How to Build an AI Agent That Collects Payments Over the Phone

How to Build an AI Agent That Collects Payments Over the Phone

Collecting payments over the phone has always been a friction point. A human agent takes the call, puts the caller on hold, transfers to a payment line, or reads out a URL and hopes the caller types it correctly. The call ends, the payment is still pending, and someone on the back office follows up the next day.

AI voiceAI voiceAn artificially generated, natural-sounding voice produced by a TTS model. Thoughtly supports a library of AI voices and brand-specific cloning.Read full definition → agents change this. A well-configured agent can verify the caller's identity, confirm the amount owed, triggerTriggerThe event or condition that starts an automated workflow, such as a new lead, missed call, CRM status change, calendar booking, or completed call.Read full definition → a PCI-compliant payment flow, and confirm the transaction before the call ends — all without a human touching a keypad.

This guide walks through how to build a payment-collecting AI agent using Thoughtly, covering native scheduling-integration deposit collection, custom webhook-based payment flows, and the architecture decisions that keep transactions secure and compliant.

What you'll need

• An active Thoughtly workspace with credits allocated
• A connected scheduling integration (Acuity Scheduling or Mindbody) if you want native deposit and package collection
• A payment processor account (Stripe, Square, or similar) if you're building a custom webhook-based payment flow
• An understanding of your compliance obligations — PCI DSS for card data, plus any industry-specific rules (HIPAA, GLBA, FDCPA, TCPA)
• A test contact and sandbox environment before going live with real payment data

How payment collection works with AI voice agents

AI voice agents don't store card numbers or process payments directly. Instead, they orchestrate the payment flow by connecting to systems that are already PCI-compliant. The agent's role is to:

• Verify the caller's identity using contact attributes or CRM lookup
• Confirm the amount owed and what it's for
• Trigger the payment action — either through a native scheduling integration or a webhook to your payment processor
• Send a payment link via SMS if the processor requires a hosted checkout page
• Confirm the payment status before ending the call, or escalate to a human if something fails

The agent never sees, stores, or transmits raw card data. Payment capture happens through the processor's secure infrastructure, not through the voice agentVoice agentAn autonomous, conversational interface that interacts with humans over the phone — answering, qualifying, and routing calls without human staffing.Read full definition → itself.

Option 1: Native deposit collection through Acuity Scheduling

If your business uses Acuity Scheduling, Thoughtly's native Acuity integration includes a built-in deposit collection action. This is the simplest path to payment collection because the entire flow — identity verification, booking, and deposit — runs through a single integration with no custom code.

The Acuity integration supports PCI-compliant deposit capture so the appointment is locked in on the same call. The agent checks availability, books the slot, and collects the deposit without transferring the caller or sending them to a separate payment page.

Setting up the Acuity deposit flow

Step 1: Connect Acuity to Thoughtly

In Thoughtly, go to Settings → Integrations and authenticate with Acuity. The OAuthOAuthAn authentication standard that lets Thoughtly connect to your CRM or app without storing your password.Read full definition → flow takes about 30 seconds and respects your existing Acuity permissions.

Step 2: Map your Acuity objects

Pick which Acuity objects — appointment types, calendars, intake forms, packages — Thoughtly should read from and write back to. You can filter by owner, stage, or custom field.

Step 3: Add the Collect Deposit action to your agent

In the Agent Builder, add a Speak node after the booking confirmation. Open Actions, click + Add new action, and choose Acuity Scheduling → Collect Deposit. Map the appointment ID from the prior booking step.

Step 4: Configure the agent prompt

The Speak node's prompt should guide the caller through the deposit flow naturally. For example, at a spa or dental office:

"Great, I have you booked with Dr. Patel on Thursday at 2 PM. To secure this appointment, we'll need to collect a $50 deposit. This will be applied to your visit. I'm going to send you a secure link via text — go ahead and complete that whenever you're ready, and I'll confirm once it's processed."

Step 5: Add a Send SMS action for the payment link

If Acuity's deposit flow requires the caller to complete payment on their device, pair the deposit action with a Send SMS action that delivers the secure checkout link. The agent can then wait for confirmation or end the call with instructions.

Step 6: Test on a real call

Run a sandbox call against a test Acuity record. Watch the live transcriptTranscriptThe text record of a voice conversation, used for review, training, compliance audit, and search.Read full definition → and confirm the deposit action fires correctly and the SMS link is delivered.

Option 2: Package and membership sales through Mindbody

For fitness studios, wellness businesses, and beauty services using Mindbody, Thoughtly's native integration supports PCI-compliant payment capture for package and membership purchases over the phone.

The Mindbody integration lets your agent check a client's existing package balance, apply it to a booking, and sell new packages during the call — all through the same secure payment infrastructure that Mindbody already uses.

Setting up the Mindbody package sales flow

Step 1: Connect Mindbody to Thoughtly

Go to Settings → Integrations, authenticate with Mindbody via OAuth, and select your locations.

