Mastercard Agent Pay

Mastercard Agent Pay enables verified AI agents to make purchases using agentic tokens. Key differentiator from Visa TAP: identity-first approach with Know Your Agent (KYA) verification levels. Four-stage flow: KYA verification → Token issuance → Purchase intent → Checkout. On Tenzro Network, KYA maps to TDIP KYC tiers and agent registry uses on-chain identities for permissionless merchant verification.

Overview

Mastercard Agent Pay is a comprehensive framework for agentic commerce, enabling AI agents to make purchases on behalf of humans with built-in safety controls. Unlike Visa TAP's signature-first approach, Mastercard Agent Pay is identity-first — establishing agent trustworthiness before allowing any transactions.

The framework centers on three key concepts:

Know Your Agent (KYA) — 4-level risk classification based on controller identity, TEE attestation, and delegation scope strength
Agentic Tokens — Time-bound, purpose-specific authorization tokens (SingleUse, SessionBound, Recurring) that encode spending limits and merchant restrictions
Purchase Intent — Explicit declaration of what the agent plans to buy, allowing merchants to validate before charging

Know Your Agent (KYA)

KYA is Mastercard's identity-first approach to agent verification. Instead of just signing requests (like Visa TAP), KYA establishes agent trustworthiness upfront by verifying:

Controller Identity — Is the human/organization controlling the agent verified?
Agent Authenticator — Are the agent's keys stored in TEE hardware?
Delegation Scope — Are spending limits and restrictions clearly defined?
Reputation — Does the agent have a history of successful transactions?

KYA classifies agents into four risk levels:

Level 0: Unverified

Agent has a TDIP DID but no verification. Controller identity unknown. No delegation scope defined.

TDIP Mapping:

identity.status = Active
identity.controller_did = None
identity.delegation_scope = None

Allowed Actions: Read-only API access, no purchases

Level 1: Basic

Agent has a verified controller (human or organization). Delegation scope defined with spending limits.

TDIP Mapping:

identity.controller_did = Some(verified DID)
identity.delegation_scope.max_transaction_value ≤ $100
identity.delegation_scope.max_daily_spend ≤ $500

Allowed Actions: Low-value purchases, subscription management

Level 2: Enhanced

Controller has enhanced KYC verification (e.g., government ID). Agent has TEE-attested keys. Higher spending limits.

TDIP Mapping:

controller.kyc_tier = Enhanced (2)
identity.tee_attestation = Present
identity.delegation_scope.max_transaction_value ≤ $1,000
identity.delegation_scope.max_daily_spend ≤ $5,000

Allowed Actions: Medium-value purchases, contract execution, recurring payments

Level 3: Full

Controller has full KYC/KYB verification. Agent keys in TEE with remote attestation. Enterprise-grade spending limits.

TDIP Mapping:

controller.kyc_tier = Full (3)
identity.tee_attestation = Remote attested
identity.delegation_scope.max_transaction_value ≤ $100,000
identity.delegation_scope.max_daily_spend = Unlimited

Allowed Actions: High-value purchases, treasury management, multi-sig participation

Agentic Tokens

Agentic tokens are time-bound, purpose-specific authorization tokens that agents present when making purchases. Unlike traditional payment tokens, agentic tokens encode the purchase intent and can be revoked by the controller at any time.

Token Types

SingleUse

Token valid for exactly one transaction. Automatically revoked after use.

{
  "token_id": "tok_abc123",
  "token_type": "SingleUse",
  "agent_did": "did:tenzro:machine:...",
  "controller_did": "did:tenzro:human:...",
  "max_amount": "50.00 TNZO",
  "allowed_merchants": ["merchant-xyz"],
  "expires_at": "2026-03-25T18:00:00Z",
  "used": false
}

SessionBound

Token valid for multiple transactions within a session (e.g., shopping cart checkout with multiple items).

{
  "token_id": "tok_def456",
  "token_type": "SessionBound",
  "session_id": "sess_xyz789",
  "agent_did": "did:tenzro:machine:...",
  "max_amount": "500.00 TNZO",
  "max_transactions": 10,
  "used_count": 3,
  "expires_at": "2026-03-25T19:00:00Z"
}

Recurring

Token valid for recurring payments (e.g., monthly subscriptions). Renews automatically until revoked.

