When Visa Extends Your Agent Payment Protocol: What MPP Means for Governed Commerce

On March 18, Stripe and Paradigm’s Tempo network went live. Not a testnet. Not a pilot. Mainnet.

The Machine Payments Protocol launched with over 100 service integrations. Visa extended MPP for card-based payments. Mastercard signed on. Anthropic and OpenAI are both partners. DoorDash, Nubank, Revolut, Shopify, Ramp, Standard Chartered. Lightspark adapted MPP for Bitcoin over the Lightning Network.

Eight days earlier, in When Your Customer Is an Algorithm, we mapped three competing protocols and concluded: “Three protocols in three months. Each solving a different slice of the same problem. None solving the governance question underneath.”

One of those slices just went into production. The governance question remains unanswered.

What MPP actually is

MPP is an open standard for autonomous agent transactions. An AI agent needs to buy compute, call an API, pay for data access, or order lunch through DoorDash. MPP gives that agent a way to transact without a human clicking “confirm purchase.”

The protocol is rail-agnostic. Stablecoins, card networks, other methods. When Visa extended MPP for card-based payments, that was the signal. This is not a crypto experiment. This is payments infrastructure backed by the incumbents who process the majority of global transactions.

Matt Huang from Paradigm framed the problem clearly: “We want to close that developer experience gap.” Agents can reason, plan, and execute. They cannot pay for things. MPP closes that loop.

The competing standard, x402 from Coinbase and Cloudflare, has processed roughly $34 million. That number tells you where the market is: nascent but real. McKinsey forecasts AI agents could mediate $3 to $5 trillion in transactions globally by 2030. Forecasts are not data. But Visa does not extend protocols for markets it considers theoretical.

The authorization problem nobody launched

Here is what MPP solves: the plumbing. How an agent authenticates, initiates a payment, receives confirmation, and records the transaction.

Here is what MPP does not solve: who decides the agent can spend that money.

Consider a concrete scenario. Your company deploys an AI agent to manage cloud infrastructure costs. The agent has MPP credentials. It can purchase compute from any of the 100+ integrated providers. It notices a price drop on a provider your team has never evaluated. It purchases a six-month commitment because the discount is significant. The payment clears instantly through Visa.

Who authorized that purchase? Not a human. The agent decided. Was the agent operating within its spending policy? That depends on whether you wrote a spending policy for agents. Most organizations have not. What happens if the provider turns out to be unreliable? The refund policy for agent-initiated transactions is undefined in the protocol specification.

MPP is infrastructure. Infrastructure is necessary. But infrastructure without governance is a pipe with no valve.

From three protocols to four, governance still at zero

In What Stripe’s Agentic Layer Reveals, we examined how Stripe’s internal agent system processes 1,300 pull requests per week through a deterministic scaffold. The Blueprint Engine, the Tool Shed, the rule files. Every agent action passes through governance checkpoints.

Stripe built governance for agents that write code. Now Stripe is launching infrastructure for agents that spend money. The governance architecture for the second use case does not exist in the protocol.

Count the protocols now. Google’s Universal Commerce Protocol handles product discovery and checkout. OpenAI’s Agent Commerce Protocol mediates platform access. Azoma’s Agentic Merchant Protocol governs brand representation. MPP handles payments. Four protocols. Four layers. Each does its job. None of them answers the question: when your agent makes a bad purchase, what happens next?

The pattern is consistent. Every new protocol adds capability. None adds accountability.

What the Visa signal actually means

Visa extending MPP matters less as a technology story than as a distribution story.

Visa processes transactions in over 200 countries and territories. When Visa says “we support this protocol,” every bank in their network now has a path to agent-initiated payments. The adoption curve for MPP just compressed from years to months.

This changes the urgency calculation for governance. When agent payments were a crypto-native experiment, organizations could wait. Watch and learn. When agent payments run on the same Visa rails as your corporate card, waiting is a risk.

The comparison to early e-commerce is instructive but imperfect. When credit cards first went online in the mid-1990s, the fraud models, chargeback rules, and consumer protections took years to develop. The infrastructure moved first. Governance followed after the losses proved the need. Agent commerce is following the same sequence, with the difference that agents can transact at machine speed. The lag between infrastructure and governance will produce losses faster.

The four governance questions for agent payments

Organizations deploying agents with spending authority need answers to four questions before those agents touch MPP.

What can this agent spend, and on what? Not a vague budget. A specific policy: maximum transaction size, approved vendor categories, spending velocity limits, approval thresholds. Machine-readable, version-controlled, enforceable at the protocol level. If the policy lives in a document that the agent cannot read, it is not a policy. It is a hope.

Who audits agent transactions? Every payment initiated by an agent should produce an audit record that explains the reasoning. Why this vendor. Why this amount. Why now. Current agent architectures do not produce this by default. You have to build it. Without audit trails, you will discover agent spending errors in quarterly reviews, months after the money left.

What happens when the agent is wrong? Chargebacks exist for human transactions. Dispute mechanisms exist for human buyers. What is the dispute mechanism when an AI agent purchases the wrong service, overpays, or transacts with a fraudulent provider? MPP does not specify this. Your governance framework must.

How do you revoke agent credentials? If an agent is compromised, behaving erratically, or simply making poor decisions, how fast can you cut its access to payment rails? This is the kill switch question. In Stripe’s coding agent system, a failed task destroys the sandbox. The equivalent for payment agents is instant credential revocation. If your revocation process takes a support ticket and 48 hours, an agent can burn significant budget in that window.

The builder’s advantage

There is a competitive advantage forming here, and it belongs to the organizations that build governance before scaling agent spending.

Most companies will adopt MPP reactively. An agent framework they use will integrate it. A vendor will offer it. They will enable it because it is there, the same way companies enabled AI coding tools without establishing code review policies first.

The companies that build spending policies, audit frameworks, authorization hierarchies, and revocation procedures before enabling MPP will avoid the first wave of agent spending incidents. More importantly, they will build institutional knowledge about governing autonomous financial decisions that compounds over time.

This is the same pattern we identified in agentic commerce broadly. The optimization layer moves fast. The governance layer barely exists. The organizations that build governance first do not just avoid risk. They build a capability their competitors will need years to replicate.

What this means practically

MPP is going to become table stakes. When Visa, Mastercard, Anthropic, OpenAI, Stripe, and Paradigm all back the same protocol, adoption is not a question. Timeline is.

The question for your organization is not whether your agents will transact. They will. The question is whether they will transact within a governance framework you designed, or within the absence of one.

Build the spending policies now. Build the audit trails now. Build the revocation mechanisms now. The protocol is live. The rails are open. Your agents are about to get wallets. The only question is whether you gave them rules before you gave them money.

---

This analysis synthesizes PYMNTS coverage of Tempo’s mainnet launch (March 2026), Forbes reporting on Machine Payments Protocol (March 2026), and McKinsey’s forecast on AI agent-mediated commerce (2025).

Victorino Group helps organizations build governance frameworks for AI systems, including autonomous agent spending controls. Let’s talk.