Ovra is EU-native, API-first payment infrastructure for AI agents. We provide virtual Visa cards, programmable spending policies, and tokenized credentials so agents never see raw card data. GDPR-compliant with EU data residency.

How do I integrate Ovra with my AI agent?

The fastest way is to connect to our Model Context Protocol (MCP) server at https://api.getovra.com/api/mcp from Claude, GPT, Cursor, or any MCP-compatible agent. 10 tools are available out of the box. You can also use the REST API: a single call creates an agent with a virtual card and spending policy. No SDK install required.

Do AI agents see real card numbers when they pay?

Never. Ovra uses tokenized card credentials (DPAN, also known as Visa Network Tokens). When an agent needs to pay, we issue a scoped credential bound to the specific intent. Even if the agent's context is compromised, there is nothing useful to steal. Real PAN/CVV is encrypted server-side with AES-256-GCM and never reaches the agent.

Is Ovra GDPR-compliant?

Yes. Ovra is EU-native, built in Berlin, hosted in EU data centers, and engineered GDPR-compliant by design. Enterprise customers receive a Data Processing Agreement (DPA) and audit log access.

Is there a free tier?

Yes. The Free plan includes 1 agent, 1 virtual card, €150/month transaction volume, and full API and MCP access including sandbox mode. Paid plans start at €39/month for teams that need more agents and higher volume.

Which AI frameworks work with Ovra?

Any framework that speaks Model Context Protocol or HTTP. We test against OpenAI Agents SDK, Claude Desktop, Cursor, Vercel AI SDK, LangChain, LlamaIndex, and OpenClaw. The MCP endpoint is one URL: point your model at https://api.getovra.com/api/mcp with a Bearer token and 10 payment tools become available.

Where does Ovra operate and is the company a bank?

Ovra is a German company serving customers across the European Union (EUR-only, fiat). Ovra is not a bank. When our regulated card-issuer partnership ships, the licensed EMI (Electronic Money Institution) is the entity-of-record. Ovra is the developer-facing infrastructure layer.

What is agentic commerce?

Agentic commerce is when an AI agent — not a human typing into a checkout — discovers a product, decides to buy it, and completes the payment. Visa defines it as 'AI agents acting on behalf of consumers within rules they set.' Juniper Research projects $1.5T in global agentic commerce spend by 2030; McKinsey projects $3T–$5T. The buyer changed; the payment stack is being rewritten to match.

Who is building the rails for AI agent payments?

All four major payments players shipped agent rails in the last 12 months. Visa launched Intelligent Commerce Connect (April 8, 2026), an integration layer supporting four protocols. Mastercard launched Agent Pay (April 2025) and open-sourced Verifiable Intent on GitHub (March 2026). Stripe and OpenAI co-developed the Agentic Commerce Protocol (Sept 2025, latest spec 2026-04-17). Google released Agent Payments Protocol (AP2), now moving to FIDO governance.

How big will the agentic commerce market be?

Estimates range widely. Juniper Research (April 2026) projects $1.5T in agentic commerce spend by 2030. McKinsey projects $3T–$5T globally and $900B–$1T for US B2C alone. Deloitte's most aggressive forecast is $17.5T by 2030. BCG's US consumer survey found 81% of consumers expect to shop with AI agents, driving over $1T — about 50% of online commerce.

Why can't AI agents just use existing card APIs?

Three reasons. First, authorization happens after the charge — by the time fraud rules run, the money is gone. Second, card credentials are bearer tokens — sharing one with an agent exposes the entire credit line. Third, fraud models are tuned to human behavior — agents make 100x more decisions per hour. Agent-specific protocols like AP2 introduce cryptographic mandates signed before the charge, scoped tokens, and explicit non-human transaction signals.

What is Ovra's role in the agentic payments stack?

Ovra is EU-native infrastructure that issues per-agent virtual Visa cards under programmable spending policies. Agents never see the real PAN/CVV — credentials are tokenized server-side as Visa Network Tokens (DPAN). Every payment passes through an Intent → Grant → Issue state machine that mirrors the cryptographic mandate pattern AP2 standardized at the network level. Ovra is in private beta today on a sandbox card issuer; the same interface flips to real Visa rails once our regulated EMI partnership ships.

The Agentic Payments Thesis: Why AI Agents Need Their Own Financial Infrastructure

Bottom line: The payment stack is being rewritten because the buyer changed. AI agents now book travel, procure supplies, subscribe to SaaS, and pay invoices autonomously — and every major card network (Visa, Mastercard), processor (Stripe), and AI platform (OpenAI, Google) has shipped agent-specific rails in the last 12 months. Juniper Research projects $1.5T in agentic commerce spend by 2030; McKinsey projects $3T–$5T. The infrastructure layer is being built right now, and the design choices made today will compound for a decade.