Step 2: Configure the agent to identify the caller

Use the caller's phone number to look up their Mindbody client record. If they're an existing client, the agent can check their package balance and apply it. If they're new, the agent walks them through enrollment.

Step 3: Add the Sell Package action

In a Speak node after identification, add the Mindbody action for selling packages. Map the client ID and package type from the conversation. The agent confirms the price, triggers the sale, and Mindbody processes the payment through its PCI-compliant gateway.

Step 4: Confirm and close

After the action completes, the agent confirms the package was applied, notes any expiring credits, and books the first appointment using the new package.

Option 3: Custom payment flows with webhooks and Code nodes

If you're not using Acuity or Mindbody, or if you need a payment flow that goes beyond deposits and packages, you can build a custom payment integration using Thoughtly's Send WebhookWebhookAn event-based integration that sends data from one system to another when something happens, such as a form submission, booked appointment, or completed call.Read full definition → action and Code nodes. This approach works with any payment processor that has a REST API — Stripe, Square, Adyen, Authorize.net, or your own payment gateway.

Architecture overview

The custom payment flow works like this:

• The agent verifies the caller and confirms the amount owed
• A Send Webhook action POSTs to your payment backend, which creates a payment intent or checkout session
• The webhook response returns a secure payment link
• A Send SMS action delivers the link to the caller
• A Code node polls the payment status (or a second webhook receives the payment confirmation)
• The agent confirms payment and closes the call, or escalates to a human if the payment fails

Step 1: Build your payment backend endpoint

Your backend needs an endpoint that accepts a webhook from Thoughtly, creates a payment session with your processor, and returns the checkout URL. Here's a minimal example using Stripe:

POST /api/create-payment-session
Content-Type: application/json

{
  "contact_id": "{{system.contact.id}}",
  "call_id": "{{system.interviewResponse.id}}",
  "amount_cents": 5000,
  "description": "Appointment deposit - Dr. Patel"
}

Response:
{
  "checkout_url": "https://checkout.stripe.com/c/pay/cs_test_...",
  "payment_intent_id": "pi_3Oxyz...",
  "expires_at": "2026-06-30T15:30:00Z"
}

Step 2: Add a Send Webhook action in Thoughtly

In your agent's Speak node, add a Send Webhook action. Configure the URL to point to your payment backend, include authentication headers, and map the request body with the contact ID and call ID from system variables.

Use the system variableVariableA named value the voice agent stores during a conversation — caller name, intent, qualifying answers — and uses to drive routing and post-call actions.Read full definition → {{system.interviewResponse.id}} to pass the call ID, and {{system.contact.id}} for the contact record. Your backend can use these to correlate the payment session with the call record.

Step 3: Add a Code node to extract the checkout URL

After the webhook returns, use a Code node to extract the checkout URL from the response payload. The Code node runs sandboxed JavaScript and can transform webhook responses into variables that later steps can use.

// Extract the checkout URL from the webhook response
const response = inputs['send_webhook'].response
const checkoutUrl = response.data.checkout_url
const paymentId = response.data.payment_intent_id

return {
  checkout_url: checkoutUrl,
  payment_id: paymentId
}

Step 4: Send the payment link via SMS

Add a Send SMS action that delivers the checkout URL to the caller. Reference the checkout_url variable from the Code node's output. The SMS should include clear instructions and a short description of what the payment is for.

Example SMS body: "Hi John, here's your secure payment link for your $50 appointment deposit: [URL]. This link expires in 30 minutes. Reply or call back if you need help."

Step 5: Confirm payment status

There are two approaches to confirming payment:

• Polling: Use a second webhook in an Automation that checks the payment status after a delay (e.g., 2 minutes). If paid, update the contact attributes. If not, trigger a follow-up SMS or call.
• Webhook callback: Configure your payment processor to send a webhook to Thoughtly when the payment completes. Use an Automation with a webhook trigger to update the contact record and fire any post-payment workflows.

For either approach, use Thoughtly Automations rather than trying to poll inside a live call. The call itself should end with the agent confirming that the link was sent and providing next steps, rather than waiting on hold for payment confirmation.

Designing the conversation flow

Regardless of which integration path you choose, the agent conversation should follow this general structure:

Step 1: Greeting and identity verification

The agent greets the caller, asks for identifying information (name, phone number, account number, or date of birth), and looks up the contact record. Use Variables to capture the verified identity before proceeding.

Step 2: State the purpose and amount

The agent clearly states what the payment is for and the exact amount. This is important for both compliance and caller trust.

Example: "I see you have an outstanding balance of $125 for your office visit on June 15th. Would you like to take care of that today?"

Step 3: Confirm consent

The caller must explicitly agree to proceed with payment. Use a Variable with extraction instructions that require clear affirmative consent. A hesitant or unclear response should trigger a clarification, not a payment action.

Step 4: Trigger the payment flow

Based on the integration path, the agent triggers the deposit collection (Acuity), package sale (Mindbody), or webhook-based checkout flow (custom). The agent should preface this with a brief heads-up: "I'm sending you a secure payment link via text now."

