A pair of new protocols – one for cards, one for crypto – have emerged in early 2026 to compete as the dominant standard for payment agents, in which execution transactions is outsourced to AI.

The agentic payments stack is predicted to be huge. Gartner Group estimates agentic B2B payments will hit $15 trillion by 2028; even if that’s rosy, it’s likely to match or exceed Stripe’s 2025 $1.9 trillion in processing volumes, or carve a percentage of Visa’s $14 trillion.

These emerging protocols – well, they’re not exactly new. They’re both based on longstanding browser code. The best known of these is “404 Not Found”, which is the HTTP error code that flashes when an internet user hits a dead link. The 404 is just how the servers talk to each other.

The one for payments is “402”. It dates back to the 1990s when developers assumed money would one day flow like data (the thinking at the time was about micropayments) and they reserved a status quo, 402, for “Payment Required”, in order to access an article, an image, or an API call.

That vision has only now materialized. Credit cards filled the void, but fixed transaction fees by processors negated the possibility of tiny online payments. The economics of the internet shifted to advertising and eyeballs; if information was too difficult to pay for, then “information wants to be free”, as the early-2000s slogan went.

x402 v MPP

Fast forward, we now have digital money that can move in tiny increments, AI agents that can evaluate and authorize purchases, and massive demand to move value like data. Firms have dusted off your daddy’s 402 code and are repurposing it for new money rails.

In the crypto world, Coinbase is pushing its x402 protocol, with stablecoins as the unit of account, via a blockchain rail such as Base, Ethereum, or Solana. The client provides a cryptographic payment proof, a faciliator checks the chain, and returns another code (200) to confirm the money landed.

In the cards, world, Stripe is pushing MPP, Machine Payment Protocol, which also starts with HTTP 402 code. But instead of paying each request directly onchain, the agent opens a session: a payment channel for pre-funding a balance, and then streaming micropayments off-chain via signed messages, with periodic or batched settlement. Stripe has built its own blockchain, Tempo, where users can deposit funds in escrow accounts. Although Tempo can process stablecoins, it is also designed to abstract credit and debit cards, buy-now pay-later apps, and digital wallets. An agent paying USDC or a corporate Visa card can hit the same endpoint and get the same receipt.

Neither of these means of accepting payments addresses ongoing problems with stablecoins (no recourse, bearer instruments that don’t enable money creation, cyber security questions, etc) – but assume their adoption.

Above and below

These 402s don’t exist in a vacuum. Below them sit various chains and rails: Tempo, Base, Ethereum, Solana, Visa and Mastercard networks, and real-time payment systems.

Above them run orchestration layers: Stripe’s ACP or Google’s AP2, plus newly minted “agent credential” platforms such as those introduced by Visa and Mastercard. These define how agents discover services, exchange mandates, and delegate authority, across any rail or chain.

Although these orchestration tools have their own designs (one for abstracting credit-card numbers, another for empowering e-commerce tools, etc), they are composable. They can be created and recreated to fit the need. In theory, a full agentic payments stack can cross many rails and chains to carry out a single transaction.

The best thing about the 402 trend is that it assumes open loops, not walled gardens. This has ramifications for banks, fintechs, and crypto players. Obviously those keen to operate walled gardens will find 402 a challenge. But it also means there will be places to participate and thrive.

Banks: trust anchors

For commercial banks, the advantages are clear: licenses and customer trust. In the new world of agentic finance, banks can position themselves as a credential and compliance anchor.

Banks will still be issuing credit cards via Visa and Mastercard networks, but these new cards will be virtual and rely on agent-specific tokens on the processors’ agent platforms. The banks, as issuers or acquirers, can defined agent limits, program allowable merchant categories, and set other granular controls. This gives the banks lots of scope for product innovation: a corporate card user can get a procurement agent with a budget cap, spendable on pre-approved SaaS APIs among approved vendors, in certain jurisdictions.

And it happens within their KYC’d world. For example, in Europe under MiCA regulation, agents start to resemble payment initiation service providers. Banks can support them by serving as compliant x402 facilitators, stablecoin custodians, and embed MPP sessions (escrow accounts) into their existing services for businesses small and large.

