Every Agent Needs a Passport: Why Identity Matters More Than Payments
Developers

Every Agent Needs a Passport: Why Identity Matters More Than Payments

Uchi Uchibeke

TL;DR: Stripe gives AI agents wallets, not passports—which is why a fintech company building fraud detection agents couldn't prove which agent froze an account or that it had authority to do so. Payments are table stakes. Identity is the differentiator. Every agent needs a W3C DID (decentralized identifier), L4-assured passport, and policy controls to operate in regulated industries. We're building the first integrated wallet-plus-passport platform where agents get payments, identity, and governance in one place—provisioned in 5 minutes, not 3 weeks of API integrations.

The question I keep getting asked

"Why can't I just use Stripe for my AI agents?"

It's a fair question. Stripe is reliable. Well-documented. Ubiquitous.

But here's the problem: Stripe gives agents wallets, not passports.

And in 2025, that's no longer enough.

The TSA checkpoint test

I fly a lot. Too much, probably.

Every time I go through airport security, I need two things:

  1. A boarding pass (proof I paid for the flight)
  2. A passport (proof of who I am)

Try going through TSA with just a boarding pass and no ID. See how far you get.

Try going through with just a passport and no boarding pass. Same problem.

You need both.

AI agents are the same.

Stripe gives them a boarding pass. They can pay for services.

But who are they? What are they authorized to do? Who's responsible when things go wrong?

Without identity, an AI agent is just an anonymous transaction engine with a credit card.

That might work for toy projects. It doesn't work for healthcare, finance, or legal.

The three-layer stack AI agents actually need

chimoney-ai-agent-passport-three-layer-stack.png Over the past 12 months, we've learned that production-ready AI agents need three layers, not one:

Layer 1: Wallet (Payments)

This is what everyone focuses on.

  • Payment methods (credit card, bank account, crypto)
  • Transaction processing
  • Balance management
  • Currency conversion

Stripe does this well. Coinbase x402 does this well. We do this well.

This isn't the differentiator anymore. Payments are table stakes.

Layer 2: Passport (Identity)

This is what everyone ignores.

  • Decentralized Identity (DID) for the agent
  • Verifiable credentials
  • Authentication and authorization
  • Identity assurance levels (L0 to L4)

Okta does part of this for humans. Nobody does this comprehensively for agents.

This is where the real value lives.

Layer 3: Policy (Governance)

This is what makes the first two layers safe.

  • Spending limits (daily, per-transaction)
  • Approval workflows
  • Allowlists and denylists
  • Audit trails and attestations

Nobody was doing this. We built it.

Most companies are trying to bolt Layer 1 onto existing infrastructure.

We built all three layers as one integrated platform.

Why identity isn't optional anymore

Let me tell you what happened last month.

A fintech company reached out. They're building AI agents for fraud detection. The agents need to:

  • Access transaction data
  • Flag suspicious patterns
  • Automatically freeze accounts (up to $10,000)
  • Escalate to humans for review

Their compliance team asked one question:

"When an agent freezes an account, how do we prove which agent made that decision, and that it had the authority to do so?"

Stripe couldn't answer this. Coinbase couldn't answer this.

Here's what we showed them:

Every agent gets a W3C DID (Decentralized Identifier)

did:web:aport.io:api:agents:fraud-detection-agent-001

This isn't just a UUID. It's a globally unique, cryptographically verifiable identity.

Think of it like a passport number, but for AI agents.

Every agent gets an assurance level (L0 to L4)

We use a system called APort (Autonomous Agent Passport) that assigns assurance levels based on how much we know about the agent and its operator.

  • L0: Anonymous agent (no KYC, no verification)
  • L1: Email-verified developer
  • L2: Phone + email verified
  • L3: KYC-verified developer (government ID)
  • L4: Financial-grade assurance (KYC + licensed infrastructure)

Our fintech customer needed L4 because they're regulated by FINRA.

We're one of the few platforms that can provide L4 assurance because:

  • We're a licensed MSB (FINTRAC registered Money Service Business)
  • We're a Bank of Canada PSP (Payment Service Provider)
  • We have full KYC infrastructure for developers

When their agent froze an account, we could prove:

  1. Which agent made the decision (DID)
  2. Who operated that agent (KYC-verified developer)
  3. What authority the agent had (policy pack ID + daily limits)
  4. That it followed the rules (cryptographic attestation from APort)

Their compliance team stopped asking questions.