{
  "token_id": "tok_ghi789",
  "token_type": "Recurring",
  "agent_did": "did:tenzro:machine:...",
  "max_amount_per_charge": "29.99 TNZO",
  "billing_cycle": "monthly",
  "next_charge_date": "2026-04-25",
  "allowed_merchants": ["subscription-service"],
  "active": true
}

Token Lifecycle

┌──────────┐    issue    ┌────────┐    use     ┌──────────┐
│ Inactive │──────────>│ Active │──────────>│ Consumed │
└──────────┘            └───┬────┘            └──────────┘
                            │
                            │ revoke
                            ▼
                        ┌─────────┐
                        │ Revoked │
                        └─────────┘

// Token states:
// - Inactive: Created but not yet issued
// - Active: Issued and available for use
// - Consumed: Used (SingleUse) or expired
// - Revoked: Manually revoked by controller

Purchase Intent

Before making a purchase, agents declare their purchase intent to the merchant. The intent includes what the agent plans to buy, the total amount, and optionally requires human authorization:

// Agent declares purchase intent
{
  "intent_id": "intent_abc123",
  "agent_did": "did:tenzro:machine:agent456",
  "controller_did": "did:tenzro:human:user789",
  "merchant_id": "merchant-xyz",
  "items": [
    {
      "product_id": "prod_001",
      "name": "AI Model Subscription",
      "quantity": 1,
      "unit_price": "29.99 TNZO",
      "total_price": "29.99 TNZO"
    }
  ],
  "total_amount": "29.99 TNZO",
  "currency": "TNZO",
  "requires_human_authorization": false,
  "agentic_token_id": "tok_def456",
  "timestamp": "2026-03-25T12:30:00Z"
}

// Merchant validates intent:
// 1. Check agent KYA level permits transaction
// 2. Verify agentic token is active and covers amount
// 3. Confirm items match merchant catalog
// 4. If requires_human_authorization=true, wait for controller approval
// 5. Process payment and fulfill order

Domain Events

Mastercard Agent Pay defines 5 lifecycle events that are recorded on-chain for audit and compliance:

IdentityVerified — Agent achieves a KYA level (0-3) after controller verification
AuthenticatorBound — Agent keys bound to TEE enclave or MPC wallet
AgenticTokenIssued — Controller issues new agentic token to agent
CheckoutInitiated — Agent submits purchase intent to merchant
PaymentCompleted — Transaction settles on-chain with receipt

Server Implementation

Merchants implement Mastercard Agent Pay servers to verify KYA levels and validate agentic tokens:

use tenzro_payments::mastercard_agent_pay::*;
use tenzro_identity::IdentityRegistry;

// Initialize Agent Pay server
let identity_registry = Arc::new(IdentityRegistry::new());
let token_service = Arc::new(AgenticTokenService::new());

let agent_pay_server = MastercardAgentPayServer::builder()
    .identity_registry(identity_registry.clone())
    .token_service(token_service.clone())
    .kya_verifier(Box::new(TdipKyaVerifier::new(identity_registry.clone())))
    .merchant_id("merchant-xyz".to_string())
    .build()?;

// Verify agent's KYA level
let agent_did = "did:tenzro:machine:agent456";
let kya_level = agent_pay_server.verify_kya_level(agent_did).await?;

match kya_level {
    KyaLevel::Unverified => {
        return Err(AgentPayError::InsufficientKya(
            "Agent must have Basic or higher KYA level".into()
        ));
    }
    KyaLevel::Basic | KyaLevel::Enhanced | KyaLevel::Full => {
        println!("Agent verified at KYA level: {:?}", kya_level);
    }
}

// Validate purchase intent
let intent = PurchaseIntent {
    agent_did: agent_did.to_string(),
    total_amount: 29_990_000, // 29.99 TNZO (18 decimals)
    agentic_token_id: "tok_def456".to_string(),
    items: vec![/* ... */],
    // ...
};

let validation = agent_pay_server.validate_purchase_intent(&intent).await?;

if !validation.valid {
    return Err(AgentPayError::InvalidIntent(validation.reason));
}

// Check agentic token
let token = token_service.get_token(&intent.agentic_token_id).await?;

if token.status != TokenStatus::Active {
    return Err(AgentPayError::InvalidToken("Token not active".into()));
}

if intent.total_amount > token.max_amount {
    return Err(AgentPayError::AmountExceeded);
}

// Process payment
let payment_result = agent_pay_server.process_payment(&intent).await?;

println!("Payment completed: {}", payment_result.tx_hash);

