Visa wants to give AI 'agents' your credit card
Artificial intelligence "agents" are supposed to be more than chatbots. The tech industry has spent months pitching AI personal assistants that know what you want and can do real work on your behalf.
So far, they're not doing much.
In the US, Visa hopes to change that by giving them customers' credit cards. Set a budget and some preferences and these AI agents — successors to ChatGPT and its chatbot peers — could find and buy a sweater, weekly groceries or an airplane ticket.
"We think this could be really important," said Jack Forestell, Visa's chief product and strategy officer, in an interview.
"Transformational, on the order of magnitude of the advent of e-commerce itself."
Visa announced it is partnering with a group of leading AI chatbot developers — among them US companies Anthropic, Microsoft, OpenAI and Perplexity, and France's Mistral — to connect their AI systems to Visa's payments network.
Visa is also working with IBM, online payment company Stripe and phone-maker Samsung on the initiative. Pilot projects begin Wednesday (local time), ahead of more widespread usage expected next year.
The San Francisco payment processing company is betting that what seems futuristic now could become a convenient alternative to our most mundane shopping tasks in the near future. It has spent the past six months working with AI developers to address technical obstacles that must be overcome before the average consumer is going to use it.
For emerging AI companies, Visa's backing could also boost their chances of competing with tech giants Amazon and Google, which dominate digital commerce and are developing their own AI agents.
The tech industry is already full of demonstrations of the capabilities of what it calls agentic AI, though few are yet found in the real world.
Most are still refashioned versions of large language models — the generative AI technology behind chatbots that can write emails, summarise documents or help people code. Trained on huge troves of data, they can scour the internet and bring back recommendations for things to buy, but they have a harder time going beyond that.
"The early incarnations of agent-based commerce are starting to do a really good job on the shopping and discovery dimension of the problem, but they are having tremendous trouble on payments," Forestell said.
"You get to this point where the agents literally just turn it back around and say, 'OK, you go buy it.'"
Visa sees itself as having a key role in giving AI agents easier and trusted access to the cash they need to make purchases.
"The payments problem is not something the AI platforms can solve by themselves," Forestell said. "That's why we started working with them."
The new AI initiative comes nearly a year after Visa revealed major changes to how credit and debit cards will operate in the US, making physical cards and their 16-digit numbers increasingly irrelevant.
Many consumers are already getting used to digital payment systems such as Apple Pay that turn their phones into a credit card. A similar process of vetting someone's digital credentials would authorise AI agents to work on a customer's behalf, in a way Forestell says must assure buyers, banks and merchants that the transactions are legitimate and that Visa will handle disputes.
Forestell said that doesn't mean AI agents will take over the entire shopping experience, but it might be useful for errands that either bore some people — like groceries, home improvement items or even Christmas lists — or are too complicated, like travel bookings.
In those situations, some people might want an agent that "just powers through it and automatically goes and does stuff for us", Forestell said.
Other shopping experiences, such as for luxury goods, are a form of entertainment and many customers still want to immerse themselves in the choices and comparisons, Forestell said. In that case, he envisions AI agents still offering assistance but staying in the background.
And what about credit card debt? The credit card balances of American consumers hit US$1.21 trillion (NZ$2 trillion) at the end of last year, according to the Federal Reserve of New York.
Forestell says consumers will give their AI agents clear spending limits and conditions that should give them confidence that the human is still in control.
At first, the AI agents are likely to come back to buyers to make sure they are OK with a specific airplane ticket. Over time, those agents might get more autonomy to "go spend up to $1500 on any airline to get me from A to B," he said.
Part of what is attracting some AI developers to the Visa partnership is that, with a customer's consent, an AI agent can also tap into a lot of data about past credit card purchases.
"Visa has the ability for a user to consent to share streams of their transaction history with us," said Dmitry Shevelenko, Perplexity's chief business officer.
"When we generate a recommendation — say you're asking, 'What are the best laptops?' — we would know what are other transactions you've made and the revealed preferences from that."