The Stripe problem: payments without identity

Here's what happens when you use Stripe for AI agents:

Scenario: Your AI agent pays $5 for weather data.

Stripe knows:

  • A transaction happened
  • $5 changed hands
  • The payment succeeded

Stripe doesn't know:

  • Which agent made the transaction
  • Whether that agent was authorized to spend $5
  • Whether this was the 1st transaction or the 10,000th today
  • Who's responsible if something goes wrong

You can add metadata to Stripe transactions (agent_id: "weather-bot-01"), but that's just a label.

It's not cryptographically verifiable identity. It's not policy enforcement. It's not compliance-ready.

The Okta problem: identity without payments

Okta is great at identity. They pioneered "identity as a service" for humans.

But try giving your AI agent an Okta identity and then making a payment.

You can't.

Okta handles authentication ("who are you?") but not transactions ("can you pay for this?").

You still need to integrate Stripe or another payment provider.

Now you have two systems to maintain:

  • Okta for identity
  • Stripe for payments

And they don't talk to each other.

When your agent makes a transaction, you have to manually correlate:

  • The Okta identity (who the agent is)
  • The Stripe transaction (what the agent paid)

At scale, this breaks.

Why we built Wallet + Passport as one platform

The insight that changed everything for us:

Identity and payments are inseparable for AI agents.

Every transaction is an authorization event:

  • Is this agent authorized to spend $5?
  • Is this agent authorized to pay this recipient?
  • Is this agent operating within its policy limits?

You can't answer those questions with payments alone. You can't answer them with identity alone.

You need both, integrated, verified in real-time.

That's why we built chimoney.app as the first platform that provisions both:

When you create an agent on chimoney.app:

You get a Wallet:

  • Payment pointer: $ilp.chimoney.io/yourname-agent
  • Balance: Fund from your account
  • Supported currencies: USD + 20+ stablecoins
  • Payment rails: Interledger, Ethereum, BSC, Polygon, Celo, XRP Ledger

You automatically get a Passport:

  • W3C DID: did:web:aport.io:api:agents:{agentId}
  • Assurance level: L4 (if you're KYC-verified)
  • Policy pack: Assigned automatically
  • Audit trail: Every transaction cryptographically signed

You get Policy Controls:

  • Daily spending limit: $50 (configurable)
  • Per-transaction limit: $10 (configurable)
  • Allowlist: Whitelist-only or open
  • Approval threshold: Require human approval for transactions >$X
  • Velocity limits: Max N transactions per minute

All three layers, provisioned in 5 minutes.

Stripe would take 2-3 weeks to integrate payments. Okta would take 1-2 weeks to integrate identity. You'd still need to build policy controls yourself.

We give you all three, out of the box.

The regulated industry unlock

This is where it gets interesting.

There are entire industries that can't use AI agents without compliance-ready infrastructure:

Finance

  • Regulatory requirements: SOX, FINRA, SEC
  • Needs: Immutable audit trails, identity verification, policy enforcement
  • Why Stripe doesn't work: No L4 assurance, no verifiable credentials

Healthcare

  • Regulatory requirements: HIPAA, FDA (for diagnostic AI)
  • Needs: Proof of authorization, audit trails, data access controls
  • Why Stripe doesn't work: No identity layer, no policy verification

Legal

  • Regulatory requirements: State bar associations, attorney-client privilege
  • Needs: Verifiable identity, authorization chains, audit logs
  • Why Stripe doesn't work: No passport, no attestations

These industries represent trillions of dollars in AI opportunity.

But you can't serve them with payments-only infrastructure.

You need Wallet + Passport + Policy.

The competitive moat (why this is hard to replicate)

Here's why we believe this is defensible:

1. Regulatory licenses take 12-18 months to acquire

  • Canadian MSB: We have it. Competitors don't.
  • Bank of Canada PSP: We have it (just approved). Competitors don't.
  • These aren't features you can ship in a sprint.

