# Agentic Commerce Payments: How AI Agents Handle Checkout, Cards, and PIX

*Last updated: March 2026*

---

When an AI agent buys something on your behalf, who actually handles the payment? The agent cannot see your card number, cannot type a CVV into a checkout form, and cannot authenticate with your bank. Yet within the next twelve months, Visa predicts millions of consumers will use AI agents to complete purchases. The entire payments stack -- from tokenization to authorization to settlement -- is being rebuilt for a world where the buyer is not a human clicking buttons, but an autonomous software agent acting on delegated authority.

This article examines how the payments industry is solving that problem across three competing protocol families, two card networks, PayPal, and the emerging stablecoin rail that sidesteps traditional payments entirely.

---

## The Payment Challenge in Agentic Commerce

Traditional payment infrastructure assumes a human is present: a person types card details into a form, clicks "Pay," and completes a 3D Secure challenge on their phone. AI agents break every one of those assumptions.

Three critical gaps emerge when agents handle transactions:

| Gap | Description |
|-----|-------------|
| **Authorization verification** | How do you confirm a user actually authorized this specific agent for this specific purchase? |
| **Authenticity assurance** | How do you ensure the agent's request reflects actual user intent, not a hallucination or prompt injection? |
| **Accountability clarity** | When a fraudulent or incorrect transaction occurs, who is liable -- the user, the agent platform, or the merchant? |

Agents cannot hold PCI-scoped credentials. They cannot complete biometric authentication. They cannot see or store PANs. Any viable solution must let agents initiate payments without ever touching raw card data, while giving merchants, issuers, and networks enough trust signals to approve the transaction.

Without standardized mechanisms, the ecosystem risks fragmenting into proprietary payment silos -- confusing for consumers, expensive for merchants, and unmanageable for financial institutions.

---

## Shared Payment Tokens: Stripe's ACP Approach

Stripe and OpenAI co-developed the **Agentic Commerce Protocol (ACP)**, an open standard that defines how AI agents, buyers, and merchants interact to complete purchases. At its core sits a new payment primitive: the **SharedPaymentToken (SPT)**.

### How SPTs Work

1. The buyer creates or reuses a saved payment method with the AI platform (e.g., via Stripe Link).
2. The buyer reviews a cart and clicks "Buy."
3. The AI platform issues an SPT scoped to the specific merchant, bounded by amount and expiration time.
4. The SPT identifier (not raw credentials) is sent to the merchant via API.
5. The merchant creates a `PaymentIntent` using the SPT and processes the charge.

At no point does the agent or the merchant see a card number. The SPT is a reference that Stripe resolves internally, cloning the buyer's original `PaymentMethod` into a new one scoped to the seller.

### Security Controls

| Control | Detail |
|---------|--------|
| **Per-seller scoping** | Each SPT is granted to a single merchant account |
| **Amount ceiling** | `max_amount` caps the transaction value in cents |
| **Time expiration** | `expires_at` sets automatic invalidation |
| **Revocability** | The issuing agent can revoke the token at any time |
| **No raw credentials** | SPTs never contain PANs or CVVs |
| **Fraud integration** | Stripe Radar evaluates fraud signals (disputes, card testing, stolen cards, issuer declines) |

SPTs also emit webhook events -- `shared_payment.granted_token.used`, `shared_payment.granted_token.deactivated` -- giving both the agent platform and the seller real-time visibility into token lifecycle.

### Expanded Payment Method Support

As of early 2026, SPTs now wrap **Mastercard Agent Pay tokens**, **Visa Intelligent Commerce tokens**, and BNPL methods (Affirm, Klarna). Merchants interact only with the SPT abstraction while Stripe handles provisioning the underlying network-specific credentials. This means any existing Stripe merchant automatically supports agentic payments from card networks without additional integration.

ACP is live in production today, powering ChatGPT Instant Checkout for Etsy and over 1 million Shopify merchants including Glossier, Vuori, Spanx, and SKIMS. Early adopters of the broader Agentic Commerce Suite include URBN (Anthropologie, Free People, Urban Outfitters), Coach, Kate Spade, and Revolve.

