Can ChatGPT now make purchases with my credit card?

Yes. As of June 10, 2026, Visa has embedded its payment network inside ChatGPT. Users can link their Visa cards and allow AI agents to shop and complete transactions at any Visa-accepting merchant. The agent can recommend products, select items, and complete the purchase on your behalf.

What happens if an AI agent buys something I did not want?

This is a governance gap. Existing dispute resolution terms were designed for human-initiated transactions. Whether an unwanted agent purchase qualifies as an unauthorized transaction under your card agreement depends on how your payment platform defines authorization when an AI agent acts on your behalf.

Who is liable when an AI agent makes a bad purchase?

Liability is currently unclear. The AI provider (OpenAI), the payment network (Visa/Mastercard), the card issuer, and the merchant each operate under separate terms. No platform has published specific governance terms for agent-initiated transaction disputes.

What spending limits exist for AI agent purchases?

Limits vary by platform. Robinhood sets a default $100/month cap per provider for agent transactions. Stripe uses tokenized payment with configurable limits. Visa has not publicly disclosed default agent spending caps for the ChatGPT integration.

How does ConductAtlas track agentic payment governance?

ConductAtlas monitors 993 provisions across the core payment platforms involved in agentic commerce: OpenAI (360), PayPal (176), Coinbase (163), Robinhood (142), and Stripe (116). When these platforms modify terms affecting agent transactions, dispute resolution, or liability, ConductAtlas detects and classifies the change.

Visa Just Gave ChatGPT Access to Its Payment Network. What the Terms Actually Say.

ConductAtlas Assessment

SeverityCRITICAL

CategoryPayment Governance / Agent Commerce / Consumer Financial Rights

Affected UsersAny consumer who links a payment method to an AI agent, and any merchant accepting agent-initiated transactions

Monitoring StatusActive

Potential Consumer Impact

AI agents can now complete purchases without human approval of individual transactions Dispute resolution for agent-initiated purchases falls under existing terms designed for human transactions Liability for unauthorized or unwanted agent purchases is not clearly allocated across the AI provider, payment network, and card issuer Fraud detection systems must now distinguish between legitimate agent purchases and malicious agent activity Consumers who link payment methods to AI agents accept terms governing agent spending that vary by platform

Archive Metadata

Document TypeCross-Platform Governance Analysis

Platforms AnalyzedVisa, OpenAI, Stripe, Robinhood, PayPal, Coinbase

Provisions Tracked993 across 5 payment platforms

JurisdictionGlobal

Analysis DateJune 11, 2026

Archive StatusActive Monitoring

ConductAtlas analysis reflects observed document revisions, archived platform records, and operational governance changes. Analysis is informational and does not constitute legal advice or enforceability determinations. Applicability may vary by jurisdiction. Methodology

What Happened This Week

On June 10, 2026, Visa announced it had embedded its payment network inside ChatGPT. Users can link their Visa cards and allow AI agents to shop, select products, and complete purchases at any Visa-accepting merchant. The agent handles the entire transaction. The human approves a linked card. The AI does the buying.

The same day, Mastercard launched Agent Pay for Machines with 31 partners including Stripe, Coinbase, Adyen, and Cloudflare. Agent credentials are stored on public blockchains. AI agents can make autonomous payments, including micropayments worth fractions of a cent, at machine speed.

Last week, Robinhood launched agentic credit cards for Gold Card holders. AI agents connected through ChatGPT or Claude can trade stocks and make purchases using a virtual card number. Default spending cap: $100 per month per provider.

PayPal announced its own agentic commerce offering. Amazon is testing an AI shopping agent called Buy for Me. Google is building a payment protocol for AI agent purchases. In the span of two weeks, every major payment network has announced infrastructure for AI agents to spend money on behalf of humans.

993 Provisions Govern This Stack

ConductAtlas tracks the governance terms across the payment platforms now involved in agentic commerce. The numbers are significant:

OpenAI maintains 360 provisions across its terms of service, privacy policy, usage policies, and data processing agreements. 132 are classified as high severity. OpenAI generated 36 governance events since monitoring began, including 5 privacy policy changes in just 4 days (June 6-9, 2026).

PayPal maintains 176 provisions across its user agreement, privacy statement, buyer/seller protection terms, and acceptable use policy. 75 are high severity. PayPal has generated 31 governance events.

Coinbase maintains 163 provisions across its user agreement, privacy policy, and fee schedule. 69 are high severity. Coinbase has generated 23 events.

Robinhood maintains 142 provisions across its customer agreement, margin rules, and privacy policy. 63 are high severity. Robinhood has generated 21 events.

Stripe maintains 116 provisions across its terms of service, privacy policy, restricted businesses list, and acceptable use policy. 45 are high severity.

Every one of these provisions now governs transactions that AI agents initiate. The terms were written for humans. The agents do not read them.

The Liability Question Nobody Has Answered

When you buy something online, the liability chain is clear. You initiated the purchase. You authorized the payment. If the charge is fraudulent, your card issuer has established procedures for disputes, chargebacks, and refunds under Regulation E and Regulation Z.

