Hi Gareth
We've implemented a native approach in retail projects that achieves this assisted experience without requiring any third-party PCI solutions.
Instead of trying to keep the agent inside the secure flow (which by design isn't supported and would break PCI compliance), we structure the flow to give agents context in a compliant way:
-
Build the secure flow with clear menus and prompts that guide the customer through data entry.
-
Run a Luhn validation in a common module before calling any business APIs, ensuring the card input follows the expected pattern - you can find a template flow with Luhn algorithm in the Genesys Architect flow examples here:
https://help.mypurecloud.com/articles/download-architect-flow-examples/
-
Store only metadata in participant data via Data Actions - for example, which step the caller reached or where they encountered difficulty (never the actual card data).
-
Retrieve that metadata back into the agent's screen script using another Data Action, so the agent can see where the customer stopped and provide informed guidance once the secure flow ends.
This approach maintains full PCI compliance, avoids exposing any sensitive data, and still allows the agent to support the customer contextually - all using native Genesys Cloud capabilities, without any additional licensing or third-party integration.
From what I can see, this thread hasn't reached a final resolution yet. Just to clarify, the agent cannot technically stay inside the secure flow - that's by design and required for PCI compliance - but the method above provides a compliant way to bridge that experience natively.
------------------------------
Bruno Costa
Nibi Techlead
------------------------------
------------------------------
Bruno Costa dos Santos
------------------------------