---

## AP2: Verifiable Digital Credentials and Cryptographic Mandates

Google's **Agent Payments Protocol (AP2)** takes a fundamentally different approach. Rather than delegating trust to a single payment processor, AP2 builds a cryptographic evidence chain that any party in the transaction can independently verify.

The core innovation is the **Verifiable Digital Credential (VDC)** -- a tamper-evident, cryptographically signed object expressed as a W3C Verifiable Credential. AP2 defines three mandate types that together form a non-repudiable audit trail:

### Intent Mandate

Used in both human-present and human-not-present scenarios, the Intent Mandate captures the conditions under which an agent can purchase on the user's behalf. It includes a natural language description of the user's intent, optional merchant and SKU constraints, an expiration timestamp, and a refundability requirement. In human-not-present scenarios, the Intent Mandate is signed by the user's hardware-backed key, serving as the primary authorization artifact.

Example: a user tells their agent "Buy red high-top basketball shoes under $150 from any retailer, refundable." The agent generates an Intent Mandate capturing those constraints, the user signs it, and the agent can autonomously shop within those boundaries.

### Cart Mandate

In human-present scenarios, the Cart Mandate captures explicit user authorization for a specific cart -- items, prices, and fulfillment terms. The merchant cryptographically signs the cart contents (guaranteeing fulfillment at the stated price), and the user approves. The merchant's signature is a JWS containing a hash of the canonical cart JSON, with short-lived expiration (5-15 minutes) and a unique JWT identifier to prevent replay attacks.

### Payment Mandate

The Payment Mandate signals to payment networks and issuers that an AI agent was involved in the transaction. It includes the total amount, the user's chosen payment method (tokenized), and -- critically -- a `user_authorization` field containing an SD-JWT-VC (Selective Disclosure JWT with Verifiable Credential) that binds the user's hardware-backed key to hashes of both the Cart Mandate and the Payment Mandate contents.

This cryptographic chain means that any party -- network, issuer, regulator -- can verify that a specific user authorized a specific cart at a specific price through a specific agent, without relying on a single intermediary's attestation.

AP2 launched with 60+ partners including Mastercard, Adyen, PayPal, and Coinbase. The protocol is Apache 2.0 licensed and published at [ap2-protocol.org](https://ap2-protocol.org/specification/).

---

## Card Network Agent Tokens

### Visa Intelligent Commerce

Visa introduced **agent-bound tokens** -- pass-through payment tokens specific to a single authorized AI agent entity, limiting credential reuse. These align with existing Visa tokenization flows but add agent-specific binding.

Visa's **Trusted Agent Protocol**, announced in October 2025 with 10+ launch partners, provides an open framework for merchants to distinguish between malicious bots and legitimate AI agents. Developer APIs plug identity checks, spending controls, and tokenized credentials into agent workflows. Visa has already produced hundreds of controlled, real-world agent-initiated transactions in live production environments, with pilot programs running across Asia Pacific and Europe as of early 2026.

### Mastercard Agent Pay

Mastercard's **Agent Pay** requires AI agents to be registered and verified before initiating payments. The **Merchant Acceptance Framework** helps merchants engage agents at scale, using purpose-built tokenization distinct from standard card-on-file tokens.

A significant milestone: Banco Santander and Mastercard completed Europe's first live end-to-end payment executed by an AI agent on Santander's production payments infrastructure, orchestrated by PayOS. This was not a sandbox test -- it ran on live rails.

Mastercard Agent Pay is launching across Latin America and the Caribbean in 2026 with partners Getnet, Evertec, and others. Agent Pay tokens are now wrappable inside Stripe's SPTs, creating interoperability between the network-level and processor-level agentic payment primitives.

---

## PayPal "Agent Ready"

PayPal's approach emphasizes zero-lift merchant adoption. **Agent Ready**, launched in early 2026, instantly unlocks the ability for millions of existing PayPal merchants to accept payments on AI surfaces. The service includes fraud detection, buyer protection, and dispute resolution with no additional technical integration required.

