51 Terminal51 TerminalBeta
Log in
Back to Research
CEO Notes

Santander let a bot spend real money

MB
SB
Marc Baumann, Sangam Bharti· March 9, 2026· 6 min read

Hey, it’s Marc,

I keep asking bank executives the same question: when does an AI agent make its first real purchase inside your system?

On March 2, Santander answered it. An AI agent completed a live, end-to-end payment on real rails, no human at checkout. The $5 trillion checkout just got its first non-human customer. [RELEASE]

Let’s unpack.

👉PRO: Download the PDF at the bottom

Download

What happened

Santander and Mastercard executed Europe’s first live AI-agent payment using two integrated systems: Mastercard’s Agent Pay protocol and PayOS, a billing platform that converts vaulted credentials into PCI-exempt proxy cards.

The AI agent accessed no raw financial data. It transacted entirely within a cryptographic “mandate,”pre-authorized by the user with hard limits on what it could spend, where, and when.

The transaction ran through Santander’s normal payments network, validating the full operational and control framework under real-world conditions.

In short: The $5 trillion checkout is being rewritten for machines.

Santander is not alone: DBS in Singapore (one pilot under Visa Intelligent Commerce (VIC), while another with Mastercard and UOB), and Commonwealth Bank of Australia have already piloted similar capabilities using Visa and Mastercard frameworks.

Zooming in: Mastercard’s AI models are trained on over 160B annual transactions to enhance security, detect fraud, and enable new technologies such as Agentic Commerce.

But, data is not enough. An agentic model payment also requires an entirely new trust architecture.

Here is how it works: The agentic system has 3 layer trust architecture moving from user to token to network. AI agent acts within its authorized scope, whereas, merchant category aligns with the mandate.

Another example: A user tells their AI travel agent: “Book me a flight to London, economy class, under £350.” An Agentic Token is created encoding this exact intent. If the LLM hallucinates and attempts to book a business class ticket at £780, the transaction is categorically declined at the network level, before any money moves. The intent data audit trail is preserved for any dispute resolution.

Mastercard vs Visa: Agentic payments and stablecoin initiatives at Mastercard and Visa are converging to create a “trust layer” for autonomous AI commerce. They are building for AI to handle the decision making while blockchain provides the programmable settlement.

Table 2: Mastercard vs Visa vs Stripe

Zooming out: The scale of agentic commerce shift is staggering. Morgan Stanley models that U.S. e-commerce spending initiated by AI agents will reach $190B to $385B by 2030. McKinsey projects global agentic volume could hit $3T to $5T in the same window. The transition from “search, filter, scroll” to instant, API-driven intent execution is happening right now.

The new buyer class no one’s pricing in

  1. The $5 trillion checkout is being rewritten for machines. Agents are moving from assisting to acting, enabling full end-to-end purchasing with financial institutions like Visa, Mastercard, and PayPal launching AI-native, secure, and programmatic payment controls. By 2028, 33% of enterprise software applications are expected to embed agentic AI capabilities, up from less than 1% in 2024. This isn’t a payment upgrade. It’s a new buyer class. AI agents don’t browse, don’t impulse-buy, don’t respond to banner ads. They execute intent. So, there will be a shift in product catalog design which needs to be machine readable.

  2. Stablecoins are the settlement layer AI agents actually need. Here’s what most coverage missed. Mastercard’s Agent Pay runs on traditional card rails today. But Mastercard is simultaneously building full-stack stablecoin infrastructure: stablecoin spending at over 150M merchant locations worldwide through partnerships with MetaMask, Crypto.com, OKX, and Kraken, plus merchant settlement in USDC via Circle and Nuvei. Visa’s Tokenized Asset Platform (VTAP) allows clients to mint and transact stablecoins, which can be linked to these agentic credentials for secure spending. Why? Card rails settle in 3–5 days. AI agents transacting thousands of times per hour need instant, programmable money. That’s stablecoins. Coinbase’s x402 protocol already embeds USDC payments directly into HTTP requests. Tether launched Tether AI with native USDT agent payments. The convergence is obvious: AI agents become the frontend of commerce, stablecoins become the backend. Card networks keep their toll booth, but the settlement layer goes on-chain.

  3. The protocol war. Two competing standards are fighting for dominance. Stripe and OpenAI’s Agentic Commerce Protocol (ACP) gives merchants already on Stripe frictionless agent checkout. Google, Shopify, Mastercard, Visa, and Walmart are backing the Universal Commerce Protocol (UCP), a surface-agnostic standard that lets any AI agent discover, negotiate, and buy from any merchant. If UCP wins, Google bypasses Amazon entirely: an AI agent on Gemini finds a product, negotiates, pays via Agentic Token, and the consumer never opens Amazon. That’s an existential threat to the world’s largest retailer and a massive new revenue stream for Alphabet.

  4. The authentication law is broken. When you buy something online, EU law requires you to prove it’s you, a fingerprint, a code, something. But if an AI agent is shopping for you at 3am while you sleep, it can’t do that. You already said “go ahead” when you set it up, but regulators haven’t formally decided if that counts. Three laws are colliding at once in Europe:

    1. PSD2/PSD3 (payment rules): Says every transaction needs strong identity verification at the moment it happens. AI agents technically get around this by saying consent happened earlier, when you set them up. Whether the next version of the law accepts that loophole is still being debated.

    2. EU AI Act (August 2026): If an AI agent is involved in any credit-related decision during a purchase, even brief, it gets labeled “high risk.” That triggers mandatory human oversight. So an autonomous agent that does everything itself may actually be illegal.

    3. DORA (financial resilience rules): If a bank like Santander plugs in a third-party AI system to handle transactions, Santander is fully responsible if it goes wrong. The bank can’t blame the AI vendor.

Three different sets of rules are all pointing at the same AI agent, and they don’t agree with each other. Nobody has clearly decided who’s liable when an AI agent makes a bad financial decision on your behalf, the bank, the AI company, or the user.

Investor Alpha

  • Long Mastercard (MA), Visa (V): they collect network fees regardless of which protocol wins. Visa is building infrastructure VTAP in stablecoins while, Mastercard has established multiple partnerships (Ripple, MetaMask, and Circle) with its Multi-Token Network (MTN) & crypto credential to introduce crypto cards. 👉 Trade on Robinhood
  • Long Alphabet (GOOGL): UCP positions Google Shopping as the execution layer for agentic commerce, supplementing ad revenue with transaction tolls. 👉 Trade on Robinhood
  • Watch Stripe (pre-IPO): ACP + stablecoin accounts make it the de facto treasury for AI-native commerce.
  • Long Circle (CRCL): USDC is becoming the default settlement currency for agent-to-agent payments. 👉 Trade on Robinhood

Watchlist:

  • Mar 11: US CPI (Feb) release – critical for Fed rate cut expectations
  • Mar 17–18: DC Blockchain Summit (Chamber of Digital Commerce)
  • Mar 18: FOMC Interest Rate Decision & Summary of Economic Projections
  • Mar 24–25: Next Block Expo (Warsaw)
  • Mar 24–26: Digital Asset Summit (DAS) (New York City)
  • Mar 25: Crypto Assets Conference (#CAC26 Frankfurt)

That’s it for now.

Missed last week? Access all our CEO notes here.

Marc & Team

TaggedCEO NotesLendinginstitutional DeFiNewsletter
Santander let a bot spend real money