For fifty years, every layer of financial infrastructure assumed a human at the point of sale. Card networks, fraud models, checkout flows, KYC — all built around the assumption that a person initiates, approves, and completes a transaction.

That assumption is collapsing. By Q2 2026, AI agents are booking travel, procuring supplies, subscribing to SaaS, paying invoices, and managing vendor relationships. Autonomously. At machine speed. Without a human in the loop.

How fast is this happening?

Faster than any payments shift in recent memory. In 12 months, every major player shipped agent rails:

September 29, 2025 — Stripe and OpenAI released the Agentic Commerce Protocol (ACP) under Apache 2.0. PayPal joined as a payment provider on October 28, 2025.
April 29, 2025 — Mastercard launched Agent Pay with Microsoft, IBM, Braintree, and Checkout.com.
December 11, 2025 — Stripe shipped the Agentic Commerce Suite, bringing Coach, Kate Spade, URBN, Revolve, Squarespace, Wix, WooCommerce, and BigCommerce into the standard.
January 27, 2026 — Mastercard unveiled Agent Suite with live end-to-end agent payments at Santander (Europe) and Westpac (New Zealand).
March 2026 — Mastercard open-sourced Verifiable Intent on GitHub, a tamper-resistant audit trail co-developed with Google, Fiserv, IBM, Checkout.com, and Basis Theory.
April 8, 2026 — Visa launched Intelligent Commerce Connect, an integration layer supporting four agent protocols (Trusted Agent Protocol, MPP, ACP, UCP). General availability expected by end of June 2026.
April 17, 2026 — ACP shipped its latest stable spec adding cart, feed, orders, authentication, and Model Context Protocol integration.

Three protocols emerged as serious contenders: Stripe/OpenAI's ACP, Google's Agent Payments Protocol (AP2), and Mastercard's contribution to Google's Universal Commerce Protocol (UCP). Visa is positioning ICC as the neutral acceptance layer underneath all of them.

How big is the agentic commerce market?

The forecasts vary wildly because nobody has historical data. Here are the four most-cited numbers as of May 2026:

Source	Forecast	Year
Juniper Research	$1.5T global spend	2030
McKinsey	$900B–$1T US B2C; $3T–$5T global	2030
BCG Global Payments Report	>$1T (~50% of online commerce)	Near-term
Deloitte	$17.5T global commerce influenced	2030

BCG's July 2025 US Consumer survey found that 81% of consumers expect to shop with agentic AI, with uptake highest among households with children (93%) and adults 18–44 (92%). The shift is starting in routine, low-risk categories — household supplies, subscriptions, restaurant orders — before moving up the trust ladder.

Why doesn't existing payment infrastructure work for agents?

Today's rails were built around four assumptions, and AI agents break all four.

1. Authorization happens too late

Standard card flow: agent calls API → charge hits the network → fraud models run → approve or decline. By the time fraud rules execute, the money is moving. That's damage control, not prevention. Agentic protocols flip this: AP2's Cart Mandate and Intent Mandate require the user to cryptographically sign authorization before a credential is issued. Stripe's Shared Payment Token is scoped to a specific merchant and basket total at issuance. The constraint is structural, not policy-as-code.

2. Credentials are bearer tokens

A card number is the credential. If it leaks, anyone can spend it. Sharing one PAN with an autonomous agent means a buggy retry loop, a confused tool call, or a prompt injection can drain the credit line. Mastercard's Agentic Tokens and Visa's agent-specific pass-through tokens both address this — payment credentials are bound to a specific agent identity, with network-level controls on amount and merchant scope.

3. Fraud models assume human cadence

A human makes 5–20 card decisions a day. An agent can make hundreds. Velocity rules tuned to humans either flag everything (false positives crater conversion) or learn to ignore agent activity (which then masks real fraud). Mastercard's Verifiable Intent, released March 2026, addresses this by linking consumer identity, agent instruction, and transaction outcome into a tamper-resistant audit trail — letting issuers reason about agent transactions natively.

4. Disputes assume a human chargeback

When a charge is wrong, the human disputes it. When an agent overspends, who's at fault? The user who delegated? The model provider? The merchant? AP2's Payment Mandate is a separate verifiable credential explicitly shared with the network and issuer to signal AI involvement and human-present vs. human-not-present modality. It's the basis for the next generation of dispute liability rules.

What does an agent-native payment layer look like?

We see five non-negotiable properties:

Per-agent identity. Every agent has a cryptographic identity bound to a specific spending policy. No shared credentials, ever.
Pre-authorization, not post-hoc. Intent is declared, validated against policy, and bound to a credential — before any charge can occur. This mirrors AP2's Intent Mandate and ACP's Shared Payment Token at the application layer.
Tokenized credential exposure. Agents receive Visa Network Tokens (DPANs), never raw PAN/CVV. Card data is encrypted at rest with AES-256-GCM and never enters agent context.
Auditable state machine. Every transaction has an immutable trail: intent → grant → issue → authorize → settle → reconcile. Each step is idempotent and recoverable. This is also what Mastercard's Verifiable Intent is standardizing at the network level.
Programmable controls. Spending limits, merchant allowlists, MCC restrictions, time-of-day caps, and human-in-the-loop approvals — all expressed as data, not code, and enforceable at the infrastructure level.