PayPal also operates an **ACP Server** -- a protocol bridge that provides merchants with compatibility across ACP, A2A (Agent2Agent), and AP2 through a single connection. Merchants connect once to PayPal and gain multi-protocol support.

Notably, PayPal contributed the concept of **Mandates** to the AP2 specification -- cryptographically signed records of user intent that anchor each transaction to verifiable evidence. This contribution reflects PayPal's broader strategy of hedging across all three major protocol families rather than betting on a single standard.

---

## PIX and Real-Time Bank Transfers

PIX, Brazil's instant payment system processing hundreds of millions of transactions monthly, represents a distinct challenge for agentic commerce. Unlike card payments (which are "pull" transactions initiated by the merchant), PIX is a "push" payment initiated by the payer -- requiring the user to authenticate with their bank and approve the transfer.

AP2's current specification (V0.1) supports only pull payments (credit/debit cards). However, the roadmap explicitly includes push payment methods:

| Method | Type | AP2 Roadmap Status |
|--------|------|--------------------|
| Credit/debit cards | Pull | Supported (V0.1) |
| Bank transfers | Push | Planned (V1.x) |
| Real-time payments (PIX, UPI) | Push | Planned (V1.x) |
| E-wallets | Push | Planned (V1.x) |
| Stablecoins (USDC) | Push | Available via x402 extension |

For PIX specifically, the agentic challenge is the authentication step. PIX transactions require the payer to scan a QR code or enter a key in their banking app. An AI agent cannot complete this step autonomously -- it must hand off to the user's trusted device. AP2's Transaction Challenge Flow (redirect-based challenge passed to the user's surface) provides a framework for this handoff, similar to how 3D Secure challenges work for cards.

Mastercard Agent Pay's expansion into Latin America in 2026 with partners like Getnet (Santander) and local processors like dLocal positions the region for agentic card payments. But the integration of PIX and other local payment methods into agent commerce protocols remains an open problem that will likely require protocol-level extensions for push payment authorization.

---

## x402: Stablecoin Payments for Agents

**x402** is an open payment protocol developed by Coinbase that revives the HTTP 402 ("Payment Required") status code for machine-to-machine payments using USDC stablecoins. It operates on fundamentally different assumptions than card-based protocols.

### How x402 Works

1. An agent requests a resource via standard HTTP.
2. The server responds with `402 Payment Required`, including payment requirements (amount, USDC address, chain).
3. The agent signs and submits a stablecoin transfer on-chain.
4. A **Facilitator** verifies the payment and settles the transaction (under 2 seconds on Base or Solana).
5. The server responds with `200 OK` and the requested content.

No accounts, no sessions, no API keys. The agent needs only a funded crypto wallet. Minimum payments can go as low as $0.001 per request -- true micropayments that are impossible with card rails due to interchange and processing minimums.

### 2026 Ecosystem

The x402 Foundation, co-founded by Coinbase and Cloudflare, governs the protocol under Apache 2.0 licensing. Cloudflare's involvement enables x402 enforcement at the CDN edge layer. Stripe began using x402 for USDC payments on Base chain in February 2026. Since its summer 2025 launch on Solana, x402 has processed 100M+ payments with $10M+ in volume.

x402 fills a gap that card-based protocols cannot address: fully autonomous agent-to-agent transactions with no human in the loop, per-request API billing, and 24/7 autonomous trading between services.

