boost.ai is a Gartner-recognised leader in conversational AI for the enterprise, with a particularly strong footprint across banking, insurance, financial services, and public sector. Founded in Norway and widely deployed across the Nordics and beyond, boost.ai powers virtual agents that handle everything from account queries and loan applications to insurance renewals and public service requests. Its compliance posture is serious: SOC 2 Type II, ISO 27001, ISO 27701, and ISAE 3402 certifications make it a credible choice in regulated industries where audit requirements are non-negotiable.
Payment capability is a different matter. boost.ai handles the conversation exceptionally well but has no native payment product of its own. For PCI-compliant payment capture, boost.ai relies on third-party integrations, most notably Eckoh, as well as a Vipps connector for Nordic markets. That works in many contexts, but banks and insurers running contact centres at scale often need more flexibility: a broader choice of payment gateways, per-client routing across a multi-tenant portfolio, the ability to bring their own acquirer, and a single integration that works across voice and chat alike.
This guide is for regulated-sector teams running boost.ai virtual agents who need to add payment capture to the conversation flow. If your compliance team needs to minimise PCI scope while your operations team needs multi-PSP flexibility, this is the pattern that achieves both.
The Payment Challenge for boost.ai Agents
boost.ai's architecture separates conversation intelligence from back-end execution cleanly, which is one of its strengths. That same separation means payment capture has to be handled by an external layer rather than natively within the platform. For many deployments this is not a problem: Eckoh or Vipps handles the transaction, and the agent continues the conversation once payment is confirmed.
The friction appears when requirements get more specific. A bank with an existing acquirer relationship needs to settle through their mandated processor, not through a capture tool's built-in flow. An insurer running across multiple brands or subsidiaries needs per-client routing so that each premium settlement lands in the correct merchant account. A financial services firm running both voice and chat channels needs consistent PCI compliance behaviour across both, with the same audit trail and the same card-data isolation, regardless of which channel the customer used.
PCI DSS Level 1 compliance for a service provider is a significant undertaking, and it is not part of boost.ai's current certification set. boost.ai's certifications are strong for data protection and information security, but card data handling requires a separate compliance layer. The question for regulated-sector teams is how to add that layer without complicating the boost.ai deployment or expanding cardholder data scope across systems that should not be in scope at all.
How Shuttle Adds Payment Capture to boost.ai
Shuttle operates as a payment layer that sits between your boost.ai agent and your payment gateway. It handles PCI-compliant card data capture in complete isolation, so neither your boost.ai deployment nor your contact centre infrastructure ever touches cardholder data. The sequence looks like this:
The boost.ai agent runs the conversation: identifies the customer, confirms the payment amount, and collects intent.
The agent triggers Shuttle via API or webhook at the point where card details are needed.
Shuttle captures the card data in isolation. On voice, this uses DTMF suppression: the caller enters their card number on the keypad and the tones are masked before they reach any recording or transcript. On chat, Shuttle serves a hosted payment form over a secure iframe, keeping card entry entirely outside the boost.ai session.
Shuttle processes the transaction and routes it to your configured gateway or acquirer.
The result (success, decline, reference) is returned to the boost.ai agent, which continues the conversation accordingly.
At no point does the boost.ai platform, your CRM, your telephony layer, or your call recording system see card data. The agent and any recordings remain out of PCI scope.
Multi-PSP Support
Shuttle connects to 30+ gateways through a single integration. That list includes Stripe, Adyen, Worldpay, Checkout.com, Braintree, Square, Mollie, and many others across Europe, North America, and APAC. You can bring your own acquirer rather than being channelled through a capture tool's preferred processor.
For organisations running boost.ai across multiple clients, brands, or subsidiaries, Shuttle supports per-client and per-tenant routing. Each conversation flow can route to a different merchant account and gateway configuration, with no shared cardholder data between tenants. This is particularly relevant for insurers managing multiple underwriting entities, for banks with distinct product divisions, and for system integrators delivering white-label contact centre deployments at scale.
The contrast with a single third-party capture tool tied to its own processing flow is straightforward. If your organisation has an existing gateway relationship, wants to negotiate its own interchange rates, or is bound by a procurement decision to use a specific acquirer, a gateway-neutral layer like Shuttle accommodates that from the start. You do not need to renegotiate your payment stack to add virtual agent payment capability.
Shuttle also handles multi-currency routing and can direct transactions to the appropriate regional processor, which matters for boost.ai deployments spanning the Nordics, broader Europe, and international markets.
PCI Compliance
Shuttle is a PCI DSS Level 1 certified service provider, the highest level of certification available. Card data is captured and processed entirely within Shuttle's certified environment and is never transmitted to boost.ai, your telephony platform, your CRM, or any other system in your stack.
