Cognigy is one of the leading enterprise conversational AI platforms. Its AI agents handle complex multi-turn conversations across voice and digital channels, integrating with contact centre infrastructure from NICE, Genesys, Avaya, and others. Cognigy agents can authenticate customers, look up account details, process service requests, and escalate to human agents when needed.
What they can't do natively is take a card payment.
That's not a gap in Cognigy's product. It's a fundamental constraint of how AI systems and PCI compliance interact. The AI model must never see, hear, or process cardholder data. If it does, the entire platform — Cognigy's infrastructure, your contact centre stack, your call recordings, your data pipelines — enters PCI DSS scope. The cost of that is $500,000+ in the first year and $200,000+ annually, plus the operational burden of maintaining Level 1 certification across a complex AI infrastructure.
Shuttle provides the payment layer that lets Cognigy agents capture payments mid-conversation without any cardholder data touching Cognigy's platform.
The Payment Challenge for Cognigy
Cognigy's strength is orchestration. Its Flow Editor lets enterprises build sophisticated conversational workflows that span voice and chat, integrate with CRMs and ERPs, and handle complex business logic. But payments introduce a requirement that sits outside the conversational AI stack entirely.
When a customer says "I'd like to pay," the Cognigy agent needs to:
Capture a 16-digit card number, expiry date, and CVV
Tokenise that data and send it to a payment gateway
Process the authorisation
Return the result to the conversation
Every one of those steps involves cardholder data. If that data flows through Cognigy's infrastructure — even as audio in a voice call or text in a chat message — the entire platform is in PCI scope.
For voice channels, the challenge is acute. DTMF tones (keypad presses) carry card digits. If those tones enter Cognigy's audio processing pipeline, they're cardholder data. If they appear in call recordings, those recordings are cardholder data. If they're transcribed by the AI model, the transcription is cardholder data.
For chat channels, the same principle applies. If a customer types their card number into a Cognigy chat widget, that message is cardholder data. It must never be stored, logged, or processed by Cognigy's systems.
The solution is a clean architectural boundary: Cognigy handles the conversation, a separate PCI-compliant system handles the payment, and cardholder data never crosses from one to the other.
How Shuttle Integrates with Cognigy
Shuttle sits between Cognigy and the payment gateway. It handles all card data capture, tokenisation, and gateway communication within its PCI DSS Level 1 certified environment. Cognigy never touches cardholder data.
The integration works across both of Cognigy's primary channels:
Voice Channel
Cognigy agent triggers payment — The AI agent identifies payment intent and confirms the amount. Cognigy's flow makes an API call to Shuttle to initiate a payment session.
Audio stream splits — Shuttle takes control of the DTMF capture channel. The main call audio — the one feeding Cognigy's AI model and any call recording — is isolated from the card capture path.
DTMF capture — Shuttle plays a secure prompt and captures card digits via the customer's keypad. DTMF tones are stripped from the main audio stream and replaced with flat masking tones.
Payment processed — Shuttle tokenises the card data and routes it to the merchant's configured gateway. The authorisation happens entirely within Shuttle's environment.
Result returned — Shuttle sends the outcome back to Cognigy via webhook: success/failure, transaction reference, masked card number. The Cognigy agent confirms the payment in natural language.
Chat Channel
Cognigy agent triggers payment — Same as voice: the agent confirms the amount and initiates a Shuttle payment session.
Payment link generated — Shuttle creates a secure hosted checkout page and returns a URL. The Cognigy agent sends this link to the customer within the chat conversation.
Customer completes payment — The customer taps the link, enters their card details on Shuttle's hosted page, and submits. No card data enters Cognigy's chat infrastructure.
Result returned — Shuttle fires a webhook with the transaction result. The Cognigy agent picks up: "Your payment has been processed. Your reference is TXN-4471."
Both channels use the same Shuttle infrastructure, the same PCI-compliant environment, and the same gateway routing logic.
How It Works: Step by Step
A typical voice payment flow with Cognigy and Shuttle:
Step 1: Payment intent recognised. The Cognigy agent detects that the customer wants to pay. This could be triggered by a specific utterance, a flow condition, or a backend lookup that identifies an outstanding balance.
Step 2: Amount confirmed. The agent says: "I can see you have an outstanding balance of €89.00. Would you like to pay that now?" The customer confirms.
Step 3: Payment context set. The agent explains the process: "I'll just need your card details. You'll be prompted to enter them using your keypad."
Step 4: Shuttle session created. Cognigy's flow executes an HTTP Request node to Shuttle's API, passing the amount, currency, and merchant configuration. Shuttle returns a session token.
Step 5: Secure capture begins. The call enters the secure payment segment. Shuttle plays the card entry prompts. DTMF tones are captured by Shuttle and masked from Cognigy's audio stream.
Step 6: Card data processed. Shuttle tokenises the card, sends it to the gateway, and receives the authorisation response. All within Shuttle's PCI DSS Level 1 certified perimeter.
Step 7: Result returned. Shuttle sends the result to Cognigy. The flow reads the webhook payload and branches on success or failure.