---

## Comparison Table: ACP vs AP2 vs x402

| Dimension | ACP (Stripe/OpenAI) | AP2 (Google) | x402 (Coinbase) |
|-----------|---------------------|--------------|-----------------|
| **Focus** | End-to-end purchase flows | Payment authorization and governance | Machine-to-machine micropayments |
| **Payment rails** | Cards, BNPL, network tokens (via SPTs) | Cards, stablecoins, bank transfers (roadmap) | USDC/USDT stablecoins |
| **Trust model** | SPTs (scoped, time-limited, revocable) | VDCs with cryptographic mandate chain | On-chain verification |
| **Human approval** | Per-transaction (buyer clicks "Buy") | Intent Mandate (pre-authorized) or Cart Mandate (explicit) | None (fully autonomous) |
| **PCI handling** | Stripe manages all credential isolation | Role separation (Credentials Provider never exposes PANs to agents) | Not applicable (no card data) |
| **License** | Apache 2.0 (spec); Stripe-hosted infrastructure | Apache 2.0 | Apache 2.0 |
| **Key partners** | OpenAI, URBN, Etsy, Shopify (1M+ merchants) | Mastercard, Adyen, PayPal, Coinbase (60+) | Stripe, Cloudflare, Circle, AWS |
| **Production status** | Live (ChatGPT Instant Checkout) | Early adoption, broad coalition | Live (100M+ transactions) |
| **Best for** | Existing Stripe merchants wanting instant agent support | Multi-PSP, multi-protocol interoperability with audit trail | API monetization, compute, data micropayments |
| **PIX/local methods** | Not yet supported | Roadmap (V1.x) | Not applicable |

These protocols are complementary rather than mutually exclusive. AP2 can wrap x402 as its stablecoin payment rail. ACP's SPTs can wrap Visa and Mastercard agent tokens. PayPal bridges all three through its ACP Server. The emerging stack layers authorization (AP2) on top of commerce orchestration (ACP) and crypto settlement (x402).

---

## PCI Compliance Implications for Agent Commerce

Agent commerce introduces a new PCI compliance question: if an agent initiates a payment, who bears PCI DSS responsibility?

The answer from all three protocol families is consistent: **agents must never touch PCI-scoped data**. The architectural approaches differ, but the principle is the same:

- **ACP/SPT model**: Stripe holds the PCI burden. Agents receive only SPT identifiers (opaque tokens). Merchants receive cloned payment methods scoped to their account. Raw PANs never traverse the agent layer.

- **AP2 model**: The Credentials Provider role is architecturally separated from the Shopping Agent. Payment credentials flow directly from the Credentials Provider to the Merchant Payment Processor. The agent orchestrates the transaction but never handles credential data. AP2 additionally requires that Payment Mandates carry agent-presence signals to issuers, enabling networks to apply agent-specific risk rules.

- **x402 model**: No card data exists in the system. Payments are on-chain stablecoin transfers signed by the agent's wallet key. PCI DSS does not apply to stablecoin transactions.

For payment and fintech teams evaluating agent commerce, the practical implication is that existing PCI compliance programs do not need fundamental restructuring. The tokenization and credential isolation patterns in SPTs and AP2 VDCs align with current PCI DSS v4.0 requirements for token-based payment flows. However, organizations should document the agent as a new actor in their cardholder data flow diagrams and ensure that agent platforms are included in third-party risk assessments.

Card networks are also adapting their authorization messaging. AP2's Payment Mandate includes agent-presence signals that networks and issuers can use for risk decisioning -- a new data field that existing fraud models will need to incorporate. Visa's Intelligent Commerce and Mastercard's Agent Pay both define agent-specific token types that issuers can flag for differentiated authorization rules.

---

## Frequently Asked Questions

**Can an AI agent store my credit card number?**

No. All three major agentic commerce protocols (ACP, AP2, x402) are designed so that agents never see, store, or transmit raw card credentials. ACP uses SharedPaymentTokens (opaque references resolved by Stripe). AP2 separates the Credentials Provider from the Shopping Agent architecturally. x402 does not use cards at all -- it uses stablecoin wallets.

**What happens if an agent makes a purchase I did not authorize?**

Under ACP, each SPT requires buyer action (clicking "Buy") and is scoped to a single merchant and amount. Under AP2, Intent Mandates and Cart Mandates create a cryptographic audit trail proving exactly what the user authorized. If a transaction falls outside the mandate's constraints, the mandate chain provides non-repudiable evidence for dispute resolution. Standard chargeback rights through card networks remain available.

