The premise of agentic commerce is straightforward: AI systems acting autonomously on behalf of users, searching, selecting, pricing, and completing purchases without real-time human confirmation. The commercial and regulatory implications are not straightforward at all.
What the Schemes Are Building
Visa's Trusted Agent Protocol, published in late 2025, establishes a credentialling framework for AI agents. A verified agent receives a scheme-issued identifier that travels with each authorisation request, allowing issuers to distinguish agent-initiated transactions from human-initiated ones and apply different authentication and liability rules accordingly. Mastercard's Agent Pay framework takes a similar approach, with the addition of spending controls that consumers can configure, hard limits by merchant category, geography, or transaction amount, which the agent must honour.
Stripe and OpenAI launched the Machine Payments Protocol (MPayP) in March 2026, an open standard that extends the OAuth 2.0 delegation model to define how agents request, hold, and exercise payment permissions. Google's AP2 standard is positioned as a competing open protocol, backed by a consortium of merchant and PSP signatories. These competing standards mean the near term will see fragmentation before consolidation, a familiar pattern in payments infrastructure.
The Authorisation Problem
Current authorisation infrastructure was designed for human-initiated transactions. A cardholder presents credentials; the issuer confirms identity and approves or declines. Strong Customer Authentication under PSD2 and PSD3 requires two independent factors, knowledge, possession, or inherence, from a human who can supply them.
An AI agent cannot present a fingerprint. It cannot respond to a one-time passcode sent to a mobile number. The existing SCA framework does not accommodate agent-initiated payments without exemptions, and the available exemptions, merchant-initiated transactions, trusted beneficiaries, low-value thresholds, were not designed for the scale or variability of agent commerce.
The emerging resolution under PSD3 is a delegated authority model: the consumer authenticates once to establish the agent's mandate, setting the parameters within which the agent may act. Subsequent transactions within that mandate are treated as authorised and do not require fresh SCA. The issuer retains the right to step down, to require fresh authentication, if the transaction falls outside the mandate's parameters or triggers a fraud signal.
Fraud and Liability: Who Pays When It Goes Wrong
Current liability frameworks allocate chargeback responsibility based on whether SCA was applied and by whom. A correctly authenticated 3DS transaction shifts fraud liability from the merchant to the issuer. An agent-initiated transaction that bypasses SCA under a delegated authority framework sits in less defined territory.
Visa's Trusted Agent Protocol assigns liability to the agent operator, the platform that deployed the agent, when the agent acts outside its authorised parameters. Mastercard's framework places liability at the point where control was lost: if the consumer set the mandate correctly and the agent acted within it, the transaction is treated as authorised. If the agent exceeded its parameters, liability follows the agent operator.
For processors and acquirers, the commercial question is how chargeback monitoring programmes respond to volumes that may look anomalous, high frequency, small value, concentrated merchant categories, without the human behavioural signals that current fraud models are calibrated against.
What Issuers Need to Change
- Authorisation logic must be updated to handle agent identifiers in the transaction data stream and route them to different decisioning models than human-initiated transactions.
- Fraud models need retraining or supplementation with agent-specific behavioural baselines. An agent purchasing 200 SaaS subscriptions in an hour is not fraud, but current velocity models will flag it.
- Mandate management infrastructure must be built or licensed: the consumer-facing interface through which agent permissions are granted, scoped, and revoked.
- Customer service processes need to handle disputes arising from agent-initiated transactions, including the question of whether a consumer who delegated authority to an agent can dispute a transaction that the agent executed within that authority.
What Merchants and Acquirers Need to Change
Merchants serving consumers via AI agents need to accept agent-presented credentials in their checkout flows and return structured product and pricing data in formats agents can process reliably. Acquirers need to support agent transaction identifiers in authorisation messaging and update their fraud monitoring to avoid systematically declining legitimate agent-initiated volumes.
The firms that will be best positioned in this shift are those that treat it as an infrastructure problem now rather than a product question later. The scheme programmes are live. The standards are being written. The liability frameworks are being drafted. Waiting until agent commerce volumes become material before adapting authorisation and fraud infrastructure is the same mistake some firms made with contactless and with 3DS, except the compounding effects will arrive faster.
How Issuers Are Responding to Agent Authorisation Requests
The issuer side of the agentic commerce equation has received less attention than the merchant and scheme side, but the issuer's decisioning logic is where most of the near-term friction will occur. An issuer receiving an authorisation request from an agent-initiated transaction has two observable signals that distinguish it from a conventional transaction: the agent identifier embedded in the request (where the scheme protocol supports it) and the behavioural characteristics of the transaction itself, which may differ systematically from the cardholder's historical pattern even when the underlying purchase is legitimate.
