[Sreyanth]

AFAIK, there are two ways in which the tones can be sent.

1. In the regular audio stream (AKA in-band) so anyone who can listen to the phone call, can also listen to these tones. These tones can be mapped to the digits pressed.

2. In a separate RTP payload (AKA out-of-band) so not everyone can read / listen to this stream of signals / tones. RFC 4733 (earlier it was RFC 2833) specifies the format of this RTP payload. This is what the payment via phone systems might be using.

There is a secure RTP with encryption support, but I am not sure if it can be implemented end-to-end to avoid anyone in middle (not a man-in-middle attacker, but a genuine carrier / network) to see these DTMFs. Just unable to imagine how this works :)