Phonely is an AI phone answering platform for businesses. It answers inbound calls, books appointments, qualifies leads, and runs custom call flows, so service businesses can handle every call without staffing a front desk. You configure the conversation, routing logic, booking steps, and payment workflows around how your business actually works.
But when a Phonely agent needs to take a payment, card data cannot be allowed to enter the AI pipeline.
This guide covers how to take PCI-compliant payments on Phonely AI voice agents using Shuttle, so your agents can collect card payments mid-call without putting your business or the call flow in PCI scope.
Phonely advertises PCI-compliant infrastructure and lets you build a payment step into a call flow. But a payment workflow step is not the same as processing the payment. Phonely does not capture the card in an isolated environment, does not connect to a payment gateway, and does not charge the card. You still need a payment layer that captures the card away from the agent flow, keeps it out of your call logs, and actually processes it. If card digits enter the audio stream unprotected, your whole stack falls into PCI scope.
Shuttle provides the payment layer that closes that gap. Your Phonely agent triggers the payment, Shuttle captures the card in an isolated PCI-certified environment, and the result comes back to your agent, all within the same conversation.
The Payment Challenge for Phonely
Phonely is built for businesses, not developers, which means the goal is a working call flow rather than a custom payment stack. That goal still runs into the same compliance wall every voice AI platform hits.
**Card data cannot enter the AI pipeline.** If a customer reads or keys in card digits during a Phonely call, that is cardholder data under PCI DSS. If it flows through the audio path, your transcription, call recordings, and any connected systems are all in PCI scope.
A configured payment step is not payment processing. Phonely lets you add a payment workflow to a call flow, and it runs on PCI-compliant infrastructure. But that step still needs something to capture the card in isolation and route it to a gateway. The platform handling the conversation is not the same as the layer that charges the card.
Building card capture yourself is not realistic. PCI DSS Level 1 certification costs $500,000+ upfront and $200,000+ per year, plus a Qualified Security Assessor, quarterly scans, and annual penetration testing. For a business that just wants its AI receptionist to take a deposit, that is a non-starter.
Bolting on a separate payment line breaks the experience. Telling the caller to hang up and dial a payment number, or transferring them to a separate IVR, undoes the seamless agent experience and loses payments at exactly the wrong moment.
The answer is a payment layer that drops into the Phonely call flow, captures the card in an isolated environment, and returns a clean result to your agent.
How Shuttle Integrates with Phonely
Shuttle handles every piece of card data inside its PCI DSS Level 1 certified environment, while Phonely runs the conversation.
Your Phonely agent runs the conversation: greeting, qualification, booking, and amount confirmation are handled by your Phonely call flow.
The payment is triggered: when payment is due, a webhook or tool step from your Phonely flow calls Shuttle to create a payment session with the amount, currency, and gateway configuration.
Shuttle captures card data: Shuttle takes control of the DTMF capture channel. Card digits entered on the keypad are captured by Shuttle and stripped from the audio that returns to Phonely.
Payment is processed: Shuttle tokenises the card and routes it to your configured gateway. Authorisation happens entirely inside Shuttle's certified environment.
Result returned to your agent: Shuttle sends a webhook with the outcome, a transaction reference, and a masked card number. Your Phonely agent confirms the payment in the conversation.
The trigger fits naturally into the call flow you already have: detect intent, hand off to Shuttle for the card, resume the conversation on the result.
How It Works: Step by Step
Step 1: Payment intent recognised. Your Phonely agent reaches the point in the call flow where a payment or deposit is due.
Step 2: Amount confirmed. The agent says the total and tells the customer they'll enter their card on the keypad.
Step 3: Payment session created. A webhook from your flow calls Shuttle's API with the amount, currency, and gateway config. Shuttle returns a session token.
Step 4: Audio stream splits. Shuttle takes control of the DTMF capture channel. The main audio path feeding Phonely's transcription is isolated from the card capture path, and tones are masked with flat replacement tones.
Step 5: Card details entered. Shuttle plays a secure prompt and the customer enters card number, expiry, and CVV via the keypad.
Step 6: Tones captured in isolation. Shuttle captures the DTMF in its PCI-compliant environment. The tones never reach Phonely, and recordings contain flat tones during this segment.
Step 7: Payment processed. Shuttle tokenises the card and routes it to your gateway for authorisation.
Step 8: Webhook received. Shuttle sends the result back: outcome, transaction reference, masked card number.
Step 9: Agent confirms. Your Phonely agent confirms the payment and continues the conversation.
