Skip to main content
PCI Pal is a cloud-based secure payment solution that enables businesses to take payments over the phone while maintaining PCI DSS compliance. The integration allows PolyAI voice agents to securely transfer callers to PCI Pal’s payment environment.

How it works

  1. Payment trigger: When a caller needs to make a payment, the PolyAI agent initiates the PCI Pal session
  2. Secure transfer: The call is transferred to PCI Pal’s secure environment where card details are captured
  3. DTMF masking: Card numbers entered via keypad are masked and never exposed to the voice recording
  4. Payment processing: PCI Pal processes the payment through your payment gateway
  5. Return to agent: After payment completion, the caller returns to the PolyAI agent for confirmation

Capabilities

  • Secure card capture: PCI DSS Level 1 compliant payment collection
  • DTMF payment: Callers enter card details via phone keypad
  • Real-time authorization: Immediate payment confirmation
  • Payment status: Agent receives success/failure notification to continue the conversation

Getting started

Prerequisites

  • A PCI Pal account with API access
  • Your payment gateway credentials configured in PCI Pal
  • PolyAI project access

Step 1: Obtain PCI Pal credentials

Contact PCI Pal to obtain:
  • Tenant name: Your PCI Pal tenant identifier
  • Username: API username
  • Client ID and Client Secret: For OAuth authentication
  • Auth endpoint: Authentication URL
  • Session endpoint: Payment session URL
  • Flow ID: Your configured payment flow identifier

Step 2: Configure your payment flow

Work with PCI Pal to configure:
  • Payment amounts and currencies
  • Card types accepted
  • Retry logic for failed payments
  • Confirmation messaging

Step 3: Provide credentials to PolyAI

Securely share your PCI Pal credentials with PolyAI. These will be stored as encrypted secrets.

Step 4: Integration testing

  1. PolyAI configures the integration in your sandbox environment
  2. Test the payment flow with test card numbers
  3. Verify successful payment processing and return to agent
  4. Deploy to production after successful testing

Security

  • PCI DSS Compliance: PCI Pal is certified Level 1 PCI DSS compliant
  • No card data storage: PolyAI never stores or has access to card details
  • Encrypted transmission: All payment data is encrypted in transit
  • Call recording pause: Card entry portions are automatically excluded from recordings

Caller experience

Typical payment flow:
  1. Agent: “I’ll now transfer you to our secure payment line.”
  2. PCI Pal: “Please enter your 16-digit card number using your keypad.”
  3. Caller enters card details via DTMF
  4. PCI Pal: “Payment successful. Transferring you back.”
  5. Agent: “Thank you, your payment of $50 has been processed.”

Limitations

  • Voice entry: Card numbers must be entered via keypad, not spoken
  • Transfer required: Caller experiences a brief transfer to the payment system
  • Single payment: Each session handles one payment transaction

Support

For integration assistance:
  • Contact your PolyAI account manager
  • Reach out to PCI Pal support for payment gateway issues