// Emit PaymentCompleted event
emit_event(DomainEvent::PaymentCompleted {
    intent_id: intent.intent_id,
    agent_did: intent.agent_did,
    amount: intent.total_amount,
    tx_hash: payment_result.tx_hash,
    timestamp: chrono::Utc::now(),
});

Client Implementation

Agents use the Agent Pay client to build purchase intents and handle merchant verification:

use tenzro_payments::mastercard_agent_pay::*;
use tenzro_crypto::Ed25519Signer;

// Agent's identity
let agent_did = "did:tenzro:machine:agent456";
let controller_did = "did:tenzro:human:user789";
let agent_signer = Ed25519Signer::from_seed(&agent_seed)?;

// Request agentic token from controller (human or agent's self-authorization)
let token_request = AgenticTokenRequest {
    agent_did: agent_did.to_string(),
    controller_did: controller_did.to_string(),
    token_type: TokenType::SessionBound,
    max_amount: 500_000_000, // 500 TNZO
    max_transactions: Some(10),
    allowed_merchants: vec!["merchant-xyz".to_string()],
    expires_at: chrono::Utc::now() + chrono::Duration::hours(2),
};

// Issue token (requires controller signature)
let agentic_token = token_service.issue_token(token_request).await?;

println!("Issued agentic token: {}", agentic_token.token_id);

// Build purchase intent
let intent = PurchaseIntent::builder()
    .agent_did(agent_did.to_string())
    .controller_did(controller_did.to_string())
    .merchant_id("merchant-xyz".to_string())
    .add_item(PurchaseItem {
        product_id: "prod_001".into(),
        name: "AI Model Subscription".into(),
        quantity: 1,
        unit_price: 29_990_000,
        total_price: 29_990_000,
    })
    .total_amount(29_990_000)
    .currency("TNZO".to_string())
    .agentic_token_id(agentic_token.token_id.clone())
    .requires_human_authorization(false)
    .build()?;

// Sign intent with agent's key
let intent_payload = intent.signing_payload();
let signature = agent_signer.sign(&intent_payload)?;

// Submit to merchant
let agent_pay_client = MastercardAgentPayClient::new(
    "https://merchant-xyz.tenzro.network".into(),
    agent_signer,
);

let checkout_response = agent_pay_client.checkout(&intent, &signature).await?;

match checkout_response {
    CheckoutResponse::Success { tx_hash, receipt } => {
        println!("Purchase complete! Tx: {}", tx_hash);
        println!("Receipt: {:?}", receipt);
    }
    CheckoutResponse::PendingAuthorization { auth_url } => {
        println!("Human authorization required: {}", auth_url);
        // Notify controller to approve at auth_url
    }
    CheckoutResponse::Declined { reason } => {
        println!("Purchase declined: {}", reason);
    }
}

KYA Verification Flow

The KYA verification process maps TDIP identity data to Mastercard's risk levels:

// KYA verification implementation
pub async fn verify_kya_level(
    agent_did: &str,
    identity_registry: &IdentityRegistry,
) -> Result<KyaLevel> {
    // Step 1: Resolve agent identity
    let agent_identity = identity_registry
        .resolve_identity(agent_did)
        .await
        .ok_or(AgentPayError::AgentNotFound)?;

    // Step 2: Check agent is active (not suspended/revoked)
    if agent_identity.status != IdentityStatus::Active {
        return Ok(KyaLevel::Unverified);
    }

    // Step 3: Check for controller
    let controller_did = match &agent_identity.controller_did {
        Some(controller) => controller,
        None => return Ok(KyaLevel::Unverified), // Autonomous agent, no controller
    };

    // Step 4: Resolve controller identity
    let controller_identity = identity_registry
        .resolve_identity(controller_did)
        .await
        .ok_or(AgentPayError::ControllerNotFound)?;

    // Step 5: Check delegation scope exists
    let delegation_scope = match &agent_identity.delegation_scope {
        Some(scope) => scope,
        None => return Ok(KyaLevel::Unverified),
    };

    // Step 6: Determine KYA level based on TDIP data
    let kya_level = if controller_identity.kyc_tier >= 3
        && agent_identity.tee_attestation.is_some()
        && delegation_scope.max_transaction_value >= 100_000_000_000 // 100k TNZO
    {
        KyaLevel::Full
    } else if controller_identity.kyc_tier >= 2
        && agent_identity.tee_attestation.is_some()
        && delegation_scope.max_transaction_value >= 1_000_000_000 // 1k TNZO
    {
        KyaLevel::Enhanced
    } else if controller_identity.kyc_tier >= 1
        && delegation_scope.max_transaction_value >= 100_000_000 // 100 TNZO
    {
        KyaLevel::Basic
    } else {
        KyaLevel::Unverified
    };

