Replicant builds autonomous AI agents for contact centres. Their platform handles the Tier 1 support calls that make up the bulk of inbound volume — account lookups, status checks, appointment scheduling, FAQ resolution — without a human agent. For contact centres processing thousands of calls a day, Replicant eliminates the staffing bottleneck for routine interactions.
But routine interactions often end with a payment. A customer confirms their outstanding balance and wants to settle it. A caller verifies their account details and asks to update their payment. A service request is completed and payment is due.
Replicant's AI agents can handle everything up to and after the payment. The payment itself — capturing a card number, processing it through a gateway, returning a result — requires infrastructure that sits outside the conversational AI stack entirely. The AI model must never see, hear, or process cardholder data. That's a PCI DSS requirement, not a product limitation.
Shuttle provides the PCI-compliant payment layer that lets Replicant agents capture payments mid-call without any cardholder data entering Replicant's platform.
The Payment Challenge for Replicant
Replicant's value proposition is automation. Every call their AI handles is a call that doesn't need a human agent. But if a call requires a payment and the AI can't process it, the call gets transferred — and the automation benefit is lost.
The challenge is structural:
**Card data is toxic to AI infrastructure.** The moment a customer enters card digits via their keypad, those DTMF tones carry cardholder data. If they enter Replicant's audio pipeline, Replicant's entire infrastructure is in PCI scope: the speech recognition engine, the AI model, call recordings, transcription logs, data storage, and every network path those systems use.
PCI certification is expensive and slow. Level 1 PCI DSS certification for a complex AI voice infrastructure costs $500,000+ initially and $200,000+ annually. It requires quarterly vulnerability scans, annual penetration testing, a Qualified Security Assessor, and ongoing compliance management. For a company whose core product is conversational AI, that's a massive diversion of engineering and security resources.
Human handoffs defeat the purpose. If the AI agent has to transfer the caller to a human agent or a separate IVR system every time there's a payment, the automation promise breaks down. The customer waits on hold. The human agent handles a simple card capture. The cost savings evaporate.
The solution is a payment layer that integrates into the Replicant call flow, captures card data in a completely isolated PCI-compliant environment, and returns the result to the AI agent — so the conversation continues without interruption.
How Shuttle Integrates with Replicant
Shuttle acts as the payment bridge between Replicant's AI agents and the payment gateway. The integration is architectural: two systems with a clean API boundary, where cardholder data exists only on Shuttle's side.
Here's the architecture:
Replicant manages the conversation — The AI agent handles the call: intent recognition, customer verification, amount confirmation, and conversational flow. All of this is standard Replicant functionality.
Shuttle manages the payment — When the agent triggers a payment, Shuttle takes control of the card capture channel. It operates within its own PCI DSS Level 1 certified environment, fully isolated from Replicant.
DTMF tones are captured and masked — Card digits entered via the customer's keypad are captured by Shuttle. The tones are stripped from Replicant's audio stream and replaced with flat masking tones. Replicant's systems never receive the raw DTMF data.
Payment is processed — Shuttle tokenises the card data and routes it to the merchant's payment gateway. The authorisation happens entirely within Shuttle's certified perimeter.
Result flows back — Shuttle returns the transaction outcome to Replicant via webhook: success/failure, transaction reference, masked card number. The AI agent uses this to confirm the payment conversationally.
From the customer's perspective, the payment is part of the conversation. From a compliance perspective, Replicant never enters PCI scope.
How It Works: Step by Step
Here's the flow during a live Replicant call:
Step 1: Payment intent detected. The Replicant agent identifies that the customer wants to pay. This could be triggered by the customer's request, a workflow condition, or a backend lookup showing an outstanding balance.
Step 2: Amount confirmed. The agent confirms: "Your outstanding balance is $156.00. Would you like to pay that now?" The customer says yes.
Step 3: Payment explained. The agent sets expectations: "I'll just need your card details. You'll be prompted to enter them using your phone keypad."
Step 4: Shuttle session created. Replicant's platform calls Shuttle's API with the payment amount, currency, and the merchant's gateway configuration. Shuttle returns a session token and signals readiness.
Step 5: Secure capture begins. The call enters the payment segment. Shuttle plays secure prompts: "Please enter your 16-digit card number followed by the hash key." The customer enters digits via their keypad.
Step 6: DTMF isolated. Shuttle captures the keypad tones in its PCI-compliant environment. The tones are masked from Replicant's audio stream. Call recordings contain flat tones — no card data.
Step 7: Card processed. Shuttle tokenises the card and sends the authorisation request to the merchant's gateway. The response comes back within seconds.
Step 8: Result returned. Shuttle sends the outcome to Replicant. The AI agent confirms: "Your payment of $156.00 has been processed. Your confirmation number is TXN-5518. Is there anything else I can help with?"
