Everyone's Announcing. Nobody's Explaining How It Works.
2026 is the year agentic payments went mainstream — at least in press releases.
Stripe launched the Agent Toolkit and the A2A Commerce Suite. Google announced the Agent-to-Agent (A2A) protocol. Visa and Mastercard published frameworks for agent-initiated transactions. SAP, Salesforce, and AWS have all incorporated "agentic" into their commerce narratives.
The announcements share a common pattern: big vision, light on infrastructure detail.
What's missing from nearly all of them is the practical answer: how do you actually let an AI agent process a payment — securely, compliantly, and across the PSPs your merchants require?
That's what this guide covers.
What "Agentic Payments" Actually Means
Strip away the marketing and there are three distinct categories:
1. Machine-to-Machine Payments (Agent-to-Agent)
An AI agent autonomously purchases a service from another AI agent. No human in the loop.
Example: An AI procurement agent evaluates three cloud storage providers' API agents, negotiates pricing, and pays for the selected service — all programmatically.
Current state: Very early. Stripe's x402 protocol and Google's A2A are building the plumbing. Most implementations use stablecoins (USDC) or tokenised pre-authorisations rather than traditional card payments. The infrastructure is being defined in real time.
What platforms need: Not much, yet. This is a 2027-2028 reality for most.
2. AI Voice Agent Payments
An AI voice agent — handling a phone call instead of a human agent — processes a card payment mid-conversation.
Example: A customer calls an insurance company to renew a policy. An AI voice agent (PolyAI, for instance) handles the call, confirms the renewal, and processes the payment — all via voice, PCI-compliant, without human intervention.
Current state: Live in production. PolyAI + Shuttle process payments via AI voice agents today. This is not a prototype — it's handling real transactions in regulated industries.
What platforms need: A payment layer that supports DTMF (keypad entry) and agent-assisted card capture over voice channels, with full PCI DSS compliance. The AI agent handles the conversation; the payment layer handles the card data.
3. AI Chat Agent Payments
An AI chat agent — in a messaging interface, web chat, or conversational UI — sends a payment link or captures payment details mid-conversation.
Example: A customer messages a travel company's chat widget to book a trip. The AI chat agent finds options, confirms the itinerary, and sends a payment link within the chat. The customer pays without leaving the conversation.
Current state: Growing rapidly. Most implementations use payment links (sent within the chat) rather than inline card capture. This avoids PCI scope on the chat platform entirely.
What platforms need: A payment layer that generates branded, trackable payment links on demand — triggered by the AI agent's conversation logic.
The Infrastructure Stack
What Every Agentic Payment Flow Needs
Regardless of agent type (voice, chat, or machine-to-machine), the infrastructure requirements are consistent:
1. PSP-Neutral Payment Processing
AI agents serve merchants across industries and geographies. Those merchants use different PSPs. An AI agent that can only process through Stripe excludes every merchant on Worldpay, Adyen, or a regional acquirer.
This is the same multi-PSP reality that applies to all platform payments — but amplified by AI agents' scale. A voice agent handling 10,000 calls a day across 500 merchants needs to route each payment to the correct PSP automatically.
2. PCI-Compliant Card Data Handling
AI agents must never see, store, or process card data. Full stop. (For a deep dive on the security architecture, see our guide on AI payment security and PCI compliance.)
The agent handles the conversation. The payment layer handles the card data. These must be architecturally separated — the AI model should have zero access to payment credentials.
For voice agents, this means DTMF capture (the customer enters card digits via keypad) or secure agent-assisted flows where the voice channel temporarily routes card audio to a PCI-certified environment.
For chat agents, this means payment links — the agent sends a link, the customer pays on a hosted checkout page, and the agent receives a payment confirmation. Card data never touches the chat platform.
3. Real-Time Payment Status
The AI agent needs to know whether the payment succeeded — immediately, within the conversation.
For voice agents: "Thank you, your payment of £450 has been processed. Your confirmation number is..."
For chat agents: The payment link callback triggers a confirmation message in the chat.
This requires real-time webhooks and event streaming from the payment layer to the agent's orchestration system.
4. Multi-Channel Support
AI agents don't operate in a single channel. A platform might have voice agents handling phone calls, chat agents in web widgets, and payment links sent via SMS for follow-up. The payment infrastructure needs to support all channels through a single integration.
How It Works in Production: The PolyAI Example
PolyAI is an AI voice agent platform used by enterprise contact centres. Their agents handle millions of calls across insurance, hospitality, utilities, and financial services.
When PolyAI needed to add payment processing to their voice agents, the challenge was:
PCI compliance — Voice agents handle calls in regulated industries. Card data must be captured in a PCI DSS Level 1 certified environment.
PSP flexibility — PolyAI's enterprise customers (the contact centres) have existing PSP relationships. Each customer might use a different gateway.
Real-time confirmation — The voice agent needs to confirm payment within the call, not after.
