Bots for Business

Payment Processing With Your Chatbot

Setting up chatbot payments is partly about the payment system and partly about the shopping experience. Find out whether it makes more sense to build your own payment system or integrate a third-party platform. And learn how top brands are combining chatbot user engagement with seamless online payments.

March 12, 2019

Winter is here, and you need a new sweat shirt. You could head to your favorite store’s website, click an Add to cart button, and brave the familiar checkout hassle. Or, if you prefer, you could chat it up with that retailer’s bot, identify the right products, and buy them right then and there—in the chat window.

Customers buy socks and hoodies on H&M’s chatbot all the time. The H&M chatbot even helps customers assemble new outfits, share their preferences with friends, and save favorite items for purchase at a later date. At any point, users can buy that new sweat shirt and be on their way.

That’s as seamless as it sounds. But here’s the thing: H&M’s bot is not a cashier—it’s a concierge. Although the bot facilitates the payment, it doesn’t process the transaction on its own. That all happens on the backend.

If you’re wondering whether your bot can provide the same type of experience, including integrated online payment functionality, the answer is yes. However, you first need to understand how online payments work and gain a realistic sense of what’s possible for the customer-bot experience and what happens behind the scenes.

Whether you’re trying to build a bot that handles payments or simply adding payment processing to an existing bot, the following tips can help you achieve your goals. They might help you increase sales, too.

How payment processing systems work

When you order a new TV via a chatbot, the backend payment process unfolds the same way it would without the bot. Basically, you head to a checkout interface and provide credit card information. If you’ve bought from this merchant before, your credit card info may already be stored in their payment system. That information is then sent to a credit card issuer, who either authorizes or denies the sale. If the sale is authorized, the credit card issuer transfers funds to the merchant.

Five to seven business days later, you find a giant box on your doorstep.

Of course, all of this payment information is subject to rigorous encryption. For starters, your chatbot should only communicate over a connection subject to Secure Sockets Layer (SSL) protocol. You might know SSL as an https connection. It’s where data is encrypted at both ends (the user end and, in this case, the bot end) of every conversation.

There’s also the Payment Card Industry Data Security Standard (PCI DSS) security standard with which you’ll have to comply. PCI DSS compliance ensures the protection of all credit and debit card transactions performed online. It isn’t the law, but failing to comply with PCI DSS puts your customers, your business, and your reputation at risk. Not worth it, right? Luckily, turning to a reputable e-commerce or payment gateway vendor for online payments can ensure that you stay compliant with PCI DSS.

All of these points underscore the fact your chatbot probably won’t process the payments itself. The actual transaction occurs independently of your bot. The bot’s purpose is to collect the information needed to process the payment. Ideally, it will do so in a way that makes e-commerce easier and more personal than a typical online shopping experience.

In summary, bots can make it easier to buy things online, but they’re probably not going to virtually swipe your customers’ credit cards.

The difference between payment bots and integrated payment processing

Now it’s time to decide which parts (if any) of the online payment experience you want to build yourself and which parts you should leave in the hands of a third-party provider.

Clearly, you need to build a chatbot that engages users in a shopping experience, helps them make buying decisions, and leads them down the path to a purchase. And that’s a large part of setting up online payments. In fact, on the customer-bot side, it may be your single most important focus. After all, users won’t even get to a payment screen without a bot that directs them there.

The most successful retailers already understand this. Companies like Macy’s, whose “On Call” chatbot helps customers find the products they need, are using AI in addition to pre-programmed questions and answers to help streamline customers’ shopping experience. For developers and UX designers, making it easy for users to actually shop is paramount. The payment process itself definitely matters. But engaging users on the front end (and converting them into customers) has to happen first.

With that in mind, let’s consider whether it makes sense to also build out payment processing as part of your bot. According to Leo Kyrpychenko, product manager at Ally and an expert in payment system development, payment systems are incredibly complex. They also require lots of developer maintenance and are subject to shifting governmental regulations and industry standards.

In short, building your own payment processing system is a gigantic undertaking. Before doing so, Kyrpychenko suggests that teams consider how they’ll manage the following issues:

  • PCI DSS for secure credit card processing
  • Security and encryption for all types of transactions, including but not limited to credit cards
  • Geographical issues, including where your servers should be located, how fast they need to be, and what sorts of currencies to accept
  • Traffic and scale, which can impact your ability to maintain your own payment system architecture
  • Industry-specific regulations and backend considerations for certain types of payment features, like payment retries
  • The impact of mergers and acquisitions, both of which can determine the fate of an existing payment system or give you access to one that a new parent or child company built
  • Cloud vs. on-premise system architecture and the implications of each
  • Analytics and your ability to track performance
  • Internal and external fraud protection, which may involve personnel and technology-related challenges
  • Cross-platform development for seamless mobile and desktop payments for all users

See why we said your bot probably won’t be swiping any credit cards? Building out a proprietary payment system that plays nicely with your bot is a big deal. It may even be a larger undertaking than building and maintaining your chatbot!

