Ovra is EU-native, API-first payment infrastructure for AI agents. We provide virtual Visa cards, programmable spending policies, and tokenized credentials so agents never see raw card data. GDPR-compliant with EU data residency.

How do I integrate Ovra with my AI agent?

The fastest way is to connect to our Model Context Protocol (MCP) server at https://api.getovra.com/api/mcp from Claude, GPT, Cursor, or any MCP-compatible agent. 10 tools are available out of the box. You can also use the REST API: a single call creates an agent with a virtual card and spending policy. No SDK install required.

Do AI agents see real card numbers when they pay?

Never. Ovra uses tokenized card credentials (DPAN, also known as Visa Network Tokens). When an agent needs to pay, we issue a scoped credential bound to the specific intent. Even if the agent's context is compromised, there is nothing useful to steal. Real PAN/CVV is encrypted server-side with AES-256-GCM and never reaches the agent.

Is Ovra GDPR-compliant?

Yes. Ovra is EU-native, built in Berlin, hosted in EU data centers, and engineered GDPR-compliant by design. Enterprise customers receive a Data Processing Agreement (DPA) and audit log access.

Is there a free tier?

Yes. The Free plan includes 1 agent, 1 virtual card, €150/month transaction volume, and full API and MCP access including sandbox mode. Paid plans start at €39/month for teams that need more agents and higher volume.

Which AI frameworks work with Ovra?

Any framework that speaks Model Context Protocol or HTTP. We test against OpenAI Agents SDK, Claude Desktop, Cursor, Vercel AI SDK, LangChain, LlamaIndex, and OpenClaw. The MCP endpoint is one URL: point your model at https://api.getovra.com/api/mcp with a Bearer token and 10 payment tools become available.

Where does Ovra operate and is the company a bank?

Ovra is a German company serving customers across the European Union (EUR-only, fiat). Ovra is not a bank. When our regulated card-issuer partnership ships, the licensed EMI (Electronic Money Institution) is the entity-of-record. Ovra is the developer-facing infrastructure layer.

How do AI agents pay for things online today?

Most agents today reuse a card delegated by the user — either a stored PAN, a card-on-file with a checkout provider, or a shared credential in the agent's prompt. Newer infrastructure replaces that pattern with scoped, pre-authorized credentials. Stripe and OpenAI's ACP (Sept 2025) uses Shared Payment Tokens scoped to merchant + amount. Visa's Intelligent Commerce (April 2026) issues agent-specific pass-through tokens. Ovra issues per-agent virtual Visa cards under programmable spending policies.

Why shouldn't an AI agent see the real card number?

Three reasons. (1) Card numbers are bearer tokens — anyone who has one can spend it, including a leaked-via-prompt-injection one. (2) Sharing a single PAN with an agent exposes the entire credit line, with no per-agent attribution. (3) Fraud models tuned to humans can't reason about agent velocity. The fix is to issue scoped credentials the agent never decrypts — Visa Network Tokens (DPANs), Shared Payment Tokens, or AP2-bound payment credentials.

What is a virtual Visa card for an AI agent?

A virtual Visa card is a tokenized payment credential — a Network Token (DPAN) backed by a real Visa BIN, but distinct from any physical card. For agent use, it's typically issued per-agent or per-intent, with hard limits on amount, merchant category, and time-to-live enforced at the network. The agent receives a tokenized reference; the actual card data is encrypted server-side. This is the architecture Ovra uses today and the pattern Visa Intelligent Commerce launched in April 2026.

How does Ovra enforce spending limits on AI agents?

Every payment runs through a six-state machine — Intent → Policy Check → Grant → Issue → Redeem → Settle. The intent is evaluated against the policy (amount limits, merchant allowlists, velocity caps, approval workflows) before any credential exists. If the policy denies, no card is issued. If the policy approves, a scoped virtual card is created with the constraints baked in at the network level. The agent never sees raw card data — credentials are tokenized DPANs.

Is agent-driven card fraud actually a problem?