When an AI agent buys something on your behalf, the liability chain fractures. You linked your card. The AI selected the product. The payment network processed the transaction. The merchant fulfilled the order. But you did not approve the specific purchase, evaluate the specific merchant, or review the specific price at the moment of transaction.

If the agent buys the wrong item, is that a dispute with the merchant, the AI provider, or the payment network? If the agent overspends, did you authorize the transaction by linking your card, or is it unauthorized because you did not approve the specific purchase? If the agent is manipulated by a scam merchant into buying a fraudulent product, as ChatGPT was caught doing just two days ago, who absorbs the loss?

No platform in the agentic commerce stack has published terms that specifically address these questions.

What the Arbitration Clauses Mean Here

ConductAtlas tracks 561 arbitration provisions across 197 platforms. Every payment platform in the agentic commerce stack uses mandatory arbitration with class action waivers.

Robinhood: 14 arbitration provisions. PayPal: 14. OpenAI: 15. Coinbase: 7. Each requires individual arbitration for disputes and prohibits class action participation.

When AI agents start making thousands of small purchases that consumers dispute, the class action waiver becomes structurally significant. If an AI shopping agent systematically overcharges by $2 per transaction across 500,000 users, the aggregate harm is $1 million. But each individual must file a separate arbitration claim over $2. The economics of individual arbitration make it irrational to pursue the claim, exactly as ConductAtlas documented in its analysis of mandatory arbitration across digital platforms.

The Fraud Vector

A 2026 study by HUMAN Security found that AI-driven carding attacks tripled from July to August 2025 and tripled again in early 2026. Researchers documented AI agents being used in automated credit card fraud, cycling through card numbers and payment attempts at machine speed.

The same infrastructure that enables legitimate AI agent shopping enables automated fraud at scale. When AI agents can create accounts, link payment methods, and complete purchases autonomously, the distinction between a legitimate agent purchase and a fraudulent one depends entirely on authentication and authorization governance.

Visa says it will provide fraud monitoring. Mastercard stores agent credentials on blockchain. Robinhood uses virtual card numbers that can be instantly deleted. These are real protections. But the governance terms that define what happens when fraud occurs, who bears the loss, how disputes are resolved, and what recourse consumers have, are still the same terms written for a world where humans clicked the buy button themselves.

What Consumers Should Do

Understand what you are authorizing. Linking a payment method to an AI agent is not a one-time purchase authorization. It is an ongoing authorization for the agent to initiate transactions on your behalf under terms set by the AI provider, the payment network, and your card issuer.

Set spending limits. Use the lowest available spending cap for any AI agent with payment access. Robinhood defaults to $100/month per provider. If your platform offers configurable limits, start low.

Review dispute resolution terms. Before linking a card to an AI agent, understand the arbitration clauses for both the AI platform (OpenAI, Claude) and the payment platform (Visa, Robinhood, Stripe). Your legal recourse for agent-initiated disputes is governed by these terms.

Monitor agent transactions. AI agents can make purchases faster than you can review them. Set up transaction alerts with your card issuer for any card linked to an AI agent.

Know how to revoke access. Understand how to disconnect your payment method from an AI agent immediately. If the agent begins making unwanted purchases, the speed of revocation determines your exposure.

What Businesses Should Do

Prepare for agent-initiated chargebacks. When consumers dispute purchases their AI agents made, merchants will face chargebacks under rules designed for human-initiated fraud. Understand how your payment processor handles agent-initiated transaction disputes.

Monitor payment platform terms. Visa, Mastercard, Stripe, and PayPal are actively updating their terms to accommodate agentic commerce. Changes to transaction dispute rules, liability allocation, and fraud definitions will affect how agent-initiated purchases are treated.

Track the governance layer. The platforms your business depends on for payments are adding agent commerce capabilities under evolving terms. ConductAtlas monitors 993 provisions across these platforms with same-day change detection.

Active Monitoring

ConductAtlas tracks governance changes across the agentic payment stack:

OpenAI: 360 provisions, 36 events (5 in the last 4 days)
PayPal: 176 provisions, 31 events
Coinbase: 163 provisions, 23 events
Robinhood: 142 provisions, 21 events
Stripe: 116 provisions, 7 events
Visa: 36 provisions, 2 events

Browse all 343+ tracked platforms

Primary Sources

OpenAI governance documents (360 provisions archived by ConductAtlas)

Visa governance documents (36 provisions archived by ConductAtlas)

Stripe governance documents (116 provisions archived by ConductAtlas)

Robinhood governance documents (142 provisions archived by ConductAtlas)

PayPal governance documents (176 provisions archived by ConductAtlas)

Coinbase governance documents (163 provisions archived by ConductAtlas)

AI agents are spending real money under terms written for humans. The payment networks, AI providers, and card issuers are building the infrastructure for agentic commerce faster than the governance framework can keep pace. 993 provisions across these platforms define who is liable, how disputes are resolved, and what recourse consumers have. Those provisions are changing. ConductAtlas is tracking every change.