Five Agentic Payment Systems Went Live in Q1. The Fraud Rules Still Assume a Human Is in the Loop.

On March 17, Visa enrolled 21 European banks in its Agentic Ready program — Barclays, HSBC UK, Revolut, Commerzbank, and Santander among them. To prove the system worked, Santander ran a live test: a Spanish-issued Visa credential let an AI agent buy a book. Authorization, tokenized payment, and network settlement completed without a human touching anything.

Two weeks earlier, that same Santander had processed Europe’s first live agent payment through Mastercard’s Agent Pay — a separate protocol with its own identity model, its own token format, and its own security assumptions.

One bank, two live agent transactions, two systems that cannot talk to each other. That gap — not the novelty of an agent buying a book — is the actual story of agentic payments — and AI agent payments more broadly — in Q1 2026.

What Actually Shipped

Five distinct approaches to agent-initiated payments either launched or expanded significantly in the first quarter. Each makes different assumptions about identity, settlement, and trust — and those differences are architectural, not cosmetic.

Visa built Agentic Ready on its existing security stack: tokenized card numbers, biometric authentication linking tokens to verified cardholders, and issuer-set spending controls that let consumers define what agents can and cannot do in advance. “As AI agents increasingly shape how people shop and buy, payments need to keep up,” said Mathieu Altwegg, Visa Europe’s head of product and solutions. The 21 enrolled banks will run agent transactions in production-grade test environments alongside selected merchants during Phase 1. Visa already has more than 100 partners in its broader Intelligent Commerce sandbox, with expansion beyond Europe planned.

Mastercard’s Agent Pay uses Agentic Tokens — credentials tied to authorized agent interactions that were rolled out to all U.S. cardholders by November 2025. The Santander test in March moved the system from controlled environments into regulated European banking for the first time. Matias Sanchez, Santander’s global head of cards and digital solutions, described the bank’s approach as “shaping responsible adoption of this technology from inside the system.”

Coinbase took a fundamentally different path. Its Agentic Wallets, launched February 11 on the x402 protocol, processed more than 50 million transactions by early March. Brian Armstrong’s argument for the crypto approach was blunt: “AI agents cannot open bank accounts because they cannot satisfy Know Your Customer requirements.” An agent wallet bypasses this entirely — it can be generated from private keys with no identity verification. On the Base network, gasless trading removes the friction that would make high-frequency agent transactions impractical. Armstrong posted on March 9 that “very soon there will be more AI agents than humans making transactions” — and that those transactions will run on crypto.

Stripe entered through x402 as well, enabling machine payments via USDC on Base. Its Agentic Commerce Protocol, co-developed with OpenAI and powering ChatGPT’s Instant Checkout, introduced Shared Payment Tokens — scoped, time-limited, revocable credentials that give agents payment access without exposing the underlying card. By March, Affirm and Klarna had both integrated buy-now-pay-later through those tokens. PayPal went a different direction, connecting Agent Ready to ChatGPT so agents can initiate purchases through existing PayPal accounts.

These five systems aren’t competing products in the usual sense. They represent competing assumptions about how agent identity, liability, and money movement should work. Visa and Mastercard start from the card network premise: trust, fraud protection, existing merchant acceptance, regulatory familiarity. Coinbase and Stripe start from the stablecoin premise: programmable wallets, instant settlement, no KYC gatekeeping. A developer building payment integrations today can’t just pick one — they’re choosing between fundamentally different architectures for how agents will transact.

Eleven Parties, No Referee

The complexity isn’t just protocol-level. It’s structural.

In a traditional card payment, four or five parties handle the transaction: cardholder, issuer, acquirer, merchant, and the network routing between them. Add a consumer’s AI agent, and that count jumps to six. Introduce a digital wallet with staged funding — the kind of arrangement Google Pay and Amazon Pay use — and you’re at eight or nine, because funding and payment processing split into separate steps with separate processors.

Now add a merchant-side agent. That agent needs its own acquiring relationship, its own issuer, its own identity verification. As QED Investors’ Amias Gerety observed in his analysis of agent payment complexity: “Do you think that the merchant’s existing merchant acquirer is going to be comfortable with AI agents? It would be fun to live in that future, but that’s unlikely.”

The party count climbs past eleven. Every additional participant introduces a new point where liability is undefined.

This matters because the fraud frameworks governing these transactions were designed for a world where a human initiates every purchase. The chargeback scenario is the clearest illustration: a consumer tells their bank, “I didn’t buy that — the agent did.” The agent followed its instructions. The merchant’s system confirmed acceptance of terms. Who absorbs the loss? Walk it further — an agent buys a service, the service underdelivers, the consumer disputes, but the merchant argues the agent confirmed acceptance. The consumer says they never reviewed the terms. The issuer has no precedent for adjudicating the claim. No existing framework resolves this.

A Consumer Bankers Association white paper published in January 2026 — with contributors from Bank of America, JPMorgan, PNC, Google, Stripe, Visa, and Mastercard — identified the exposure: under the Electronic Fund Transfer Act (EFTA), consumers who voluntarily grant an “access device” to an AI agent may bear liability for its mistakes. That’s a legal theory, not tested case law. And it assumes the consumer understood what access they were granting, which gets shakier as agent capabilities grow more autonomous.

