JACQUES DEMARTHON/Getty images
On July 2, Cross River Bank and Stripe announced a formal collaboration to deliver bank-grade card issuance infrastructure designed specifically for AI agents — virtual, single-use cards that let autonomous software spend money without ever touching a user’s underlying payment credentials. The announcement is the latest concrete signal that the payment industry is not waiting for autonomous AI commerce to mature before building for it. The rails are being laid now.
Autonomous AI agents — programs that plan, act, and complete tasks without a human approving each step — have been arriving in production for two years. They book meetings, write code, and manage infrastructure. What they still could not do, until very recently, was pay for things on their own. That constraint is dissolving. At Stripe Sessions 2026 on April 29, the payments company announced 288 new products centered on a single architectural thesis: the payment infrastructure built for humans cannot serve machines, and agents need their own rails.
The practical consequence for merchants, developers, and anyone who uses an AI assistant is significant: within the next two to three years, a substantial share of online transactions may be initiated not by people, but by software acting on people’s behalf — at speeds, frequencies, and price points no existing billing system was designed to handle
Why Payment Infrastructure Built for Humans Fails AI Agents
Every element of modern payment infrastructure assumes a human is in the loop. Credit cards require a billing address entered by a person. Subscription billing assumes monthly cycles that map to human decision rhythms. Even the most sophisticated payment APIs presuppose that somewhere in the chain, someone is initiating or approving the transfer of money
AI agents expose the absurdity of these assumptions at speed. An agent consuming API tokens at millisecond intervals cannot wait until month-end for a billing statement. A multi-agent workflow — where one AI hires another to complete a subtask — cannot reach for a credit card. And the economics are equally broken: a business that offers an AI product incurs compute costs the instant tokens are consumed, but collects revenue on a monthly lag. The ideal model would settle payment per token, in real time. Card rails cannot do this. Transaction fees alone would exceed the payment value at sub-cent scale, and the velocity — millions of settlements per second across a large AI product — would collapse any billing system built for human purchasing patterns.
This is not a niche engineering problem. Forrester analysts who assessed Sessions 2026 described the situation plainly: payments are evolving from transaction infrastructure for humans into programmable, continuous infrastructure for machines. The question is not whether this transition happens, but who builds the layer that makes it work
How the HTTP 402 Code That Waited 30 Years Finally Got Its Protocol
The most technically significant development in the agentic payment stack is one that has been hiding in plain sight since 1997
When the architects of the World Wide Web wrote the HTTP specification, they reserved status code 402 — “Payment Required” — as a placeholder for a future micropayment layer that would let websites charge for individual page loads or data requests. The vision was precise: small fractions of a cent, settled automatically, for any resource on the web. The technology to make it work didn’t exist. Card networks couldn’t handle sub-cent transactions. No one could pay for a page view without clicking through a checkout flow. The 402 code sat dormant for 28 years.
In May 2025, Coinbase activated it
The x402 protocol — contributed to the Linux Foundation’s x402 Foundation in April 2026 — implements the 402 response as a four-step payment handshake embedded directly in standard HTTP. When an AI agent requests a paid resource, the server responds with HTTP 402 containing machine-readable payment instructions: the price, the accepted stablecoin, the blockchain network, and the destination wallet. The agent signs a USDC payment authorization, retries the request with the proof attached, and a facilitator verifies the on-chain settlement. The server returns the resource. Total round-trip time on Base, Coinbase’s Layer 2 blockchain: roughly two to four seconds. Transaction cost: approximately $0.0001.
No accounts. No API keys. No billing dashboard. No human in the loop
The reason this now works when it failed for three decades is not a better version of the same technology. It is a categorically different kind of buyer. The barrier to micropayments was never technical — it was psychological. Humans experience what economists call mental transaction cost: the cognitive friction of deciding whether to spend money, however small the amount. An article behind a one-cent paywall generates as much hesitation as a $10 subscription, because the decision itself is the cost. AI agents have no mental transaction cost. A payment is a function call. The agent evaluates whether the resource is needed, executes the payment, and continues. That is why the same 402 code that failed for three decades works now.