This matters for your compliance posture in two ways. First, it means your boost.ai deployment does not acquire PCI scope by adding payment capability. The conversation platform stays exactly where it is in your architecture, with the same certifications and the same audit perimeter. Second, it moves your contact centre environment from the more demanding SAQ-D scope toward SAQ-A, the lightest possible assessment, because card data capture happens outside your systems entirely.
boost.ai's own compliance certifications (SOC 2 Type II, ISO 27001, ISO 27701, ISAE 3402) are strong and appropriate for a platform handling sensitive customer data in regulated industries. Shuttle's PCI DSS Level 1 status complements rather than duplicates that posture: it addresses the one compliance requirement that boost.ai's certifications do not cover, without requiring any change to how boost.ai itself is deployed or audited.
Beyond Voice: Payment Links
boost.ai supports both voice and chat channels, and Shuttle works across both. On voice, Shuttle uses DTMF capture with tone suppression. On chat, SMS, and WhatsApp, Shuttle generates hosted payment links: secure, single-use URLs served from Shuttle's PCI-certified environment, returned inline to the chat conversation for the customer to complete.
This means a customer can start a query in the boost.ai chat widget, receive a payment link, complete the transaction in a browser tab, and return to the chat for confirmation, with no card data crossing the chat session at any point. The same applies to outbound SMS flows where boost.ai triggers a follow-up message after a conversation: the payment link opens to a Shuttle-hosted form, completing the PCI scope isolation in that channel too.
Use Cases
Bill-Pay and Account Payments
Customers contacting a bank or utility through a boost.ai virtual agent can make account payments, settle outstanding balances, or set up payment arrangements without being transferred to a human agent. Shuttle handles card capture in-call or in-chat, with the result returned to the agent to confirm and update the account.
Insurance Premiums and Renewals
Insurers using boost.ai for renewal conversations can collect premium payments at the point of renewal confirmation, within the same interaction. Per-client routing means each underwriting entity or brand can settle into its own merchant account, with a consistent compliance posture across the portfolio.
Collections and Payment Plans
For collections workflows, Shuttle supports instalment arrangements and recurring card authorisations alongside one-off capture. The boost.ai agent negotiates the plan; Shuttle handles the card data and charges the agreed schedule without the customer needing to re-engage.
Customer Support Payments
Banks and financial services firms using boost.ai for general customer support can offer fee payments, top-ups, and charges within the support conversation rather than redirecting customers to a separate payment journey. Completing the transaction in-conversation reduces drop-off and improves resolution rates.
FAQ
Does boost.ai process payments natively? No. boost.ai has no native payment product. For PCI-compliant card capture it partners with third parties, including Eckoh for contact centre payment flows and Vipps for Nordic markets. A gateway-neutral layer like Shuttle is the alternative for teams needing broader PSP coverage or per-client routing.
**How is Shuttle different from boost.ai's Eckoh integration?** Eckoh is a capable contact centre payment solution. Shuttle's difference is gateway neutrality and routing flexibility: 30+ PSPs on a single integration, per-client routing for multi-tenant deployments, and BYO acquirer support. If you want to compare options, see the Eckoh alternatives page for a fuller breakdown.
**Which gateways does Shuttle support?** Shuttle connects to 30+ gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, Square, Mollie, and many regional processors. You can use your existing acquirer relationship and configure routing per client or per use case.
**Does this keep our bank or contact centre out of PCI scope?** Yes. Card data is captured and processed within Shuttle's PCI DSS Level 1 environment and never transmitted to boost.ai, your telephony platform, or your CRM. This removes those systems from PCI scope and moves your contact centre assessment from SAQ-D toward SAQ-A.
Does this work across voice and chat? Yes. Shuttle supports DTMF capture with tone suppression on voice and hosted payment links or secure iframes on chat, SMS, and WhatsApp. The same gateway routing and compliance posture applies across all channels.
Related Reading
The Payment Layer for AI Agents: how a gateway-neutral payment layer fits across any conversational AI platform
AI Voice Agent PCI Payments: technical guide to DTMF suppression, PCI scope reduction, and SAQ-A qualification for voice agents
Voice Payments: end-to-end guide to taking card payments over voice channels
Cognigy Payments: same pattern applied to Cognigy.AI virtual agents, including contact centre and voice use cases
Kore.ai Payments: multi-PSP payment capture for Kore.ai virtual agent deployments
Add Payments to Your boost.ai Agents
Shuttle is a PCI DSS Level 1 service provider offering payment capture across 30+ gateways, at $0.20 per transaction with no setup, monthly, or per-seat fees. See pricing.
See Voice Checkout | Book a discovery call