The fraud threat itself is shifting. Visa has reported a significant increase in dark web tooling designed specifically for AI agent exploitation. The attack surface is moving from stolen credentials to hijacked agents — malware that subtly distorts agent behavior so that the agent technically follows its preset rules while acting against the user’s actual intent. High-frequency, small-value abuse can run for weeks before fraud teams notice a pattern.

Four competing authorization standards exist — Mastercard’s Agentic Tokens, Visa’s Trusted Agent Protocol, Google’s Cryptographic Mandates, and various x402-based approaches — and none of them interoperate. A “Know Your Agent” standard is in development, mirroring KYC frameworks for machines, but it doesn’t exist yet. No major regulator — not the FCA, not the SEC, not PSD2’s Strong Customer Authentication framework — has addressed what happens when financial transactions are conducted by software rather than people.

Building for a Mess

The honest planning assumption for anyone building payment integrations right now: neither the card network approach nor the stablecoin approach is going to win outright. They’ll coexist.

Card networks have merchant acceptance, regulatory familiarity, and decades of fraud protection. But a 30-cent fixed fee per transaction makes micropayments uneconomical, and settlement timelines measured in days don’t match agent transaction speeds. Stablecoin settlement handles fractions-of-a-cent transactions at machine speed — the x402 protocol has already reached $600 million in annualized volume. But the AI developer community remains broadly skeptical of crypto. Sean Neville, co-founder of both Catena Labs and Circle, attributed it to the association with “memecoins and Ponzi schemes.” That skepticism is real even as AI crypto payments gain traction as a distinct use case for machine-to-machine settlement.

Erik Reppel, Coinbase’s head of developer platform engineering and founder of the x402 protocol, framed the stakes higher: “I think the thing people haven’t quite realized is that we’re going to break the fundamental economic model of the internet, moving from browsers and you visiting the website of the person who’s publishing content, to consuming things through your agents and your chat interface.”

Capital is flowing into the space between these competing visions. Catena Labs raised $18 million from a16z to build agentic finance tooling. Skyfire pulled in $9.5 million for agent identity systems. Payman AI raised $13.8 million with Visa and Coinbase Ventures both participating — a notable signal that card networks and crypto platforms recognize they need bridges. Kite AI raised $35 million from PayPal and General Catalyst for agent-specific payment systems. Enterprise platforms are building their own responses: ServiceNow’s AI Control Tower concept for banking offers real-time visibility and reasoning chain tracking for agent actions, while Mastercard’s Virtual C-Suite is rolling out agent financial services through existing banking partners and accounting platforms rather than replacing those channels.

What’s conspicuously absent: the connective tissue. Cross-protocol interoperability. Real-time policy enforcement that works across competing standards. Agent identity registries. Audit systems that produce a coherent trail regardless of whether the settlement happened via Visa, x402, or a programmable wallet.

AgentPMT operates on x402 and x402Direct smart contracts on Base, with blockchain wallets for every agent and a Dynamic MCP that lets agents discover and pay for tools across providers without being locked to a single payment system. Per-agent budgets and full audit trails for every tool call and transaction address the accountability gap that regulators will eventually require. It’s one approach to the interoperability problem — prioritizing cross-platform access and governance over betting on a single settlement method.

But the broader tension remains. Five major payment networks shipped agent payment capabilities in Q1 2026, each building as fast as possible for first-mover advantage. Regulators are quiet because the transaction volumes are still small enough to ignore — though Gartner projects over 40 percent of agentic AI projects will be cancelled by end of 2027 due to escalating costs or inadequate risk controls. The distance between what’s technically possible and what’s actually governed keeps widening with every new protocol that ships.

The debate for teams building payment systems has moved past whether agentic payments work. Santander proved they do, twice, through two incompatible systems in the span of two weeks. Whether the audit, liability, and interoperability infrastructure catches up before the first major fraud event or regulatory crackdown forces a painful consolidation depends entirely on how fast the governance builders move. Right now, the protocol builders are winning.

---

Sources

• Visa Launches Agentic Ready Program to Help Banks Test AI Payments — PYMNTS
• Mastercard and Santander Complete EU’s First Agentic Payment — PYMNTS
• Santander and Mastercard Complete Europe’s First AI Agent Payment — Santander
• Stablecoins Are the Secret to Agentic Finance (AI Developer Skepticism Notwithstanding) — CoinDesk
• Brian Armstrong Says AI Agents Cannot Open Bank Accounts — FinTech Weekly
• Mastercard Virtual CFO for Small Businesses — Fortune
• AI Agent Payment Solutions in 2026, Compared — Privacy.com
• AI Agents and the Future of Agentic Payments — QED Investors
• Agentic Payments Are Rewriting Spend Management From Scratch — Apideck
• Agentic AI Pushes Banks to Fix Security, Data and Decision Rights — PYMNTS