fascinating-indigo•4w ago
taking credit card information from a vapi assistant and passing to a tool
I have a client that wants me to launch a voice assistant that would take credit card information for his service. I know that in vapi there is a PCI switch that will securely store and handle at rest data like logs and transcripts. What I am concerned about is how do you handle sensitive data in-transit? Am I assuming using an HTTPS webhook endpoint is the only solution for securing the in-transit data? Is there any way to Instead of sending raw credit card data, utilize a secure payment gateway or tokenization service? Please advise on this matter. I will be using Python and Flask for my webhooks.
Regards,
1 Reply
Hi there,
Thank you for your message. Our team is currently out of the office. We operate Monday through Friday, from 9:00 AM to 8:00 PM Pacific Standard Time (PST).
We’ll get back to you as soon as possible during our normal business hours.
If your message is urgent, please mark it accordingly or include “URGENT” in the subject line, and we’ll do our best to respond promptly.
Warm regards,
Vapi
Customer Support Team Hi Nicenasty3228, To handle sensitive data like credit card information securely with a Vapi assistant: 1. PCI Compliance: Enable PCI compliance in your assistant’s settings. This ensures data is handled according to PCI DSS standards. You can find the configuration steps here. 2. Secure Data Transmission: Yes, using HTTPS for webhooks is essential for securing in-transit data. Ensure your server endpoints where the webhooks are sent are configured to accept HTTPS connections. 3. Payment Processors: Instead of managing raw credit card data, consider integrating with a secure payment processor like Stripe or Braintree. These services handle the sensitive data, reducing your liability. Use DTMF inputs or redirect the customer securely to the payment processor’s system to complete the payment.
Vapi
Customer Support Team Hi Nicenasty3228, To handle sensitive data like credit card information securely with a Vapi assistant: 1. PCI Compliance: Enable PCI compliance in your assistant’s settings. This ensures data is handled according to PCI DSS standards. You can find the configuration steps here. 2. Secure Data Transmission: Yes, using HTTPS for webhooks is essential for securing in-transit data. Ensure your server endpoints where the webhooks are sent are configured to accept HTTPS connections. 3. Payment Processors: Instead of managing raw credit card data, consider integrating with a secure payment processor like Stripe or Braintree. These services handle the sensitive data, reducing your liability. Use DTMF inputs or redirect the customer securely to the payment processor’s system to complete the payment.