Crossmint Launches New Secure API for AI Agent Card Payments

Stablecoin and wallet infrastructure provider Crossmint has officially announced the public release of its agentic card payments API.

Developed in partnership with Visa Intelligent Commerce and Basis Theory, the infrastructure enables developers to allow eligible US-issued Visa credit and debit cardholders to use their cards directly within AI agent ecosystems.

Reducing fraud risk

An audit of published OpenClaw skills found that card credentials were exposed in 7.1% of instances – a level of risk that is unacceptable for corporate treasury and compliance teams.

In the absence of standardised infrastructure, developers have typically relied on improvised payment solutions that increase the likelihood of fraud and data breaches.

Crossmint’s API addresses this issue by integrating card-network-compatible security measures directly into the agent transaction process.

“The agentic economy has been missing its most basic piece of infrastructure: a secure, open payment layer that can work for every agent, on every platform,” says Crossmint Co-Founder Alfonso Gómez-Jordana Mañas.

“Now developers can give their users the ability to equip agents with a payment method that’s scoped, under their control and built on trusted payments infrastructure.”

Expanding B2B infrastructure

The credential layer is built on Basis Theory’s infrastructure, which is PCI Level 1 compliant and SOC 2 certified.

By grounding the API in institutional-grade security, Crossmint ensures that sensitive financial data is stored separately from the AI agent environment, where vulnerabilities are more likely.

"Secure agentic payments require the same PCI-compliant infrastructure that underpins the broader payments ecosystem,” says Colin Luce, Co-Founder and CEO of Basis Theory.

“Crossmint is built on that foundation. Agents transact. Credentials stay vaulted. That's the standard every agentic payment layer should be held to."

Enterprise-level compliance

From a treasury standpoint, the system protects organisations from the regulatory burden associated with handling sensitive financial data.

Users connect through Visa Intelligent Commerce Connect to generate tokenised credentials tied to their existing accounts, subject to issuer approval and predefined spending limits.

Importantly, raw card numbers and CVC codes are secured through advanced tokenisation and vaulting techniques.
Because transaction scope is restricted, AI agents never access or store sensitive financial information.

This architectural separation ensures that all payment data handling remains within PCI compliance standards, avoiding the high operational costs and complexity typically faced by software providers.

"As consumers begin to delegate tasks to AI agents, maintaining control and security in payments is critical," says Tanner Riche, VP, Growth Products and Partnerships, Visa.

"Visa Intelligent Commerce is designed to support these experiences by enabling solutions consumers can employ to authorise agent-driven payments with clear limits, without exposing their underlying card details.”

Crossmint has already integrated this capability into its own AI payments product, lobster.cash, which connects with major developer and agent platforms such as Claude Code, OpenClaw, Hermes, and Zo Computer.

According to Alfonso, this delivers immediate practical value for businesses seeking to deploy autonomous spending safely. With Tanner and Colin representing major players in the payments space, the collaboration helps establish a standardised financial framework for autonomous digital commerce.