That’s probably why Kyrpychenko recommends passing off payments to a trusted third party. He writes:

“Don’t do it at all or outsource as much as possible. [...] Why? Because [payments are] complex and regulated to some extend [sic], which can be time consuming and not always rewarding. Outsourcing can be as simple as just redirecting a user to your payment partner to make a transaction where your customer will see branded payment method selection page which returns to your side after the transaction has been completed or cancelled.”

The solution? Integrate payments via a third-party tool. Some vendors have chatbot-specific APIs, like the PayPal Person-to-Bot Payments API or the Masterpass Merchant API from Mastercard. That way, you can focus on building the chatbot shopping experience and leave payments to companies that specialize in payments.

To get a feel for the Masterpass Merchant API, this code sample shows how a standard checkout process unfolds:

ApiClient.prototype.standardCheckout = function (cartID, cardID, addressID) {
    let promise = new Promise(function (resolve, reject) {
        let callback = function (error, response, body) {
            if (!error && response.statusCode == 200) {
            else {

let url = baseURL + '/api/buy/' + cartID;

        //Cookie jar used to store the session and XSRF tokens 
        request.defaults({ jar: true });
        let jar = request.jar();
        let session = request.cookie('JSESSIONID=30603A1C7AC64C43981F6BE67B937B65');
        jar.setCookie(session, url);

        let token = request.cookie('XSRF-TOKEN=e2a2f3d6-7fc9-41e9-abd5-26c9a43bd476');
        jar.setCookie(token, url);

        let postData = {
            "productId": productId,
            "quantity": 1
        let options = {
            uri: url,
            method: "POST",
            postData: postData,
            jar: jar

        request(options, callback);

    return promise;

Mastercard’s API is intended to connect a Masterpass merchant (in other words, you, if you decide to use Masterpass) with the Facebook Messenger Chatbot. The checkout process assumes a User > Chatbot > Facebook > Merchant > Masterpass flow.

PayPal’s API, on the other hand, can integrate with a branded bot that lives somewhere other than Facebook Messenger. After a user indicates an intention to make a purchase, they’re taken to PayPal. The GET /process endpoint completes the payment:

* After the payer is redirected to PayPal, process a direct 
* PayPal payment
controller.webserver.get('/process', function(req, res) {
  // Extract payment confirmation information needed to process payment
  var paymentId = req.query.paymentId;
  var payerId = { payer_id: req.query.PayerID };

  // Attempt to complete the payment for the person
  paypal.payment.execute(paymentId, payerId, function(error, payment) {
    if (error) {
    } else {
      if (payment.state == 'approved') { 
        res.send('Payment completed successfully');
      } else {
        res.send('Payment not successful');

Thanks to seamless chatbot integration through these and other payment providers, your users enjoy a streamlined, hassle-free process. Technically, payments will be a separate experience. But it doesn’t have to feel that way.

Modeling chatbot payments

Speaking of smooth payment integration, be sure to model your chatbot on other successful bots in the e-commerce space. In particular, pay attention to the sort of dialogue that others’ bots use to engage customers, present them with buying options, and facilitate simple transactions.

For example, the 1-800-Flowers chatbot, Gwyn, prompts would-be buyers to identify and select flower arrangements. Gwyn is sophisticated and can understand all sorts of questions and requests. She is also constantly learning to answer more (and more nuanced) questions as her user base grows. That’s partly because 1-800-Flowers has invested in AI through a partnership with IBM’s Watson program. In addition to communicating effectively, Gwyn can help users sort through options, select an arrangement, pay, and track delivery.

But is the bot successful? According to President Chris McCann, over 70 percent of Gwyn’s orders have come from new customers who are, on average, younger than its primary audience.

Also consider brands like Subway, FreshDirect, and the Cheesecake Factory, all of which use Mastercard’s Masterpass technology to enable seamless online payments via chatbots. These companies’ Facebook Messenger bots take orders, prompt users to pay, and route them through the Masterpass backend with as few steps as possible.

How few steps? According to Mastercard, the goal is to make ordering a Subway sandwich as simple as sending a single emoji. Unless you need extra mayo.

Experience and payment integration

Successful brands are focusing on experience and then on payment integration, and it’s working. Setting up payments in your chatbot isn’t just about building out or integrating with a sophisticated, secure online payment system, although your choice of payment system certainly is important. It’s about creating a great experience.

What should that experience entail? Although the answer depends on what you’re selling, your chatbot should always:

  • Present users with options and help them make buying decisions.
  • Feel personal or even human-like to effectively build rapport.
  • Empower people to buy what they need without navigating between shopping carts and online stores or opening multiple browser tabs.

In other words, it’s about making shopping simple. That’s why so many companies are investing in AI—not pouring precious R&D resources into big, complicated payment systems (unless they’ve already built them). The innovation is on the customer-bot experience side, not in the payment infrastructure.

By focusing on the chatbot experience and integrating a reliable payment system on the backend, you, too, can help users chat their way to a purchase.