The payment segment takes 20-30 seconds. The customer stays on the line throughout, with no transfers and no separate systems.
Multi-PSP Support
Whether you process on Stripe today, your enterprise client mandates Adyen, or you run multiple locations that each bring their own gateway, Shuttle connects to 30+ payment gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, Square, and Mollie.
Per-client gateway configuration: each business or location can use its own PSP
Single integration: integrate with Shuttle once; gateway routing is configuration, not code
Multi-PSP routing: route by currency, region, card type, or custom rules
Failover: automatic fallback to a secondary gateway if the primary is unavailable
For agencies and operators running Phonely agents across multiple businesses, this means offering payment capability to everyone without maintaining a separate gateway integration per client.
PCI Compliance
Shuttle is a PCI DSS Level 1 certified Service Provider, the highest level of payment security certification.
What stays in your business / Phonely: conversation logic, booking, amount calculation, and handling of non-sensitive webhook results. None of this is cardholder data, so your business and the Phonely call flow stay out of PCI scope.
What stays in Shuttle: DTMF capture and decoding, card tokenisation, gateway communication, and secure prompt playback, all inside the certified environment.
Call recordings: DTMF tones are stripped before they reach Phonely. Stored recordings contain flat masking tones during the payment segment, so there is no cardholder data in your recordings, logs, or systems.
With Shuttle handling all card data, your business qualifies for SAQ-A, the simplest PCI compliance tier, rather than the SAQ-D obligations that taking card data yourself would trigger.
Beyond Voice: Payment Links
DTMF is the primary in-call method, but Shuttle also supports payment links. Mid-call, your Phonely agent can say it has sent a secure link by SMS; the customer opens a hosted checkout page, pays, and the result returns to your agent in real time.
Payment links suit higher-value transactions, mobile-first callers, customers who find keypad entry difficult, and post-call payments. Both methods use the same Shuttle infrastructure, and your call flow chooses which to use.
Use Cases
AI Receptionists and Appointment Booking
Phonely agents for clinics, salons, dental practices, and service businesses can take a deposit or full payment to secure a booking before the call ends, cutting no-shows.
Home and Field Services
Plumbers, electricians, HVAC, and other trades using Phonely to answer calls can collect a call-out deposit or balance during the booking conversation rather than chasing payment afterwards.
Inbound Bill-Pay and Account Payments
Businesses fielding account and billing calls can take a payment in the same conversation rather than directing the caller to a website or a separate line.
Lead Qualification to Purchase
Agents that qualify inbound interest can close and collect payment in one call, capturing the card at the moment the customer commits.
Integration
Webhook-driven. Trigger a Shuttle payment session from your Phonely call flow and resume the conversation when the result webhook arrives.
No telephony changes. Shuttle integrates at the audio/DTMF layer, so you add payment capability without changing how your Phonely agent handles calls.
Test mode available. Run the full payment flow with test card numbers before going live.
**$0.20 per transaction.** No setup fees, no monthly minimums, no per-seat licensing.
FAQ
Does Phonely process payments on its own? Phonely runs PCI-compliant infrastructure and lets you add a payment step to a call flow, but it does not capture the card in isolation, connect to a payment gateway, or charge the card. Shuttle provides that payment layer.
**Can I build PCI-compliant payment capture myself on Phonely?** Technically, but PCI DSS Level 1 certification runs $500,000+ upfront and $200,000+/year. Shuttle provides the same capability at $0.20 per transaction.
**What payment gateways does Shuttle support?** 30+ gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, and Square. You configure your gateway in Shuttle and it handles routing.
Can I use this for outbound calls? Yes. The same integration works for outbound agents that need to collect payment during a call.
Does the customer hear the agent during card entry? During DTMF capture, Shuttle plays secure prompts and the agent's voice is paused. Once entry is complete, the agent resumes.
Related Reading
Retell AI Payments: PCI-compliant payment capture for Retell AI voice agents
Vapi Payments: secure payment capture for Vapi voice agents
Bland AI Payments: secure payment capture for Bland AI phone agents
How AI Voice Agents Take PCI-Compliant Payments: the technical architecture for secure payment capture during AI voice calls
What Are Voice Payments? The Complete Guide: IVR, agent-assisted, and AI voice payment models compared
The Payment Layer for AI Agents: why AI agents need a dedicated payment layer
Add Payments to Your Phonely AI Agents
Shuttle is Twilio's official payment partner and a PCI DSS Level 1 certified Service Provider. If you're using Phonely for AI call answering and need PCI-compliant payment capture:
See Voice Checkout | Book a discovery call