Where Ovra fits

Ovra is the EU-native infrastructure layer for agent payments. We issue per-agent virtual Visa cards under programmable policies. Every payment runs through an Intent → Grant → Issue state machine. Agents transact via Model Context Protocol — Claude, GPT, Cursor, Vercel AI, OpenAI Agents, LangChain — using a single MCP URL. They never see card data; the credential is a tokenized DPAN scoped to the approved intent.

The pattern AP2 standardized at the network level — verifiable mandates binding intent to credential — is what Ovra implemented at the application level a year before AP2 shipped. As real-issuer adapters land (the regulated EMI partnership becomes the entity-of-record), the Ovra interface stays identical. Builders get one API; the underlying rails evolve underneath.

Why this matters now

Three things are happening simultaneously.

The protocols are converging. Visa's ICC supports all four (TAP, MPP, ACP, UCP). Mastercard joined Google's UCP. ACP integrated MCP. Within 24 months, agent payment plumbing will be commoditized. The differentiator becomes policy enforcement, EU compliance, audit trails, and developer experience.

Regulation is catching up. PSD3 and the PSR reached provisional political agreement on November 27, 2025; Official Journal publication is expected mid-2026, with PSR application around Q1 2028. Mandatory Verification of Payee, strengthened SCA, and platform liability for fraud all change how non-human payment flows must be designed. Building EU-native is no longer optional — it's the only way to be ready.

The buyer changed. ChatGPT alone has 700M+ weekly users. Stripe and OpenAI's ACP puts payments inside that conversation. Visa's Trusted Agent Protocol lets merchants distinguish trusted agents from bots. The economic gravity of every product surface is shifting from website + checkout to chat + agent + payment-on-behalf-of. Infrastructure built for the old model won't make the leap.

The agentic payments thesis isn't speculative anymore. It's a regulated, capitalized, in-production market with $1.5T–$5T at stake by 2030 and four major rails competing for the foundation. The question is no longer whether agents will pay autonomously, but whose infrastructure they'll pay through — and whether that infrastructure was designed for them or retrofitted from a checkout flow built for humans.

We think it has to be designed for them. That's why we built Ovra.

Frequently asked questions

What is agentic commerce?: Agentic commerce is when an AI agent — not a human typing into a checkout — discovers a product, decides to buy it, and completes the payment. Visa defines it as 'AI agents acting on behalf of consumers within rules they set.' Juniper Research projects $1.5T in global agentic commerce spend by 2030; McKinsey projects $3T–$5T. The buyer changed; the payment stack is being rewritten to match.
Who is building the rails for AI agent payments?: All four major payments players shipped agent rails in the last 12 months. Visa launched Intelligent Commerce Connect (April 8, 2026), an integration layer supporting four protocols. Mastercard launched Agent Pay (April 2025) and open-sourced Verifiable Intent on GitHub (March 2026). Stripe and OpenAI co-developed the Agentic Commerce Protocol (Sept 2025, latest spec 2026-04-17). Google released Agent Payments Protocol (AP2), now moving to FIDO governance.
How big will the agentic commerce market be?: Estimates range widely. Juniper Research (April 2026) projects $1.5T in agentic commerce spend by 2030. McKinsey projects $3T–$5T globally and $900B–$1T for US B2C alone. Deloitte's most aggressive forecast is $17.5T by 2030. BCG's US consumer survey found 81% of consumers expect to shop with AI agents, driving over $1T — about 50% of online commerce.
Why can't AI agents just use existing card APIs?: Three reasons. First, authorization happens after the charge — by the time fraud rules run, the money is gone. Second, card credentials are bearer tokens — sharing one with an agent exposes the entire credit line. Third, fraud models are tuned to human behavior — agents make 100x more decisions per hour. Agent-specific protocols like AP2 introduce cryptographic mandates signed before the charge, scoped tokens, and explicit non-human transaction signals.
What is Ovra's role in the agentic payments stack?: Ovra is EU-native infrastructure that issues per-agent virtual Visa cards under programmable spending policies. Agents never see the real PAN/CVV — credentials are tokenized server-side as Visa Network Tokens (DPAN). Every payment passes through an Intent → Grant → Issue state machine that mirrors the cryptographic mandate pattern AP2 standardized at the network level. Ovra is in private beta today on a sandbox card issuer; the same interface flips to real Visa rails once our regulated EMI partnership ships.