Decagon is an enterprise omnichannel AI customer-service platform. Its agents handle voice, chat and email for contact centres and CX operations across retail, travel, healthcare and fintech, resolving customer issues end to end rather than just routing tickets.
When those conversations involve money (a bill to settle, a deposit to take, an order to complete) the question becomes how payments actually work inside a Decagon deployment. Decagon's marketing references processing payments by securely collecting card details through PCI-compliant voice interactions, and notes that it connects to payment processors and accounting systems. However, Decagon does not publish a PCI DSS certification level or the underlying payment architecture, so whether it captures and processes card data itself or integrates with an external layer is not publicly documented.
This guide is for teams evaluating how to add verified, certified, multi-PSP payment capture to their Decagon agents. It explains why taking cards in an AI voice call requires an isolated, certified payment layer, and how Shuttle provides exactly that: a PCI DSS Level 1 certified Service Provider that drops into a Decagon deployment with in-call DTMF capture, SMS payment links and routing to 30+ gateways.
The Payment Challenge for Decagon
Taking a card payment during an AI-driven conversation introduces a hard constraint: raw card data cannot flow through the AI pipeline. The moment a primary account number, CVV or expiry passes through your speech-to-text, transcription, logging, model context or analytics, every one of those systems is pulled into PCI DSS scope. For an enterprise running voice, chat and email at volume, that scope is unmanageable.
The answer is a certified, isolated payment layer that captures card data outside the AI path entirely. The customer enters their card, that data is handled only by a certified processor, and the AI agent never sees, hears or stores it. This keeps the conversation flowing while keeping cardholder data out of your environment. See PCI scope for what this means in practice.
Building that layer yourself is expensive. Achieving and maintaining PCI DSS Level 1 typically costs $500k+ upfront and $200k+ per year in audits, infrastructure and dedicated security staff. Shuttle removes that burden by providing the certified layer as a service.
How Shuttle Integrates with Decagon
Shuttle sits alongside your Decagon agents and handles the payment moment in isolation:
The Decagon agent runs the conversation as normal, resolving the customer's request across voice, chat or email.
When payment is due, the agent triggers Shuttle via a simple API call with the amount and reference.
Shuttle captures the card in isolation, using in-call DTMF tones on voice or a secure link on chat and email, so card data never enters the Decagon pipeline.
Shuttle processes the payment and routes it to your chosen gateway from 30+ supported providers.
The result is returned to the agent, which confirms the outcome to the customer and continues the conversation.
How It Works: Step by Step
The Decagon agent identifies payment intent during the conversation.
The amount and reference are confirmed with the customer.
A secure Shuttle payment session is created via API.
On a voice call, the audio path splits so card entry is isolated from the agent and transcription.
The customer enters their card number using the phone keypad.
The keypad tones (DTMF) are captured by Shuttle in isolation, never reaching Decagon.
Shuttle processes the transaction through the routed gateway.
A webhook returns the success or failure result to your system.
The agent confirms the outcome and the conversation continues. The whole capture takes roughly 20 to 30 seconds.
Multi-PSP Support
Shuttle routes to 30+ payment gateways, so you keep your existing processor relationships and pricing:
Stripe
Adyen
Worldpay
Checkout.com
Braintree
Square
Mollie
You can route by client, region, currency or merchant account, which matters for enterprises and agencies running payments across multiple entities.
PCI Compliance
Shuttle is a PCI DSS Level 1 certified Service Provider, the highest assurance level. Card data is captured, processed and stored only within Shuttle's certified environment. Your Decagon agents, transcripts, logs and analytics never touch it.
This changes the compliance posture. Because cardholder data is isolated inside Shuttle, your environment can typically qualify for the far simpler SAQ-A self-assessment rather than the extensive SAQ-D you would face if card data passed through your own systems. Fewer controls, fewer audits, less risk.
Beyond Voice: Payment Links
Not every payment needs to happen in the call. Shuttle also issues hosted payment links over SMS, email or chat. A Decagon agent can send a link mid-conversation, let the customer pay on a secure hosted page, and receive confirmation back. This suits higher-value transactions, follow-ups, or customers who prefer to pay on their own device, all without adding card data to your scope.
Use Cases
Bill-Pay and Collections
Decagon agents handling outstanding balances can take payment in the moment, or set up a payment plan and collect the first instalment, with cards captured securely on every call.
Customer Support Payments
When a support conversation turns into a purchase, an upgrade or a fee, the agent collects payment without handing the customer off to another channel.
Bookings and Deposits
Travel and hospitality agents can confirm a reservation and take a deposit in the same conversation, then send a payment link for the balance later.
Order Taking
Retail and ordering agents can complete a sale end to end, capturing the card by DTMF or sending a link for the customer to pay.
FAQ
Does Decagon process payments natively? Decagon references collecting card details through PCI-compliant voice interactions and connecting to payment processors, but it does not publish a PCI DSS certification level or its payment architecture. Whether it processes cards itself or integrates with an external layer is not publicly documented. Shuttle adds a verified, PCI DSS Level 1 certified capture layer with clear architecture and multi-PSP routing.
How do I take PCI-compliant payments with Decagon? Trigger Shuttle at the payment moment. Shuttle captures the card in isolation via DTMF or a secure link, processes it through your gateway, and returns the result to the agent. Card data never enters the Decagon pipeline, keeping it out of your PCI scope.
**Which payment gateways does Shuttle support?** Shuttle routes to 30+ gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, Square and Mollie. You keep your existing processor and pricing.
**Should we build PCI Level 1 ourselves instead?** You can, but it typically costs $500k+ upfront and $200k+ per year to maintain. Shuttle provides the certified layer as a service at $0.20 per transaction with no setup, monthly or per-seat fees.
Does this work for outbound calls? Yes. Outbound collections and sales agents can capture payment or set up a payment plan in the same conversation, with the same isolated, certified capture.
Related Reading
AI Voice Agent PCI Payments: the technical pattern for capturing cards in AI voice calls.
Voice Payments: how secure payment capture works over voice channels.
The Payment Layer for AI Agents: why AI agents need a dedicated, certified payment layer.
Sierra Payments: adding certified payment capture to Sierra AI agents.
Contact Centre Payments: the full picture on PCI-compliant payments across contact centre channels.
Add Payments to Your Decagon Agents
Add verified, PCI DSS Level 1 certified payment capture to your Decagon deployment with in-call DTMF, SMS payment links and routing to 30+ gateways, at $0.20 per transaction with no setup or monthly fees.
See Voice Checkout | Book a discovery call