The pitch sounds reasonable: register your existing credit card, set some spending rules, and let your AI agent handle purchases on your behalf. Mastercard's Agent Pay program, unveiled in April 2025, takes this approach. Consumers set spending rules through AI agent platforms like Microsoft Copilot, ChatGPT, or PayPal, and those agents are registered with Mastercard's network using cryptographic tokens. You can set limits like "$600 for flights" or "only approved merchants."
But here's what that really means: your agent is operating on your credit line. If something goes wrong, the consequences land on you.
The delegation model has a fundamental problem
When you delegate access to your personal card, you're not creating a separate spending bucket. You're granting an agent permission to tap into your existing credit. Yes, network-level spending controls can apply to tokens too. But the underlying funding source is still your full credit line.
Consider this scenario:
You ask your travel agent to book a $200 economy flight. The agent decides to "optimize for comfort" and books a $2,000 business class ticket instead.
With a dedicated prepaid virtual card funded with $250: The transaction gets declined at the network level. There's simply no money beyond that $250. Your credit line is never exposed.
With a delegated token on your $10,000 credit line: Even with spending limits configured, you're still operating against your primary credit. If the limit fails to trigger, or the agent finds a loophole, or the "comfort optimization" logic technically met your criteria, you're disputing a $2,000 charge on your personal account.
This isn't hypothetical. Industry experts warn that AI purchases will amplify chargeback fraud, with consumers claiming "the agent made a mistake" or "bought something I didn't want."
Spending controls aren't the whole story
Both token-based delegation and dedicated virtual cards can have network-enforced spending limits. The question isn't where the limits are enforced. It's what happens when the limits aren't enough.
They can't predict every edge case. An agent told to "book the best flight under $500" might interpret "best" as comfort, speed, or loyalty points. The logic makes sense to the agent, but the $2,000 business class ticket doesn't match your intent.
Merchant category codes are imprecise. A travel booking site might code as "travel services" while a premium lounge add-on codes as "recreation." Your agent might technically stay within allowed categories while spending on things you never intended.
With a dedicated prepaid card, the worst case is capped at whatever you funded that card with. With a token on your credit line, the worst case is your full credit exposure. That's the difference that matters: funding source isolation.
The audit trail problem
Beyond the immediate risk, there's a practical headache: transaction history.
When your agent uses your personal card, every agent transaction mixes with your normal spending. Three months later, when you're reviewing statements or filing expense reports, how do you separate what the agent bought from what you bought?
With dedicated virtual cards, the answer is simple: everything on that card came from that agent. The audit trail is automatic. You can see exactly what your flight-booking agent spent, separate from your hotel agent, separate from your personal spending.
This matters for more than bookkeeping. When disputes happen, you need clean records. Was this transaction fraud, agent error, or legitimate authorized spend? With mixed history, answering that question gets complicated fast.
Chargebacks get messy
Speaking of disputes, here's where the delegation model really falls apart.
Traditional chargeback rules assume a human made the purchase decision. When you call your bank and say "I didn't authorize this," they have processes for investigating fraud. But what happens when you authorized an agent, and the agent authorized the transaction?
According to industry analysis, "if a cardholder's AI orders ten washing machines instead of one, existing rules would still likely treat the transaction as authorized, because the cardholder delegated authority to the agent."
You authorized the agent. The agent made the purchase. The merchant fulfilled correctly. But you never wanted ten washing machines. You're stuck in a gray zone, arguing about intent with your bank while the charge sits on your statement.
The simpler alternative
The solution isn't to avoid AI agents. They're useful for automating purchasing workflows. The solution is to give them their own spending instruments with real limits.
A dedicated virtual card per agent means:
Funding source isolation. A prepaid card funded with $250 can only spend $250. It's not a spending limit on top of a larger credit line. It's a separate pool of funds entirely.
Isolated blast radius. If an agent goes rogue or gets compromised, the damage is contained to that card's balance. Your primary credit line stays untouched.
Clean audit trails. Every transaction on that card belongs to that agent. No sorting through mixed history.
Simpler disputes. When something goes wrong, the scope is clear. You're not untangling agent transactions from personal spending.
This is the "explain it to your boss" version: don't give your agent the keys to your full credit line. Give it a wallet with exactly what it needs, and not a dollar more.
The bottom line
The convenience of delegating your existing card is appealing. One less account to manage. But that convenience comes with real exposure.
When you delegate access to your personal credit line, you're betting that spending controls will always catch edge cases, that your agent will always interpret your intent correctly, and that disputes will sort themselves out in your favor. That's a lot of assumptions.
The alternative is straightforward: treat your AI agent like a contractor. Give it a dedicated spending instrument with clear limits. Keep your primary accounts separate.
Your agent can still book flights, pay for APIs, and handle the purchasing workflows you need automated. But when something goes wrong, and eventually something will, the damage stays contained.
That's not paranoia. That's just good operational hygiene for a world where software is making spending decisions on your behalf.
Ready to give your agents their own cards? Learn how Signets works or get started.
Looking for agent spending controls? Start with MCP + skills, then choose a plan that fits your workload.