MemeScope

The home of hype economics

Payments

Crossmint Launches Visa API for AI Agent Payments

ByJohan Shamshad

May 28, 2026 #Crossmint
Trust Wallet Browser Extension Incident What the $6–7 Million Hack RevealsTrust Wallet Browser Extension Incident What the $6–7 Million Hack Reveals

Visa’s Agentic Payments Push Turns AI Commerce Into a Card-Network Fight

Crossmint has launched a public API that lets developers enable eligible US Visa cardholders to use tokenized card credentials inside AI agent systems, marking another step toward mainstream payment infrastructure for autonomous software.

The launch uses Visa Intelligent Commerce and Basis Theory’s credential-vaulting infrastructure. Crossmint said the API allows developers to connect eligible US-issued Visa credit and debit cards to agentic payment flows, subject to issuer approval and applicable controls.

The product targets a growing gap in AI commerce: agents can search, compare, negotiate and complete tasks, but payments have remained awkward. In many cases, developers have relied on unsafe workarounds, including exposing raw card numbers or CVCs inside tools or agent workflows. Crossmint cited a review of published OpenClaw skills that found exposed card credentials in 7.1% of cases.

Under Crossmint’s setup, users can create tokenized credentials linked to existing Visa cards through Visa Intelligent Commerce Connect. Card numbers and CVCs are protected through tokenization and vaulting, while spend limits are used to restrict what agents can do.

Crossmint said this reduces the need for AI developers to handle sensitive payment data directly. Basis Theory acts as the credential layer, vaulting real card numbers, CVCs and tokenized credentials outside the agent environment.

“The agentic economy has been missing its most basic piece of infrastructure: a secure, open payment layer that can work for every agent, on every platform,” Crossmint Co-Founder Alfonso Gómez-Jordana Mañas said.

The launch also extends into lobster.cash, Crossmint’s agent-payment product. Lobster.cash can be installed as a tool in agent platforms including Claude Code, OpenClaw, Hermes and Zo Computer, allowing agents to make payments through scoped credentials rather than raw card data.

Visa framed the launch around consumer control. Tanner Riche, VP of Growth Products and Partnerships at Visa, said agent-driven payments require clear limits without exposing underlying card details.

Basis Theory, which has PCI Level 1 compliance and SOC 2 certification, provides the compliance-heavy layer behind the flow. It keeps sensitive payment data outside the agent environment and gives agents only the scoped permission needed for a specific transaction.

“Secure agentic payments require the same PCI-compliant infrastructure that underpins the broader payments ecosystem,” Basis Theory Co-Founder and CEO Colin Luce said. “Crossmint is built on that foundation. Agents transact. Credentials stay vaulted. That’s the standard every agentic payment layer should be held to.”

For developers, the practical pitch is simple: agents can pay without seeing the card.

For payment networks, the stakes are larger. If AI agents become a major interface for shopping, travel booking, business procurement or software purchases, payment credentials may move from human checkout pages into delegated agent systems. That shift creates new risks around authorization, fraud, consent, refunds and compliance.

Crossmint’s bet is that developers will not want to build that stack themselves.

Crossmint’s Visa API Shows the Agent Economy Still Needs Old Payment Rails

Here’s the weird part.

The future of AI commerce is being sold like a clean break from the old internet. Agents will shop for us. Book flights. Buy software. Hire other agents. Handle annoying business workflows while we sleep.

Then you look under the hood.

It still needs Visa.

That is not a knock. It is the whole story.

Everyone wants agentic commerce to feel futuristic, but the hard part is boring: credentials, limits, fraud controls, issuer approval, PCI compliance, vaulting, chargebacks, merchant acceptance. Not sexy. Very necessary.

And Crossmint seems to understand that better than most.

A lot of agent-payment demos feel like theater. Cute flows. Nice GIFs. An agent buys a coffee or books a hotel. Fine. But the second raw card credentials touch the wrong agent tool, the whole thing gets ugly.

This is where the OpenClaw stat matters. Exposed card credentials in 7.1% of reviewed published skills is not a rounding error. That is “someone is going to get wrecked” territory.

I don’t care how good the agent is. If card numbers and CVCs are floating around plaintext workflows, the product is broken before it starts.

The Crossmint setup tries to solve that by putting a proper payment layer between the agent and the card.

Agent gets scoped permission.
Credentials stay vaulted.
User sets limits.
Issuer controls still matter.
Visa rails do the boring heavy lift.

That is the correct direction.

But it also exposes the biggest lie around agentic commerce: agents are not ready to be fully trusted economic actors. Not yet.

They need cages.

Spend limits are cages. Tokenized credentials are cages. Approval flows are cages. Vaulting is a cage. PCI infrastructure is a cage.

Good.

Because agents are still prompt-injection magnets. They can misunderstand instructions. They can be manipulated by webpages. They can overpay. They can click the wrong thing. They can leak context. They can do exactly what they were told and still cause damage because the instruction chain was poisoned.

So when Visa says consumers need control and security, that is not corporate filler. That is the baseline.

Without that, agent payments become a fraud buffet.

The interesting angle is Crossmint’s positioning. It is not just trying to be a wallet company. It is trying to be the payment middleware for agents across platforms.

Claude Code. OpenClaw. Hermes. Zo Computer. Whatever comes next.

