Series: Secure flows in Architect

Secure flow scenarios


Secure call flows are primarily implemented for two scenarios: Agent-referred secure sessions and IVR-only secure sessions (no agent interaction or ACD routing). IVR-only secure sessions provide automated support for customers and typically eliminate the need for a live agent. This process lets callers indicate their preferences verbally (or press a button) to reach the desired destination. Sensitive information is not:

  • Captured in recordings
  • Present in log files
  • Visible or audible to agents or monitoring users
NotePureCloud allows you to retrieve a trunk’s protocol diagnostics logs to help diagnose call issues. When you enable diagnostic recordings options for troubleshooting purposes, the system does not encrypt data. However, if you are a PCI-compliant PureCloud organization and have the PCI DDS setting enabled, PureCloud disables the Media Capture and Protocol Capture settings. For more information, see Enable media capture and Enable protocol capture.

Most commonly, an agent refers the call to an Architect secure flow for the portion of the call that involves sensitive payment or other consumer data. When initially connected, a supervisor can monitor, record, and coach the interaction–making sensitive data available to others. When the caller must provide sensitive data, the agent transfers the caller to a secure flow.

To provide seamless customer service, flow authors can design secure flows to return consumers to the agent with whom they were originally speaking. In this case, the agent stays on the line and is “reserved” for the consumer. The system does not assign new calls to the agent during this time. Any path through the secure flow that ends with the Return to Agent action automatically reconnects the consumer to this reserved agent. If the flow transfers the consumer or the consumer chooses to disconnect, the agent automatically exits the “reserved” status to receive other calls. 

Note: If the agent disconnects while the caller is still in the secure flow, the caller can continue the secure session but does not return to the original agent. The caller must choose a transfer option to remain in the system.

If the PureCloud customer does not want to reserve agents while consumers navigate the secure flow, design the flow so that each path ends with a Transfer action (to the original queue, another queue, or some other destination) or a Disconnect action. Do not end the path with an Return to Agent action. The agent’s script should then automatically disconnect or specify that the agent manually disconnect after sending the call to the secure flow. This step does not disconnect the consumer, but signals the system that the agent has completed participation in the interaction.

Note: Agent-initiated secure call flows end with the Return to Agent action.


In this case, the caller navigates the automated flow without agent contact. At a designated point in the flow, the system sends the caller to a secure session such as a payment processing flow, and the original session disconnects. During the secure session, the system prompts the caller for sensitive information. The system can read back the secure information to the caller, but does not log or trace the presented information.

Design secure IVR flows intended for use without agents so that you ensure no path through the secure flow ends with the Return to Agent action. This action is designed for use with secure flows that return the consumer to a reserved agent. Instead, every path through the secure flow should end with a Transfer action (to another queue or some other destination) or a Disconnect action. The consumer is also free to disconnect at any time.

Note: Secure call flows without agent contact end with the Disconnect action.


For more information about using secure flows in Architect, see Work with secure call flows.


Secure call flows overview :Previous Suggested Article Next Suggested Article: Work with secure call flows