Twilio Pay handoff, card tokenisation, gateway communication, and secure prompt playback, all inside the certified environment.
Call recordings: because the card is entered during the secure PCI capture, the card details are never part of the audio Bland processes or records. Any recordings you store contain no cardholder data, so there are no card digits in your recordings, logs, or analytics.
With Shuttle handling all card data, your application qualifies for SAQ-A rather than the SAQ-D obligations that handling card data yourself would trigger. This matters for collections and outbound operations, where call volumes and recording retention make in-house card handling especially risky.
Beyond Voice: Payment Links
The secure in-call capture is one method, but Shuttle also supports payment links, and they are the turnkey path. Mid-call, your Bland agent can say it has sent a secure link by SMS or email; the customer opens a hosted checkout page, pays, and the result returns to your application in real time. Links suit higher-value payments, mobile-first callers, and post-call payment plans, which are common in collections. They also work even with gateways that do not support voice capture, such as Braintree.
Use Cases
Collections
Collections agents need to capture payment the instant the debtor agrees. Shuttle takes the card in-call, and payment links handle agreed instalment plans, so commitments convert into collected funds.
Outbound Sales
Outbound sales agents close and collect in the same call, with no callback and no link left unclicked.
Appointment Reminders and Bill-Pay
Reminder calls that prompt a bill payment can take the card in-call instead of directing the customer to a portal.
Order and Renewal Confirmations
Agents confirming orders or renewals can collect payment at the point of confirmation, optionally tokenising the card for future charges.
Developer Integration
API-driven. Create payment sessions, configure gateways, and receive webhooks via REST API. Your team builds the agent-side orchestration; Shuttle provides the capture, IVR, links, and APIs.
Twilio required today. The secure voice capture runs over Twilio Pay, so you must be a Twilio customer. A carrier-agnostic version, which removes the Twilio requirement, is landing later in 2026.
Pathway and prompt friendly. Trigger Shuttle at the payment step of a conversational pathway or from a prompt-driven flow, and resume on the result webhook.
Build a POC against the sandbox. Validate the full payment flow against Shuttle's sandbox gateway and demo app before going live. A native Bland integration is possible only as a paid project.
[$0.20 per successful transaction](/pricing/) for voice. No setup fees, no monthly minimums, no per-seat licensing. Payment links are currently free, with a new model coming.
For technical detail, see the Shuttle docs: Twilio setup, payment links, and security and PCI.
FAQ
Does Shuttle have a native Bland AI integration? No. Shuttle has no native integration with Bland. The handoff is API-driven: your application code triggers Shuttle's Twilio-based payment setup, and at the point of payment the call is handed to a secure PCI DSS Level 1 capture via Twilio Pay. A native Bland integration is possible only as a paid project.
Does this require Twilio? Yes, for the secure in-call capture. The capture runs over Twilio Pay today, where Shuttle is Twilio's preferred payments partner, so you must be a Twilio customer. A carrier-agnostic version that removes the Twilio requirement is landing later in 2026.
Can I build PCI-compliant payment capture myself on Bland? Technically, but PCI DSS Level 1 certification runs $500,000+ upfront and $200,000+/year. Shuttle provides the same capability at $0.20 per successful transaction.
What payment gateways does Shuttle support? 30+ gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, and Square. Switching gateways is configuration, not re-integration. A few gateways (Braintree, for example) do not work for voice capture but do work for payment links.
Does this work for outbound campaigns? Yes. Bland is outbound-heavy, and the same secure handoff captures payment during outbound calls for sales, collections, and reminders.
Can I take instalment or payment-plan payments? Yes. Payment links and tokenisation support agreed payment plans, which is common in collections.
Does the customer hear the agent during card entry? During the secure capture, Shuttle plays the prompts and the agent's voice is paused. Once payment is complete, your application resumes the conversation. Note that cleanly returning the caller to the same agent is not yet turnkey today.
Related Reading
Retell AI Payments: PCI-compliant payment capture for Retell AI voice agents
Vapi Payments: secure payment capture for Vapi voice agents
How AI Voice Agents Take PCI-Compliant Payments: the technical architecture for secure payment capture during AI voice calls
What Are Voice Payments? The Complete Guide: IVR, agent-assisted, and AI voice payment models compared
The Payment Layer for AI Agents: why AI agents need a dedicated payment layer
Add Payments to Your Bland AI Agents
Shuttle is Twilio's official payment partner and a PCI DSS Level 1 certified Service Provider. If you're building phone agents on Bland AI and need PCI-compliant payment capture:
See Voice Checkout | Book a discovery call