    Ok(kya_level)
}

Token Service

The token service manages agentic token issuance, revocation, and lifecycle:

use tenzro_payments::mastercard_agent_pay::AgenticTokenService;

let token_service = AgenticTokenService::new();

// Issue token
let token = token_service.issue_token(AgenticTokenRequest {
    agent_did: "did:tenzro:machine:agent456".into(),
    controller_did: "did:tenzro:human:user789".into(),
    token_type: TokenType::SingleUse,
    max_amount: 50_000_000, // 50 TNZO
    allowed_merchants: vec!["merchant-xyz".into()],
    expires_at: chrono::Utc::now() + chrono::Duration::hours(1),
    // ...
}).await?;

// Validate token before use
let validation = token_service.validate_token(
    &token.token_id,
    "merchant-xyz",
    30_000_000, // 30 TNZO
).await?;

if !validation.valid {
    return Err(AgentPayError::InvalidToken(validation.reason));
}

// Mark token as used (for SingleUse tokens)
token_service.mark_token_used(&token.token_id).await?;

// Revoke token (controller action)
token_service.revoke_token(&token.token_id, &controller_signature).await?;

// List active tokens for agent
let active_tokens = token_service.list_tokens(
    "did:tenzro:machine:agent456",
    TokenStatus::Active,
).await?;

println!("Active tokens: {} found", active_tokens.len());

Payment Flow

The complete Mastercard Agent Pay flow from KYA verification to settlement:

Server creates AgentPayChallenge — Merchant creates challenge with requires_kya level (0-3), amount, currency, and allowed payment methods
Client performs KYA verification — Agent calls verify_kya_level() to determine its trust level based on TDIP identity data
Client requests agentic token — Agent (or controller) issues token via AgenticTokenService with spending limits and merchant restrictions
Client creates PurchaseIntent — Agent builds intent declaring items, total amount, token ID, and whether human authorization is required
Client submits credential — Agent sends PurchaseIntent + signature to merchant for validation
Server verifies KYA level — Merchant checks agent's KYA level meets challenge requirement and is not suspended/revoked
Server validates token — Merchant confirms token is Active, covers amount, allows merchant ID, and hasn't expired
Server checks intent — Merchant validates items against catalog, confirms total amount matches, checks delegation scope
Settlement on Tenzro Ledger — Payment executes on-chain via SettlementEngine, emits PaymentCompleted event

Tenzro Integration

Tenzro Network provides a fully decentralized implementation of Mastercard Agent Pay:

KYA Maps to TDIP KYC Tiers — Unverified (0), Basic (1), Enhanced (2), Full (3) KYA levels correspond to TDIP KYC tiers on human controller identities
Agent Registry On-Chain — All agent identities stored in TDIP IdentityRegistry on Tenzro Ledger, enabling permissionless verification without Mastercard API access
TEE-Backed Agent Authenticators — Agent keys stored in Intel TDX, AMD SEV-SNP, AWS Nitro, or NVIDIA GPU CC enclaves with remote attestation
Settlement via Tenzro Ledger — All payments settle on-chain in TNZO or stablecoins (USDC/USDT via Tempo) with sub-second finality
Token Transparency — Agentic tokens stored on-chain for transparent audit trails; controllers can revoke tokens instantly with on-chain transactions

use tenzro_payments::mastercard_agent_pay::*;

// Initialize Mastercard Agent Pay server
let agent_pay_server = MastercardAgentPayServer::new(
    identity_registry.clone(),
    token_service.clone(),
    settlement_engine.clone(),
);

// Handle checkout request
async fn handle_agent_checkout(
    intent: PurchaseIntent,
    agent_pay_server: &MastercardAgentPayServer,
) -> Result<CheckoutResponse, AgentPayError> {
    // Verify KYA level
    let kya_level = agent_pay_server
        .verify_kya_level(&intent.agent_did)
        .await?;

    if kya_level < KyaLevel::Basic {
        return Err(AgentPayError::InsufficientKya);
    }