Issuers that have built fraud models calibrated to human purchasing behaviour will generate elevated decline rates for agent-initiated transactions unless the models are updated to treat agent-sourced transactions as a distinct population. This is not a theoretical risk. Early production deployments of agent commerce platforms have reported decline rates materially above the baseline for comparable human-initiated transactions in the same merchant category. The commercial impact falls on the merchant and the platform, but the structural cause is issuer-side model miscalibration.
The practical remediation requires issuers to update their authorisation models to use the agent identifier as a feature, not as a flag. An agent transacting within a consumer-defined mandate, at expected frequencies, with expected counterparties, should have a fraud score that reflects the mandate parameters rather than the deviation from the cardholder's personal baseline. This requires issuers to receive and store mandate parameters at the time the consumer establishes them, which in turn requires the scheme or the acquiring bank to pass that data in the authorisation message. The data fields exist in ISO 20022; the question is whether the scheme rules mandate their population.
Regulatory Classification of AI Agents as Payment Service Users
One aspect of agentic commerce that regulators have not yet resolved explicitly is the legal classification of an AI agent as a payment service user under the PSD3 framework. The existing definition of payment service user refers to a natural or legal person who makes use of a payment service as payer, payee, or both. An AI agent is neither. It is software acting under a mandate from a natural person, and the legal consequences of its actions flow to that person, but the agent itself is the entity that initiates the payment instruction.
This matters for SCA purposes. The PSD3 and PSR SCA requirement is framed as applying when the payer accesses a payment account, initiates an electronic payment transaction, or carries out any action through a remote channel that may imply a risk of payment fraud. If the agent is the entity carrying out the remote action, the question of whether SCA applies to the agent, to the consumer who established the mandate, or to neither, and at which point in the transaction lifecycle, is a genuine regulatory ambiguity that will need to be resolved through EBA guidance or national competent authority positions.
The delegated authority model that is emerging under PSD3 as the practical resolution treats the initial mandate-establishment by the consumer as the SCA event, and subsequent agent-initiated transactions as falling within the scope of the established mandate. The mandate parameters (merchant scope, geographic scope, value limits, time limits) become the functional substitute for per-transaction authentication. Regulators and schemes are broadly converging on this model, but the precise boundary conditions, what mandate modifications require fresh consumer authentication, what triggers mandatory step-down, remain to be standardised.
Implications for Payment Institutions Building Agent Commerce Infrastructure
Payment institutions considering whether to build agent commerce capabilities face a product decision that depends on three variables: the speed at which scheme protocols standardise, the timeline for regulatory clarification on SCA delegation, and the fraud performance of early deployments.
On the scheme side, the fragmentation between Visa's Trusted Agent Protocol, Mastercard's Agent Pay, and the open MPayP and AP2 standards is a genuine obstacle. A PSP that commits to one protocol before consolidation risks building to a standard that loses market share. The safer near-term approach is to implement the open OAuth 2.0 delegation layer (which underpins both MPayP and AP2) as the foundational authentication and authorisation mechanism, while maintaining the flexibility to surface scheme-specific identifiers in authorisation messages when those standards stabilise.
For acquirers, the immediate actionable step is updating merchant agreements to specify liability allocation for agent-initiated transactions explicitly, rather than relying on the existing card-present/card-not-present binary. Disputes arising from agent-initiated purchases that the cardholder authorised at the mandate level but disputes at the transaction level, because the agent's interpretation of the mandate differed from the consumer's expectation, do not fit neatly into existing chargeback reason codes. Getting ahead of this in contract terms is simpler than litigating it in the dispute resolution process.
May 2026 Developments
Visa Agentic Ready Programme: Global Expansion
On 29 April 2026, Visa announced a global expansion of its Agentic Ready Programme, extending beyond its initial UK and European rollout to cover APAC and Latin America. More than 20 issuing bank and PSP partners are live in the UK and Europe, with 85 or more partners in APAC and LatAm joining the programme over the following months. The programme provides a structured testing environment in which issuers can validate agent-initiated payments end to end, covering card enrolment, tokenisation, authentication, and authorisation, before committing to production volumes.
Rubail Birwadker, SVP Growth Products and Partnerships at Visa, described the programme as the infrastructure layer that makes Visa Intelligent Commerce commercially viable at scale. Live agent-initiated transactions on the Visa network have already been recorded in the United States, making the US the first market where agent commerce has moved from pilot to production on a major card scheme. The global rollout accelerates the timeline for issuers and acquirers in other markets who are still treating this as a medium-term planning item.
Mastercard Agent Pay: Live Transactions and Trust Framework
Mastercard published its white paper Building Trust and Security in Agentic Commerce in April 2026, setting out a chain-of-trust framework built around four properties: identity, authorisation, intent, and accountability. The paper argues that human-centric trust models, which depend on a person being able to verify their own intent at the point of transaction, are structurally inadequate for agent-mediated commerce, and proposes replacing per-transaction verification with verifiable intent recorded at the point of mandate establishment.
