Your AI agent just asked you for your credit card number.
Maybe it needs to buy API credits. Maybe it's purchasing a domain name. Maybe it's booking a flight. The agent has done everything right—researched options, compared prices, picked the best choice. Now it needs payment credentials to complete the transaction.
What do you do?
If you paste your credit card number into the chat, you've just created a security nightmare. That number is now in conversation logs, potentially in training data, and definitely in a context window that wasn't designed for PCI compliance.
But there's a better way.
Why You Shouldn't Share Your Personal Card
Let's be explicit about the risks:
1. Credential Exposure
When you paste card details into an LLM conversation:
- ▸They exist in plaintext in your conversation history
- ▸They may be logged by the provider
- ▸They could end up in model training data
- ▸They're visible to anyone with access to your account
Even if you trust the AI provider, you're creating attack surface that didn't need to exist.
2. No Spending Controls
Your personal card has your full credit limit. The agent might need $50 for API credits, but nothing stops it from charging $5,000 if something goes wrong—a prompt injection, a misunderstood instruction, or a simple bug.
3. No Merchant Restrictions
You wanted the agent to buy from AWS. But with your card number, it can buy from anywhere. A compromised agent—or an agent that misunderstands instructions—could charge your card at any merchant on the internet.
4. No Audit Trail
When a charge shows up on your statement, can you trace it back to which agent made it, why, and whether it matched the original intent? With a personal card, you're flying blind.
5. Compliance Violations
PCI DSS explicitly forbids storing CVVs and places strict controls on card number storage. Most AI conversation logs don't meet these requirements. You may be violating your card agreement without realizing it.
The Solution: Virtual Cards with Agent-Specific Controls
Instead of sharing your card, you create a virtual card specifically for the agent with:
- ▸Spending limits: The card physically cannot charge more than you specify
- ▸Merchant locks: The card only works at approved merchants
- ▸Single-use options: Card burns after one successful charge
- ▸Intent linking: Every card ties back to a declared purpose
- ▸Human approval: High-value requests require your sign-off first
This is what agentic payment infrastructure looks like.
Step-by-Step: Setting Up Safe Agent Payments
Here's how to give your agent payment capabilities the right way using Signets Pay.
Step 1: Create a Signets Account
Sign up at dashboard.usesignets.ai. You'll need to:
- ▸Complete KYC verification (required for card issuance)
- ▸Fund your account via ACH, wire, or USDC
- ▸Create an agent in the dashboard
- ▸Set up a spending policy
Step 2: Define a Spending Policy
Policies are the guardrails. Before your agent can spend anything, you define:
Policy: "Development Tools"
├── Auto-approve below: $100
├── Daily limit: $500
├── Monthly limit: $2,000
├── Allowed merchants: AWS, GitHub, Vercel, Netlify
└── Require approval above: $100
Any request within these bounds gets auto-approved. Anything outside goes to you for review.
Step 3: Generate an Agent Token
In the dashboard, go to Tokens → Create Token. This token authenticates your agent to the Signets MCP server. Keep it secret—treat it like an API key.
Step 4: Connect the MCP Server
Add Signets to your agent's MCP configuration:
Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):
{
"mcpServers": {
"signets": {
"command": "npx",
"args": ["-y", "signets-mcp-server"],
"env": {
"SIGNETS_AGENT_TOKEN": "your-agent-token-here"
}
}
}
}
Cursor (MCP settings):
{
"mcpServers": {
"signets": {
"command": "npx",
"args": ["-y", "signets-mcp-server"],
"env": {
"SIGNETS_AGENT_TOKEN": "your-agent-token-here"
}
}
}
}
Restart your agent to load the new tools.
Step 5: Install the Payment Skills (Optional)
For better agent understanding of the payment flow:
# Via ClawHub
clawhub install ai-agent-card-payments
# Or via Skills.sh
npx skills add signetshq/signets-mcp-skills
These skills teach your agent the correct payment workflow without you having to explain it every time.
Step 6: Test the Flow
Ask your agent to check its balance:
You: What's my Signets balance?
Agent: [Calls signets.balance.get]
Your available balance is $500.00 USD.
Now try a purchase:
You: Buy $20 in GitHub Copilot credits
Agent: [Calls signets.balance.get]
Balance confirmed: $500.00
Agent: [Calls signets.intents.create]
Created intent for $20.00 at GitHub.
Status: approved (within auto-approve limit)
Card issued: •••• 4829
Agent: [Calls signets.cards.get_sensitive in secure context]
Completing purchase...
Agent: [Calls signets.intents.get]
Purchase complete. Transaction matched intent.
New balance: $480.00
The agent never showed you the full card number. It never stored it in conversation logs. The card was created just for this purchase, with a $20 limit, locked to GitHub.
What Happens When Things Go Wrong
Scenario: Agent Tries to Overspend
You: Buy $300 in AWS credits
Agent: [Calls signets.intents.create]
Intent created but requires approval.
Your auto-approve limit is $100.
Would you like me to request approval for this purchase?
The purchase doesn't go through until you approve it in the dashboard.
Scenario: Agent Tries Wrong Merchant
Agent: [Calls signets.intents.create for unauthorized merchant]
Error: Merchant not in allowed list.
Policy "Development Tools" only permits: AWS, GitHub, Vercel, Netlify.
The card literally cannot be created for unauthorized merchants.
Scenario: Card Gets Compromised
If a card number somehow leaks, the damage is contained:
- ▸Card has a $20 limit (or whatever you set)
- ▸Card only works at one merchant
- ▸Card may be single-use and already burned
- ▸You can freeze it instantly from the dashboard
Compare this to your personal card leaking, with its $10,000+ limit and universal merchant acceptance.
The Architecture That Makes This Safe
Here's what's happening under the hood:
┌─────────────────────────────────────────────────────────┐
│ Your Agent │
│ - Sees: card IDs, last-four digits, balances │
│ - Never sees: full card numbers, CVVs │
└─────────────────────┬───────────────────────────────────┘
│ MCP Protocol
▼
┌─────────────────────────────────────────────────────────┐
│ Signets MCP Server │
│ - Validates policy compliance │
│ - Creates intent records │
│ - Provisions virtual cards │
└─────────────────────┬───────────────────────────────────┘
│ Secure API
▼
┌─────────────────────────────────────────────────────────┐
│ Card Issuing Infrastructure │
│ - PCI-compliant credential storage │
│ - Real-time authorization │
│ - Transaction matching │
└─────────────────────────────────────────────────────────┘
The LLM operates in a sandbox where it can request financial operations but never touch actual credentials. This separation is what makes agent payments safe.
Quick Start Commands
Already have a Signets account? Here's the fast path:
# 1. Install the skills
clawhub install ai-agent-card-payments
# 2. Add MCP config (see Step 4 above)
# 3. Test with your agent
"Check my Signets balance"
"Buy $10 in Vercel credits"
"Show my recent transactions"
What's Next
Once your agent can make payments safely, you can:
- ▸Set up webhooks for real-time transaction alerts
- ▸Create multiple policies for different spending categories
- ▸Add more agents with their own budgets
- ▸Review audit logs to see exactly what was purchased and why
The goal is simple: your agents should be able to spend money as easily as they browse the web—but with guardrails that keep you in control.
Resources
Questions? Email hello@signets.ai or find us on Twitter @signetspayhq.
Looking for agent spending controls? Start with MCP + skills, then choose a plan that fits your workload.