Replicant builds autonomous AI agents for contact centres. Their platform handles the Tier 1 support calls that make up the bulk of inbound volume — account lookups, status checks, appointment scheduling, FAQ resolution — without a human agent. For contact centres processing thousands of calls a day, Replicant eliminates the staffing bottleneck for routine interactions.
But routine interactions often end with a payment. A customer confirms their outstanding balance and wants to settle it. A caller verifies their account details and asks to update their payment. A service request is completed and payment is due.
Replicant's AI agents can handle everything up to and after the payment. The payment itself, capturing a card number, processing it through a gateway, returning a result, requires infrastructure that sits outside the conversational AI stack entirely. The AI model must never see, hear, or process cardholder data. That's a PCI DSS requirement, not a product limitation.
Shuttle provides the PCI-compliant payment layer that lets Replicant agents capture payments during a call without any cardholder data entering Replicant's platform. There is no native Replicant integration: instead, your application invokes Shuttle's Twilio-based secure capture (Shuttle is Twilio's preferred payments partner), and the card is captured inside Shuttle's certified environment, not Replicant's. This does require you to be a Twilio customer today.
The Payment Challenge for Replicant
Replicant's value proposition is automation. Every call their AI handles is a call that doesn't need a human agent. But if a call requires a payment and the AI can't process it, the call gets transferred — and the automation benefit is lost.
The challenge is structural:
Card data is toxic to AI infrastructure. The moment a customer enters card digits via their keypad, those DTMF tones carry cardholder data. If they enter Replicant's audio pipeline, Replicant's entire infrastructure is in PCI scope: the speech recognition engine, the AI model, call recordings, transcription logs, data storage, and every network path those systems use.
PCI certification is expensive and slow. Level 1 PCI DSS certification for a complex AI voice infrastructure costs $500,000+ initially and $200,000+ annually. It requires quarterly vulnerability scans, annual penetration testing, a Qualified Security Assessor, and ongoing compliance management. For a company whose core product is conversational AI, that's a massive diversion of engineering and security resources.
Human handoffs defeat the purpose. If the AI agent has to transfer the caller to a human agent or a separate IVR system every time there's a payment, the automation promise breaks down. The customer waits on hold. The human agent handles a simple card capture. The cost savings evaporate.
The solution is a secure payment handoff that captures card data in a completely isolated PCI-compliant environment and returns the result to your application, so card data never reaches Replicant.
How Shuttle Works with Replicant Today
There is no native Replicant integration. Instead, the handoff is API-driven and built on Shuttle's Twilio-based capture, with a clean boundary where cardholder data exists only on Shuttle's side. You must be a Twilio customer, and your application code triggers the handoff at the point of payment.
Here's the architecture:
Replicant manages the conversation — The AI agent handles the call: intent recognition, customer verification, amount confirmation, and conversational flow. All of this is standard Replicant functionality.
A secure PCI capture is triggered for payment — When payment is needed, your application invokes Shuttle's secure capture. Today this runs over Twilio Pay, with Shuttle as the certified capture and gateway connector, operating within its own PCI DSS Level 1 certified environment.
Shuttle captures the card — The customer enters their card on their keypad during that secure PCI capture. The digits are captured by Shuttle in its certified environment, so they never reach Replicant or the AI model.
Payment is processed — Shuttle tokenises the card data and routes it to the merchant's payment gateway. The authorisation happens entirely within Shuttle's certified perimeter.
Result flows back — Shuttle returns the transaction outcome to your application via webhook: success or failure, a transaction reference, and a masked card number. The AI agent uses this to confirm the payment conversationally.
One honest caveat to set expectations: the secure capture at the point of payment is live now. Shuttle being present for the entire call is not yet turnkey. Returning the caller to the same Replicant agent after payment works today: you program the return route in your Twilio flow and pass a conversation ID, so the agent picks the call back up with full context. A carrier-agnostic version, which removes the Twilio requirement, is landing later in 2026. You also need some technical resource: Shuttle provides ready-made interfaces for payment links plus the capture and APIs, and you build the agent-side wiring. A native Replicant integration is possible only as a paid project.
How It Works: Step by Step
Here's the flow during a live Replicant call:
Step 1: Payment intent detected. The Replicant agent identifies that the customer wants to pay. This could be triggered by the customer's request, a workflow condition, or a backend lookup showing an outstanding balance.
Step 2: Amount confirmed. The agent confirms: "Your outstanding balance is $156.00. Would you like to pay that now?" The customer says yes.
Step 3: Payment explained. The agent sets expectations: "I'll just need your card details. You'll be prompted to enter them using your phone keypad."
Step 4: Shuttle session created. Your application calls Shuttle's API with the payment amount, currency, and the merchant's gateway configuration. Shuttle returns a session token and signals readiness.
Step 5: Secure capture begins. At the point of payment, a secure PCI DSS Level 1 capture takes over the card collection (today, via Twilio Pay). Shuttle plays secure prompts: "Please enter your 16-digit card number followed by the hash key." The customer enters digits via their keypad.
Step 6: Card captured in isolation. Shuttle captures the keypad digits inside its certified environment. The card never reaches Replicant or the AI model, so call recordings never contain card data.
Step 7: Card processed. Shuttle tokenises the card and sends the authorisation request to the merchant's gateway. The response comes back within seconds.
Step 8: Result returned. Shuttle sends the outcome to your application. The AI agent confirms: "Your payment of $156.00 has been processed. Your confirmation number is TXN-5518. Is there anything else I can help with?"
