What are Agent-Assisted Payments?

An agent-assisted payment is a phone-based card payment where a contact centre agent guides the customer through the transaction but never gets access to the card data itself. The customer types their card number, expiry and security code into their own phone keypad. A secure payment platform — sat between the customer and the agent on the call — intercepts the keypad tones, masks them so the agent hears flat noise, and routes the card data straight to the merchant's acquirer without it ever touching the agent's headset, screen or the call recording. The agent stays on the line the whole time, so they can answer questions, confirm the amount and read out the authorisation code, but they have nothing card-related to write down, mis-hear or accidentally leak.

Agent-assisted payments — sometimes called agent-present payments, secure agent payments or DTMF-masked payments — replaced the older pause-and-resume call recording workflow about a decade ago. They solve the central tension in contact centre payments: customers like talking to a human, but every human who hears a card number puts the business deeper into PCI DSS scope. Agent-assisted payments let the agent stay human-facing while the technology quietly takes the card data out of reach.

How an Agent-Assisted Payment Works

The mechanism is the same across most providers, even if the marketing language varies. The five steps look like this:

1. The customer calls the contact centre as normal and reaches an agent. There's no transfer, no callback, no payment-link email.
2. When it's time to pay, the agent triggers the payment flow from their CRM or softphone — typically a single click that loads the order amount and a unique transaction reference.
3. The customer is prompted (by the agent or a quiet voice prompt) to key in their card number, expiry date and security code on their own handset.
4. As the customer types, the secure platform intercepts the keypad tones before they reach the agent's audio stream or the call recording. The agent hears a flat tone or silence. The recording captures the same silence.
5. The platform sends the card data straight to the merchant's acquiring bank, gets an authorisation response back, and tells the agent whether the payment succeeded or failed. The agent confirms with the customer and the call continues.

Throughout the whole flow, the agent never sees, hears, types or stores card data. The CRM never sees it. The call recording never captures it. The agent's workstation, the contact centre network, the call recorder and the analytics platform all stay outside the cardholder data environment.

Agent-Assisted Payments vs Pause-and-Resume Recording

Before agent-assisted payments existed, the standard PCI workaround was pause-and-resume call recording — the agent would manually pause the recorder while reading or hearing card details, then resume it afterwards. It looked compliant on paper but failed in practice for three predictable reasons:

• Agents forget to pause, especially when busy or new. Even a 95% success rate means thousands of card-data-containing recordings every year.
• The agent still hears the card details live, so the agent's environment — and any colleague within earshot — is still in PCI scope. Pause-and-resume only protects the recording, not the people.
• Random spot-checks against the recording library regularly find missed pauses. Each one is a card-data incident that has to be reported.

Agent-assisted payments remove the human element entirely. There's no button to press, no decision to remember, no exposure to hide. DTMF masking and channel separation are the two technical approaches that make this possible — both deliver the same end result for the agent, the customer and the auditor.

What Agent-Assisted Payments Do to PCI Scope

The reason businesses make the move isn't usually about agent ergonomics — it's about PCI DSS scope and audit cost. When card data never reaches the agent environment:

• The contact centre — agents, workstations, network segments, call recorder, CRM, telephony infrastructure — all drop out of the cardholder data environment.
• Annual compliance can typically move from SAQ D (329 controls) to SAQ A (22 controls) — saving weeks of audit prep and significantly reducing the security controls the business has to maintain.
• The merchant no longer has to scrub call recordings, segment agent networks, vet every contact centre hire to PCI standards, or worry about screen-recording tools capturing card data.

For mid-sized contact centres, the operational saving is normally far bigger than the platform licence cost — which is why agent-assisted payments are now standard across regulated industries.

Who Uses Agent-Assisted Payments

Anywhere agents take card payments over the phone:

• Utilities and councils taking bill payments and council tax
• Insurance and financial services taking premium and renewal payments
• Healthcare and patient billing — particularly important under HIPAA where call recordings can become protected health information liability
• Charities taking donations and recurring gifts
• Subscription, hospitality and retail contact centres handling renewals, bookings and order changes

The common factor is voice contact: any business that takes a meaningful share of its payments by phone gets more compliance and operational benefit from agent-assisted payments than from any other contact centre technology.