In the last decade, we have watched the global financial system transition from physical cards to digital wallets and from manual bank wires to real-time rails. Each of these shifts was marketed as a convenience play for the consumer. In reality, each shift was an architectural reset for the merchant. We are now entering the most volatile phase of this evolution: agentic commerce. This is not just another checkout button. It is a structural rewiring of how demand is captured, how intent is verified, and how liability is distributed. I define agentic commerce as the transition from a world where humans click “buy” on a screen to a world where autonomous software agents initiate, authorize, and settle transactions on behalf of users.

For the fintech founders, CEOs, and payments strategists reading this, the promise of a frictionless $1 trillion market is enticing. But I am here to tell you that the current payment infrastructure is fundamentally broken for this new reality. The industry is currently ignoring a massive hidden liability. When an AI agent buys the wrong product or acts without explicit consent, the merchant is the one left holding the bill. Traditional fraud detection is dead in this environment. If your risk model still relies on monitoring typing cadence or mouse movements, you are already obsolete. We are moving into a “fifth participant” model where the AI agent acts as a new layer of intermediation between the cardholder and the merchant. This fifth actor breaks the historical four-party model of liability and pushes risk downstream to you.

The structural collapse of human-centric fraud detection

The existing payment architectures are built on the assumption of human presence. This is a foundational flaw in the age of automation. Traditional systems rely on behavioral biometrics and device fingerprinting to establish trust. In an agentic world, these signals disappear entirely. There is no typing cadence to measure when a script is making the call. There is no mouse movement when a server-side agent is interacting with an API. This creates a total loss of the traditional fraud signal.

I see this as a “shifting trust perimeter.” Payments no longer originate on your storefront, where you control the environment. They originate in external LLMs, personal assistants, and procurement bots. This decentralization of the checkout experience means you can no longer rely on your own telemetry to verify the buyer. You are now forced to trust a software agent you did not build and cannot inspect. This creates several structural failures that I will break down in this report.

The disappearance of these signals will lead to a spike in “friendly fraud” and “hallucination disputes.” If an agent orders the wrong item because of a misinterpretation of user intent, the merchant is likely to be held liable for the return and the chargeback. Liability follows the Merchant of Record. In every protocol currently being proposed, from OpenAI to Google, the merchant remains the MoR. You are taking on all the risk of autonomous execution with none of the historical protections.

The protocol landscape

The industry is currently in a “protocol war” to define how agents and merchants communicate. I have analyzed the major standards emerging in 2025 and 2026. Each protocol addresses a different layer of the stack, from the application layer to the settlement layer. I think it is a mistake to view these as competing products. They are building a “capability ladder” that determines how much risk a merchant is prepared to absorb.

Agentic commerce protocol (ACP)

OpenAI and Stripe co-developed ACP as an open standard (Apache 2.0) to make checkouts “agent-ready”. ACP is the application layer for conversational commerce. It is optimized for speed and convenience within chat interfaces like ChatGPT.

The core technical primitive of ACP is the Shared Payment Token (SPT). Instead of exposing raw card data to the agent, the system generates a scoped, ephemeral token bound to a specific merchant and a specific amount. This protects the consumer’s credentials but does little to protect the merchant from intent disputes. In a typical ACP flow, the agent manages the checkout interface, while the merchant manages the data model and fulfillment.

ACP is ideal for high-intent, human-in-the-loop purchases where a user is actively chatting with an assistant. However, it lacks the robust governance needed for fully autonomous, background purchases. This is where Google’s AP2 comes in.

Agent payments protocol (AP2)

Google led a coalition of 60 partners to build AP2, focusing on the authorization and traceability layer. I consider AP2 to be the governance layer for agentic commerce. It introduces “mandates,” which are cryptographically signed digital contracts that define the agent’s boundaries.

These mandates serve as verifiable proof of user instructions. If an agent tries to spend $500 when the user only authorized $300, the AP2 layer rejects the transaction before it ever reaches the processor. This provides the audit trail merchants need to defend against chargebacks.

I have broken down the AP2 mandate types to illustrate their roles in the trust chain:

• Intent Mandate: A high-level description of what the user wants (e.g., “Buy salmon and olive oil from Example Wholesale”).

• Payment Mandate: A specific authorization bound to a cart ID and a final amount.

• Payment Receipt: Closes the audit loop with a merchant confirmation ID, providing non-repudiatable proof of execution.

AP2 is rail-agnostic. It can carry instructions for cards, bank transfers, or crypto assets through its x402 extension. For the institutional reader, AP2 represents the most serious attempt to create a standard for compliance and multi-party governance in autonomous commerce.