Perplexity's chatbot can already book hotels and make other purchases, but it's still in the early stages of AI commerce, Shevelenko says. The San Francisco startup has also, along with ChatGPT maker OpenAI, told a federal court it would consider buying Google's internet browser, Chrome, if the US forces a breakup of the tech giant in a pending antitrust case.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
NZ Herald
10 hours ago
- NZ Herald
German state ditches Microsoft for open-source software
At a time of growing concern over the power of the world's mighty tech companies, one German state is turning its back on US giant Microsoft. In less than three months' time, almost no civil servant, police officer or judge in Schleswig-Holstein will be using any of Microsoft's ubiquitous programs
Techday NZ
12 hours ago
- Techday NZ
Aiden Technologies now available in Azure Marketplace via MACC
Aiden Technologies is now available as a fully transactable solution within the Microsoft Azure Marketplace and can be acquired through the Microsoft Azure Consumption Commitment (MACC) programme. This development enables organisations using Microsoft Azure to purchase Aiden's Windows endpoint management platform with their existing MACC funds, removing the need for additional budget approvals and accelerating procurement. Procurement streamlined The inclusion of Aiden in the Azure Marketplace and its eligibility for MACC aims to address a significant challenge faced by enterprise IT teams - procurement delays caused by complex budget cycles and approval processes. By transacting through existing Azure agreements, organisations can implement Aiden without having to wait for internal budget cycles or undergo additional vendor onboarding processes. "Getting started with Aiden just got even easier," said Joshua Aaron, CEO of Aiden Technologies. "By becoming MACC-eligible in the Azure Marketplace, we're removing procurement roadblocks and helping IT teams take immediate action to improve endpoint management - without waiting on budget cycles or approval chains." Under the MACC programme, enterprise customers commit to a specific budget for Azure services and approved third-party tools. This budget, often allocated at the start of a fiscal period and subject to 'use it or lose it' rules, can now be used to deploy Aiden directly. Many organisations face challenges in spending all their MACC funds before expiration, sometimes resulting in wasted budget. The ability to acquire Aiden through the Azure Marketplace provides an immediate use for these funds, supporting IT operations and enhancing endpoint security. Features of the Aiden platform Aiden Technologies describes its platform as an 'Intelligent Automation' solution for Windows environments, positioned as a managed service from initial provisioning to ongoing patch management, security, and compliance. The solution integrates with deployment tools such as ConfigMgr and Intune and includes several key features designed to automate and simplify endpoint management. The Full-ProvisioningTM feature extends Microsoft Autopilot by automating the deployment of the operating system, applications, policies, tools, and security agents before a user ever logs in. According to the company, this process ensures that each machine is fully configured and validated before first use, eliminating delays and the need for support tickets at login. The Continue Before Logon (CBL) function enables updates to critical software without requiring user interruption. Updates are staged and installed in the background during any reboot, without the need for forced closures, user prompts, or custom scripts. This approach is intended to keep systems secure, reduce non-compliance due to always-on applications, and minimise disruption to workflow. The Aiden platform also provides automated application deployment, maintaining a dynamic catalogue of both commercial and custom software packages. IT teams can define specific requirements for different user or device types, and Aiden manages the delivery, maintenance, and patching processes automatically. Patch management and vulnerability remediation are carried out continuously, removing the need for scheduled patch windows and improving security posture. Aiden also includes drift control and configuration enforcement, where devices are monitored and reset to a prescribed state if deviations occur. For compliance and operational transparency, the solution offers AidenVision, which supplies real-time insights into patching status, software deployment health, and policy compliance, aimed at reducing reliance on manual tracking or ticketing systems. Impact for enterprise IT The availability of Aiden via the Azure Marketplace and MACC is presented as a way to bypass traditional procurement hurdles for enterprise IT teams by allowing solutions to be purchased with existing cloud commitments. This method aims to deliver benefits such as improved endpoint security, reduction in manual operational work, and greater speed in adopting new IT tools. The announcement also notes that Aiden offers its full suite of services – from OS and application deployment to patching and compliance, as well as features to maintain configuration consistency and reduce risks associated with endpoint drift and unpatched software. Organisations using Microsoft Azure can now choose to direct their existing committed spend towards Aiden Technologies' endpoint management and automation platform, integrating it within their IT operations with the aim of reducing procurement time and improving operational outcomes.
