Retell AI gives developers the tools to build AI voice agents quickly. Its API-first platform handles the hard parts of voice AI — speech synthesis, turn-taking, latency management, LLM orchestration — so development teams can focus on building the conversational experience rather than the telephony infrastructure.
Developers are building appointment booking agents, customer service bots, outbound sales callers, and lead qualification systems on Retell. Many of those use cases end with a payment. A customer confirms a booking and needs to pay. A caller agrees to settle an outstanding bill. A lead converts and wants to purchase.
But Retell AI agents can't natively capture card payments. The AI model must never see, hear, or process cardholder data — that's a PCI DSS requirement. If card data enters Retell's audio pipeline or your application's infrastructure, everything is in PCI scope.
Shuttle provides the payment layer that lets Retell AI agents capture PCI-compliant payments mid-call. Your agent triggers the payment. Shuttle captures the card. The result comes back. No card data ever touches your application or Retell's platform.
The Payment Challenge for Retell AI
Retell AI is a developer platform. That means the teams building on it are making their own architectural decisions — and when they hit the payment question, they face the same compliance wall that every voice AI platform faces.
**Card data cannot enter the AI pipeline.** If a customer enters card digits via their keypad during a Retell call, those DTMF tones are cardholder data under PCI DSS. If they flow through Retell's audio processing or your application's backend, your entire stack is in PCI scope. That includes Retell's speech infrastructure, your LLM, your call recordings, your database, and every network path connecting them.
Building your own payment capture is not viable. PCI DSS Level 1 certification costs $500,000+ initially and $200,000+ per year. It requires a Qualified Security Assessor, quarterly vulnerability scans, annual penetration testing, and strict controls on every system that handles card data. For a startup or small team building on Retell, that's not a realistic investment.
Redirecting to a separate system breaks the experience. If your Retell agent has to tell the customer "Please hang up and call our payment line" or "I'll transfer you to our payment system," the seamless AI experience breaks down. The customer waits, gets confused, or drops off entirely.
The solution is a payment layer that integrates into the Retell call flow, captures card data in an isolated PCI-compliant environment, and returns the result to your agent — all within the same conversation.
How Shuttle Integrates with Retell AI
Shuttle provides the payment infrastructure that Retell AI agents need. The integration is API-driven, which fits Retell's developer-first model: your application code orchestrates the payment flow using Shuttle's API, and Shuttle handles all card data in its PCI DSS Level 1 certified environment.
Here's the architecture:
Your Retell agent manages the conversation — Intent recognition, customer interaction, amount confirmation — all handled by your agent's LLM and Retell's voice infrastructure.
Your backend triggers Shuttle — When payment is needed, your application server calls Shuttle's API to create a payment session. You pass the amount, currency, and your gateway configuration.
Shuttle captures card data — Shuttle takes control of the DTMF capture channel. Card digits entered via the customer's keypad are captured by Shuttle and stripped from the audio stream that flows back to Retell and your application.
Payment is processed — Shuttle tokenises the card and routes it to your configured payment gateway. The authorisation happens entirely within Shuttle's certified environment.
Result returned to your agent — Shuttle sends a webhook with the transaction outcome: success/failure, transaction reference, masked card number. Your Retell agent confirms the payment in the conversation.
From an integration perspective, it's three API touchpoints: create session, handle DTMF capture (managed by Shuttle), receive webhook. Retell handles voice. Shuttle handles payments. Your application ties them together.
How It Works: Step by Step
Here's what happens during a live call with a Retell AI agent integrated with Shuttle:
Step 1: Payment intent recognised. Your Retell agent detects that the customer wants to pay. This could be explicit ("I'd like to pay for my appointment") or triggered by your application logic (a booking is confirmed and payment is due).
Step 2: Amount confirmed. The agent says: "The total for your appointment is $85.00. I can take your payment now — you'll be prompted to enter your card details using your keypad."
Step 3: Payment session created. Your backend server calls Shuttle's API: POST /payment-session with the amount ($85.00), currency (USD), and your gateway configuration. Shuttle returns a session token.
Step 4: Audio stream splits. Shuttle takes control of the DTMF capture channel on the call. The main audio stream — feeding Retell's speech infrastructure and your application — is isolated from the card capture path. DTMF tones are masked with flat replacement tones.
Step 5: Card details entered. Shuttle plays a secure prompt to the caller: "Please enter your 16-digit card number followed by the hash key." The customer enters their card number, expiry, and CVV via their phone keypad.
Step 6: Tones captured in isolation. Shuttle captures the DTMF tones in its PCI-compliant environment. The tones never reach Retell's platform or your application. Call recordings contain flat tones during this segment.
Step 7: Payment processed. Shuttle tokenises the card data and sends it to your payment gateway for authorisation. This takes a few seconds.
Step 8: Webhook received. Shuttle sends the result to your application: payment_completed with the outcome, a transaction reference (e.g., TXN-3392), and a masked card number (****7841).
Step 9: Agent confirms. Your Retell agent says: "Your payment of $85.00 has been processed. Your confirmation number is TXN-3392. Your appointment is confirmed for Thursday at 2pm."
Total time for the payment segment: 20-30 seconds. The customer stays on the line throughout. No transfers, no separate systems, no drop-offs.