Alongside the framework publication, Mastercard and Rabobank completed what is believed to be the first live AI agent-initiated payment transaction on a major card network in the Netherlands. An AI agent booked a coffee tasting experience on Priceless.com without accessing the cardholder's card details directly; the transaction executed with explicit consumer consent recorded in the mandate and no card credential ever exposed to the agent. Mastercard was subsequently recognised as World Leader in Agentic Commerce on 14 May 2026, reflecting this production deployment.
FIDO Alliance: Agentic Authentication Standards
The FIDO Alliance established a dedicated Agentic Authentication Technical Working Group on 28 April 2026, chaired by CVS Health, Google, and OpenAI, with Amazon, Google, and Okta in vice-chair roles. The group's mandate is to develop open standards for trusted AI agent interactions, covering verifiable user instructions, agent authentication, and trusted delegation for commerce. A separate Payments Technical Working Group within the Alliance is chaired by representatives from both Mastercard and Visa, signalling that the card schemes intend to shape authentication standards at the foundational level rather than build proprietary solutions.
Two protocol contributions have been submitted as the technical foundations for the group's work. Google submitted AP2 (Agent Payments Protocol), which provides secure delegation, verifiable authorisation, and trusted transaction execution. Mastercard, in a joint submission with Google, contributed Verifiable Intent, a complementary protocol designed to work with AP2 to ensure that agent actions can be traced back to explicit, cryptographically verifiable consumer instructions. The convergence of Google and Mastercard on a shared protocol layer reduces the fragmentation risk described earlier in this article, though Visa's Trusted Agent Protocol and Stripe's Machine Payments Protocol remain distinct implementations for now.
The FIDO Alliance estimates that agentic commerce could reach $5 trillion globally by 2030 if authentication and authorisation infrastructure is standardised in a way that allows issuers, merchants, and platforms to interoperate. The working group's output will directly influence whether that projection is achievable or whether fragmentation keeps the market smaller for longer.
The Consent and Liability Framework Taking Shape
The shift from credential possession to intent proof is now the dominant design principle across the major scheme frameworks. Under AP2 and Verifiable Intent, a consumer does not delegate their card credentials to an agent; they record a cryptographically signed mandate specifying what the agent may do, with whom, at what value, and over what time period. Each agent-initiated transaction carries a reference to this mandate, giving the issuer an auditable chain of evidence that the transaction was within scope at the time it was executed.
This design resolves several of the liability ambiguities described above. If the agent transacts within the mandate, liability follows the scheme's standard authorised-transaction rules. If the agent exceeds the mandate, liability rests with the agent operator. The remaining unresolved question is what happens when a consumer disputes a transaction that was technically within the mandate parameters but differed from their subjective intent when setting those parameters. This is the gap that EBA guidance and court interpretation will need to fill, and it is unlikely to be resolved before the first material dispute volumes arrive.
UK Regulatory Position: HM Treasury Consultation
HM Treasury announced in May 2026 that it will consult on how payment-services regulation should adapt to accommodate AI agent-initiated payments. The consultation is expected to address the classification of AI agents under the Payment Services Regulations 2017, the scope of the SCA requirement when the initiating entity is software rather than a person, and the liability allocation between consumers, agent operators, and payment service providers. GOV.UK will separately consult on enabling safe adoption of AI agents across public-sector payment contexts.
The UK consultation matters because the PSR 2025 domestic payments regulation reform gives HM Treasury the opportunity to address agent commerce in primary legislation rather than through guidance. Whether Parliament moves quickly enough for this to be commercially relevant before agent volumes become material is uncertain; the safer assumption for regulated firms is that they will be operating without explicit statutory clarity for at least 18 to 24 months.
Practical Implications: What Changes Now
Several steps follow directly from the developments of April and May 2026. Issuers not yet in a scheme agent-readiness programme should begin conversations with Visa and Mastercard account teams now; the testing environments are live and the programmes are accepting new participants. Waiting for scheme rule mandates to force action means arriving late to a capability that early-mover issuers are already building production experience with.
Payment institutions building or acquiring agent commerce infrastructure should implement AP2's OAuth 2.0-based delegation layer as the foundational authorisation mechanism. This is not because AP2 has won the standards competition, but because the OAuth 2.0 model underpins both AP2 and MPayP, providing the flexibility to surface scheme-specific identifiers later when those stabilise. Committing to a proprietary protocol layer now is the higher-risk path.
Acquirers should amend standard merchant agreements to address agent-initiated transaction liability before production volumes arrive. The existing card-present or card-not-present binary does not allocate liability correctly for transactions where a consumer's mandate was in place but the agent's interpretation of that mandate differed from the consumer's expectation. Drafting clear contract terms for this scenario is materially simpler than resolving it through the chargeback dispute process after the fact.