Should You Trust an AI Agent With Your Credit Card?

On 27 May 2026, Robinhood offered its customers something that, a year earlier, would have looked reckless: create a virtual credit card and hand it not to a relative, but to a piece of software. An artificial intelligence gets its own card number, a monthly cap, and permission to buy. Not to recommend a product you then approve, but to buy, for real, passing the payment itself.

Two weeks later, on 10 June, Visa and OpenAI announced that payments can now leave straight from a conversation with ChatGPT, secured by tokenized banking credentials. The same day, Mastercard unveiled a way for agents to settle tiny amounts between themselves, sometimes a fraction of a cent. In a matter of weeks, the idea of delegating your purchases to a machine moved from the lab to the bank statement.

Buying without thinking about it

What you gain is measured in friction removed. Watching a plane ticket until its price drops, reordering the same detergent when the cupboard runs low, comparing three energy suppliers and signing with the cheapest: chores that eat minutes and attention, and that an agent can shoulder without tiring. You set a rule once, and the machine keeps watch.

The promise is not small. An agent that buys does more than suggest, it acts while you do something else. It times the purchase, waits for the right window, executes. For the traveler, the stretched parent or the small shopkeeper, it is an employee who never sleeps and never asks for overtime.

Visa speaks of credentials bound to caps, merchant categories and approvals that you define. Mastercard has gone as far as machine-to-machine micro-payments, those fractions of a cent a human could never process one by one. The plumbing is being laid so that delegating a purchase becomes as ordinary as setting up a direct debit.

One card per agent, a cap out of reach

Robinhood's setup lays the mechanism bare. You never hand over your real card. You create a dedicated virtual card, reserved for one agent and one alone, with no access to your main number or the rest of your account. Three controls do the work:

• a dedicated virtual card, isolated from your main account;
• a monthly cap, or manual approval of every purchase;
• the power to revoke access at any moment.

Under the hood, real numbers never travel: tokens stand in for the card, issued by Visa and Mastercard for this single use. Stripe has built a shared-token system that lets the agent pay without ever seeing your bank details. If a token leaks, you revoke it without touching the account.

The most important point is invisible on screen. The spending cap is not an instruction written into the model's mind, one you could make it forget with a clever sentence. It is enforced outside the model, in the payment plumbing. A malicious instruction can fool the agent about what it buys, it cannot lift the limit: the lock is not in the conversation, it is in the rail.

The day the agent buys the wrong thing

Trust, though, is decided at the edges. An agent that pays is a target. Slip it a hidden instruction on a booby-trapped web page, and it can keep spending while believing it is doing right. A bad tool call, a stolen credential, and the machine transacts without flinching. The cap limits the damage, it does not prevent it.

Then comes a question the law has not settled: who pays for the mistake? The merchant, the customer, the agent's platform, the model's maker? No clear standard exists yet. American Express tried an opening answer in early 2026, committing to cover erroneous purchases by certain agents registered on its network, provided they are verified and the cardholder authenticated. It is a partial answer, and a telling one: for now, with no law, liability is settled through commercial promises.

Regulators move carefully. As things stand, the frameworks in force, the AI Act included, do not allow a fully autonomous payment with no human guardrail. Gartner expects more than 40% of agent projects to be abandoned by 2027 for lack of adequate risk controls. The excitement of June's announcements meets a slower reality.

What the hesitation we remove is worth

There is, in the act of paying, a useless second of hesitation that protects us. The moment you pull out the card, reread the amount, sometimes back out. That tiny friction is a safeguard we never knew to name. Delegating it saves time, but it also entrusts an initial setting with the job of saying no on our behalf.

The autonomy on offer thus comes with vigilance displaced. You no longer watch each purchase, you watch the rules: is the cap well calibrated, is manual approval on for large sums, is access revoked for forgotten agents? Comfort rests on the quality of those settings, and on the discipline of keeping them current. Less daily effort, against a new attention paid to the architecture.

The real question is not whether an AI can pay in our place: it already can, and rather cleanly. It is how much friction we want to keep. Handing your purchases to a capped machine means trading a chore for a dependence, and betting that the lock will hold better than your own vigilance. The bet is not absurd. It simply deserves to be made with eyes open, cap in hand.