Key Takeaways
- Crossmint publicly launched an agentic card payments API built on Visa Intelligent Commerce and Basis Theory
- Existing US-issued Visa cards can be tokenized and delegated to AI agents with strict, scoped limits, without exposing raw card numbers
- For ecommerce operators, it means transactions where an AI agent pays with a customer's card are now entering real payment flows
Crossmint releases its agentic card payments API
Crossmint, a leading stablecoin and wallet infrastructure provider, today announced the public launch of its agentic card payments API using Visa Intelligent Commerce and Basis Theory.
www.prnewswire.comOn June 2, 2026, Crossmint, a stablecoin and wallet infrastructure provider, formally launched a card payments API for AI agents. The API is built on Visa Intelligent Commerce and Basis Theory, letting developers use US-issued Visa credit and debit cards inside their own agent systems.
What stands out is that this shipped as general availability with production-ready developer docs, not as another sandbox experiment. Agents running on existing platforms such as OpenClaw, Claude Code, Hermes, and Zo Computer can now pay securely using a user's own Visa card. In other words, an AI agent shopping out of a human's wallet has started moving onto the card networks' sanctioned rails.
Why giving an agent a card was so hard
Even as AI agents became central to consumer and business products, payments remained the laggard. There was no widely adopted, card-network-compatible way for an agent to pay safely.
Developers filled that gap with ad-hoc approaches, such as passing raw card numbers or API keys straight into an agent's context or prompt. That sharply raises the risk of credential exposure and misuse. Crossmint's release cites a review of skills published on ClawHub, OpenClaw's skill marketplace, which found insecure credential handling in 7.1% of cases.
The core problem is autonomy. A model where a human types card details each time defeats the point of delegating shopping to an agent. But handing the agent a raw card number grants unlimited spending power. What was missing was scoped delegation, and until now that piece simply did not exist.
The role of Visa Intelligent Commerce
At the heart of this launch is Visa's Visa Intelligent Commerce (VIC). VIC is Visa's portfolio of initiatives for enabling secure, AI-driven commerce at scale, positioned as the layer that handles authentication, authorization, and settlement for agent payments.
The key is that what gets handed to the agent is not a raw card number but a tokenized credential. Through Visa Intelligent Commerce Connect, a user creates tokenized credentials linked to their existing Visa card. Each token is bound to a specific agent and context, and works only within issuer approval and the applicable controls.
Crucially, Visa verifies not just the card credential itself but also whether the agent has the authority to initiate that transaction. That makes safe, autonomous commerce possible without a human present for every purchase. Tanner Riche, VP of Growth Products and Partnerships at Visa, put it this way in the release.
As consumers begin to delegate tasks to AI agents, maintaining control and security in payments is critical. Visa Intelligent Commerce is designed to support these experiences by enabling solutions consumers can employ to authorize agent-driven payments with clear limits, without exposing their underlying card details.
Visa already disclosed in December 2025 that it had processed hundreds of production transactions initiated, authenticated, and completed entirely by AI agents. Crossmint's API is one implementation that makes that machinery callable by ordinary developers.
How a card gets issued and delegated to an AI agent
So how does a user's card actually become a card the agent can use? Across the networks' specifications, the delegation flow generally moves through these stages.
First, the user authenticates once and links their card to the agent. At the same time they set a policy: per-transaction cap, monthly cap, allowed merchant categories (MCC), and expiration. After setup, the agent can transact within that policy without per-transaction human approval. Transactions that fall outside the policy fail at the network level.
According to Crossmint's release, card numbers and CVCs are protected through tokenization and vaulting, and spend limits keep transactions scoped so the agent's visibility into raw card numbers is limited. This is least-privilege thinking applied to payments: give the agent only the permission it needs, only for the transaction at hand.
The delegation model can be summarized in three layers.
| Layer | Responsibility | Details |
|---|---|---|
| Authorization & delegation | User-defined policy | Per-transaction cap, monthly cap, allowed merchant categories (MCC), expiration |
| Credentials | Tokenization & vaulting | Raw card numbers and CVCs stay in the vault; the agent receives only scoped permissions |
| Execution & verification | Network-level checks | Verifies both the card credential and the agent's authority; transactions outside policy fail at the network level |
The advantage of this model is that the user can stay in control at all times. Crossmint Co-Founder Alfonso Gómez-Jordana Mañas said the agentic economy had been missing a secure, open payment layer that works for every agent on every platform, and that developers can now give agents a payment method that is scoped, under the user's control, and built on trusted payments infrastructure.
The credential layer powered by Basis Theory
Making the delegation model work hinges on where and how sensitive payment data is handled. That is Basis Theory's job.
Basis Theory is an independent payment vault with PCI Level 1 compliance and SOC 2 certification, and in this architecture it serves as the agentic credential layer. Sensitive data such as real card numbers, CVCs, and tokenized credentials is vaulted and handled independently of the agent environment. The agent receives only the scoped permission it needs for a given transaction.
This design lets AI developers using tokenized credentials avoid much of the complexity of PCI compliance. Per Basis Theory's developer docs, its platform can convert a Basis Theory token into an agentic credential such as Visa Intelligent Commerce or Mastercard Agent Pay. Co-Founder and CEO Colin Luce noted that tokenization has underpinned nearly every wave of payments innovation, and framed agentic commerce as its latest iteration.
In short, this launch rests on a clear division of labor: Visa (network and authorization), Basis Theory (credential vaulting and PCI), and Crossmint (the developer API and distribution). Crossmint has also embedded the capability in its own lobster.cash, which can be installed as a tool in platforms like Claude Code and OpenClaw.
What it means for ecommerce operators
So far this is infrastructure-side detail, but the implication for ecommerce operators is clear. The era in which an AI agent holding a customer's card shows up as a buyer in your payment flow has moved from experiment to implementation.
The first thing operators should check is whether their payment stack can cleanly accept transactions based on tokenized credentials. Agent transactions consist of tokens and scoped permissions, so legacy flows built around raw cards risk flagging legitimate agent transactions as fraud.
Just as important, the basis for dispute handling shifts. In VIC, the agent shares the outcome of a merchant purchase back to the platform as Commerce Signals, and those signals plus the user's instructions become inputs for dispute resolution. As agent-driven transactions grow, merchants will need dispute processes that account for these signals and the trail of authority. It is worth starting now to identify and properly accept agent transactions.
Conclusion
Crossmint's general availability of an agentic card payments API fills a long-standing gap, namely how to give an AI agent a card, by routing it through Visa's network and tokenization. Rather than handing over a raw card number, delegating a token with limits and scope is solidifying into an industry standard.
What to watch next is how far the current US-issued Visa scope expands across regions and card brands, and where the delegation models of Visa, Mastercard, and Amex converge. A future where agents routinely enter payment flows as buyers is no longer a hypothesis.
