Ted, what you need now is an authorization/authentification infrastructure that holds customer data such as credit cards that is transfered thru the chat protocol. The card processing could be handled off to a third party for processing without exposing the card data within the chat.
I’m working on just such an infrastructure modeled on what I call a ‘data custodian’, an entity responsible to the consumer for the management of the consumer’s data, using authorization/authentification and consumer privacy rules to expose only specific data to authorized endpoints. This infrastructure would allow capturing customer data from various apps/chats? for analytical purposes. This would create a ‘one-click’, secure transaction experience for the consumer.