Step 5: Confirm and close

Once the payment link is sent, the agent confirms what the caller should do next and what to expect. If using an Automation to confirm payment, let the caller know they'll receive a confirmation text once the payment is processed.

Use an End node with a concise closing message. If the caller has additional questions, offer a Transfer to a human team member.

Common mistakes

• Collecting card numbers in the conversation. Never let the agent ask for or repeat full card numbers. All payment capture must happen through the processor's secure infrastructure.
• Skipping identity verification. Processing a payment without confirming the caller's identity creates fraud risk and chargeback exposure. Always verify before triggering payment.
• Not setting a payment link expiry. If you're sending checkout links via SMS, configure a short expiry (15–30 minutes) so stale links can't be reused.
• Forgetting to test the webhook response shape. A malformed webhook response can cause the Code node to fail silently. Use the Output tab in the automation builder to verify the response before going live.
• Not having a fallback. If the payment processor is down or the webhook fails, the agent should gracefully offer an alternative — transfer to a human, send a manual invoice, or schedule a callback.
• Ignoring compliance requirements. Depending on your industry, you may need recorded consent, specific disclosures before payment, or restricted calling hours. Review your obligations before deploying.

Measuring success

Track these metrics to evaluate your payment collection agent:

Use Thoughtly Analytics to review call transcripts, action execution logs, and outcome distributions. If the payment link completion rate is below 60%, check whether the SMS is being delivered, whether the link expiry is too short, and whether the agent is clearly explaining what the payment is for before sending the link.

Compliance considerations

Payment collection over the phone is subject to several regulatory frameworks depending on your industry and jurisdiction. This section covers the basics, but it is not legal advice. Consult qualified legal counsel for your specific situation.

PCI DSS

The Payment Card Industry Data Security Standard applies to any organization that processes, stores, or transmits cardholder data. By using Thoughtly's native integrations or webhook-based checkout flows, the AI agent never touches raw card data — the payment processor handles all cardholder data within its PCI-compliant environment. This significantly reduces your PCI DSS scope, but does not eliminate it entirely. Work with your QSA to confirm your scope.

Industry-specific regulations

• Healthcare: HIPAA applies if payment information is linked to protected health information. Ensure your payment flow doesn't expose PHI in SMS messages or call transcripts.
• Financial services: GLBA and state-level debt collection laws (including the FDCPA) govern how debts can be discussed and collected. AI agents collecting on debts must comply with FDCPA disclosure requirements.
• Education: FERPA may apply if payment information is tied to student records.
• Insurance: State insurance commissioners may have specific rules about premium collection and disclosures.

Thoughtly holds SOC 2 Type II, HIPAAHIPAAThe US health privacy law that governs protected health information. Healthcare voice and SMS workflows must handle PHI with appropriate safeguards.Read full definition →, and GDPR certifications. These certifications cover the platform's data handling practices, but you are responsible for configuring your payment workflows to meet your specific compliance obligations.

Frequently asked questions

Can Thoughtly process credit card payments directly?

No. Thoughtly does not process payments or store cardholder data. Payment processing happens through your connected payment processor (via Acuity, Mindbody, or a custom webhook integration). Thoughtly orchestrates the conversation flowConversation flowThe designed path an AI agent follows through greeting, intent capture, qualification, routing, objections, fallback, and next-step confirmation.Read full definition → and triggers the payment action, but the processor handles the actual transaction.

Does the AI agent hear the caller's card number?

No. In all three integration paths described in this guide, the caller enters their payment details on a secure checkout page sent via SMS or through the scheduling platform's native payment flow. The agent never hears, transcribes, or stores card numbers.

What happens if the payment link expires before the caller completes it?

Configure your payment backend to set a short expiry on checkout sessions (15–30 minutes). If the link expires, the agent — or a follow-up Automation — can send a new link. Use contact attributes to track payment status so the agent knows whether to re-engage on the next call.

Can I use this for debt collection calls?

Yes, but debt collection is heavily regulated under the FDCPA and state laws. AI agents making collection calls must provide required disclosures, respect cease-communication requests, and comply with calling hour restrictions. Consult legal counsel before deploying a payment collection agent for debt collection.

How do I handle recurring payments?

For recurring payments, use your payment processor's subscription or saved-payment features. The AI agent can trigger the initial payment authorization, and the processor handles subsequent charges on schedule. Thoughtly can send reminder calls or SMS messages before each recurring charge using Automations.

Sources and further reading

Thoughtly Acuity Scheduling integration

Thoughtly Mindbody integration

Thoughtly Code node documentation

Thoughtly Automations guide

Thoughtly Agent Actions documentation

How to Set Up Post-Call Webhooks for CRMCRMThe system of record for leads, contacts, deals, and activity. Thoughtly reads from and writes to your CRM continuously.Read full definition → Automation

How to Use Code Nodes for Custom Logic in Thoughtly Workflows

How to Build an Appointment-Setting AI Agent

PCI DSS Security Standards Council

FDCPA compliance guide (CFPB)