Tag: Mastercard

The Problem Isn’t That Payments Aren’t Ready for AI: It’s That Credit Was Never Built for Delegation

I know what Mastercard and Visa are doing. I have 300+ LinkedIn colleagues old and new that share it everyday.

So I know those companies are not asleep. They see autonomous agents coming. They understand tokenization, spend controls, delegated authorization, liability partitioning.

And they’re doing exactly what you’d expect: adapting a 60-year-old credit infrastructure to handle a new class of economic actors. Quite literally in fact.

But here’s the question that is left to quiet corners of the office: What if layering guardrails on credit is just performance?

What if the entire premise… “that we solve machine-driven commerce by making credit cards ‘safer'” is wrong from the start?

Credit Was Never Designed for Autonomy

Credit cards have (mostly) solved a beautiful problem.

A human initiates every transaction. Judgment happens before authorization. Accountability gets reconciled after. Risk? Well… that can be sorted out later.

This worked because economic and moral agency lived in the same person.

Even fraud models assumed: “Someone meant to do something… we just need to verify it was them.”

That assumption shatters when the actor is:

  • Autonomous
  • Operating at machine speed
  • Executing on behalf of intent, not expressing intent

So when we say “machine payments,” we’re not extending commerce. We’re unbundling who gets to act economically and credit was NOT designed for that.

The Roblox Test: Parents Already Understand This

Ask any parent: why don’t you give your kid a credit card for Roblox?

I mean, not because credit cards are unsafe. We don’t give them to kids because credit expresses the wrong relationship.

Credit says: “Act freely now, we’ll reconcile later.”

A gift card says: “Here’s your boundary. That’s it. No surprises.”

Now swap “child” with the software tools people are starting to use:

  • Shopping agents running in the background
  • Subscription managers acting on your behalf
  • Assistants booking services you mentioned once

The discomfort people feel isn’t technophobia. It’s recognition that giving a hundred dollar bill to a toddler is a recipe for disaster. They know intuitively that open-ended authority doesn’t map to delegated action.

I’ve watched parents navigate this for years. First with app stores, then game currencies, now digital assistants. They don’t want “controls on spending.” They want “no spending beyond what I loaded.”

The mental model isn’t broken. The payment instrument is.

What the Networks Are Building (And Why It’s Honestly Not Enough)

The networks are responding:

  • Tokenized credentials (software never sees the raw card)
  • Merchant restrictions and spend caps
  • Time-boxed authorizations
  • Delegation models with revocation
  • Clear liability boundaries

This is good engineering. Dare I say, responsible engineering.

But notice what doesn’t change: The underlying frame is still open-ended credit with controls bolted on afterward.

The architecture assumes:

  • Authority first, constraints second
  • Reconciliation happens post-transaction
  • The human remains accountable—even when they didn’t act

This works in enterprise. It works (mostly…) for platforms.

But for regular people using autonomous tools daily? It’s the wrong mental model entirely. It’s even worse when you consider how the next generation is being brought up with AI.

I spent six years at Mastercard. I worked on Click to Pay, the SRCi standard, EMVCo’s digital credential framework. I know exactly how sophisticated these systems are. They’re engineering marvels.

But here’s what I also know: the card networks ride the credit rails like Oreo rides the cookie. It’s a perfect product that hasn’t fundamentally evolved in 60 years. Tokenization is brilliant… but it’s still tokens for credit. Virtual cards are cleve, but again, they’re still virtual credit cards.

The innovation is all in risk management and fraud prevention. Usually for banks or the enterprise. Almost none of it questions whether credit is the right starting point for AI.

The Card-on-File Trap

Here’s what actually happens when you give a software provider your credit card.

You think you’re saying: “Charge me $20/month for this service.”

You’re actually saying: “This system now has economic authority to act on my behalf, across any merchant, at any time, within whatever controls I maybe configured once.”

That’s not a payment. That’s a signed blank check with fine print meant to protect the business, not the consumer.

Don’t get me wrong. Virtual cards help. Spend limits help.

But they’re trying to make credit safe for a use case it was never designed for.

The mental model people need isn’t: “Which tools have my credit card?”

It’s: “What economic permissions has each tool been granted?”

That’s not a checkout problem. That’s a fundamental permission architecture problem. And credit, by design mind you, doesn’t encode permission. It encodes obligation.

What Would a Real Solution Look Like?

Let me be specific about what’s missing.

The consumer needs a payment instrument that defaults to constrained authority:

  • Prepaid by design
  • Rules set at creation, not bolted on after
  • Works anywhere cards are accepted today
  • Owned by the person, not the platform
  • Grantable per tool, revocable instantly
  • No provider lock-in

Think of it as a gift card that works everywhere and can be programmed with intent.