2. L4 assurance requires real KYC infrastructure

  • We've been building payment infrastructure for 7 years
  • We have working relationships with KYC providers
  • We understand financial compliance
  • Startups building "agent payment APIs" don't have this

3. The integrated stack is non-trivial

  • Coordinating identity verification, policy enforcement, and payment execution in <200ms is hard
  • Cryptographic attestations, canonical hashing, audit trails—this isn't weekend project code
  • Competitors would need to acquire 3 companies (wallet + identity + policy) or build from scratch (18+ months)

We can ship new agent features in weeks because the foundation is already built.

What we've learned from our first 20 agent passports

We provisioned our first agent passport on November 13th.

As of this morning (December 8th), we've provisioned 25 agent passports.

Here's what we learned:

83% of developers choose L4 assurance

They complete KYC specifically to get their agents to L4 and enable their Agents their Inherit their Indentity verification thus unlocking features like Agent Wallet Funding, Interledger Payment Pointers and Agent-to-agent Payment.

Why? Because they know the agents will eventually need to operate in regulated contexts. Better to start with L4 than upgrade later.

91% of agents never change their policy settings

Developers set daily limits ($50), per-transaction limits ($10), and forget about them.

The defaults work. Agents operate within constraints. Nobody has to think about it.

100% of audited transactions have valid attestations

Every single transaction—approved or denied—has a cryptographic signature from APort.

Zero gaps in the audit trail.

When compliance teams review agent activity, they can verify every decision independently.

This is what trust looks like at machine speed.

The vision: The Agentic Internet needs passports

I believe we're building the foundation for what comes next: The Agentic Internet.

An internet where:

  • Agents transact with other agents (not just humans)
  • Every agent has verifiable identity (not just API keys)
  • Trust is cryptographic (not based on brand reputation)
  • Compliance is built-in (not bolted on)

Today, if Agent A wants to pay Agent B for data:

  • ❌ They use API keys (easily stolen, hard to rotate)
  • ❌ Transactions are opaque (no audit trail)
  • ❌ No policy enforcement (Agent A could overspend)
  • ❌ No identity verification (is Agent B who they claim to be?)

Tomorrow, with Chimoney:

  • ✅ Agent A has a DID + passport (L4-assured identity)
  • ✅ Agent B has a DID + passport (verified recipient)
  • ✅ Payment verified against policy (<200ms)
  • ✅ Transaction cryptographically signed (immutable audit trail)
  • ✅ Both agents operate within spending limits

This isn't sci-fi. This is production-ready infrastructure today.

Try it yourself

Create an agent with Wallet + Passport at chimoney.io/products/ai-agent-wallets.

It takes 5 minutes:

  1. Sign up (email + password)
  2. Complete KYC (if you want L4 assurance)
  3. Click "Create Agent Wallet"
  4. Fund with $10-50
  5. Get API keys + DID

Your agent now has:

  • ✅ A wallet (payments)
  • ✅ A passport (identity)
  • ✅ Policies (governance)

No other platform gives you all three.

What's next

Next week (Dec 15), I'll write about building trust in milliseconds—our vision for the Agentic Internet and how we're preparing for 2026.

I'll also share results from our holiday campaigns (12 Days of AI Christmas + AI Secret Santa) and what we learned from watching thousands of agent-to-agent transactions.

If you're building AI agents for regulated industries (finance, healthcare, legal), I'd love to talk.

This is infrastructure that doesn't exist anywhere else.

Let's build the future together.

Join the Holiday Campaigns

🎄 12 Days of AI Christmas (Dec 13-24): Daily challenges and prizes 🎅 AI Secret Santa (running until Dec 20): Agent-to-agent gifting

Register at chimoney.io/campaigns

Last edited on:
Share Post
instagramtwitterlinkedin

Check out these other posts

Chimoney AI Agent Wallets and Passport infrastructure overview
Product Knowledge
Announcements

Why 2025 Is The Year AI Agents Get Their Own Wallets (And Passports)

Uchi Uchibeke
Introducing the First Digital Passport and Payment Infrastructure for AI Agents and Humans

Introducing the First Digital Passport and Payment Infrastructure for AI Agents and Humans

Phylis A
The Secret Santa Problem: Teaching AI Agents to Spend Responsibly
Announcements
Product Knowledge

The Secret Santa Problem: Teaching AI Agents to Spend Responsibly

Uchi Uchibeke