Techday NZ
14 hours ago
- Techday NZ
Phishing-as-a-Service drives surge in cybercrime for 2025
Barracuda Networks has released new details on the rising prevalence of Phishing-as-a-Service (PhaaS) attacks, the technologies underpinning them, and trends shaping cybercrime in 2025. The company's analysis found that an estimated 60% to 70% of all phishing attacks observed since the beginning of 2025 have been delivered using PhaaS models. Of these, the Tycoon 2FA phishing kit emerged as the most popular, responsible for 76% of the detected incidents. EvilProxy accounted for 8%, while Mamba 2FA and Sneaky 2FA together made up 6%. The remaining 10% consisted of other kits such as LogoKit, CoGUI and FlowerStorm. Understanding PhaaS Phishing-as-a-Service is a model in which individuals or groups provide ready-made phishing tools, infrastructure and support to customers for a fee, often via subscription services or one-off payments. This business-like approach means non-technical users can easily launch phishing campaigns without building infrastructure or writing code. According to the explainer released by Barracuda, "Phishing-as-a-Service, or PhaaS, is a cybercrime model where threat actors offer phishing tools, kits and services to other attackers, often via subscription or one-time payment. It lowers the barrier to entry for phishing attacks by providing ready-made templates, hosting, automation and even customer support. PhaaS enables non-technical users to launch sophisticated phishing campaigns, contributing to the rise in phishing incidents globally." Attackers typically access these services through forums, darknet markets, or messaging channels such as Telegram. The platforms provide templates for impersonating well-known brands and offer means to collect sensitive information entered by victims, which attackers can then use for financial gain or identity theft. The explainer notes, "Attackers sign up for this service — often through Darknet or Telegram channels — and obtain access to their PhaaS infrastructure. The service provides ready-made fake emails and websites that look just like real companies. The scammer can customise messages to make them convincing. Then, these fake emails or websites are sent out to lots of people. When someone falls for the trick and enters their private info, the scammer collects it and can steal money or identities." Barriers lowered PhaaS is popular with users seeking to commit credential theft but lacking the skills to develop phishing infrastructure from scratch. The systems are marketed not only at experienced cybercriminals, but also at individuals with limited technical knowledge, as the ease of use and available support bring phishing within reach of a broader group of criminal actors. "Attackers who want to do credential theft but don't know how to build the phishing emails, infrastructure to host fake Microsoft/Google login pages, steal multifactor-authentication (MFA) tokens and send them to a command-and-control server. Sometimes even people who aren't very tech-savvy can use PhaaS because it makes it easy for anyone to launch scams," the explainer says. PhaaS allows for rapid deployment of attacks, high levels of automation and large-scale targeting, including of small businesses and individual consumers. Typical victims range from employees at companies targeted for access to internal systems, to consumers receiving emails purporting to be from banks or popular online services. "It saves time and effort — they don't have to create complicated scam setups from scratch. It's often cheap or subscription-based, so it's easy to access. It's much easier now to launch a sophisticated phishing campaign targeting thousands of people with just a few clicks or minimal effort, compared to traditional phishing attacks. These modern attacks are highly advanced — they use clever methods to avoid detection and often rely on legitimate but compromised websites and platforms." Market forces PhaaS providers continually update their kits to bypass security measures, and competition between providers is fierce. Kits compete on factors such as price, accessibility, customer support, regular updates, and their ability to avoid detection. Subscription models and customer service functions have become normal, mirroring the software industry. "Kits that are cheaper or easier to get tend to attract more users. Some offer subscriptions, while others sell one-time licenses. The price and payment options matter a lot. Updates: Some PhaaS providers offer customer support and regularly update their kits to bypass new security measures. Kits that stay updated and provide help keep their users loyal. Success rates: If a kit is known for helping scammers avoid detection and successfully steal information, it gains popularity over others." Emerging kits and techniques Barracuda identified several new PhaaS kits, such as Darcula, which merges phishing with malware delivery and tends to target mobile users, and Morphing Meerkat, noted for altering its appearance to bypass email controllers. Other kits like CoGUI have been regionally tailored, such as those targeting Japanese organisations, and Sniper Dz is highlighted for mimicking the login pages of popular services. According to the explainer, "What makes these kits particularly dangerous is that they constantly evolve — updating their methods to avoid being detected by security systems. This ongoing development helps scammers stay one step ahead and makes it harder to shut them down." Detection strategies avoided PhaaS operators and their customers deploy techniques including encrypting malicious code, using code obfuscation, leveraging legitimate but compromised websites, and actively detecting when they are being monitored by security software or research sandboxes. In such cases, the kits will direct users to bona fide websites to avoid raising suspicion. The use of encryption and the adoption of real, trusted sites for hosting phishing content make detecting such threats more challenging for security tools, which traditionally focus on signature-based or heuristic detections of uncommon domains or content. Despite ongoing efforts by security professionals and law enforcement, the widespread distribution of PhaaS services and kits, international hosting, and frequent method changes continue to pose challenges for effective mitigation and takedown of phishing operations.