**How do card networks know a transaction was initiated by an AI agent?**

AP2's Payment Mandate includes agent-presence signals appended to the authorization message sent to networks and issuers. Visa Intelligent Commerce and Mastercard Agent Pay use purpose-built agent-bound tokens distinct from standard card-on-file tokens. These signals allow issuers to apply agent-specific risk scoring and potentially require step-up authentication (e.g., 3D Secure) for agent-initiated transactions.

**Does agentic commerce work with PIX or other real-time payment methods?**

Not yet for most protocols. AP2 currently supports only card (pull) payments, with PIX and other real-time bank transfers on the V1.x roadmap. The challenge is that PIX requires payer-initiated authentication at the bank level, which an agent cannot complete autonomously. AP2's Transaction Challenge Flow provides a framework for redirecting to the user's trusted device, similar to 3D Secure. Mastercard Agent Pay is expanding into Latin America in 2026, but initial support focuses on card rails.

**How does x402 handle payments without a credit card?**

x402 uses USDC or USDT stablecoins on blockchain networks (primarily Base and Solana). The agent holds a funded crypto wallet and signs transfer authorizations directly. Settlement happens on-chain in under 2 seconds with no intermediaries. This makes x402 ideal for micropayments (as low as $0.001) and fully autonomous agent-to-agent transactions, but it requires users to have stablecoin balances rather than traditional payment methods.

**Will these protocols consolidate into a single standard?**

The trend points toward interoperability rather than winner-take-all consolidation. PayPal already bridges ACP, AP2, and A2A through its ACP Server. Stripe's SPTs wrap Visa and Mastercard agent tokens. AP2 integrates x402 as its stablecoin payment rail. Google's Universal Commerce Protocol (UCP), with 20+ partners including Visa, Mastercard, Stripe, and Adyen, is designed as the commerce orchestration layer above AP2. The practical outcome for merchants is that supporting one or two of these protocols (likely through a PSP like Stripe, Adyen, or PayPal) will provide coverage across the majority of agent-initiated transactions.

---

## Sources

- Stripe, "Introducing the Agentic Commerce Suite," stripe.com/blog/agentic-commerce-suite
- Stripe, "SharedPaymentToken Documentation," docs.stripe.com/agentic-commerce/concepts/shared-payment-tokens
- Stripe, "Agentic Commerce Protocol Specification," docs.stripe.com/agentic-commerce/protocol/specification
- Stripe, "Supporting additional payment methods for agentic commerce," stripe.com/blog/supporting-additional-payment-methods-for-agentic-commerce
- Google Cloud, "Announcing AP2," cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol
- AP2 Protocol Specification, ap2-protocol.org/specification/
- Google Developers Blog, "Universal Commerce Protocol (UCP)," developers.googleblog.com/under-the-hood-universal-commerce-protocol-ucp/
- Visa, "Intelligent Commerce," developer.visa.com/capabilities/visa-intelligent-commerce
- Visa, "Trusted Agent Protocol," developer.visa.com/capabilities/trusted-agent-protocol
- Mastercard, "Agent Pay in Latin America," mastercard.com/news/latin-america/en/newsroom/press-releases/pr-en/2025/december/mastercard-unveils-agent-pay-in-latin-america-and-the-caribbean
- Mastercard + Santander, "Europe's First Live Agentic Payment," mastercard.com/news/europe/en/newsroom/press-releases/en/2026/
- PayPal, "Agentic Commerce Services Launch," newsroom.paypal-corp.com/2025-10-28-PayPal-Launches-Agentic-Commerce-Services-to-Power-AI-Driven-Shopping
- PayPal, "Agent Payments Protocol Blog," developer.paypal.com/community/blog/PayPal-Agent-Payments-Protocol/
- x402 Protocol, x402.org
- Coinbase, "x402 Developer Documentation," docs.cdp.coinbase.com/x402/welcome
- Orium, "Agentic Payments Explained: ACP, AP2, x402," orium.com/blog/agentic-payments-acp-ap2-x402