Welcome to AI for FIs, from Dixon Strategic Labs. Each week, this newsletter curates critical developments in agentic AI and explains why they matter for your credit union.

Stripe made 288 announcements at Sessions last week. Two of them, Shared Payment Tokens and the Payment Intents API, make it possible for an AI agent to compare a credit union's credit card against a transparent installment loan at the moment of checkout and pick whichever costs the member less. Affirm's transaction-level eligibility check is one of the products that plugs into them.

Two other developments this week tighten the same thread. The Five Eyes intelligence alliance published the first international guidance on how to grant and manage agents identity and access. And JPMorgan's CIO walked through how they decide what data an AI agent gets to see, what tasks it is allowed to do, and what validation layer catches its errors. A credit union can work with the same checklist.

Many credit card profits come from users who carry a balance. Whether that will hold up once agents start picking the payment is our conversion below the fold today 👇.

Stripe blog · April 29, 2026

The combined release lets an AI agent run a full payment, from picking the card to charging it, across the major card networks and installment options Stripe supports. Shared Payment Tokens give Affirm and Klarna access to Stripe's Payment Intents API. Machine Payments Protocol handles agent-to-business transactions. Link Agent Wallet adds spending controls and human-approval gates. Mastercard Agent Pay and Visa Intelligent Commerce are now plugged in. Universal Commerce Protocol with Google supports purchases initiated through AI Mode and Gemini.

Why it matters: Until last week, agent-initiated checkouts couldn't route through the major card networks. They can now. Card programs that assumed agents would route around them lose that assumption.

CyberScoop · May 1, 2026

The Five Eyes alliance (US, UK, Canada, Australia, New Zealand) published the first international guidance on agentic AI security on May 1. Two recommendations carry the document:

Most of the 29 pages walk through specific failure scenarios:

Each scenario doubles as a due-diligence question. Before signing with any agentic AI vendor, a credit union can use the scenarios as a checklist: how does your system prevent this specific class of failure, and what evidence can you show?

Richard Roberts, a former Federal Reserve official now at Monmouth University, argued the same week that the April US model risk management update specifically excluded AI from supervisory standards. Until US examiners publish a framework, the Five Eyes document is a useful substitute.

Why it matters: A credit union can pair this document with the information security program already in place, walk through the failure scenarios, and surface important control gaps.

Yahoo / Fortune · April 29, 2026

Lori Beer, JPMorgan's global CIO, walked through how the bank decides what data and systems an AI agent gets to access. Her core point is that an agent's access does not have to match a human's access for the same job.

A human knows, without being told, that some data they can see is not data they should forward to a friend. An agent does not have that judgment, so the access has to be defined more narrowly.

Two examples she gave:

The checklist Beer says JPMorgan runs before granting an agent access:

JPMorgan also won't use third-party vendors for agentic tools that touch core business flow. Beer: "This is going to be critical, because it's the underlying flow of how we do business. We want to secure it and we want to make sure it's organized."

Why it matters: While the tiered-permissions framework is transferable to smaller FIs like credit unions, the $19.8B budget doesn't. Two questions worth raising the next time an AI agent is being scoped or evaluated:

Stripe held Sessions last week and made 288 announcements. A few of them ended a constraint credit cards have been built on since 1958, and credit cards’ next evolution is being built over the next 24 months.

In September 1958, Bank of America mailed working credit cards to 60,000 households in Fresno that had not asked for them. The cards arrived pre-activated. Within 10 months, more than a million BankAmericards had reached California. About one in five accounts went bad, costing Bank of America $8.8 million.

The Fresno Drop was a workaround. Bank of America wanted to extend consumer credit without originating a separate loan for every refrigerator or suit. Data was thin and networks were too slow for real-time underwriting at checkout. So Bank of America pre-approved the borrower, put the credit line on a card, and priced the risk later through interest on unpaid balances.

The revolving credit card has run on that model for 68 years. It funds a meaningful share of credit union card programs, where interchange fees cover the cost of running the program and the profit comes from members who carry a balance from one month to the next.

The credit decision used to happen before the purchase, on a separate application. Sessions 2026 showed it can now happen at checkout, transaction by transaction. Now that the agent has its own account, it picks how the purchase gets paid.

By Sessions, Stripe had wired cards, Klarna, and Affirm into one agentic surface via Shared Payment Tokens and the Payment Intents API. Every agent-mediated checkout using those primitives can surface a revolving line and a transparent installment side by side. Affirm can run a transaction-level eligibility check, show total cost upfront, and offer a fixed repayment plan. Affirm's Libor Michalek frames it as monthly cost and cash-flow fit.

The vulnerable line is revolving-interest revenue. As more members start running purchases through AI agents on Gemini, ChatGPT, or Claude, payment decisions will become explicit comparisons.

Many credit unions may be forecasting next year's card revenue using the share of members who carried a balance last year. That number assumes members will keep using the card the same way. Once an agent at checkout can show a member a cheaper installment alternative, some members will pick it. Fewer members will carry a balance.

The card will still win some comparisons. Some members want the cashback rewards. Others want the ability to dispute a charge if a purchase goes wrong. Some will pick the card because it works at every merchant, or just out of habit. And some members carry a balance because the minimum monthly payment is what their cash flow allows. A member who tells their agent to keep monthly cash flow steady will see the agent keep picking the card.

The exposed borrower uses a card as an informal installment loan: a $2,000 appliance, a dental bill, a travel purchase carried for months.

The card designed for an agent needs what a balance-carrying member needs: clear total cost, fixed payoff, real-time affordability checks, guardrails before purchase.

Member-protective credit and competitive credit converge on the same product.

The infrastructure is moving from announcement to deployment. Stripe has live agentic-commerce capabilities and a public roadmap through Q1 2027. Visa and AmEx announced agentic-commerce products this year.

Two questions belong on the next card-program review. What share of member checkout volume can route through an agent in 24 months? And if revolving-interest revenue compresses against that share, what replaces it without losing the member?

The revolving credit card was built for a world where credit had to be pre-packaged. Agents are creating a world where credit can be priced in the moment.

The old workaround doesn’t vanish, it becomes comparable. Issuers that depend on revolving balances will likely begin to feel that pressure.