Read more:Cloudflare Separates AI Crawlers by Purpose and Opens Door to Charging Them Directly
How Stripe’s Machine Payments Protocol Adds a Session Layer
x402 settles each request independently — one payment per API call. That works for isolated, low-frequency transactions. But it breaks down for the kind of continuous, high-throughput agent activity that AI companies actually need to bill for: a coding agent consuming compute across hundreds of function calls in a single session, or a streaming AI product whose token consumption runs at machine speed for hours.
The Machine Payments Protocol — co-authored by Stripe and Tempo and launched on Tempo’s mainnet on March 18, 2026 — extends the same HTTP 402 pattern with a session layer. Rather than settling each request on-chain individually, an agent pre-authorizes a spending limit against a funded wallet — analogous to opening a tab at a bar — and then streams micropayments continuously as resources are consumed. Transactions accumulate off-chain and batch-settle on the blockchain at intervals, which reduces per-transaction latency to under 100 milliseconds and eliminates per-request gas fees.
The critical design difference from x402 is payment-method agnosticism. x402 is blockchain-native: it settles in USDC on-chain, full stop. MPP supports stablecoins on Tempo, but also fiat payment methods — credit cards, debit cards, and buy-now-pay-later services like Klarna and Affirm — through Stripe’s Shared Payment Tokens. An SPT is a scoped, time-limited, context-bound authorization: the agent receives a token that specifies exactly which merchant it can pay, for how much, and within what time window. The agent’s underlying payment credentials are never exposed. When the session closes or the spending limit is reached, the token expires.
Tempo itself is a Layer 1 blockchain purpose-built for payments, co-developed by Stripe and investment firm Paradigm. Its architecture deliberately prioritizes the constraints that payment settlement requires — fast finality, low fees, high throughput — rather than the generalized programmability of Ethereum or the speculative dynamics of public token markets. Ethereum’s confirmation times, typically 12 to 15 seconds per block and often requiring multiple blocks for finality, are structurally incompatible with agent-speed commerce. Tempo is built to settle payments, not to support decentralized finance.
At Stripe Sessions 2026 in April, Stripe expanded the Agentic Commerce Suite to include partnerships with Google, Meta, OpenAI, and Microsoft, giving merchants a single integration point through which they can sell products inside AI applications across all four ecosystems. Merchants upload their product catalogs once, select which agents they want to sell through, and Stripe handles discovery, checkout, payments, and fraud detection.
How AI Agents Pay Without Touching Your Credit Card
The wallet architecture is the part of this system that directly affects every consumer who uses an AI assistant
Stripe’s Link agent wallet — which serves more than 250 million users globally — now allows users to grant agents the ability to pay on their behalf. When an agent needs to make a purchase, Link issues a single-use virtual card scoped to that specific transaction. The agent presents this card to the merchant. The user’s actual payment credentials — the card number, the billing address, the CVV — are never visible to the agent or to the merchant’s checkout flow. Full purchase history is visible in the user’s Link account, and spending limits and transaction approval requirements can be set before the agent is deployed.
The Cross River Bank collaboration announced on July 2 formalizes the banking infrastructure underlying this architecture. Cross River’s regulatory backbone — compliance with card network rules, anti-money laundering standards, and know-your-customer requirements — runs beneath the single-use virtual card issuance. This is what separates an engineering prototype from deployable financial infrastructure: the card network compliance, regulatory accountability, and fraud liability frameworks that govern every transaction.
Privy — a Stripe company — serves a parallel function in the stablecoin layer, distributing USDC wallets to AI agents for use in Tempo-based micropayment flows. Bridge, a stablecoin orchestration platform Stripe acquired, handles issuance and cross-border settlement. The combined stack — Tempo for blockchain settlement, Privy for wallets, Bridge for orchestration, Stripe for on- and off-ramps and traditional payment processing, Cross River for bank-grade card issuance — is designed so that neither the agent nor the developer needs to understand what is happening at the blockchain level. Stablecoins, in this architecture, are not a consumer product. They are a back-end optimization: faster to settle, cheaper to move, and programmable in ways that card networks are not.
