Eight frameworks are competing to define how AI agents make payments. Each approaches compliance differently — from zero-friction protocols with no audit layer to enterprise card networks with decades of compliance infrastructure. StableAudit maps the audit gaps across all of them.
8 frameworks, 10 audit capabilities. Hover over cells to see details. ACK is the most explicit about compliance — but none of them ship audit tooling.
Interactive landscape of 8 payment frameworks and their audit/compliance capabilities
Hover over cells for details. Click a framework row to expand insights. Green = Implemented, Amber = Partial, Red = Absent, Blue = Planned
| Framework | Transaction Monitoring | Identity Verification | Sanctions Screening | Audit Trail Export | Receipt Verification | Regulatory Tagging | Delegation Audit | Human-in-the-Loop | Open Specification | Agent-Specific Risk | Score |
|---|---|---|---|---|---|---|---|---|---|---|---|
ACK Catena Labs HIGH | ● | ● | ◐ | ◐ | ● | ◐ | ● | ● | ● | ◇ | 7.5/10 |
x402 Coinbase LOW | ○ | ○ | ○ | ○ | ○ | ○ | ○ | ○ | ● | ○ | 1.0/10 |
Stripe ACP Stripe MEDIUM | ● | ◐ | ● | ◐ | ◐ | ○ | ○ | ● | ◐ | ○ | 5.0/10 |
Visa Intelligent Commerce Visa MEDIUM-HIGH | ● | ● | ● | ◐ | ◐ | ◐ | ○ | ● | ○ | ◇ | 5.5/10 |
Mastercard Agent Pay Mastercard MEDIUM-HIGH | ● | ● | ● | ◐ | ◐ | ◐ | ○ | ● | ○ | ○ | 5.5/10 |
Google A2A Google NONE | ○ | ○ | ○ | ○ | ○ | ○ | ○ | ○ | ● | ○ | 1.0/10 |
Circle CPN Circle MEDIUM | ● | ● | ● | ◐ | ○ | ◐ | ○ | ● | ○ | ○ | 5.0/10 |
Tether Tether Operations Limited LOW | ◐ | ◐ | ◐ | ◇ | ○ | ○ | ○ | ◐ | ○ | ○ | 2.0/10 |
The agent payment landscape splits into three tiers of audit readiness.
At the top, enterprise card networks — Visa Intelligent Commerce and Mastercard Agent Pay — inherit decades of compliance infrastructure. They have transaction monitoring, sanctions screening, and human-in-the-loop escalation baked into their existing rails. But their audit capabilities are closed, proprietary, and inaccessible to the broader ecosystem.
In the middle, protocol-native frameworks — ACK, Stripe ACP, and Circle CPN — are building compliance into open or semi-open specifications. ACK is the most explicit about audit requirements, defining transaction monitoring, identity verification, and regulatory reporting as core Payment Service obligations. But none of them ship audit tooling.
At the bottom, lightweight protocols — x402 and Google A2A — optimize for speed and simplicity at the expense of compliance. x402 explicitly requires no accounts, no identity, and no personal information. A2A is a communication protocol with no payment or compliance layer at all.
StableAudit sits in the gap between specification and implementation. Every framework that takes compliance seriously needs audit infrastructure. The ones that don't take it seriously will need it when regulators come calling.
Compliance posture, audit maturity, and the StableAudit opportunity for each framework.
The most compliance-explicit agent commerce protocol. ACK-Pay defines transaction monitoring, identity verification, regulatory reporting, and human-in-the-loop as Payment Service responsibilities. ACK Receipts are Verifiable Credentials. StableAudit is the implementation layer — turning ACK's compliance spec into running audit infrastructure.
Internet-native payments via HTTP 402. 75M+ transactions, $24M+ volume, zero friction. But zero compliance: no identity, no monitoring, no audit trail, no sanctions screening. As x402 scales beyond micropayments, regulators will require the audit infrastructure it currently lacks. StableAudit could provide it without breaking the zero-friction model.
Agentic Commerce Protocol co-developed with OpenAI, powering Instant Checkout in ChatGPT. Shared Payment Tokens are scoped by seller, time, and amount. Stripe handles compliance internally but hasn't published an open audit specification. StableAudit's regulatory-tagged, exportable audit records complement Stripe's closed compliance.
Working with 100+ partners and 20+ agent integrations. The Trusted Agent Protocol distinguishes bots from legitimate AI agents. Built on card-network compliance rails with decades of audit infrastructure. But it's proprietary and closed — the broader agent ecosystem can't access or extend it.
Agentic Tokens extend Mastercard's proven tokenization to AI agents. PayPal and OpenAI integrations. Card-network compliance inherited. Like Visa, the audit infrastructure is powerful but closed. Mastercard's 'rules of the road' for agentic commerce need an open audit counterpart.
Agent-to-Agent protocol for task-oriented communication between AI agents. JSON-RPC over HTTPS, Agent Cards for capability discovery. Strong on interoperability, completely silent on payments, compliance, and audit. Any A2A agent that handles money will need external audit infrastructure.
Circle Payments Network handles $3.4B annualized volume. OCC national trust charter. Deloitte-audited reserves with Big Four monthly attestation. Strong issuer-level compliance but no agent-level audit tooling. As CPN enables agent-initiated USDC transfers, per-transaction audit trails become essential.
$185B in reserves, historically the industry's biggest audit question mark. KPMG hired March 2026 for first full audit since founding. PwC preparing internal controls. USAT launched for GENIUS Act compliance. The audit infrastructure gap is closing at the issuer level — but agent-level transaction audit doesn't exist yet.
The GENIUS Act doesn't distinguish between human-initiated and agent-initiated transactions. Every PPSI pathway requires transaction monitoring, suspicious activity reporting, and examiner-accessible records. As AI agents account for a growing share of payment volume — Stripe projects $385B in U.S. agentic spending by 2030 — the audit infrastructure question becomes unavoidable.
Who builds it? Card networks will build it for their own rails. Stripe will build it for their own merchants. But the open protocols — ACK, x402, A2A — need an open audit layer. That's StableAudit.
All four PPSI pathways require audit trails. StableAudit maps every audit field to the specific GENIUS Act provision that requires it.
Cross-border agent transactions must capture originator and beneficiary identity. StableAudit logs DID resolution and jurisdiction screening for every transaction.
Transaction monitoring and suspicious activity reporting are mandatory. StableAudit's real-time pipeline captures every compliance check with evidence and regulatory tags.
Whether you're building a payment framework, a compliance infrastructure, or a merchant platform, audit trails are becoming a regulatory requirement. StableAudit provides the open-source foundation every ecosystem needs.