I saw an Associated Press article on April 30, 2025 that piqued my interest regarding Visa encouraging giving my credit card to an AI Agent so it can go shopping for me.

My first reaction was "No F*&#ing Way! What could possibly go wrong?"

It took me a while to come up with a response to the article. I have 20 years experience, specifically in credit card data security, and this new position of Visa appears to go against all the data security controls for which they have advocated this entire century.

In the early 2000's, electronic commerce was new. Banks wanted to capitalize on the new trend and began exposing their internal account databases to the Internet. On one hand, this enabled credit card transactions to be accomplished over the Internet instead of their highly controlled and secure internal networks. On the other hand, the rush to Internet connectivity revealed that bank security processes were unprepared for attacks and theft of millions of payment cards that resulted.

To combat theft of credit card numbers in bulk from banks, merchants, and payment processors, Visa created the Cardholder Data Security Program (CDSP), which required any company that stored, processed, or transmitted payment card data to implement a specific set of security controls. Visa also required those companies to undergo an annual audit of those controls by independent third parties and prove the prescribed controls were implemented. The results of those audits were sent to Visa for review and approval.

Visa receives copies of audit reports from large merchants and companies authorized to process payment transactions and perform payment management functions. Those companies were known as Service Providers. In the same department, Visa had staff developing and executing training for the auditors to ensure its CDSP requirements were evaluated uniformly by the Qualified Data Security Professional companies (QDSP) who were performing the audits. The CDSP/QDSP programs were intended to apply basic security controls across its payment card ecosystem. In 2005, I worked in the Visa department reviewing audit reports for Service Providers. I also assisted in training the QDSP technology professionals.

Around the same time, the other payment card companies developed their own security programs similar to Visa's CDSP. American Express, Discover, Mastercard, and Japan Commerce Bank created similar programs. Each program was intended to secure payment card data but each had different controls. This caused confusion in the marketplace and a demand for uniform standards was demanded.

The five payment card companies got together and formed a nonprofit, independent organization to develop and promulgate payment card data security standards, payment software security standards, vulnerability scanning standards, and training qualified technology professionals to audit those standards. In 2004, the Payment Card Industry Security Standards Council was born and it released the first industry-wide standard: the Payment Card Industry Data Security Standard, Version 1.0 (PCI DSS v1.0). This satisfied the need for uniformity in the protection of payment card date.

All five of the payment brands adopted PCI DSS 1.0. They required its controls be implemented along with annual audits proving to the newly trained Qualified Security Assessors (QSA)'s PCI DSS 1.0 controls were implemented. The controls covered all aspects of Internet technology: firewalls, servers, databases of stored card data, antivirus, secure software development, controlled access, user controls, physical facility controls, incident response, audit trails, security testing, company security policies, to name a few. I worked as a QSA for 15 years.

PCI DSS 1.0 was a start to a long process of protecting payment card data. The standard evolved every 2-3 years and included additional controls. Each payment brand maintained its own fraud detection and response teams. Those teams would bring attack information to PCI SCC and work on placing mitigating controls into the standard. The makeup of PCI SSC was representatives from American Express, Discover, Mastercard, Japan Commerce Bank, and Visa. They were competitors trying to tackle a common problem. This made unanimous consensus imperative to include an issue in the next standard. It also explains why, even today, the perception is the standard sometimes does not do enough to protect cardholder data. Technology moves at light speed and consensus usually moves at a snails pace.

In 2025, we are now at PCI DSS 4.0. We can look in hindsight to say that PCI DSS has been successful in drastically reducing theft of payment card data in bulk from banks, merchants, and their Service Providers. There is rarely a news article where those companies are broken into and data stolen. When there are news reports of payment card data theft, its usually incidental and part of a larger phishing or ransomware attack and rarely the main target. PCI SSC, PCI DSS and related standards have shown the payments ecosystem can work together to solve a common problem; it just takes a long time and consensus to get changes implemented.

With all of that mind numbing background, we arrive at a new precipice in the land of payment card data protection: Autonomous AI Agents going shopping and executing payment transactions on behalf of consumers. This is uncharted territory at best, science fiction at worst.

The pitch: "Set a budget and some preferences and these AI agents — successors to ChatGPT and its chatbot peers — could find and buy you a sweater, weekly groceries or an airplane ticket."

From the AP Article:

Visa announced April 30, 2025, it is partnering with a group of leading AI chatbot developers — among them U.S. companies Anthropic, Microsoft, OpenAI and Perplexity, and France’s Mistral — to connect their AI systems to Visa’s payments network. Visa is also working with IBM, online payment company Stripe and phone-maker Samsung on the initiative. Pilot projects begin Wednesday, ahead of more widespread usage expected next year.

“The early incarnations of agent-based commerce are starting to do a really good job on the shopping and discovery dimension of the problem, but they are having tremendous trouble on payments,” Forestell said. “You get to this point where the agents literally just turn it back around and say, ‘OK, you go buy it.’

Visa sees itself as having a key role in giving AI agents easier and trusted access to the cash they need to make purchases.

“The payments problem is not something the AI platforms can solve by themselves,” Forestell said. “That’s why we started working with them.”

Multiple questions come to mind when considering to give my credit card to an AI Agent:

• How do I know I can trust the agent and developer?

• What proof is there that my card data is protected when stored or transmitted by the agent?

• What recourse do I have if the agent has an error in execution and buys a something that inadvertently max's out my credit limit?

• What protections prevent the agent from getting hijacked by another agent or autonomous process?

• How do I know my payment card data is not being copied and stored elsewhere without me or the developer knowing? What if the developer knows and does not tell me?

• How do I know the agent software was developed securely and is free from vulnerabilities?

• What audit trails are available to me so I know what the agent did, when, where, and how an action was performed?

• How do I know may payment card data was securely deleted when requested at account closure or payment method modification?

• What payment card data protection standards must AI Agent developers be required to implement? Will they be required to undergo audits to prove compliance?

Until these and many more questions are answered and new payment card data protection standards are defined, promulgated, implemented, and audited …