The checkout assumption that changes
In a conventional digital purchase, the payment system can usually assume that the customer is directly interacting with a merchant or payment surface. The customer searches, selects an item, reviews a cart, enters or chooses credentials, and confirms the transaction.
An AI agent can separate those actions. A person might ask an assistant to find a product now and approve the final cart later. Or the person might delegate a bounded task in advance: purchase a ticket below a certain price, renew a service if the price does not increase, or reorder inventory when stock crosses a threshold.
The payment is still ultimately for a person or business, but software may perform the discovery, selection, timing, and transaction initiation. That changes the evidence needed by everyone downstream.
The new payment question is not only “Is this the customer?” It is also “Which agent acted, under what mandate, and did this purchase remain inside the mandate?”
This is no longer purely theoretical. Mastercard reported authenticated Agent Pay transactions in Australia in January 2026 in which issuers, an acquirer, and merchants could recognize that an agent conducted the transaction. Mastercard later reported controlled live transactions in Europe. OpenAI’s Agentic Commerce Protocol implementation already connects product discovery, user confirmation, merchant order acceptance, and existing payment processing.
Identity, intent, and delegated authority become separate objects
A person, an agent, and a payment credential are related, but they are not the same entity. A trustworthy transaction needs to establish:
| Object | Evidence needed |
|---|---|
| Principal | The person or business whose funds and authority are used |
| Agent | The software identity acting for that principal |
| Intent | What outcome the principal requested |
| Mandate | The merchants, categories, amount, timing, and other limits |
| Cart | The exact goods, price, taxes, delivery terms, and merchant |
| Payment | The credential and rail used to settle the approved purchase |
Google’s Agent Payments Protocol makes this separation explicit. AP2 uses cryptographically signed mandates as evidence of user instructions. For a human-present purchase, an intent mandate can describe the request and a cart mandate can bind approval to the final items and price. For a delegated task, the intent mandate can define limits before the agent acts.
Visa’s Trusted Agent Protocol addresses a neighboring problem: helping merchants distinguish a legitimate commerce agent from malicious automated traffic. These protocols are not identical, but together they show the emerging architecture—verifiable agents carrying verifiable authority.
Authorization and fraud models need richer context
Today’s risk systems evaluate signals such as the account, device, credential, merchant, amount, location, and behavioral history. Agentic commerce adds new signals:
- Was the transaction initiated by a known agent?
- Which platform or provider authenticated that agent?
- Was the customer present, or was the task delegated earlier?
- What spending, merchant, product, timing, or frequency limits applied?
- Does the final cart match what the customer authorized?
- Did the agent or merchant alter a material term?
This context can improve risk decisions, but only if it survives the handoffs among agent platform, merchant, gateway, acquirer, network, issuer, and support systems. If the agent’s identity and mandate are reduced to an ordinary card-not-present transaction, issuers lose the information needed to distinguish legitimate delegation from automation abuse.
Payment credentials also need safer delegation. Stripe’s Shared Payment Tokens allow an agent to initiate an authorized payment without receiving the underlying credential. In March 2026, Stripe announced expanded support for network-led agentic payment capabilities and additional payment methods through the same primitive.
For issuers, this creates both an opportunity and an obligation. Richer agent data can support better authorization, but models must be trained and governed for a world in which unusual timing or machine speed is not automatically malicious—and a recognized agent is not automatically safe.
Disputes need a chain of accountability
When a customer says, “I did not authorize this purchase,” the answer may depend on several records:
- Did the customer authorize the agent?
- What exactly did the mandate permit?
- Did the agent select goods and a price within those limits?
- Did the customer approve the final cart when approval was required?
- Did the merchant fulfill what the agent ordered?
- Were credentials or mandate records compromised?
That evidence can improve resolution, but it also creates new failure modes. The agent may satisfy the literal mandate while violating the customer’s reasonable expectation. A merchant may present a substitute or changed term. A customer may revoke authority after the agent has committed. Two agents may coordinate a multi-part purchase where one component fails.
Providers should resist inventing a single generic “agentic dispute” category. The operating model needs reason codes and evidence that distinguish credential theft, agent impersonation, mandate violation, merchant misrepresentation, fulfillment failure, and customer dissatisfaction with an otherwise authorized purchase.