Few banks are ready. They need to invest in agent identity and reputation systems, and systems that can communicate with orchestration layers. They also need a regulated crypto and stablecoin stack to handle custody, on/off ramps, and reporting.

This is surely the direction of travel – if the regulators are along for the journey. Agents allowing a human to click “pay now” will only go mainstream if questions about liability and consumer protections are hammered out. Regulators will be keen to ensure their commercial banks can become trusted wrappers around permissionless protocols or, in Asia, atop domestic fast-payment rails such as India’s UPI or Singapore’s PayNow. This would give leading banks the chance to become national or regional hubs for agent flows.

Fintech agility

Banks’ opportunity is clear, partly because of their licensing. Fintechs are more agile, and can position themselves throughout the agentic payments stack.

They could be payment processors, packaging x402 and MPP for merchants and developers who don’t want to think about sessions, chains, and the rest. It’s all about abstracting cards and wallets, and connecting to every protocol, to maintain a clean, simple user interface for merchants.

Or, fintechs could climb up a rung and become super orchestrators, competing against Stripe and Google and the card networks. There’s a business model for helping customers choose the optimal payment method based on cost, latency, risk, user preferences, and regulatory constraints. This has been a viable model for fintechs in the pre-agentic world, and there’s no reason why some can’t make the leap.

Similarly, there exist fintechs who own niches, and this model can extend to agentic payments. That might mean compliance and identity, risk and fraud prevention, or “compliance as a service”.

Merchant visibility

For merchants, the urgent task is to be visible to agents. If a consumer’s search is embedded in a payments agent, then merchants need to have bank and fintech providers, or their own capabilities, to win the attention of the bots. For starters this could mean being plugged into platforms such as Stripe ACP or Google AP2, or card networks. The big service providers will be eager to make this process easy so that merchant catalogs and prices are available as structured data, not just HTML.

Eventually, merchants will want to build their own retail agents. This is the new branding, except it’s via agents rather than ads. Old-school marketing still has a role to play, to ensure the business is kept on programmable approved lists. But merchants will explore new business models around products that attract machine attention, and could lead to the sort of micro services (and micro payments) that internet HTML developers first envisaged in the 1990s.

Banks, fintechs, and merchants still need a few common jigsaws to complete the puzzle. Agent intention that is universal will require standards. The regulations for wrapping open rails such as x402 need to be agreed. The settlement infrastructure for high-volume micropayments has yet to be refined. And most of all, credentials and histories need to be made portable and reusable, be it cryptographic tools such as zero-knowledge proofs, or more traditional identity verification that can be fitted to agentic payments.

That’s a lot of work, but the prize is the trillions of dollars expected to flow through the agentic payments stack within a few years.

The global stack

Nor is this an opportunity exclusive to the United States – notwithstanding the emergence of x402 and MPP by Coinbase and Stripe in the US, along with LLMs such as ChatGPT, licensed stablecoins such as Circle’s USDC, and US regulatory debates.

The trend of needing a way to pay other machines at high frequency, often in tiny amounts, under programmable constraints, is global. Indeed, early experiments on AI agents paying for real-world goods have taken place between Santander and Mastercard in Europe.

Nonetheless, geographic differences are a reality. Banks and fintechs in Asia (east and west) and Europe are already well versed in tokenizing credentials, running real-time payment rails, and navigating complex cross-border regulation – a real weakness for US firms. Regional orchestration and compliance will provide business opportunities. Domestic payment systems such as UPI , Brazil’s Pix, or KakaoBank in South Korea are adept at high-frequency, low-value payments, but they need to add agent-friendly interfaces, 402-style semantics, and standardized mandates. A fintech that provides a “UPI for agents” can become the local hub, while routing bigger transactions over stablecoins or x402.

Local and regional crypto players have a huge opportunity to break into new merchant relationships where small, cross-border payments are critical, and where banks are scarce. Singapore, Hong Kong, and the UAE have arguable friendlier (or at least clearer) stablecoin regimes than the US. These financial centers should become hubs for agent-native wallets, stablecoin settlements behind card programs, and on-chain identity services. But whether it’s in Europe or these small financial centers, permissionless protocols will still need permissioned wrappers. Someone on the ground needs to hold that license.