The entire payment segment takes 20-30 seconds. No transfers. No hold music. No human involvement. The call that started with Replicant's AI agent ends with Replicant's AI agent — payment included.
Multi-PSP Support
Replicant serves contact centres across industries — healthcare, financial services, insurance, utilities, telecoms. Each of those industries has established payment gateway relationships. A healthcare billing centre might process through Stripe. An insurance company might use Worldpay. A utility provider might route through Adyen.
Shuttle connects to 16+ payment gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, Square, and others. Each Replicant deployment can be configured with the appropriate gateway for that merchant.
Routing capabilities include:
Per-merchant configuration — Each contact centre using Replicant can connect to their own PSP
Multi-PSP routing — Route transactions based on currency, region, or card type
Failover — Automatic routing to a backup gateway if the primary is unavailable
No integration multiplication — One Shuttle integration covers all gateways, regardless of how many different PSPs Replicant's customers use
This is particularly important for Replicant's enterprise customers, who often have multi-PSP strategies for redundancy and cost optimisation.
PCI Compliance
The integration architecture keeps Replicant and its customers completely out of PCI scope for cardholder data.
What Replicant handles:
Conversation flow, intent detection, customer authentication
Payment amount confirmation and session initiation via API
Transaction result handling (success/failure, reference, masked card number)
This is all non-sensitive data. It doesn't expand PCI scope.
What Shuttle handles:
DTMF capture and decoding
Card data tokenisation
Gateway communication and authorisation
Secure prompt playback during card entry
All of this happens within Shuttle's PCI DSS Level 1 certified environment.
Call recordings are clean. DTMF tones are stripped from all audio streams before they reach Replicant's platform. Recordings contain flat masking tones during the payment window. No cardholder data is stored in Replicant's infrastructure — or in the contact centre's infrastructure.
SAQ-A eligibility. Because card data never enters Replicant's systems, the contact centres using Replicant can self-assess under SAQ-A for payment processing. This is the simplest PCI compliance tier — no penetration testing, no quarterly ASV scans, no on-site QSA audits.
Shuttle is a PCI DSS Level 1 certified Service Provider. The certification covers the complete card capture, tokenisation, and routing pipeline.
Beyond Voice: Payment Links
Not every payment needs to happen via DTMF. During a Replicant call, the AI agent can send a payment link via SMS as an alternative to keypad entry.
The flow: the agent confirms the payment amount, then tells the customer "I've sent a secure payment link to your mobile number." Shuttle generates a hosted checkout page and delivers it via SMS. The customer opens the link, enters their card details on a secure page, and completes the payment. The result is returned to the Replicant agent in real time.
Payment links are useful when:
The customer prefers visual confirmation of the amount and merchant
Higher-value transactions where customers want to see what they're paying
The caller has difficulty with keypad entry (accessibility, unfamiliarity)
The contact centre wants to offer the customer a choice of payment method
Both DTMF and payment links use the same Shuttle infrastructure, the same PCI-compliant environment, and the same gateway routing. The AI agent can offer either option based on the conversation context.
FAQ
Can Replicant agents take payments without a third-party integration? Not compliantly. If card data enters Replicant's audio pipeline, the entire platform is in PCI scope. A PCI-compliant payment layer like Shuttle keeps card data isolated so Replicant's infrastructure stays clean.
Does this work with Replicant's existing call flows? Yes. The Shuttle integration is added at the point in the conversation where payment is needed. It doesn't require restructuring existing call flows — it's an additional step in the workflow.
What if the customer's card is declined? Shuttle returns the decline reason to Replicant. The AI agent can offer to retry with a different card, send a payment link as an alternative, or handle the situation according to the contact centre's configured workflow.
How many payment gateways does Shuttle support? Shuttle connects to 16+ gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, and others. Each Replicant deployment can use whichever gateway the merchant requires.
What does Shuttle charge? $0.20 per transaction. No setup fees, no monthly minimums, no per-seat licensing.
Related Reading
How AI Voice Agents Take PCI-Compliant Payments — The technical architecture for secure payment capture during AI voice calls
What Are Voice Payments? The Complete Guide — IVR, agent-assisted, and AI voice payment models compared
Twilio Pay Connectors — How Shuttle connects to Twilio's payment infrastructure
The Payment Layer for AI Agents — Why AI agents need a dedicated payment layer
Contact Centre Payments — PCI-compliant payment capture for contact centres
PCI Pal Alternatives — How Shuttle compares to PCI Pal for voice payments
Add Payments to Your Replicant Agents
Shuttle is Twilio's official payment partner and a PCI DSS Level 1 certified Service Provider. If you're deploying Replicant AI agents and need PCI-compliant payment capture, talk to us about Voice Checkout or see how it works for platforms.