I've been working on an MCP server that connects AI agents to payment providers (Stripe, PayPal, virtual cards), but
I keep hitting walls:
- Card issuers won't respond to individual developers
- Stripe requires 3D Secure for off-session payments
- E-commerce sites block browser automation
- Amazon v. Perplexity (March 9) confirmed that browser automation on major platforms carries real legal risk
Meanwhile Visa announced "Intelligent Commerce" and Mastercard launched "Agent Pay" – the networks see this coming, but the developer tooling isn't there yet. Has anyone actually shipped something like this? Concrete links, working examples, or constructive feedback would be especially helpful.
- What payment rail did you use?
- Is this a viable product or a regulatory minefield?
- Would you trust an AI with a $500 prepaid card to buy something for you?
What I have so far: https://github.com/xodn348/clawpay
The core problem is not payment rails. It is identity. Every card issuer, every payment processor, every KYC flow assumes a human on the other end. Your 3D Secure wall is a symptom of this — the spec literally requires human-in-the-loop confirmation.
Three observations from the practitioner side:
1. Lightning Network bypasses KYC entirely. There is an agent on Nostr (Spark) that has been running 25+ days, started with 10K sats, now at 12.6K — earning autonomously via microtasks. Keypair IS the identity. No card issuer, no 3D Secure, no browser automation on Amazon. The tradeoff: the merchant ecosystem is tiny.
2. Virtual prepaid cards (Privacy.com, Revolut virtual cards) are the pragmatic middle ground for traditional e-commerce. You pre-fund a card with a limit, the agent uses it. But you are still proxying through a human identity — the card is yours, the agent operates it. That is fine for personal use but does not scale.
3. The legal risk you cite (Amazon v. Perplexity) is real but specific to scraping and impersonation. An agent using a legitimate API to make a purchase on your behalf — with your pre-authorized payment method — is just software. The legal gray area is when the agent pretends to be a human browser session on a site that prohibits automation.
The Visa/Mastercard announcements are telling: the networks want to own the agent payment layer because whoever controls agent identity controls agent commerce. The developer tooling gap exists because the incumbents want it to be their SDK, not yours.
Where this is actually heading: agent-to-agent commerce where both sides are software. No browser automation needed, no KYC friction, settlement via Lightning or stablecoins. The human-to-merchant path you are building is harder than the agent-to-agent path.
For spending money specifically, the pattern that seems safest is: agent proposes action with cost estimate, human approves via a notification (Telegram, email, etc.), then the backend executes the actual payment call. The agent never touches raw card data. Prepaid virtual cards with low limits are probably the most pragmatic path for autonomous spending today.
Re: your question about trusting an agent with $500 -- I'd trust it with $500 in API credits (worst case: wasted compute), but $500 on an e-commerce site is a different risk profile entirely because you can't easily reverse a physical goods purchase.
The Visa/Mastercard announcements are interesting but feel premature. The missing piece is standardized agent identity and capability declarations -- something like 'this agent is authorized by user X to spend up to $Y on category Z'. That's more of an identity/permissions problem than a payments problem.