Legacy PSP support — Some enterprise customers use PSPs with outdated APIs. The voice agent shouldn't care — the payment layer handles the translation.
The voice agent never touches card data. Shuttle handles PCI-compliant capture, routes to the merchant's PSP, and returns a real-time confirmation. The agent picks up the conversation.
"Shuttle let us treat legacy payment providers as a modern SaaS service. It enabled us to support the gateways our customers required and fully automate high-value transactions across regulated industries." — Nathan Liu, PolyAI
What the Big Announcements Actually Mean for Platforms
Stripe Agent Toolkit / A2A Commerce Suite
What it is: SDKs and APIs that let AI agents interact with Stripe — create payment intents, manage customers, generate invoices, issue refunds.
What it isn't: Multi-PSP. The Agent Toolkit works with Stripe-processed transactions only. If your merchants use other PSPs, the toolkit doesn't help.
Platform implication: Useful if you're building AI agents that only process through Stripe. Limited if you need PSP flexibility.
Google Agent-to-Agent (A2A) Protocol
What it is: An open protocol for AI agents to discover, negotiate with, and transact with other AI agents. Designed for machine-to-machine commerce.
What it isn't: A payment processing system. A2A defines how agents communicate — it relies on existing payment infrastructure to move money.
Platform implication: Relevant for future agent-to-agent commerce. Not a replacement for consumer payment infrastructure today.
Visa / Mastercard Agent Frameworks
What they are: Guidelines for how AI agents should handle card-present and card-not-present transactions within card network rules.
What they aren't: Infrastructure. They're rules and standards, not tools you integrate.
Platform implication: Important for compliance. Will likely influence PCI Council guidance on AI agent payments. Follow these developments but don't wait for them — the infrastructure requirements are clear now.
Building Agentic Payment Infrastructure: Decision Framework
Use a payment layer when:
Your AI agents serve merchants across multiple PSPs
You need voice payment capabilities (DTMF, agent-assisted capture)
Your agents operate across channels (voice, chat, links)
Enterprise customers mandate their own PSP
PCI compliance is non-negotiable (it always is)
Use Stripe's Agent Toolkit when:
All merchants process through Stripe
You only need chat-based payments (not voice)
You're building agent-to-agent commerce (not consumer payments)
You're in an early prototype phase and need speed
Build custom when:
You are a payments company (payments are your core product)
You have dedicated PCI-certified infrastructure and a payments engineering team
You need capabilities no existing provider supports
What's Coming Next
2026 H2: Expect PCI Council preliminary guidance on AI agent payment processing. Card networks will formalise rules for agent-initiated transactions. More platforms will deploy voice agents with payment capabilities.
2027: Machine-to-machine payment protocols (A2A, x402) will mature. Agent-to-agent commerce will move from demos to pilots. The multi-PSP requirement will intensify as AI agents scale across geographies.
The constant: AI agents will need PSP-neutral, PCI-compliant, multi-channel payment infrastructure. The agent layer changes fast. The payment layer underneath needs to be stable, secure, and flexible.
FAQ
Do AI agents need their own PCI certification?
No — and they shouldn't have one. AI agents should never handle card data. The payment layer (which IS PCI certified) handles card capture and processing. The agent handles the conversation and receives payment confirmation. This architectural separation is the key to secure agentic payments.
Can I use ChatGPT / Claude / other LLMs for payment processing?
LLMs handle the conversation — they should never handle payment data. The LLM decides when to initiate a payment and what to say about it. The payment layer handles the actual transaction. Think of it as: the LLM is the brain, the payment layer is the secure vault.
What about refunds and disputes for agent-processed payments?
Same as any other payment. Refunds and disputes are handled through the PSP's standard processes. The payment layer provides unified management across PSPs. The AI agent can initiate refunds if authorised, but the processing happens through the payment layer.
Is this compliant with financial regulations?
AI-initiated payments are subject to the same regulations as any card-not-present transaction. The key compliance requirements: PCI DSS for card data, SCA (Strong Customer Authentication) where applicable, and clear consumer consent. The payment layer handles PCI. SCA and consent must be designed into the agent's conversation flow.
Related Reading
AI Payment Security: How AI Agents Handle Card Data — the detailed PCI architecture for keeping card data out of AI models
How PSPs Get Distribution Into Enterprise Software — why AI agents amplify the multi-PSP requirement
How to Get Payments Off Your Product Roadmap — building AI agent payment infrastructure in-house is even harder than checkout
Shuttle vs Stripe Connect — why Stripe's Agent Toolkit doesn't solve the multi-PSP problem
When Your SaaS Outgrows Stripe Connect — the migration path for platforms adding AI agent channels
What is DTMF? | What are Voice Payments? | What is PCI DSS?
Building AI agents that need to process payments?
Shuttle powers agentic payments for enterprise voice and chat agents — with PCI DSS Level 1 compliance, 40+ PSPs, and real-time payment confirmation. One integration. Every channel.
See How It Works | Talk to Our Team