    // Validate agentic token
    let token = agent_pay_server
        .validate_token(&intent.agentic_token_id)
        .await?;

    if !token.allows_merchant(&intent.merchant_id) {
        return Err(AgentPayError::MerchantNotAllowed);
    }

    if intent.total_amount > token.max_amount {
        return Err(AgentPayError::AmountExceeded);
    }

    // Check delegation scope
    let scope = agent_pay_server
        .get_delegation_scope(&intent.agent_did)
        .await?;

    if !scope.is_operation_allowed("checkout") {
        return Err(AgentPayError::OperationNotAllowed);
    }

    // Execute settlement
    let settlement_result = agent_pay_server
        .execute_settlement(
            &intent.agent_did,
            &intent.controller_did,
            intent.total_amount,
        )
        .await?;

    Ok(CheckoutResponse {
        status: "confirmed".to_string(),
        transaction_id: settlement_result.transaction_id,
        kya_level,
    })
}

MCP Usage

AI agents can create Mastercard Agent Pay challenges programmatically using Tenzro's Model Context Protocol (MCP) server:

# Create a Mastercard Agent Pay challenge
curl -X POST https://mcp.tenzro.network/mcp \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
      "name": "create_payment_challenge",
      "arguments": {
        "protocol": "mastercard-agent-pay",
        "amount": "29.99",
        "currency": "TNZO",
        "merchant_id": "merchant_xyz",
        "resource_url": "https://merchant-xyz.tenzro.network/api/checkout",
        "requires_kya": "Basic",
        "requires_human_authorization": false
      }
    },
    "id": 1
  }'

# Response
{
  "jsonrpc": "2.0",
  "result": {
    "content": [{
      "type": "text",
      "text": "{\"challenge_id\":\"ch_def456\",\"protocol\":\"mastercard-agent-pay\",\"amount\":\"29.99\",\"currency\":\"TNZO\",\"merchant_id\":\"merchant_xyz\",\"requires_kya\":\"Basic\",\"requires_human_authorization\":false,\"expires_at\":1711377600}"
    }]
  },
  "id": 1
}

Comparison with Visa TAP

Mastercard Agent Pay and Visa TAP take fundamentally different approaches to agentic commerce:

Visa TAP (Signature-First)

RFC 9421 HTTP signatures at CDN proxy before request reaches merchant
7-stage verification pipeline: header extraction → key retrieval → timestamp → nonce → domain binding → crypto verification → result
Focus on cryptographic proof of agent identity per-request
Three data layers: Agent Recognition + Consumer Recognition + Payment Container
Best for: Enterprise agents making API calls to many merchants

Mastercard Agent Pay (Identity-First)

Know Your Agent (KYA) verification levels before allowing any transactions
Agentic tokens with explicit spending limits, merchant allowlists, and revocation
Purchase intent declarations for merchant validation before charging
Focus on establishing agent trustworthiness upfront
Best for: Consumer agents making purchases with delegated authority

Feature	Visa TAP	Mastercard Agent Pay
Verification Approach	Signature-first (RFC 9421)	Identity-first (KYA levels)
Authorization Model	Per-request signatures	Token-based (agentic tokens)
Risk Classification	Binary (verified/unverified)	4 levels (0-3)
Purchase Intent	No (implicit in request body)	Yes (explicit declaration)
Token Revocation	N/A (no tokens)	Instant (on-chain)
Best For	API access, B2B	Consumer purchases, B2C

Security Considerations

Token Revocation — Controllers must monitor agent activity and revoke tokens immediately if suspicious behavior is detected. Tenzro provides real-time event streams for monitoring
KYA Level Enforcement — Merchants should reject transactions from agents with insufficient KYA levels. High-value purchases (>$1k) should require Enhanced or Full KYA
Intent Validation — Always validate purchase intents against merchant catalogs. Agents may submit intents with invalid product IDs or inflated prices
Human Authorization — For purchases exceeding delegation scope limits, always require human authorization. Never auto-approve out-of-scope transactions
Token Storage — Agentic tokens should never be stored in plaintext. Use encrypted storage with keys in TEE or KMS
Delegation Scope Updates — When updating delegation scopes, existing tokens should be re-validated. Tokens issued under old scopes may exceed new limits

Next Steps

Review Visa TAP for RFC 9421 agent verification
Learn about RFC 9421 HTTP message signatures
Explore TDIP identity protocol for KYA mapping
Check out settlement architecture for payment finalization

← Visa TAP Next: Settlement →