Universal commerce protocol (UCP)

UCP is Google’s broader attempt to standardize the entire commerce lifecycle. While ACP and AP2 focus on the transaction, UCP handles the context. It enables “native checkout” inside AI Mode in Search and Gemini, keeping the merchant as the seller of record while the transaction happens on a Google surface.

I think UCP’s most significant contribution is the standardization of discovery and post-purchase flows. It defines JSON-RPC 2.0 schemas for adding items to carts, calculating logistics, and managing returns. This allows a merchant to “build once” and distribute their catalog to any UCP-compatible agent.

The identity crisis: differentiating agents from bots

The biggest operational challenge for merchants is the “identity gap.” If you cannot differentiate between a legitimate AI agent and a malicious scraper, you have to block all automated traffic to protect your infrastructure. This is a revenue killer in an agentic world. We are seeing two distinct approaches to solving this through the major card networks.

Visa Trusted Agent Protocol (TAP)

Visa’s TAP provides a cryptographic standard for agents to prove their identity and authorization directly to the merchant. The trust model here is robust because it is built on three distinct signatures:

1. Agent Recognition Signature: Sent in the HTTP header to ensure the agent is Visa-approved.

2. Consumer/Device Identity: A signed object in the request body that allows the merchant to check for existing loyalty accounts or prior interactions.

3. Payment Container Signature: A hash of the payment credentials to ensure they were not tampered with during the handoff.

TAP allows agents to pass “context” without requiring a full login. This is the solution to the “cold start” problem in e-commerce. An agent can prove it is acting for a known user and provide their shipping preferences and loyalty ID, allowing for a personalized guest checkout.

Mastercard Agent Pay acceptance framework

Mastercard’s framework is designed for mass-market scalability. It leverages the “Web Bot Auth” standard (IETF RFC 9421) at the CDN layer. This is a “no-code” approach for merchants. By implementing this at the edge, you can verify agent authenticity and block untrusted traffic without deploying new code to your backend.

I think this is the most pragmatic path for the average merchant. It allows them to accept “agentic tokens” formatted as standard card fields through their existing checkout forms. This preserves backward compatibility with the existing card rails while adding a layer of cryptographic verification.

The tokenization tier: universal vs. network tokens

I have long argued that tokenization is the only way to secure the payments lifecycle. In agentic commerce, tokenization becomes programmable infrastructure. It is no longer just about PCI compliance; it is about “replayability” and “auditability”.

There is a clear battle between three families of tokens. For the enterprise leader, the choice of token determines your level of vendor lock-in and your ability to route across multiple acquirers.

1. PSP-Specific Tokens: Minted by a single gateway. These are “hostage data” playbooks. They offer no portability and create total dependency on a single provider.

2. Network Tokens: Issued by schemes like Visa and Mastercard. They provide issuer-level trust and include lifecycle updates (e.g., when a card is refreshed). They improve authorization rates and lower fraud.

3. Universal Tokens: Minted and stored by an independent vault (e.g., IXOPAY). These decouple tokenization from processing. They allow you to “tokenize once, route anywhere”.

I advocate for a “dual-tier” approach. Merchants should own their universal tokens as the central “enterprise handle.” These tokens should resolve to network tokens at the edge where supported. This captures the performance benefits of the networks while maintaining the sovereignty of the merchant’s data.

In an agentic flow, tokenization expands to include intent metadata. I think it is essential to tokenize the “mandate” alongside the payment credential. This pairing creates a full machine-verifiable record of the transaction. If the user later disputes the charge, you have the universal token (proving identity) linked to the intent token (proving authorization). This is your only defense in the coming chargeback wave.

The settlement revolution: x402 and machine-native money

I believe that traditional credit card rails are fundamentally incompatible with the machine economy. High transaction fees (2.9% + $0.30) and T+2 settlement times are too slow and expensive for autonomous agents. If an AI agent needs to pay $0.05 for a single API call, it cannot use a credit card.

The x402 protocol, developed by Coinbase, is the first real settlement layer for agents. It revives the HTTP 402 “Payment Required” status code to enable instant stablecoin payments directly over the web protocol.

The x402 V2 architecture is particularly compelling for machine-to-machine commerce. It uses a “Challenge/Commitment” model:

• Challenge: The server responds with a 402 status code and a structured quote (amount, asset, blockchain, destination, and a one-time nonce).

• Commitment: The agent’s wallet signs a payment authorization specific to that quote and retries the request with a X-PAYMENT header.

• Settlement: The merchant verifies the signature and completes the trade instantly.

I think x402 is the “Stripe for AI agents”. It allows for micro-transactions with zero processing fees beyond on-chain gas. While ACP and UCP handle the discovery of physical goods, x402 is optimized for software paying for software APIs, data feeds, and compute resources.

