Visa Intelligent Commerce · VIC · Agent Token Scope · AP2 Export
v1.0

Visa VIC — Agent Token Scope & Spend Control Policy Builder

Visa Intelligent Commerce (VIC) lets a consumer authorise an AI agent to pay on their behalf using a TAP-verified agent token — a credential scoped to a specific agent identity, merchant category set, spend limits, and consent tier, so the agent never touches the raw PAN. Build and validate the complete VIC agent token scope object, check Visa's published constraint rules, and export as an AP2 Policy Mandate.

Visa Intelligent Commerce TAP · RFC 9421 Agentic Ready Programme Zero PII Client-Side · No Network
Scope & reliance — 🔒 All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data — use synthetic or anonymised inputs only. VIC agent token schema is aligned with Visa's published VIC and TAP guidance — verify all field names against developer.visa.com before production use. Deterministic · zero PII · CC BY 4.0.
01 Agent Identity
The VIC agent token binds to a verified agent identity — not just the underlying card. TAP (Trusted Agent Protocol) uses RFC 9421 HTTP Message Signatures to confirm agent provenance at issuance time.
02 Merchant Scope
Restrict the token to a defined merchant universe. A fully open scope is high-risk — apply an MCC whitelist or blacklist wherever possible.
03 Spend Controls
All monetary limits are in the selected currency (major units). Set 0 to indicate no limit on a given control — note that absence of any monetary cap is flagged as a compliance error.
04 Credential Lifecycle
Define how long the agent token remains valid, the consumer consent model, which payment rails are permitted, and the auto-revocation triggers that protect the consumer if something goes wrong.