USE CASE · Concierge agents

Travel, dining, gifts —
no card share, no leaks.

Concierge agents book flights and hotels, send gifts, and pay restaurant tabs without ever holding the customer's primary card. Per-customer virtual cards, per-merchant caps, real-time receipts to the customer's inbox.

$2k/d
default cap
412ms
card provision
MCC
category locks
24/7
agent uptime
The problem

Why the corporate card
doesn't work for this agent.

Card-on-file = liability

A concierge agent with the customer's primary Amex on file is a breach waiting to happen. One prompt-injection from a hostile booking site and the agent uploads the PAN to an attacker.

Receipts get lost

Hotels email confirmations to a shared mailbox no one reads. Customers don't know what was charged until the statement lands 30 days later. Disputes are nightmare-fuel for support.

Refunds disappear

Cancelled bookings refund to the concierge's master card. Tracking which refund corresponds to which customer takes a finance analyst a full day per week.

What the wallet ships with

Everything this agent needs.
Nothing it doesn't.

Per-customer virtual cards
Each customer gets their own AgentWallet-issued Visa, scoped to a daily cap and the merchants the concierge actually books. The card never sees the customer's primary.
MCC + merchant locks
Hotels-only card? Lock to MCC 7011. Restaurants only? MCC 5812 and 5813. The agent simply can't charge anything outside the scope, even if compromised.
Real-time customer receipts
Every charge fires a webhook into the customer's inbox app (email, SMS, in-app push) within 2 seconds. They see what was charged before they see the menu.
Auto-refund routing
Booking cancelled? The merchant's refund lands back on the same per-customer card, and the agent auto-forwards a notification + ledger entry to the customer's record.
Loyalty number management
Customer's Marriott Bonvoy, Delta SkyMiles, OpenTable account numbers are stored encrypted on the customer record and injected into the booking by the agent — they're never typed into the LLM.
Gift-card issuance
Send a $200 Sweetgreen card to the customer's assistant via SMS in under 5 seconds. Tracked, expirable, reportable.
Per-trip mandate
Customer signs one IntentMandate for the trip: 'NYC, Sept 14–17, $3k cap.' Agent books flights/hotel/dinners within scope. No further approvals; out-of-scope spend is automatically refused.
Concierge-of-concierges
If you run a concierge platform with N concierge agents, each gets its own scoped wallet, all rolled up into one master account with consolidated billing.
A day in the life

From mandate to settlement.

01
01 · Mandate

Trip is approved

Customer signs an IntentMandate: 'NYC, Sept 14–17, $3,000.' Mandate is bound to a fresh per-trip virtual card.

02
02 · Book

Agent transacts

Agent books flights via Amex GBT or Expedia, hotel via Marriott direct (loyalty number injected), 3 dinners via OpenTable. Each charge lands within 2 minutes.

03
03 · Receipt

Customer sees it live

Customer's inbox gets 4 charge notifications in real time. They can dispute any one with a single tap — agent auto-issues a card refund request.

04
04 · Close

Trip ends

Card is automatically voided on the trip's end date. Ledger row exported to the customer's portal with all 4 receipts attached.

Vendors typically allowlisted

Plug-and-play merchant lists.

Curated merchant allowlists ship with the wallet template. Add your own in one API call or one click in the portal.

Amex GBTExpediaBooking.comMarriottHiltonHyattOpenTableResyTockUber for BusinessDeltaUnitedAmerican AirlinesSweetgreenWhole Foods
Recommended starter policy

Defaults you can flex.

Daily cap$2,000
Per-trip cap$10,000
MCC allowlistTravel · Dining · Gifts
Geo lockTrip destination + home base
Refund window60 days
Card lifetimePer-trip; auto-void
In depth

Everything else you need to know.

Why concierge platforms can't share the customer's primary card.

Modern concierge services — for HNW individuals, executive assistants-as-a-service, AI travel agents — face one structural problem: the customer's primary card cannot live on the booking site or in the agent's memory. The blast radius of a single LLM jailbreak or one malicious OpenTable confirmation page is the customer's entire card limit. The historical workaround is a master corporate card the concierge agency holds; the cost is finance complexity, dispute friction, and frequent statement reconciliation pain.