Step 8: Conversation continues. On success: "Your payment of €89.00 has been processed. Your reference number is TXN-7293. Is there anything else I can help with?" On failure: "I'm sorry, the payment wasn't successful. Would you like to try a different card?"
The entire payment capture takes 20-30 seconds. The customer stays on the line. No transfers, no hold music, no separate IVR system.
Multi-PSP Support
Cognigy serves large enterprises that have existing payment gateway relationships. A retail company might use Adyen. A utilities provider might process through Worldpay. A telecoms company might route through Checkout.com. Cognigy can't require its customers to switch PSPs — and with Shuttle, it doesn't need to.
Shuttle connects to 16+ payment gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, Square, Mollie, GoCardless, and others. Each Cognigy deployment can be configured with the merchant's preferred gateway.
Advanced routing options include:
Multi-PSP routing — Route transactions to different gateways based on currency, region, or card type
Failover routing — If the primary gateway is unavailable, automatically route to a backup
Per-merchant configuration — In multi-tenant Cognigy deployments, each end merchant can have their own gateway setup
This means Cognigy can offer payment capability to any customer regardless of which PSP they use. One integration with Shuttle covers all of them.
PCI Compliance
The architecture is designed to keep Cognigy and its customers out of PCI scope for cardholder data.
What stays in Cognigy:
Conversation management and flow orchestration
Payment intent detection and amount confirmation
Session initiation (API call to Shuttle with amount, currency, merchant config)
Transaction result handling (success/failure, reference numbers, masked card details)
None of this is cardholder data. None of it expands PCI scope.
What stays in Shuttle:
DTMF tone capture and decoding (voice channel)
Hosted checkout page (chat channel / payment links)
Card data tokenisation
Gateway communication and authorisation
Transaction logging with full card data isolated in Shuttle's environment
Shuttle is a PCI DSS Level 1 certified Service Provider. The certification covers the entire card capture, tokenisation, and routing pipeline.
For Cognigy's customers: Because card data never enters Cognigy's infrastructure, end merchants can self-assess under SAQ-A — the simplest PCI compliance questionnaire. No penetration testing requirements, no quarterly ASV scans on their systems, no on-site QSA audits for payment processing.
Call recordings: On voice channels, DTMF tones are stripped from all audio streams before they reach Cognigy or any recording system. Recordings contain flat masking tones during the payment segment. No cardholder data is stored anywhere in Cognigy's infrastructure.
Beyond Voice: Payment Links
Payment links bridge Cognigy's voice and digital channels. During any Cognigy conversation — voice or chat — the AI agent can send a payment link via SMS or directly in the chat window.
The customer receives a link to a Shuttle-hosted checkout page. They enter their card details on a secure page, complete the payment, and the result is returned to the Cognigy agent in real time.
Payment links are particularly useful for Cognigy deployments because:
Omnichannel consistency — The same payment method works across voice, webchat, WhatsApp, and other Cognigy-supported channels
Higher-value transactions — Customers may prefer visual confirmation for larger payments
Accessibility — Customers who struggle with DTMF keypad entry can use the payment link instead
Chat-first flows — On text-based channels where DTMF isn't available, payment links are the primary method
Both DTMF and payment link transactions are processed through the same Shuttle infrastructure, the same PCI-compliant environment, and the same multi-PSP routing.
FAQ
Does this require changes to Cognigy's platform? No. The integration uses Cognigy's standard HTTP Request nodes and webhook handling. It's configured at the flow level, not the platform level.
Can existing Cognigy flows add payment capability? Yes. Adding payment capture to an existing flow requires adding the Shuttle API call, the secure capture segment, and the result handling. It's additive — it doesn't require rebuilding the flow.
What happens if the payment fails? Shuttle returns a failure reason to Cognigy. The AI agent can offer to retry with a different card, send a payment link as an alternative, or escalate to a human agent — whatever the flow logic dictates.
Does this work with Cognigy's NICE partnership? Yes. Shuttle integrates at the telephony layer, which is independent of the contact centre platform. Whether Cognigy is deployed with NICE, Genesys, Avaya, or another CCaaS provider, the Shuttle payment flow works the same way.
What does it cost? Shuttle charges $0.20 per transaction with no setup fees, no monthly minimums, and no per-seat licensing.
Related Reading
How AI Voice Agents Take PCI-Compliant Payments — The technical architecture for secure payment capture during AI voice calls
What Are Voice Payments? The Complete Guide — IVR, agent-assisted, and AI voice payment models compared
Twilio Pay Connectors — How Shuttle connects to Twilio's payment infrastructure
The Payment Layer for AI Agents — Why AI agents need a dedicated payment layer
Contact Centre Payments — PCI-compliant payment capture for contact centres
PCI Pal Alternatives — How Shuttle compares to PCI Pal for voice payments
Add Payments to Your Cognigy Agents
Shuttle is Twilio's official payment partner and a PCI DSS Level 1 certified Service Provider. If you're building conversational AI with Cognigy and need PCI-compliant payment capture, talk to us about Voice Checkout or see how it works for platforms.