Card networks and wallets asked to explain how they curb monetisation of non-consensual AI images and commit to stronger, proactive controls.
A coalition of US state attorneys general has written to Visa, Mastercard, American Express, PayPal, Apple Pay and Google Pay urging them to “be more aggressive” in identifying and removing payment authorisation for tools and sites that create or distribute non-consensual deepfake intimate imagery (NCII).
The letter, dated August 22, also asks each firm to explain current controls and commit to further action to curb monetisation of deepfake NCII. The letters were addressed to the companies’ general counsel and cite prior instances where payment providers have withdrawn services linked to harmful content.
The correspondence argues payment platforms “must be more aggressive” in enforcement, noting that some tools and sites display card and wallet logos to signal acceptance.
It frames the request as a matter of applying existing acceptable-use policies to a new risk category rather than a First Amendment issue.
A parallel letter to Google, Microsoft and Yahoo asks search providers to set out how they “de-prioritise, restrict and/or block” deepfake NCII content and creation tools, comparing this to established approaches for other high-harm queries.
Both letters invite dialogue on steps taken to date.
Signatories include attorneys general from Kentucky, Massachusetts, New Jersey and Pennsylvania, among others across US states and territories, including American Samoa and the US Virgin Islands.
The letters place card networks, acquirers, pay-facs and wallet providers under fresh scrutiny for merchant onboarding and AUP enforcement around AI image tools and content hosts.
They also reference earlier payment-industry interventions as precedent for cutting off harmful content.
What is being asked
The letter asks the companies to set out how they currently identify, review and disable payment enablement for vendors that sell deepfake NCII tools or host related content.
It also seeks explicit commitments to expand controls and move to proactive enforcement, rather than relying on external notices, to prevent such material from being monetised through cards, wallets and pay-facs.
For search platforms, the attorneys general request an explanation of existing safeguards and concrete steps to strengthen ranking, filtering and blocking so these tools and content are harder to discover.
AI image regulatory backdrop
Since May 19, 2025, the federal TAKE IT DOWN Act has required “covered platforms” (primarily content-hosting services) to remove non-consensual intimate imagery, including AI-generated deepfakes, within 48 hours of notice.
It creates civil and criminal penalties but does not impose specific duties on payment networks. Legislation is also being passed at a State level. For example, Michigan criminalised creation and distribution of sexual deepfakes this week, and others have pursued similar measures.
Card brands have previously cut ties over unlawful or harmful content. In 2020, moves involving Pornhub and 2022 restrictions related to MindGeek’s ad arm—while publicly emphasising “zero tolerance” for illegal activity on their networks.
Visa and Mastercard have also publish rules and guidance for higher-risk categories (including adult content), requiring enhanced safeguards by acquirers and marketplaces. Mastercard references its BRAM framework and adult-content standards, and Visa highlights “network integrity” expectations.
Is this the responsibility of payment providers?
Legally, the new federal takedown law targets content platforms, not card schemes or wallets. But networks set – and can enforce – Acceptable Use Policies and high-risk merchant standards through their rules and brand-risk programmes.
That gives them discretion (and pressure) to act when content sold is unlawful or violates scheme requirements. The AGs’ letters are therefore pushing for stricter application of existing private-rulebook powers rather than creating a new statutory obligation on payments firms.
The request lands amid long-running debates about “financial de-platforming,” with regulators previously criticised over perceived pressure on banks and processors (e.g., Operation Choke Point).