Nexus vs MPP (Stripe): Security-Focused Comparison
Published: 2026-03 | Focus: Transaction security and settlement assurance in AI Agent payments
Overview
Stripe's Model Payment Protocol (MPP) and Nexus take fundamentally different approaches to securing AI Agent transactions. MPP extends traditional payment infrastructure (card networks, Stripe's fraud detection) into the Agent world. Nexus builds security natively on-chain through escrow and cryptographic guarantees.
At a Glance
| Dimension | MPP (Stripe) | Nexus |
|---|---|---|
| Settlement | Card network clearing | On-chain escrow |
| Dispute Resolution | Stripe arbitration + chargeback | On-chain auto-refund + arbitrator |
| Authorization Model | OAuth 2.0 scopes + spending limits | EIP-712 group signatures |
| Privacy | PCI DSS compliance | Confidential Token (ZK proofs) |
| Fraud Prevention | Stripe Radar ML models | Escrow + timeout + DID verification |
| Fiat Support | Full (cards, ACH, SEPA) | None (crypto-native) |
| Decentralization | Centralized (Stripe) | Decentralized (smart contracts) |
Security Philosophy
MPP: Extending Traditional Rails
MPP wraps Stripe's existing payment infrastructure with Agent-aware authorization. Security comes from:
- OAuth 2.0 scopes with granular spending limits per Agent
- Stripe Radar — ML-based fraud detection trained on billions of transactions
- Chargeback rights — buyers retain card-network dispute protections
- PCI DSS compliance — card data handled by Stripe, never touches the Agent
This is a "trust the intermediary" model. Security depends on Stripe's reliability and the card network's dispute mechanisms.
Nexus: On-chain Guarantees
Nexus's security is protocol-native:
- Escrow settlement — funds lock before service delivery, release after confirmation
- Automatic timeout refunds — no merchant action needed for buyer protection
- 13-state machine — every payment state transition is deterministic and auditable
- EIP-712 group signatures — anti-MITM protection on batch payments
- DID-based merchant verification — cryptographic identity, not brand trust
This is a "trust the math" model. Security is enforced by smart contracts, not corporate policy.
Authorization Control
MPP
User → OAuth grant → Agent gets scoped API key → Stripe enforces limitsSpending limits, merchant categories, and transaction frequency are controlled through API scopes. Fine-grained but requires trust in Stripe's enforcement.
Nexus
User → EIP-712 signature → Escrow locks exact amount → Release on fulfillmentEach transaction requires explicit cryptographic authorization for the exact amount. No standing authorizations, no scope creep.
Dispute Handling
| Aspect | MPP | Nexus |
|---|---|---|
| Who resolves? | Stripe + card network | Smart contract + optional arbitrator |
| Timeline | Days to weeks | Automatic (timeout-based) |
| Buyer protection | Chargeback rights | Auto-refund on non-delivery |
| Merchant protection | Stripe's terms | Escrow holds until dispute window closes |
| Evidence | Off-chain documentation | On-chain state transitions |
Trade-offs
MPP Advantages
- Familiar infrastructure — merchants already on Stripe need minimal changes
- Fiat-native — no crypto wallet required for end users
- Proven fraud detection — Radar has billions of data points
- Regulatory clarity — operates within existing financial regulations
Nexus Advantages
- No intermediary dependency — settlement logic is in the contract, not a company
- Privacy-native — transaction amounts encrypted, not just PCI-compliant
- Programmable settlement — batch payments, split payments, conditional release
- Protocol-level interoperability — works across UCP, AP2, x402
When to Choose Which
| Scenario | Better Fit |
|---|---|
| Consumer-facing Agent with card payments | MPP |
| Crypto-native Agent ecosystem | Nexus |
| Enterprise B2B with confidentiality needs | Nexus |
| Regulatory-heavy jurisdictions | MPP |
| Multi-protocol Agent networks | Nexus |
| Quick go-to-market with existing Stripe setup | MPP |
| High-value transactions needing escrow | Nexus |
Key Takeaways
Centralized vs decentralized trust models. MPP trusts Stripe; Nexus trusts smart contracts. Neither is universally better — it depends on your trust assumptions and regulatory environment.
Fiat vs crypto divide remains. MPP bridges the Agent world to existing card networks. Nexus operates natively on-chain. The gap will narrow as crypto-fiat bridges mature.
Both solve the Agent authorization problem differently. MPP uses OAuth scopes; Nexus uses per-transaction cryptographic signatures. Nexus's approach has a smaller attack surface but requires crypto infrastructure.
Dispute resolution is the clearest differentiator. MPP relies on human arbitration (days); Nexus automates it on-chain (deterministic timeouts).