IVR PCI compliance: suppress DTMF tones for agnet

We are looking at building an IVR for call center agents that need to take credit card payments.

The Agent needs to be able to converse with the customer whilst the customer interacts with an IVR to enter the credit card details.
The issues is that due to PCI Compliance we can’t allow the agent to hear the entered DTMF tones.

I had a look at Meetme and ConfBridge but neither of them appear to be much help.

Essentially I think I need three channels bridged. One to the customer, one to the agent and one to the IVR.

DTMF tones will travel from customer to the IVR channel.
Voice will travel from the IVR Channel to the Customer (e.g. please enter you expiry date).
Voice will travel from the customer to the agent
Voice will travel from the agent to the customer
DTMF tones will NOT travel from customer to Agent.

So the simple answer would appear to add three channels to a bridge and simple nominate one of them to not receive DTMF. But I can’t see how to do this.

I thought of using a pair of bridges. The first bridge allows dtmf to pass and connects the customer, the IVR and the second confbridge.
The second confbridge does NOT allow dtmf to pass and connects the agent to the first confbridge.

But this sounds a little crazy. There must be an easier way to do this.

Any help would be greatly appreciated.

BTW we will be using AMI and AGI to control the above interactions and the trunks are all SIP.

I’m not sure if this can be done without modify the asterisk’s source code, but in case it can be done ,I think ARI would be the right tool to achieve this task

ARI provides different ways to manipulate channels https://wiki.asterisk.org/wiki/display/AST/Asterisk+13+Channels+REST+API#Asterisk13ChannelsRESTAPI-hold