It's an emerging one. Per Fenwick (April 2026), 'existing financial and consumer protection laws built around human-decisioned transactions may not appropriately address the challenges raised by agentic payments.' Common failure modes are not malicious — they're retry loops, stale intents, and policy gaps in normal agents. Mastercard's Verifiable Intent (open-sourced March 2026) is one industry response, building a tamper-resistant audit trail to resolve agent-related disputes.

How AI Agents Pay — And Why They Shouldn't See Your Card

Bottom line: Payment infrastructure was built for humans typing into checkouts. AI agents now book flights, subscribe to SaaS, and procure supplies at machine speed — and three things break: credentials leak through prompt injection, spending controls live inside the agent, and there's no audit trail distinguishing user vs. agent intent. The industry response in 2025–2026 — Stripe/OpenAI's ACP Shared Payment Tokens, Visa Intelligent Commerce, Mastercard Agentic Tokens, Google's AP2 mandates — converges on one principle: the agent never sees the real card.

Something quietly shifted in fintech. The buyer changed.

For decades, payment infrastructure assumed a person on the other end — someone typing a card number, confirming a purchase, approving a transaction. Every API, every checkout flow, every fraud model was built around human behavior.

Now AI agents are doing the buying. Juniper Research projects agentic commerce will reach $1.5T globally by 2030; McKinsey projects $3T–$5T. And agents don't behave like humans at all.

Why traditional payment rails break for agents

When an AI agent needs to make a purchase — book a hotel, subscribe to a tool, pay an invoice — it hits the same payment rails that were built for people. That creates three immediate problems:

Credential exposure. If the agent has access to card details, a prompt injection or model hallucination can leak them. Traditional card-on-file is a liability the moment an autonomous system reads from it.
No spending control. Without purpose-built guardrails, an agent can overspend, double-purchase, or buy something entirely outside its mandate. Per BCG's 2025 Global Payments Report, 81% of US consumers expect to shop with AI agents — without controls, this is the next major fraud surface.
No audit trail. Most payment flows don't distinguish between "the user bought this" and "the agent bought this on behalf of the user." When something goes wrong, there's no way to trace the decision chain — which is the exact gap Mastercard's Verifiable Intent framework, open-sourced March 2026, is designed to close.

These aren't edge cases. They're the default behavior of every agent that touches money today unless it's built on agent-native rails.

What is zero-knowledge checkout?

Ovra takes a different approach. The agent never sees the card.

Instead of handing credentials to an AI, Ovra issues a per-agent virtual Visa card scoped to the exact policy. When the agent requests a payment, Ovra evaluates the intent, approves a grant, and exposes only a tokenized credential — never the underlying PAN, CVV, or billing data.

This is what we call zero-knowledge checkout: the agent can pay without knowing how. It's the same architectural principle as Stripe's Shared Payment Token (Sept 2025) and Visa's agent-specific pass-through tokens (Visa Intelligent Commerce, 2025–2026) — running today in our private-beta sandbox issuer, with the same interface ready to flip to real Visa rails on our regulated EMI partnership.

The flow works like this:

The agent declares an intent through Ovra's MCP server or REST API.
Ovra checks the intent against the workspace's spending policy — amount limits, merchant allowlists, velocity caps, approval workflows.
If approved, a virtual Visa card is issued with the constraints locked in at the network token level.
The card is charged at the merchant; the credential is destroyed or scoped to expiry.
The user sees the full transaction in their dashboard with complete audit context — intent, policy decision, settlement, receipt.

At no point does the agent touch real credentials. At no point can it exceed its mandate.

Why rules matter more than trust

Most agent frameworks rely on "the model will behave correctly." Ovra assumes it won't.

Every payment passes through a decision layer that enforces constraints set by the human:

Amount limits — per transaction, per day, per agent
Category restrictions — only allow specific merchant categories (MCCs)
Approval flows — require human confirmation above a threshold
Time controls — restrict when agents can transact

These aren't suggestions to the model. They're hard guardrails enforced at the infrastructure level, before any card is issued. This is the same pre-authorization principle Google's AP2 protocol standardized at the network level — a verifiable mandate signed before a credential is bound to a transaction.