Merchant data, loyalty, and customer relationships shift upstream
An agent may compare products before the shopper visits a merchant’s website. It may filter offers, summarize terms, and choose among sellers. That means product data, availability, price, shipping, return policy, reputation, and loyalty value must be legible to machines—not only visually appealing to humans.
The merchant relationship does not disappear. OpenAI’s current Agentic Commerce Protocol design explicitly keeps the seller as merchant of record, responsible for payment processing, fulfillment, returns, and support. But discovery and preference formation can move into the agent layer. Issuers and payment providers should expect new competition over who supplies trusted offers, benefits, identity, and context at that moment.
Loyalty becomes especially interesting. An agent can evaluate more than the sticker price: card-linked offers, points value, status benefits, merchant-funded promotions, financing cost, return terms, and delivery time. Yet many loyalty systems cannot expose those values in a machine-readable, permission-aware form.
Issuers that want their credentials to remain top-of-wallet may need to become top-of-agent. That requires APIs and decisioning capable of answering: which credential, offer, or reward produces the best authorized outcome for this customer in this transaction?
Settlement becomes more programmable, but rails will coexist
Agentic commerce does not imply that every transaction moves to a new payment rail. Google AP2 is payment-agnostic and explicitly supports cards, bank payments, and stablecoins. OpenAI’s commerce implementation works with merchants’ existing processors. Mastercard is extending network tokenization and authentication into agent flows.
Stablecoins introduce another option, particularly for global, always-on, and machine-to-machine settlement. They can support programmable wallets and small or frequent transfers that may not map neatly to today’s checkout economics. Mastercard’s June 2026 Agent Pay for Machines announcement reflects the emerging distinction between a consumer agent buying from a merchant and software systems purchasing services from one another.
The likely outcome is coexistence. Agents can select among rails based on merchant acceptance, user preference, rewards, protection, cost, speed, transaction size, and settlement needs. Payment providers that expose those tradeoffs clearly may gain relevance even when the customer no longer chooses the rail manually.
A readiness agenda for issuers and payment providers
| Capability | Questions to resolve now |
|---|---|
| Agent recognition | Can systems identify a trusted agent without treating all automation as equivalent? |
| Mandate evidence | Can user intent, limits, consent, and revocation travel with the transaction? |
| Authorization | Which agent-specific signals enter fraud models and decision rules? |
| Credential delegation | Can agents pay without receiving reusable account credentials? |
| Disputes | Can support teams retrieve the agent, mandate, cart, payment, and fulfillment history? |
| Offers and loyalty | Can an authorized agent discover and evaluate customer-specific value? |
| Settlement | Which card, bank, wallet, and stablecoin rails should be exposed to agents? |
| Governance | Who approves agent partners, data sharing, limits, monitoring, and incident response? |
Providers do not need to predict one winning protocol before beginning. They do need an internal model of the new transaction: principal, agent, intent, mandate, merchant, cart, credential, payment, fulfillment, and dispute. Mapping where each piece of evidence is created, transmitted, verified, and retained exposes the real readiness gaps.
The strategic shift is subtle but deep. Payments have traditionally optimized the moment a person chooses to pay. Agentic commerce expands the payment problem upstream into delegated decision-making and downstream into machine-readable accountability. Issuers and providers that preserve trust across that whole chain can remain central even when software performs more of the shopping.
Frequently asked questions
What is AI-driven or agentic commerce?
Agentic commerce occurs when software acts on a person's or business's instructions to discover, compare, select, and potentially purchase goods or services. The agent may assist a human-present checkout or execute a delegated task within pre-authorized limits.
Why must issuers know that an AI agent initiated a transaction?
Agent identification gives issuers and risk systems context for authentication, fraud detection, authorization, customer support, and disputes. It distinguishes a legitimate delegated purchase from bot abuse or credential theft.
Does agentic commerce remove the need for consumer consent?
No. It makes verifiable consent more important. A useful system records what the user authorized, which agent received the mandate, the permitted merchant or category, spending and timing limits, and the exact transaction that resulted.
Will agentic commerce replace card payments with stablecoins?
Not categorically. Emerging protocols support cards, bank payments, wallets, and stablecoins. Agents may select among rails based on merchant acceptance, user preference, cost, speed, programmability, compliance, and settlement requirements.