What Merchants Need to Build Before Their Customers Become Machines
The emergence of agentic commerce is creating a new category of merchant that did not exist two years ago: businesses with no storefront, no checkout page, and no human customer. Their entire commercial surface is an API that AI agents query, evaluate, and transact with programmatically
For traditional merchants, the optimization question is no longer about conversion rate on a checkout page. It is about what some practitioners are calling Agent Experience: how legible, trustworthy, and frictionless a merchant’s API is to an autonomous buyer. Agents have no brand loyalty. They have perfect price sensitivity. They will not return to a merchant whose catalog is not machine-readable, whose pricing is not programmatically queryable, and whose checkout does not support Shared Payment Tokens or MPP. The merchants who make themselves agent-readable first will have an inherent structural advantage in an economy where agents are doing the shopping.
Stripe’s Agentic Commerce Protocol — an open standard co-developed with OpenAI — establishes a shared technical language for how agents and merchants exchange information about availability, pricing, and fulfillment. A merchant that implements it does not need to build a separate integration for each AI agent; one endpoint serves all compatible agents across the ecosystem. Major brands already onboarded to the suite include URBN (parent of Anthropologie, Free People, and Urban Outfitters), Etsy, Coach, Kate Spade, Ashley Furniture, and Nectar.
Streaming Payments: How Stripe Solves the Token-Billing Lag
The economics of AI product companies have a specific, well-understood structural problem: compute costs are incurred the instant tokens are consumed, but revenue arrives at the end of a billing cycle. A company with 100,000 active users each running 10,000-token sessions daily is absorbing millions of dollars in infrastructure costs before collecting a dollar in subscription fees. The ideal model — collect payment per token, in real time, as consumed — was technically impossible until streaming payments.
Stripe’s streaming payment system pairs Metronome — a usage-tracking platform that ingests AI consumption events (tokens, API calls) and calculates amounts due as they accrue — with stablecoin micropayments on the Tempo blockchain. Metronome knows when and where each token was consumed; Tempo settles the corresponding payment instantly. For the first time, an AI product company can structure its billing so that revenue arrives at exactly the moment the cost is incurred.
The Regulatory Gap Agents Are Already Falling Into
The infrastructure exists. The protocols are in production. The regulatory framework does not
An International Monetary Fund analysis published in April 2026 identified agentic AI payments as a material risk to consumer protection, market stability, and regulatory oversight. The core problem is structural: every consumer protection law governing payments — the Electronic Fund Transfer Act, chargeback rights, fraud liability frameworks — was written assuming a human initiates and a human approves each transaction. When an agent acts on behalf of a user within a delegated scope, and the agent exceeds that scope or is deceived by a fraudulent merchant, existing law provides no clear answer to who is liable.
The Consumer Bankers Association convened a two-day symposium in fall 2025 to examine this gap, concluding that the industry cannot wait for regulators to write the rules before deploying the infrastructure. Dispute resolution procedures, fraud liability assignment between agent developers and payment processors, and KYC/AML compliance in multi-agent workflows where no single human initiates the transaction — all of these require new legal constructs that do not yet exist.
Visa’s published analysis of agentic commerce threats identifies a specific fraud scenario that existing detection cannot address: a verified AI agent session controlled by a fraudster passes authentication checks while executing malicious transactions, because the agent’s behavior looks indistinguishable from a legitimate automated session. The same speed and lack of human variability that makes agents useful also makes them difficult to distinguish from a well-constructed bot.
Stripe’s Radar fraud system has been updated to distinguish legitimate agent-initiated transactions from fraudulent actors — the same system that protects payments for OpenAI, Anthropic, ElevenLabs, and Cursor. But the technical capability exists within silos. What does not exist is a shared standard for how agent identity is verified across ecosystems, how spending scope is communicated to merchants, and how disputes are resolved when an agent acts outside its mandate. The x402 Foundation, now under Linux Foundation governance, is pursuing standardization as a W3C web standard — a process that typically takes years.
Why Stripe Is the Dominant Infrastructure Provider for AI Commerce
Stripe processes more than $1.9 trillion in annual payment volume. Half the Fortune 100 and 78% of the companies on the Forbes AI 50 list already build their billing infrastructure on Stripe. The companies constructing the AI economy — OpenAI, Anthropic, and their cohort — largely built their payment infrastructure on Stripe before the agentic commerce question became urgent. When those companies add payment capabilities to their AI products, Stripe is the natural starting point.