The customer stays on the line throughout the capture, with no transfer to a human agent. Returning the caller to the same Replicant agent and call after payment works today: your Twilio flow routes the call back and passes a conversation ID, so the agent resumes with context. Shuttle provides the secure capture and the result webhook; the return leg is wiring your team owns.
Multi-PSP Support
Replicant serves contact centres across industries: healthcare, financial services, insurance, utilities, telecoms. Each of those industries has established payment gateway relationships. A healthcare billing centre might process through Stripe. An insurance company might use Worldpay. A utility provider might route through Adyen.
Shuttle connects to 30+ payment gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, Square, and others. Switching gateway is configuration, not re-integration. Each Replicant deployment can be configured with the appropriate gateway for that merchant. A few gateways (Braintree, for example) do not work for voice capture because they will not allow raw card data to be passed, but they do work for payment links.
Routing capabilities include:
Per-merchant configuration — Each contact centre using Replicant can connect to their own PSP
Multi-PSP routing — Route transactions based on currency, region, or card type
Failover — Automatic routing to a backup gateway if the primary is unavailable
No integration multiplication — One Shuttle integration covers all gateways, regardless of how many different PSPs Replicant's customers use
This is particularly important for Replicant's enterprise customers, who often have multi-PSP strategies for redundancy and cost optimisation.
PCI Compliance
The integration architecture keeps Replicant and its customers completely out of PCI scope for cardholder data.
What Replicant handles:
Conversation flow, intent detection, customer authentication
Payment amount confirmation and session initiation via API
Transaction result handling (success/failure, reference, masked card number)
This is all non-sensitive data. It doesn't expand PCI scope.
What Shuttle handles:
Secure card capture after the handoff
Card data tokenisation
Gateway communication and authorisation
Secure prompt playback during card entry
All of this happens within Shuttle's PCI DSS Level 1 certified environment.
Call recordings are clean. Because the card is entered during the secure PCI capture, the digits are never part of the audio Replicant processes or records. No cardholder data is stored in Replicant's infrastructure, or in the contact centre's infrastructure.
SAQ-A eligibility. Because card data never enters Replicant's systems, the contact centres using Replicant can self-assess under SAQ-A for payment processing. This is the simplest PCI compliance tier — no penetration testing, no quarterly ASV scans, no on-site QSA audits.
Shuttle is a PCI DSS Level 1 certified Service Provider. The certification covers the complete card capture, tokenisation, and routing pipeline.
Beyond Voice: Payment Links
Payment links are the turnkey path. During a Replicant call, your application can send a payment link via SMS or email, including mid-call, as an alternative to keypad entry.
The flow: the agent confirms the payment amount, then tells the customer "I've sent a secure payment link to your mobile number." Shuttle generates a hosted checkout page and delivers it via SMS. The customer opens the link, enters their card details on a secure page, and completes the payment. The result is returned to your application in real time. Links work even with gateways that do not support voice capture.
Payment links are useful when:
The customer prefers visual confirmation of the amount and merchant
Higher-value transactions where customers want to see what they're paying
The caller has difficulty with keypad entry (accessibility, unfamiliarity)
The contact centre wants to offer the customer a choice of payment method
Both the secure capture and payment links use the same Shuttle infrastructure, the same PCI-compliant environment, and the same gateway routing. Your application can offer either option based on the conversation context.
FAQ
Does Shuttle have a native Replicant integration? No. There is no native Replicant integration today. The handoff is API-driven: your application invokes Shuttle's Twilio-based secure capture (Shuttle is Twilio's preferred payments partner) at the point of payment. A native Replicant integration is possible only as a paid project.
Does this require Twilio? Yes, today. The secure capture currently runs over Twilio Pay, so you must be a Twilio customer. A carrier-agnostic version that removes the Twilio requirement is landing later in 2026.
Can Replicant agents take payments without a secure handoff? Not compliantly. If card data enters Replicant's audio pipeline, the entire platform is in PCI scope. Shuttle's secure capture keeps card data isolated so Replicant's infrastructure stays clean.
Does this work with Replicant's existing call flows? Yes. The Shuttle handoff is triggered at the point in the conversation where payment is needed. It's an additional step in the workflow, wired up by your application code. You build the agent-side orchestration; Shuttle provides the capture, payment links, and APIs.
What if the customer's card is declined? Shuttle returns the decline reason to your application. The AI agent can offer to retry with a different card, send a payment link as an alternative, or handle the situation according to the contact centre's configured workflow.
How many payment gateways does Shuttle support? Shuttle connects to 30+ gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, and others. Switching gateway is configuration, not re-integration. A few gateways (Braintree, for example) work for payment links but not for voice capture.
What does Shuttle charge? $0.20 per successful transaction for voice. No setup fees, no monthly minimums, no per-seat licensing. Payment links are currently free (a new model is coming).
Related Reading
How AI Voice Agents Take PCI-Compliant Payments — The technical architecture for secure payment capture during AI voice calls
What Are Voice Payments? The Complete Guide — IVR, agent-assisted, and AI voice payment models compared
Twilio Pay Connectors — How Shuttle connects to Twilio's payment infrastructure
The Payment Layer for AI Agents — Why AI agents need a dedicated payment layer
Contact Centre Payments — PCI-compliant payment capture for contact centres
Add Payments to Your Replicant Agents
Shuttle is Twilio's official payment partner and a PCI DSS Level 1 certified Service Provider. If you're deploying Replicant AI agents and need PCI-compliant payment capture, talk to us about Voice Checkout or see how it works for platforms.