Architecture
Cognigy’s PCI Vault is hosted in a dedicated AWS account running in Frankfurt, Germany. The product runs in a physically separated Kubernetes cluster. The image below represents a high-level interaction diagram with PCI Vault. The PCI Vault application interacts with Cognigy.AI, the contact center, as well as end users and human agents. High-level description of the process:- An end user initiates a conversation with an AI Agent, expressing the intent to make a payment.
- The AI Agent detects the user’s handover request and triggers a handover to a contact center using the Agent Copilot workspace.
- A human agent in the contact center receives the handover and engages with the user.
- The human agent uses the Agent Copilot workspace and initiates the process to collect credit card data from the end user.
- PCI Vault prepares a storage container and returns authentication tokens which will be used to store and retrieve the securely stored data.
- The human agent receives an xApp link which will either automatically forwarded to the end user or which has to be forwarded manually by the human agent.
- The human agent provides the xApp link to the end user.
- The end user accesses the secure form through the provided link, enters sensitive payment information, and submits it.
- PCI Vault receives the information from the user via an encrypted connection (HTTPS), encrypts it using AES and temporarily stores it in an in-memory storage. PCI Vault generates a PIN which is bound to the data which has been previously stored and provides it to the end user.
- The end user provides the generated PIN to the human agent via a normal chat interaction.
- Using the Agent Copilot workspace, the human agent enters the received PIN.
- PCI Vault verifies the PIN.
- If the PIN is correct and the transaction status is valid, PCI Vault provides a clear-text form with card details to the Agent Copilot workspace via an encrypted HTTPS secure connection.
- The human agent receives the clear-text form with card details.
- The human agent processes the payment or addresses any further user queries related to the transaction.
How to Configure
To empower your human agents to securely access end user credit card data via PCI Vault, configuration of the following resources is a prerequisite:- A Flow using the Handover to Agent Flow Node to initiate a handover to a human agent.
- Handover with one of the supported Contact Centers is configured. An example might be the handover integration with Cognigy Live Agent.
- Usage of Agent Copilot and the additional Copilot: SecureForms Tile Node Flow Node which is used to initiate the entire credit card collection process.
- An Endpoint through which Agent Copilot, the Handover Provider and respective Contact Center settings are configured.
Test your Configuration
In the following example, we use the Webchat Widget, the Webchat Endpoint, and Cognigy Live Agent to demonstrate PCI Vault:- In the left-side menu of the Project, go to Deploy > Endpoints.
- On the Endpoints page, select the Webchat Endpoint that you have already created with the predefined configuration.
- In the upper-right corner of the Endpoint editor, click Open Demo Webchat.
- Start a conversation in the chat. For example, I would like to pay for the ticket.
- Perform a handover to a human agent.
- In the Live Agent interface, a human agent receives your message. On the right side of the conversation chat, the human agent will see the Request payment information button.
 
- When the human agent clicks this button, a link for entering card details will be generated and sent to the chat. If the link is not received, the human agent can forward it manually.
 
- In a new browser window, open the link to fill in the payment form and click Submit.
 
- If you successfully submit the data, the browser will display a PIN that you need to send to the chat with the human agent.
 
- The human agent will enter this PIN in the Unlock Pin field within the Agent Copilot workspace.
 
- If the user successfully submits the data, the human agent in the Agent Copilot workspace will receive the card details. For security reasons, the card data can only be unlocked once and will disappear when switching to another conversation. The human agent must take immediate action.
