A primer on the ten open protocols that turn 'Pay with USDC' into a real product. Walks tradfi readers through ERC-20 ledgers, signed-instruction payments (EIP-712/2612/3009), smart accounts and gas paymasters (ERC-4337/EIP-7702), and machine-to-machine rails (x402, ERC-8004) — plus the phishing surface each one opens.
We build stablecoin payments for a living. The #1 question we get from tradfi folks: "OK, but how does it actually work?" Here's everything under a "Pay with USDC" button, simplified for beginners.
At @allscaleio. We believe in one thing: build the end-to-end non-custodial payment product purely on chain but remove all the crypto UX so our non-custodial stablecoin neobank is truly accessible to anyone. And this is how we are doing it.
Fair question. Cards run on a stack of standards (ISO 8583, EMV, 3-D Secure). Stablecoins do too. About ten open protocols cover basically every real-world stablecoin payment flow: checkout, subscriptions, payouts, even AI agents paying each other.
So let's open up the button and see what's inside. Here's the whole map:
Every major stablecoin (USDC, USDT, PYUSD) is an ERC-20 token. Strip the jargon and it's a shared ledger that runs as a program on a blockchain. A big table of "account, balance" plus a few standard functions:
The issuer (Circle, Tether, PayPal) controls minting and redemption against reserves. They can also freeze individual addresses (a compliance feature, and worth knowing if you do risk). What they can't do is shut down the ledger itself. It runs on public infrastructure.
Now the weird parts. Three things about this rail will feel alien if you come from cards:
Here's the painful default experience, before any of the fixes:
Two transactions. Two fees. A second currency. This was the standard before 2021 but customers would all hate you if you launch this now.
Here's the big unlock, and honestly my favorite idea in the whole stack: the customer shouldn't submit transactions at all. The customer should just sign a payment instruction. Free, instant, works offline. Then someone else (the merchant, a processor) submits it to the network and deals with gas.
Sound familiar? It's auth and capture. Customer authorizes, merchant captures. Three standards make it work.
EIP-712: the message format
Early wallets asked users to sign unreadable hex blobs. EIP-712 fixed the format: signatures now cover structured, labeled fields (spender, amount, deadline) that a wallet can display. Every other standard here is just an EIP-712 message with a specific template. Think of it as the ISO 8583 of this world.
It also locks every signature to one specific token contract on one specific network. A payment instruction signed for USDC on Base can't be replayed somewhere else.
One thing it did NOT fix: wallets spent years teaching users that "signing" is harmless and "transactions" are the scary thing. But a signature here can move real money. Phishing crews exploit exactly that gap. Remember this, it comes back twice below.
EIP-2612 "permit": the pull-payment mandate
The customer signs a message: "I authorize company S to pull up to N of my USDC until date D." Anyone can submit that signature on-chain, the allowance goes live, and the company pulls funds. Exactly like signing a direct-debit mandate.
However, a plain permit is a single capped allowance, not a true 'X per month' mandate — it pins a ceiling and an expiry, and the monthly cadence is your billing logic.
The catch: a permit is exactly as dangerous as what it grants, and it doesn't feel dangerous. In the canonical case, a phishing site got a victim to sign a permit for unlimited USDC with no expiry. The attacker cashed it in later and drained $1.77 million in one transaction the victim never saw. The victim only ever clicked "Sign."
The lesson if you build with this: request the exact amount you need with a tight expiry. Never unlimited, never forever. That's the exact shape scammers harvest, and asking for it legitimately trains your users to sign it illegitimately.
EIP-3009: the digital check
One step further, and this is the one to remember: the signature IS the payment. The customer signs "pay exactly $X to exactly account Y, valid between time A and time B." Whoever holds that message submits it and the money moves. Nothing is left behind. No standing allowance to abuse later.
It's a signed check with three upgrades:
This is the cleanest stablecoin checkout that exists. One signature, done. Merchants control capture timing, can batch settlements, and expired authorizations just die with zero cleanup.
Layer 1 fixed checkout. But the customer's account is still primitive: one key, no recovery, no limits. And anything the customer initiates directly still needs gas. Layer 2 upgrades the account itself.
ERC-4337: smart accounts and paymasters
Live since March 2023. The idea: replace the bare-key account with a smart account, an account that is itself a program. Suddenly your account can do things a real bank account does:
For payments, the killer component is the paymaster: a service that pays the gas fee on the user's behalf. Two business models, both familiar:
This is exactly the experience you can get on @allscaleio's wallet.
EIP-7702: upgrade the wallet you already have
Smart accounts are new accounts. What about the hundreds of millions of existing wallets? Since Ethereum's Pectra upgrade (May 2025), an existing wallet can delegate to smart-account logic in place. Same address, same funds, new powers: batching, sponsored gas, fees in USDC, passkeys. MetaMask, Coinbase Wallet, and Trust Wallet all ship this today. It's why "pay gas in USDC from a normal wallet" went from demo to table stakes in about a year.
Now the dark side, and it's genuinely dark. That upgrade authorization is the most powerful signature in this entire article. It hands control of the account to a program. Phishing kits noticed within weeks. In the feature's first year, security researchers found that the overwhelming majority of observed delegations pointed to malicious "sweeper" programs that auto-drain everything a victim deposits, forever, until revoked.
The bigger lesson from 7702's first year: every UX improvement on this rail is also a new fraud surface. Signatures that silently move money. Upgrades that hand over accounts. Each convenience gets weaponized fast. Whatever you ship, ask in design review: what does the phishing version of this feature look like?
Three standards that show up in every integration but never in the product. Thirty seconds each:
Everything above serves humans at checkout. The newest layer targets software: AI agents and APIs paying each other amounts too small and frequent for card rails. No card numbers, no accounts, no API keys. This layer hasn't been mass adopted but almost all stablecoin payment companies are preparing for this.
x402: "Payment Required" over HTTP
HTTP has had status code 402 Payment Required reserved since the 1990s. Nobody ever used it. x402 (launched by Coinbase in 2025) finally does:
It's also why USDC is x402's default rail: EIP-3009 lets an agent pay in one signature, with no pre-approval and no gas. x402 can settle other tokens too — via Permit2, which retrofits signed approvals onto tokens like USDT — but that path needs a one-time setup transaction per user. So the clean, zero-setup flow runs on the tokens that ship EIP-3009 natively - USDC.
In April 2026, Coinbase donated x402 to a Linux Foundation body whose members include Visa, Mastercard, Amex, Stripe, Adyen, Google, Microsoft, AWS, Cloudflare, and Shopify. Read that list again. The card networks are buying governance seats in an open stablecoin protocol.
There's also ERC-8004, an on-chain registry giving AI agents identity and reputation (think KYB plus a credit bureau, for software). Authors from MetaMask, the Ethereum Foundation, Google, and Coinbase. Live since January 2026, tens of thousands of registrations, still a draft standard.
That's the whole stack. Ten protocols, five layers, one idea: turn payments into signatures and let infrastructure do the rest. At @allscaleio, we are building exactly that on-chain neobank experience. What's even more exciting is that on top of our non-custodial layer, any user can also complete the additional KYC and/or KYB to unlock more fiat features like on-off ramp, virtual account, and crypto cards that we will be launching soon.
AllScale also works with many leading service providers to help them embed stablecoin-based solutions into their existing product. If this sounds interesting to you, my DM is always open!
AllScale is a financial technology developer, not a bank and does not provide digital assets custodian services.
Sign up for our newsletter to get latest updates
AllScale is a financial technology developer, not a bank and does not provide digital assets custodian services.
© Copyright 2026. All Rights Reserved.
