The CCaaS Payment Opportunity
Contact centre platforms handle billions of customer interactions each year. A significant share of those interactions involve money changing hands: bill payments, insurance premiums, debt collections, subscription renewals, order payments, travel bookings.
Yet most CCaaS platforms don't have native payment capabilities.
Their enterprise customers are asking for it. A utility company running collections through a CCaaS platform wants agents to capture payments on the call. An insurance carrier wants IVR self-service renewals. A retailer wants AI agents that close sales and take payment in one conversation.
These aren't edge cases. They are recurring, high-volume use cases that happen across every vertical a CCaaS platform serves.
The platform that adds payment capture creates two things: a new revenue stream (payments become a billable feature) and massive customer stickiness (platforms that handle payments are hard to leave). The platform that doesn't add payments watches its enterprise customers solve the problem with bolt-on vendors, fragmented workflows, and eventual migration to a competitor that got there first.
The opportunity is not theoretical. Twilio identified it early. Five9, Talkdesk, and Genesys all have enterprise customers requesting it. The question for every CCaaS platform is not whether to add payments but how to add them without derailing the core product roadmap.
Why CCaaS Platforms Struggle with Payments
Payments are not a CCaaS platform's core competency. Building payment infrastructure from scratch is a fundamentally different engineering discipline, and it comes with compliance obligations that most CX-focused teams are not equipped to manage.
PCI DSS Compliance Is Complex for Voice Channels
PCI DSS (Payment Card Industry Data Security Standard) applies to every system that stores, processes, or transmits cardholder data. In a voice environment, that means the telephony stack, call recording, agent workstations, and the network carrying the audio. If a customer reads a card number to an agent, the entire call path is in PCI scope.
Achieving PCI DSS Level 1 certification for a voice environment costs upwards of $2M and takes 12+ months. Maintaining it is an ongoing operational burden that competes directly with product development resources.
Enterprise Customers Bring Their Own PSPs
This is the problem that breaks most in-house payment builds. Enterprise contact centres don't use one payment service provider. A US-based insurer might mandate Worldpay. A European retailer requires Adyen. A debt collection agency uses a regional acquirer.
If the CCaaS platform builds a Stripe integration, it works for customers that use Stripe. The moment an enterprise deal requires a different PSP, the platform faces a choice: build another integration (weeks to months per PSP) or lose the deal.
Multi-PSP support through a single integration is a prerequisite for enterprise CCaaS payments. Most platforms don't realise this until they've already shipped a single-PSP solution and hit the wall.
The Build Diverts From Core CX
Even if a CCaaS platform has the engineering resources, building DTMF capture, tone suppression, card tokenisation, multi-PSP routing, agent payment UI, and transaction reporting is a 12-month project at minimum. That is a year of engineering time not spent on the platform's core CX capabilities — call routing, workforce management, analytics, AI features.
Payment infrastructure is a deep rabbit hole. Once you start, it doesn't stop. There are gateway-specific quirks, 3D Secure flows, refund handling, settlement reconciliation, regional compliance variations, and ongoing PCI re-certification. Payments become a permanent roadmap tax.
What Enterprise Customers Actually Need
When enterprise contact centres evaluate a CCaaS platform's payment capabilities, they have a specific set of non-negotiable requirements.
PCI-compliant voice payment capture. DTMF-based card entry with tone suppression, so the agent stays on the call but never hears, sees, or accesses card data. This is the baseline. Pause-and-resume (where the agent manually stops recording) doesn't pass enterprise security reviews.
Support for their mandated PSP. Enterprise customers have existing PSP relationships. They are not switching to Stripe because the CCaaS platform only supports Stripe. The platform needs to route transactions to whichever PSP the customer uses — Worldpay, Adyen, Checkout.com, Braintree, or a regional acquirer.
Agent-assisted payment UI. Agents need to see real-time payment status during a call: whether the customer is entering digits, whether validation passed, whether the transaction was approved or declined. This needs to sit within the agent desktop, not in a separate window or system.
Payment links for post-call collection. Not every payment completes on the call. The customer may not have their card, the call may drop, or the agent may need to follow up. Sending a branded payment link via SMS or email — while the conversation is still warm — recovers revenue that would otherwise be lost.
Real-time transaction reporting. Enterprise customers need a dashboard showing transaction volume, success rates, refund activity, and settlement status. For CCaaS platforms serving multiple enterprise clients, this needs to be segmented per customer.