But distribution alone does not explain the position. Stripe has spent fifteen years building for developers first — documentation, sandbox environments, webhook infrastructure, and API design that made payments legible to engineers who are not payment experts. In a world where AI agents are themselves becoming a kind of developer — calling APIs, deploying services, and constructing workflows autonomously — that developer-first identity is not incidental but architecturally advantageous.
The competitive landscape is intensifying regardless. Visa has launched its Trusted Agent Protocol. Mastercard’s Agent Pay is in early pilots. The x402 Foundation now includes Google, Visa, AWS, Mastercard, Circle, Microsoft, Shopify, and American Express as founding members — a coalition that signals no single company will own the agentic payments stack outright. Adyen is developing parallel infrastructure. Forrester’s assessment of Sessions 2026 was measured: Stripe’s advantage is less about technology and more about distribution across its developer ecosystem. As competitors replicate the same abstraction strategies, differentiation may shift from blockchain capabilities to developer experience, integration depth, and ecosystem reach.
What is not in dispute is the direction of travel. As of July 2026, the protocols are in production, the wallets exist, the stablecoin rails are live, and early merchants are integrating. The open question is no longer whether autonomous AI agents will transact economically on behalf of users. It is whether the liability, identity, and fraud frameworks can be built fast enough to protect those users when the agents make mistakes — and whether the users will know when to ask.
Frequently Asked Questions
How do AI agents make payments without human approval?
Protocols like x402 and the Machine Payments Protocol embed payment negotiation directly into standard HTTP requests. When an agent requests a paid resource, the server returns an HTTP 402 response with payment instructions; the agent signs a stablecoin payment, attaches the proof, and retries. The server returns the resource. No human clicks anything. The entire exchange takes two to four seconds. Spending limits, merchant restrictions, and time-bound authorization windows are pre-configured by the user before the agent is deployed — the agent operates within those bounds, but not beyond them.
What is the x402 protocol and why does it matter?
x402 is an open payment standard that implements the HTTP 402 “Payment Required” status code — a web specification reserved in 1997 but never used, because micropayments were impractical for human buyers. AI agents eliminate the psychological friction that made micropayments unworkable: they have no hesitation about paying fractions of a cent per API call. The protocol lets any server charge for a resource by returning a 402 response; the client pays in USDC stablecoin and receives access. As of June 2026, it had processed more than 160 million autonomous transactions.
What happens if an AI agent makes a purchase I didn’t authorize?
This is the central unresolved legal question in agentic commerce. Existing consumer protection law — including the Electronic Fund Transfer Act and standard chargeback frameworks — was written assuming a human initiates and approves each transaction. When an agent exceeds its delegated scope or is deceived by a fraudulent merchant, there is currently no settled legal answer to who bears the liability: the user, the agent developer, the payment processor, or the merchant. The IMF flagged this in April 2026 as a material risk to consumer protection. Stripe, Visa, and Mastercard are all building technical safeguards, but the legal framework has not caught up.
Is it safe to let an AI agent access my payment credentials?
Current implementations are designed to prevent the agent from ever seeing your actual payment credentials. Stripe’s Link agent wallet issues single-use virtual cards scoped to each specific transaction; the agent presents the virtual card, not your real card number. Shared Payment Tokens work similarly: they are time-limited, merchant-specific authorizations, not raw credentials. Cross River Bank’s architecture ensures that even these virtual cards are bound to the transaction context and cannot be reused or repurposed. The practical risk is not that an agent will steal your card number — it is that an agent operating with broad authorization may spend more than you intended, or be manipulated into a transaction by a malicious API endpoint. Setting explicit spending limits before deploying any agent with payment capabilities is the primary consumer mitigation.
ⓒ 2026 TECHTIMES.com All rights reserved. Do not reproduce without permission
Tags:AI AgentsStripe
Related:
Digital Automation Training Benin: 5 Winning Skills Employers Demand in 2026
WhatsApp Marketing Automation Africa: 6 Dangerous Mistakes Brands Make in Nigeria
Want to learn this practically?
Join Justfine Infotech and build real digital skills in AI, automation, web development, digital marketing, office productivity, e-commerce, freelancing and cybersecurity.
Available Programmes:
6 Weeks Certificate • 3 Months Professional Certificate • 6 Months Diploma • Full Professional Diploma
WhatsApp:
+229 01 57 57 99 15
+229 01 66 68 11 60
Source: www.techtimes.com



