We're launching ProxyPay today — a different approach to secure phone payments that, as far as we know, nobody else has shipped yet. Instead of asking your contact-centre platform or CRM to hand the customer off to our API, ProxyPay sits invisibly inside your existing payment integration. Your system keeps driving the payment, talks to the same payment gateway it always has, and our job is to slot in the real card data we captured securely over the phone, mid-flight, then get out of the way.
The customer journey doesn't change. Your payment integration doesn't change. Your gateway integration doesn't change. The card data simply never enters your business at any layer.
What the name actually means
Every other secure phone-payment provider on the market — including our own earlier products — does the same thing under the hood: the provider's API drives the payment, and your existing payment plumbing gets replaced or rebuilt around it. That works, but it makes phone-payment security a multi-month project rather than a flick-of-a-config-switch one. A separate category of products exists for web APIs — transparent data proxies that swap secure tokens for real values in transit — but those weren't designed for phone payments, can't capture DTMF, and don't sit in the contact-centre stack.
ProxyPay combines both ideas in one product. Secure phone capture using DTMF masking, plus a transparent outbound proxy that lets your existing payment integration keep working without a single line changing. The name says what it does: it proxies your own payment request.
How it works in plain English
A customer on a live call enters their card details using their phone's keypad. We capture those keystrokes directly. DTMF masking suppresses the tones so neither the agent nor the call recording picks anything up.
When your contact-centre application is ready to take payment, it sends its usual API request to its payment gateway — except the card fields carry secure placeholder values, and the request is addressed to ProxyPay rather than the gateway. ProxyPay substitutes the real card data for the placeholders and forwards the request to whichever payment gateway you were already using. The processor sees an ordinary payment from the same customer of record as always. Nothing in your payment-handling code, error-handling, webhook listeners or reconciliation has to change.
Agents never hear, see, store, or retype card data. The CRM never receives it. The contact-centre platform never sees it. The call recording never captures it. You have no card data to protect, audit, or worry about, because you never have it in the first place.
Built from a real contact-centre problem
We built ProxyPay for Answer365, a Canadian contact centre that handles lottery ticket sales over the phone. Their lottery sales platform talked directly to a specialty payment processor through a custom integration — exactly the kind of bespoke payment plumbing that makes traditional PCI descope projects expensive and slow.
The lottery platform wasn't re-engineered. Its integration with the payment processor wasn't re-engineered. Its error handling, retry logic and reconciliation — all untouched. Answer365 changed the destination URL in one config field, swapped the card fields for placeholders, and pointed it at ProxyPay. Customers now key their cards in over the phone, we capture the data, and the lottery platform talks to its payment processor exactly as it always has.
What Craig says about it
"The standard model for secure phone payments forces the business to redesign its payment flow around the provider. We've never thought that was the right trade-off. What we've shipped — ProxyPay — does what the name says: it proxies the merchant's own payment request. Their existing system stays in the driver's seat, talks to the same gateway it always has, and we sit in the middle just long enough to swap secure placeholders for the real card data we captured by phone. The merchant's payment integration doesn't change at all. As far as we know, this is the first time anyone has combined transparent proxy substitution with DTMF capture in one product, and it changes what PCI descope looks like for contact centres."
— Craig Marston, Chief Technology Officer, Paytia
Availability
ProxyPay is available now to existing Paytia customers and to any business taking card-not-present payments that wants to descope its existing systems without rebuilding them. For technical detail, see our API docs, or get in touch via the contact page.
About Paytia
We're a PCI DSS Level 1 certified secure phone-payment provider, used by contact centres and customer-not-present businesses across the UK, US and worldwide. Built and headquartered in the UK.