Compliance documentation for their own audits. Enterprise customers undergo their own PCI, SOC 2, and ISO audits. They need the CCaaS platform to provide certificates and attestation documents proving that payment capture is handled within a certified environment. If the platform can't provide these, the deal stalls in procurement.
The Twilio Model: How It Already Works
Twilio is the infrastructure layer underneath many CCaaS platforms. Talkdesk, Five9 Flex, and dozens of purpose-built contact centre solutions run on Twilio's programmable voice APIs.
Shuttle is Twilio's chosen payment partner. This means Shuttle provides the payment capture layer within Twilio-powered voice flows. It's available on the Twilio Marketplace and already in production with enterprise customers across insurance, AI voice, and collections.
Here is how the model works:
Twilio handles voice. The call is running on Twilio's infrastructure — routing, recording, agent connection, IVR logic.
Shuttle handles payment capture. When a payment is triggered (by an agent, an IVR flow, or an AI voice agent), Shuttle creates a secure payment session within the active call.
DTMF tones are intercepted. The customer enters their card number via keypad. Shuttle captures the tones within its PCI DSS Level 1 environment. The tones are stripped from the audio stream — the agent hears masking tones, not digits.
Card data is tokenised. Shuttle tokenises the card data. No card numbers touch the CCaaS platform, the telephony stack, or the call recording.
Transaction is routed to the enterprise customer's PSP. Shuttle routes the payment to whichever PSP the end customer uses — Worldpay, Adyen, Stripe, or any of 40+ supported providers. The CCaaS platform doesn't need to integrate with each one.
Result is returned. The transaction result (approved, declined, 3DS required) is returned to the CCaaS platform via webhook and displayed to the agent in real time.
The CCaaS platform's role is simply to enable it. No card data enters their stack. No PCI scope. No PSP integrations to build or maintain.
This is not hypothetical. PolyAI — an AI voice platform — uses this exact model in production. Their AI agents handle high-value transactions across regulated industries, routing payments through their enterprise customers' mandated PSPs, with zero PCI scope on PolyAI's side.
Three Ways to Add Payments to a CCaaS Platform
Option 1: Build Proprietary Payment Infrastructure
Build DTMF capture, tone suppression, tokenisation, PSP integrations, agent UI, and reporting from scratch.
Timeline: 12-18 months to first production transaction. Ongoing maintenance indefinitely.
Cost: $2M+ for PCI DSS Level 1 certification alone. Plus engineering headcount, ongoing re-certification, and per-PSP integration maintenance.
Upside: Full control over the payment experience.
Downside: Massive resource diversion from core CX product. PCI compliance becomes a permanent operational burden. Every new PSP requires a new integration build. Every compliance change requires engineering response.
Best for: Platforms with dedicated payments teams and a strategic decision to make payments a core product pillar. Very few CCaaS platforms fit this profile.
Option 2: Partner with a Single PSP
Integrate directly with Stripe, Adyen, or another PSP. Offer payments through that one provider.
Timeline: 3-6 months to production.
Cost: Lower than building from scratch, but PCI scope still exists for voice channels unless the PSP handles DTMF suppression (most don't).
Upside: Faster than building from zero. Known brand name.
Downside: Lock-in. Enterprise customers that use a different PSP cannot use the payment feature. The CCaaS platform becomes a distribution channel for that one PSP — not a flexible payments platform.
Best for: Platforms with a homogeneous customer base that all use the same PSP. This is rare at enterprise scale.
Option 3: Embed a Payment Layer
Integrate a PSP-neutral payment layer that handles PCI compliance, DTMF capture, tokenisation, and multi-PSP routing. The CCaaS platform enables payments through a single integration. Enterprise customers connect their own PSP.
Timeline: Weeks, not months. Pre-built connectors for Twilio and SIP-based telephony.
Cost: Usage-based or revenue share. No PCI certification cost. No per-PSP integration cost.
Upside: Full PSP flexibility. Multi-channel (voice, IVR, SMS payment links, AI agents). PCI scope eliminated. White-label — the enterprise customer sees the CCaaS platform's brand, not the payment layer underneath.
Downside: Dependency on a third-party payment partner. Mitigated by the PSP-neutral architecture — the platform isn't locked to any single provider.