AgentWallet eliminates this by issuing one Visa per customer, per trip, scoped to the trip's merchant categories, daily cap, geography, and lifetime. The agent never holds the customer's primary card. If a booking site is compromised, the blast radius is whatever's left on that one trip-scoped card — typically under $1,000 — and the card auto-voids when the trip ends.

Real-time receipts: the trust loop.

When a concierge agent charges a $620 dinner at Le Bernardin, the customer sees the charge in their phone's notification tray within 2 seconds. Not the next morning, not the next statement — 2 seconds. This is the trust loop that makes agent-driven concierge work; without it, every customer is anxious about what the agent is doing on their behalf.

The receipts include the merchant's display name (decoded from the MCC + acquirer name, so 'L BRNARDIN NY' becomes 'Le Bernardin, NYC'), the amount, the trip context, and a one-tap dispute button. Disputes route through the agent's card-refund flow automatically — no human in the loop unless the merchant refuses.

Loyalty numbers without telling the LLM.

Customers expect their Marriott Bonvoy, Delta SkyMiles, and OpenTable numbers to be used. Putting these into the LLM's prompt context is a data-leak risk and a token-cost waste. AgentWallet stores loyalty numbers encrypted on the customer record (AES-256-GCM, scoped to that customer's principal) and injects them into the booking at the point of the API call — never into the model context.

The agent calls a tool: book_hotel({chain: 'Marriott', city: 'NYC', dates: …}). The tool resolves the customer's Marriott number from the encrypted store and forwards it to the booking API. The LLM never sees the number; the model can't accidentally leak it in a response.

Per-trip mandate: one signature, scoped spend.

A concierge that asks the customer to approve every $40 dinner is a worse customer experience than calling a human concierge. AgentWallet uses AP2's IntentMandate to make this asymmetric: customer signs once at the start of a trip (e.g., 'NYC, Sept 14–17, $3,000, travel + dining + gifts'), and the agent transacts freely within that scope. Anything outside the scope — $50 over the cap, an Uber to Boston instead of NYC, a Best Buy purchase outside the MCC allowlist — is refused at the network level by the card's policy guard.

If the customer wants to extend mid-trip, they bump the mandate by tapping a one-time confirmation in their app. The new mandate version supersedes; the old version is retained for audit. Every charge on the trip is bound by a signature chain back to the customer's IntentMandate.

FAQ

Common questions.

Does the customer need to install an app?
No — receipts can deliver to email, SMS, or any webhook URL you provide. Your concierge app can subscribe to the webhook stream and render in-app. The customer never has to touch AgentWallet's surface.
What card networks are supported?
Visa and Mastercard, both as virtual-only and physical-printable. Visa is the default for concierge use because of better international acceptance at hotels and restaurants.
Can I issue cards in the customer's name?
Yes — the cardholder name on each virtual card is fully configurable. Set it to the customer's name, the concierge agency's name, or the agent's identifier. Note that BIN-routing decisions and the issuer-of-record remain AgentWallet's underlying issuer.
What's the chargeback flow?
If a customer disputes a charge from their receipt notification, AgentWallet auto-issues a card-refund request through the merchant. If the merchant refuses, we open a network chargeback on the card. Win rate is broadly in line with merchant-acquirer norms; we don't claim better.
Can the agent handle multi-country trips?
Yes. The geo lock on the virtual card is an allowlist, not a single value. Customer signing a Tokyo→Singapore→Bali itinerary gets a card geo-locked to those three countries plus their home base for cleanup charges.
What happens to the card after the trip?
By default it auto-voids on the trip's end date (configurable). Recurring concierge services typically issue a single per-customer card with a daily cap instead, refreshed monthly.

Ship this agent today.

Provision a wallet, attach a verified principal, set caps, plug into your LLM via MCP. Live in under a minute.