“This $50 can only be spent at grocery stores this week.” “This $200 is for travel bookings, nothing else.” “This agent gets $30/month for subscriptions—if it runs out, it stops.”

Not credit with virtual card wrappers. Not debit with spend notifications. Pre-funded permission that expires or depletes.

Could Mastercard or Visa Build This?

Yes. Absolutely. In fact I wrote this article because someone from my network who works at Mastercard will see it. Maybe even you.

They have the infrastructure. They have merchant acceptance. They have fraud systems that could adapt.

Here’s what it would take:

Option 1: Native Network Solution

Mastercard or Visa creates a new credential type:

  • Issues as prepaid instruments with programmable rules
  • Links to digital wallets and software platforms
  • Enforces constraints at authorization time (not reconciliation)
  • Designed for per-tool delegation, not per-person identity

This isn’t a “virtual card program.” It’s a new primitive that sits alongside credit and debit in the network’s clearing rails. It would require:

  • New BINs or credential markers
  • Authorization logic that respects programmatic constraints
  • Issuer partnerships that understand delegated use cases
  • Probably a new liability framework

I’m not holding my breath. This challenges too much of the existing business model.

Option 2: Independent Layer

Someone builds an agnostic prepaid credential:

  • Sits on top of existing card networks (uses Mastercard/Visa rails)
  • Issued as prepaid cards with open-loop acceptance
  • Designed specifically for tool delegation
  • Consumer loads value, sets rules, distributes to software
  • No “relationship” with the tool provider, just encoded permission

This exists in adjacent markets (corporate expense cards, teen banking, creator economy platforms), but nothing is purpose-built for autonomous tool delegation yet.

The closest analogies are:

  • Privacy.com (merchant-locked virtual cards)
  • Brex/Ramp (corporate expense controls)
  • Greenlight/Step (teen spending boundaries)

But none of these default to: “I’m giving economic permission to software acting on my behalf, and I want hard limits encoded in the payment instrument itself.”

Why This Matters Now

The networks aren’t wrong to adapt credit. But they’re optimizing for:

  • Institutional liability models
  • Backward compatibility
  • Merchant comfort
  • Incremental innovation

They’re not optimizing for how regular people will actually use autonomous tools. Just trying to embed their Oreo cookie in every new Supermarket that pops up.

I’ve also seen this movie before.

During the Click to Pay rollout, we spent enormous energy making guest checkout “better” while consumers were already moving to wallet-based payments. We optimized the legacy flow instead of asking whether the flow itself was right.

This feels similar. We’re making credit “work” for machine delegation when we should be asking: is credit the right tool for this job at all?

The Uncomfortable Truth

If you wouldn’t give a 10-year-old unrestricted credit, you probably shouldn’t give it to software acting on your behalf.

The difference is: we have social scripts for saying no to kids. We don’t yet have them for saying no to tools that are “just trying to help.”

And here’s what keeps me up: consumers are already adapting. They’re creating burner emails, using virtual card services, setting spending alerts, manually revoking access.

They’re reverse-engineering permission systems on top of credit—because the payment instrument doesn’t give them what they actually need.

The market is screaming for a different primitive. The networks are selling better guardrails.

What I’m Watching For

I’m not arguing credit disappears. I’m arguing it shouldn’t be the default for delegated action.

What I want to see:

  • A prepaid instrument designed for tool delegation (not just “safer credit”)
  • Per-agent permission models that don’t require virtual card sprawl
  • Consumer control that’s encoded in the payment primitive, not layered on top

This could come from the networks. It could come from a startup. It could come from a fintech that realizes the wedge isn’t “better banking”—it’s better permission systems for software-driven commerce.

But right now? We’re asking consumers to manage:

  • Virtual card sprawl
  • Per-tool spend limits
  • Post-transaction reconciliation
  • Liability disputes with machines

When what they actually need is: “I gave this tool $50 and permission to buy groceries. That’s it.”

Not credit with constraints. Permission with teeth.

A Note on Defending the Status Quo

I’m not naive. I know why the networks are moving slowly.

Credit is profitable. Interchange is their business model. Prepaid has thinner margins. And building new primitives is expensive, especially when the existing rails work “well enough.”

But “well enough” has a shelf life. Consumer behavior is already changing. The tools are already here. And at some point, “we added more controls to credit” stops being an answer to “why does my shopping assistant need my credit card in the first place?”

I don’t think Mastercard or Visa will get disrupted. They own the rails. But I do think they risk optimizing the wrong primitive while someone else defines the default for machine-driven commerce.

And if that happens, it won’t be because they weren’t smart enough. It’ll be because they were too invested in making the old thing work—instead of asking whether the old thing was ever right for the new job.