Best for: CCaaS platforms that need enterprise-grade payment capabilities without diverting core engineering resources.
The Revenue Opportunity
Adding payment capabilities isn't just a feature checkbox. It's a revenue driver with multiple layers.
Payments as a billable feature. Payment capture becomes a paid add-on — charged per transaction, per seat, or as a premium tier. Platforms that embed payments through a revenue-share model generate recurring income on transaction volume without managing any payment infrastructure.
Higher contract values. Enterprise deals that include payment capabilities command higher annual contract values. A CCaaS platform that solves voice payments alongside call routing and agent management captures more budget from the same buyer.
Reduced churn. Payments create deep integration. When an enterprise customer's agents, IVR flows, and AI bots all capture payments through the CCaaS platform, switching costs increase significantly. Payment data, merchant configurations, and PSP connections don't migrate easily.
Competitive differentiation. In RFPs against Five9, Talkdesk, Genesys, or niche CCaaS platforms, native payment capabilities are a differentiator. Most CCaaS platforms punt on payments. The one that solves it wins the deal — especially in verticals like insurance, utilities, collections, and financial services where phone payments are high-volume.
Expansion revenue. Once voice payments are live, the same payment layer enables SMS payment links, chat payments, and AI agent payment capture. Each new channel is expansion revenue without a new integration.
Technical Architecture: How Payment Capture Works
The architecture is straightforward. No card data touches the CCaaS platform at any point.
Voice Payment Flow (Agent-Assisted or IVR)
Payment triggered. An agent clicks "take payment" in their desktop, or an IVR flow reaches a payment node.
Secure session created. The CCaaS platform calls Shuttle's API to initiate a payment session for the active call. Parameters include amount, currency, and the merchant's PSP configuration.
Audio routed through PCI environment. The call's media stream is routed through Shuttle's PCI DSS Level 1 environment. The agent remains connected. The customer hears a prompt to enter card details via keypad.
DTMF captured and suppressed. Keypad tones are intercepted by Shuttle. The agent hears masking tones — silence, flat tones, or hold music. No card data enters the CCaaS audio path.
Card data tokenised. Shuttle validates the card number (Luhn check, BIN lookup), tokenises it, and prepares the transaction.
Transaction routed to PSP. Shuttle sends the transaction to the enterprise customer's configured PSP — Worldpay, Stripe, Adyen, or any supported provider. 3D Secure is handled if required.
Result returned via webhook. Approved, declined, or requires further authentication. The CCaaS platform displays the result to the agent. A transaction ID is logged for reconciliation.
What Never Touches the CCaaS Platform
Raw card numbers
CVV
DTMF tones containing card data
Any data that would put the platform in PCI scope
The CCaaS platform receives only: transaction status, last four digits (masked), transaction ID, and a token. This keeps the platform at PCI SAQ-A — the lightest compliance level.
SMS Payment Link Fallback
If DTMF capture fails (customer on a VoIP phone without a keypad, or in a noisy environment), the agent triggers an SMS payment link. The customer receives a branded checkout page on their device, completes payment (card, Apple Pay, Google Pay, or bank transfer), and the agent sees confirmation in real time. Same PCI-free architecture.
Conclusion
CCaaS platforms sit on top of the interactions where payments happen. Collections calls, insurance renewals, order confirmations, subscription payments — these are live conversations that should end with a completed transaction.
The platforms that add payment capabilities capture more revenue per customer, win more enterprise deals, and build switching costs that reduce churn. The platforms that don't add payments leave that value for bolt-on vendors and competitors to capture.
Building payment infrastructure in-house is a 12+ month, multi-million-dollar commitment that diverts engineering from core CX product development. Partnering with a single PSP creates lock-in that breaks at enterprise scale. Embedding a PSP-neutral payment layer — one that handles PCI compliance, DTMF capture, multi-PSP routing, and white-label branding — gets payments live in weeks without touching the product roadmap.
Shuttle is the payment layer underneath Twilio-powered voice flows and CCaaS platforms. 40+ PSP integrations. PCI DSS Level 1. Voice, IVR, SMS payment links, and AI agent support. White-label. Live in weeks.
If your CCaaS platform is evaluating payment capabilities, talk to us. We'll show you how platforms like PolyAI and others in the Twilio ecosystem are already capturing payments in production — without building a single PSP integration.
[Book a Call] | [See How It Works]