Why EU-native matters now

Ovra is EU-native, built for the regulatory framework that will govern European agentic payments through the late 2020s. This matters because:

PSD3 and the PSR reached provisional political agreement on November 27, 2025, with mandatory Verification of Payee, strengthened SCA, and platform liability for fraud — all of which require auditable consent and authorization chains.
EU-issued virtual cards work globally but comply with European regulation by default.
Data residency and processing stay within EU jurisdiction (GDPR by design).
DORA-aligned operational resilience is built into the infrastructure rather than retrofitted.

For companies building AI products in Europe, this eliminates the regulatory guesswork that comes with retrofitting US-built stacks.

What this means for builders

If you're building an AI agent that needs to transact — a travel assistant, procurement bot, autonomous SaaS manager, ad operator — you have two real choices in 2026:

Expose your payment credentials to the agent and hope nothing goes wrong.
Use infrastructure designed for autonomous buyers, where credentials are scoped, pre-authorized, and never leave the server.

Every major payments player has now picked option 2. Visa Intelligent Commerce, Mastercard Agentic Tokens, Stripe Shared Payment Tokens, AP2 mandates — same architectural conclusion, different layers. Ovra implements that pattern today in private beta with EU-native compliance, programmable policies, and a single MCP URL that connects Claude, GPT, Cursor, Vercel AI, OpenAI Agents, and LangChain — on a sandbox card issuer now, with real Visa rails arriving via our regulated EMI partnership.

Agents should be able to pay. They should never be able to steal.

Ovra is payment infrastructure for AI agents — currently in private beta. Join the waitlist.

Frequently asked questions

How do AI agents pay for things online today?: Most agents today reuse a card delegated by the user — either a stored PAN, a card-on-file with a checkout provider, or a shared credential in the agent's prompt. Newer infrastructure replaces that pattern with scoped, pre-authorized credentials. Stripe and OpenAI's ACP (Sept 2025) uses Shared Payment Tokens scoped to merchant + amount. Visa's Intelligent Commerce (April 2026) issues agent-specific pass-through tokens. Ovra issues per-agent virtual Visa cards under programmable spending policies.
Why shouldn't an AI agent see the real card number?: Three reasons. (1) Card numbers are bearer tokens — anyone who has one can spend it, including a leaked-via-prompt-injection one. (2) Sharing a single PAN with an agent exposes the entire credit line, with no per-agent attribution. (3) Fraud models tuned to humans can't reason about agent velocity. The fix is to issue scoped credentials the agent never decrypts — Visa Network Tokens (DPANs), Shared Payment Tokens, or AP2-bound payment credentials.
What is a virtual Visa card for an AI agent?: A virtual Visa card is a tokenized payment credential — a Network Token (DPAN) backed by a real Visa BIN, but distinct from any physical card. For agent use, it's typically issued per-agent or per-intent, with hard limits on amount, merchant category, and time-to-live enforced at the network. The agent receives a tokenized reference; the actual card data is encrypted server-side. This is the architecture Ovra uses today and the pattern Visa Intelligent Commerce launched in April 2026.
How does Ovra enforce spending limits on AI agents?: Every payment runs through a six-state machine — Intent → Policy Check → Grant → Issue → Redeem → Settle. The intent is evaluated against the policy (amount limits, merchant allowlists, velocity caps, approval workflows) before any credential exists. If the policy denies, no card is issued. If the policy approves, a scoped virtual card is created with the constraints baked in at the network level. The agent never sees raw card data — credentials are tokenized DPANs.
Is agent-driven card fraud actually a problem?: It's an emerging one. Per Fenwick (April 2026), 'existing financial and consumer protection laws built around human-decisioned transactions may not appropriately address the challenges raised by agentic payments.' Common failure modes are not malicious — they're retry loops, stale intents, and policy gaps in normal agents. Mastercard's Verifiable Intent (open-sourced March 2026) is one industry response, building a tamper-resistant audit trail to resolve agent-related disputes.