Travel, dining, gifts —
no card share, no leaks.
Concierge agents book flights and hotels, send gifts, and pay restaurant tabs without ever holding the customer's primary card. Per-customer virtual cards, per-merchant caps, real-time receipts to the customer's inbox.
Why the corporate card
doesn't work for this agent.
Card-on-file = liability
A concierge agent with the customer's primary Amex on file is a breach waiting to happen. One prompt-injection from a hostile booking site and the agent uploads the PAN to an attacker.
Receipts get lost
Hotels email confirmations to a shared mailbox no one reads. Customers don't know what was charged until the statement lands 30 days later. Disputes are nightmare-fuel for support.
Refunds disappear
Cancelled bookings refund to the concierge's master card. Tracking which refund corresponds to which customer takes a finance analyst a full day per week.
Everything this agent needs.
Nothing it doesn't.
From mandate to settlement.
Trip is approved
Customer signs an IntentMandate: 'NYC, Sept 14–17, $3,000.' Mandate is bound to a fresh per-trip virtual card.
Agent transacts
Agent books flights via Amex GBT or Expedia, hotel via Marriott direct (loyalty number injected), 3 dinners via OpenTable. Each charge lands within 2 minutes.
Customer sees it live
Customer's inbox gets 4 charge notifications in real time. They can dispute any one with a single tap — agent auto-issues a card refund request.
Trip ends
Card is automatically voided on the trip's end date. Ledger row exported to the customer's portal with all 4 receipts attached.
Plug-and-play merchant lists.
Curated merchant allowlists ship with the wallet template. Add your own in one API call or one click in the portal.
Defaults you can flex.
| Daily cap | $2,000 |
| Per-trip cap | $10,000 |
| MCC allowlist | Travel · Dining · Gifts |
| Geo lock | Trip destination + home base |
| Refund window | 60 days |
| Card lifetime | Per-trip; auto-void |
Everything else you need to know.
Real-time receipts: the trust loop.
When a concierge agent charges a $620 dinner at Le Bernardin, the customer sees the charge in their phone's notification tray within 2 seconds. Not the next morning, not the next statement — 2 seconds. This is the trust loop that makes agent-driven concierge work; without it, every customer is anxious about what the agent is doing on their behalf.
The receipts include the merchant's display name (decoded from the MCC + acquirer name, so 'L BRNARDIN NY' becomes 'Le Bernardin, NYC'), the amount, the trip context, and a one-tap dispute button. Disputes route through the agent's card-refund flow automatically — no human in the loop unless the merchant refuses.
Loyalty numbers without telling the LLM.
Customers expect their Marriott Bonvoy, Delta SkyMiles, and OpenTable numbers to be used. Putting these into the LLM's prompt context is a data-leak risk and a token-cost waste. AgentWallet stores loyalty numbers encrypted on the customer record (AES-256-GCM, scoped to that customer's principal) and injects them into the booking at the point of the API call — never into the model context.
The agent calls a tool: book_hotel({chain: 'Marriott', city: 'NYC', dates: …}). The tool resolves the customer's Marriott number from the encrypted store and forwards it to the booking API. The LLM never sees the number; the model can't accidentally leak it in a response.
Per-trip mandate: one signature, scoped spend.
A concierge that asks the customer to approve every $40 dinner is a worse customer experience than calling a human concierge. AgentWallet uses AP2's IntentMandate to make this asymmetric: customer signs once at the start of a trip (e.g., 'NYC, Sept 14–17, $3,000, travel + dining + gifts'), and the agent transacts freely within that scope. Anything outside the scope — $50 over the cap, an Uber to Boston instead of NYC, a Best Buy purchase outside the MCC allowlist — is refused at the network level by the card's policy guard.
If the customer wants to extend mid-trip, they bump the mandate by tapping a one-time confirmation in their app. The new mandate version supersedes; the old version is retained for audit. Every charge on the trip is bound by a signature chain back to the customer's IntentMandate.
Common questions.
- Does the customer need to install an app?
- No — receipts can deliver to email, SMS, or any webhook URL you provide. Your concierge app can subscribe to the webhook stream and render in-app. The customer never has to touch AgentWallet's surface.
- What card networks are supported?
- Visa and Mastercard, both as virtual-only and physical-printable. Visa is the default for concierge use because of better international acceptance at hotels and restaurants.
- Can I issue cards in the customer's name?
- Yes — the cardholder name on each virtual card is fully configurable. Set it to the customer's name, the concierge agency's name, or the agent's identifier. Note that BIN-routing decisions and the issuer-of-record remain AgentWallet's underlying issuer.
- What's the chargeback flow?
- If a customer disputes a charge from their receipt notification, AgentWallet auto-issues a card-refund request through the merchant. If the merchant refuses, we open a network chargeback on the card. Win rate is broadly in line with merchant-acquirer norms; we don't claim better.
- Can the agent handle multi-country trips?
- Yes. The geo lock on the virtual card is an allowlist, not a single value. Customer signing a Tokyo→Singapore→Bali itinerary gets a card geo-locked to those three countries plus their home base for cleanup charges.
- What happens to the card after the trip?
- By default it auto-voids on the trip's end date (configurable). Recurring concierge services typically issue a single per-customer card with a daily cap instead, refreshed monthly.
Ship this agent today.
Provision a wallet, attach a verified principal, set caps, plug into your LLM via MCP. Live in under a minute.