That matters because agent platforms are fragmented. Nobody knows which interface wins. Maybe users live inside coding agents. Maybe browser agents dominate. Maybe vertical agents handle travel, procurement, tax, shopping or support. Maybe it all splinters.

Crossmint is betting the payment layer can sit underneath all of them.

I like that bet.

Not because it is risk-free. It is not. But because the payments layer is where the pain is real. Developers do not want to become payment-security experts just to let an agent buy cloud credits or book a flight.

The API pitch is basically: don’t touch the card data.

That is powerful.

And very old-school.

The irony is thick. Crypto-native companies spent years trying to route around card networks. Now agentic commerce may drag them right back to Visa and Mastercard because merchant acceptance still matters.

Stablecoins are useful. No doubt. They are faster in some flows, cleaner cross-border, and better for certain machine-to-machine settlement cases. But when an agent needs to pay a mainstream merchant today, cards still win.

That is why lobster.cash supporting both card and stablecoin rails is the more interesting piece. It is not ideological. It is practical.

Use cards where cards work.
Use stablecoins where stablecoins work.
Do not pretend one rail eats everything tomorrow morning.

That is how real infrastructure gets built.

The broader fight is obvious. If AI agents become a real commercial channel, the card networks will compete hard for default status. Visa wants issuer relevance inside agent-driven shopping. Mastercard wants the same. Payment processors want their cut. Wallets want identity and authorization. Stablecoin issuers want settlement. Agent platforms want user lock-in.

Messy stack.

Real money.

The winner will probably not be the company with the flashiest demo. It will be the one that makes merchants, issuers, developers and users feel like the agent is not a liability.

That is the boring moat.

Crossmint has a shot because it is attacking the exact point where agent workflows break: payment authorization.

But I would not overhype it.

The launch is US-issued Visa cards only, and eligibility depends on issuer approval and controls. That means this is not universal agent commerce. Not yet. It is a controlled rollout into a narrow but important lane.

Also, developers still need users to trust agents enough to delegate payment authority.

That is a big ask.

People already get nervous saving cards in random apps. Now imagine telling them: “Give your AI agent a payment method and let it transact for you.”

Even with spend limits, that trust curve will be slow.

The first real adoption may come from low-risk, repeatable transactions.

Renew this subscription.
Buy more credits.
Order this standard item.
Pay this invoice under $200.
Book the cheapest flight within these rules.
Reorder supplies from approved vendors.

Not “agent, go manage my entire financial life.”

That comes later, maybe.

The bigger commercial question is where liability lands when an agent does something stupid.

If a user authorizes an agent with a $500 limit and the agent buys the wrong product, who eats that? The user? The merchant? The agent platform? The payment layer? The issuer?

Nobody likes that question.

But it decides adoption.

Payments are not just movement of money. They are dispute systems. Trust systems. Risk allocation systems.

That is why the card networks are still here.

Crypto people hate that answer. Doesn’t matter. It is true.

What Crossmint, Visa and Basis Theory are building is less about “AI can pay now” and more about making agent payments legible to the existing financial system.

Vaulted credentials.
Scoped permissions.
Issuer approval.
Transaction controls.
PCI separation.

That is not disruption cosplay. That is integration.

And integration is probably how agent commerce actually ships.

My read: this is early, but important. Not because every agent will suddenly start spending through Visa tomorrow. They won’t. But because the agent economy cannot scale on hacked-together credential sharing.

The plaintext-card era has to die fast.

If Crossmint can become the layer developers plug into instead of building unsafe payment hacks, it has a real wedge.

The only thing I’d watch closely: whether usage follows the infrastructure.

Announcements are cheap. Agent-payment volume is the receipt.

The clean test is simple.

Do developers actually integrate this?
Do users actually authorize cards?
Do agents complete real transactions without support nightmares?
Do fraud rates stay sane?
Do issuers stay comfortable?

If yes, this becomes one of those quiet infrastructure shifts people underestimate.

If no, it becomes another polished agentic-commerce demo with no checkout gravity.

Right now, I’d call it a serious move.

Not a revolution.

A rail being laid.

 

Disclaimer

This article is for informational and educational purposes only and does not constitute financial, investment, trading, or legal advice. Cryptocurrencies, memecoins, and prediction-market positions are highly speculative and involve significant risk, including the potential loss of all capital.

The analysis presented reflects the author’s opinion at the time of writing and is based on publicly available information, on-chain data, and market observations, which may change without notice. No representation or warranty is made regarding accuracy, completeness, or future performance.

Readers are solely responsible for their investment decisions and should conduct their own independent research and consult a qualified financial professional before engaging in any trading or betting activity. The author and publisher hold no responsibility for any financial losses incurred.

Post Views: 1

By Johan Shamshad

Related Post

Payments

WYDE Launches $EAT Debit Card for Hunger-Relief Donations

May 17, 2026 Johan Shamshad
Payments

Offa Expands Home Finance Team as UK Islamic Property Market Growth Accelerates

May 14, 2026 Shane Neagle
Stablecoins Payments

Telcoin Launches On-Chain Bank Accounts in U.S. Through eUSD-Linked Wallet Infrastructure

May 9, 2026 Johan Shamshad

Leave a Reply

Your email address will not be published. Required fields are marked *