Multi-PSP Support
If you're building on Retell AI, you might be a startup using Stripe. Or you might be building for an enterprise customer that requires Adyen. Or you might be building a multi-tenant application where each of your customers uses a different gateway.
Shuttle connects to 16+ payment gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, Square, Mollie, and others. Your Shuttle configuration determines which gateway processes each transaction.
For developers building multi-tenant applications on Retell, this is particularly valuable:
Per-tenant gateway configuration — Each of your customers can use their own PSP
Single integration — You integrate with Shuttle once. Gateway routing is configuration, not code.
Multi-PSP routing — Route by currency, region, card type, or custom rules
Failover — Automatic fallback to a secondary gateway if the primary is unavailable
This means you can offer payment capability to all your customers without building and maintaining separate gateway integrations for each one.
PCI Compliance
For developers building on Retell AI, PCI compliance is the single biggest reason to use a payment layer rather than building card capture yourself.
What stays in your application / Retell:
Conversation management and agent logic
Payment amount calculation and confirmation
Session initiation (API call to Shuttle)
Transaction result handling (webhook with non-sensitive data)
None of this is cardholder data. Your application and Retell's platform stay out of PCI scope.
What stays in Shuttle:
DTMF capture and decoding
Card data tokenisation
Gateway communication and authorisation
Secure prompt playback
All within Shuttle's PCI DSS Level 1 certified environment.
Call recordings: DTMF tones are stripped from the audio stream before they reach Retell or your application. Any call recordings you store contain flat masking tones during the payment segment. No cardholder data in your recordings, your logs, or your database.
Your PCI scope: With Shuttle handling all card data, your application qualifies for SAQ-A — the simplest PCI compliance tier. You're not storing, processing, or transmitting cardholder data. Your PCI obligation is limited to the API calls between your server and Shuttle, which contain no card data.
Shuttle is a PCI DSS Level 1 certified Service Provider. That covers the full pipeline: capture, tokenisation, gateway routing, and authorisation.
Beyond Voice: Payment Links
DTMF is the primary payment capture method during voice calls, but Shuttle also supports payment links — and for some Retell use cases, they're the better option.
During a Retell call, your agent can tell the customer: "I've just sent a secure payment link to your mobile." Shuttle generates a hosted checkout page and delivers it via SMS. The customer taps the link, enters their card details on the secure page, and completes the payment. The result is returned to your agent in real time.
Payment links are useful for:
Higher-value transactions — Customers may prefer to see the amount and merchant details on screen before entering their card
Mobile-first customers — If the caller is on a mobile phone, switching to a browser is seamless
Accessibility — Customers who find DTMF keypad entry difficult can use the visual checkout instead
Post-call payments — Your agent can send a payment link at the end of a call for the customer to complete later
Both methods use the same Shuttle infrastructure and PCI-compliant environment. Your application logic decides which method to use based on context.
Developer Integration
Retell AI is a developer platform, so the Shuttle integration is designed to fit into a typical development workflow:
API-driven. Create payment sessions, configure gateways, and receive webhooks via REST API. No SDKs required (though they're available).
No telephony changes. Shuttle integrates at the audio/DTMF layer. You don't need to change how your Retell agent handles calls — you add payment capability on top.
Webhook-based results. Transaction outcomes are delivered via webhook to your application server. Parse the payload, update your database, and instruct your Retell agent to confirm.
Test mode available. Test the full payment flow with test card numbers before going live. Same API, same flow, no real charges.
$0.20 per transaction. No setup fees, no monthly minimums, no per-seat licensing. You pay for transactions, not infrastructure.
FAQ
Can I build PCI-compliant payment capture myself on Retell? Technically, but the cost is prohibitive. PCI DSS Level 1 certification requires $500,000+ upfront and $200,000+/year in ongoing compliance costs. Shuttle provides the same capability at $0.20 per transaction.
What payment gateways does Shuttle support? 16+ gateways including Stripe, Adyen, Worldpay, Checkout.com, Braintree, Square, and others. You configure your gateway in Shuttle and it handles the routing.
How long does the DTMF payment capture take? Typically 20-30 seconds for the customer to enter their card number, expiry, and CVV. The customer stays on the line with your agent throughout.
Can I use this for outbound calls? Yes. If your Retell agent makes outbound calls and needs to collect payment during the call, the same Shuttle integration works. The AI agent triggers the payment flow identically to inbound calls.
Does the customer hear the Retell agent during card entry? During the DTMF capture segment, Shuttle plays secure prompts (e.g., "Please enter your card number"). The Retell agent's voice is paused during this window. Once card entry is complete, the agent resumes.
Related Reading
How AI Voice Agents Take PCI-Compliant Payments — The technical architecture for secure payment capture during AI voice calls
What Are Voice Payments? The Complete Guide — IVR, agent-assisted, and AI voice payment models compared
Twilio Pay Connectors — How Shuttle connects to Twilio's payment infrastructure
The Payment Layer for AI Agents — Why AI agents need a dedicated payment layer
Contact Centre Payments — PCI-compliant payment capture for contact centres
PCI Pal Alternatives — How Shuttle compares to PCI Pal for voice payments
Add Payments to Your Retell AI Agents
Shuttle is Twilio's official payment partner and a PCI DSS Level 1 certified Service Provider. If you're building voice agents on Retell AI and need PCI-compliant payment capture, talk to us about Voice Checkout or see how it works for platforms.