Phase zero: architecting for scale

Most internal roadmaps of early adopters are failing because they are treating agentic commerce as a “feature” rather than an “operating model shift”. I advocate for a “Phase Zero” approach that builds the foundational primitives before the volume arrives.

Design principles for the agentic stack

Five core design principles must be implemented in the next 12 months to avoid architectural obsolescence.

1. Modular Architecture: Avoid monolithic structures. Build the payment stack as a set of independent, interchangeable parts for intent capture, policy enforcement, and routing.

2. Automation First: Scaling requires systems that run themselves. If a task is performed more than twice, it must be automated to prevent human bottlenecks as agent traffic scales from 1% to 10%.

3. Data-Driven Telemetry: You need robust telemetry from day one. You must be able to track “agent drift” when an agent’s behavior deviates from its authorized intent.

4. Elasticity: Systems must handle variable loads. Agentic traffic is not predictable; it can spike 10x in a single session.

5. Documentation as Code: Institutional knowledge is the enemy of scale. All agentic configurations and rules must be machine-readable and centralized.

The implementation roadmap

The move to agentic commerce happens in four distinct phases of infrastructure maturity.

The merchant value and the competitive moat

Many payment leaders are hesitant to invest because the volume is not yet there. I think this is a failure of vision. Agentic commerce is not just a new channel; it is a new way to reduce friction and capture demand closer to the moment of intent.

Merchants who prepare their trust infrastructure today will gain three strategic advantages:

• Reduced Liability: Comprehensive audit trails and intent tokenization will drastically lower the cost of chargeback disputes.

• Innovation Velocity: A protocol-agnostic stack allows you to adopt new agentic standards (like Google’s UCP or OpenAI’s ACP) without re-platforming.

• Operational Efficiency: Moving from manual, human-driven checkouts to machine-verifiable records lowers the overhead of fraud detection and customer support.

I believe that trust is the only durable competitive moat in an autonomous world. If an agent can trust that your storefront is “machine-readable” and “intent-safe,” it will prefer your site over a competitor’s legacy interface.

The role of trust orchestration

I will be blunt: the role of the payment orchestrator has expanded. They must now orchestrate trust, not just transactions. This requires moving orchestration “above” individual gateways and protocols.

I think the critical functions of a trust orchestrator include:

• Aggregating Trust Signals: Individually tokenizing identity, consent, and behavior into a single “universal token” that travels across the payment journey.

• Interoperability: Providing a single integration that supports every agentic protocol—Google, Amazon, OpenAI—without building separate pipes.

• Intelligent Monitoring: Continuous visibility into payment health and authorization patterns to detect rogue agents in real time.

My take: control is the new currency

I have spent this report detailing the technical and operational risks of agentic commerce. But the throughline is control. Whether it is Google and Stripe fighting over protocols, or Visa and Mastercard fighting over identity, the battle is about who owns the infrastructure layer of the machine economy.

For the merchant, control means owning your tokens and your audit trails. If you delegate your trust to a third-party protocol, you are delegating your revenue. I think the companies that win will not just process transactions; they will define the rails the rest of the ecosystem runs on.

Your existing payments stack is a liability. It was built for humans. The transition to agentic commerce is the biggest unlock of the decade, but it is also the biggest threat to those who rely on the behavioral moats of the past. The winners will be those who architect a neutral trust layer today. Everything else is just legacy infrastructure waiting to be optimized away.

Sources

1. WC_Gated_Education_The_Merchant_Risk_Problem_in_Agentic_Commerce_WP.pdf

2. Agentic Commerce & Merchant Risk | Building the New Trust Layer, accessed March 22, 2026, https://www.ixopay.com/whitepapers/the-merchant-risk-problem-in-agentic-commerce

3. Agentic Commerce Is Coming: What Payment Leaders Need to ..., accessed March 22, 2026, https://www.ixopay.com/blog/agentic-commerce-is-coming-what-payment-leaders-need-to-build-now

4. Agentic Commerce Protocol (ACP), accessed March 22, 2026,

https://www.agenticcommerce.dev/

1. Google Universal Commerce Protocol (UCP) Guide, accessed March 22, 2026, https://developers.google.com/merchant/ucp

2. Agentic Commerce Protocol - OpenAI Developers, accessed March 22, 2026, https://developers.openai.com/commerce/guides/get-started

3. What the ACP vs AP2 agentic payments comparison means for you - Grid Dynamics, accessed March 22, 2026, https://www.griddynamics.com/blog/agentic-payments

4. ACP vs. AP2 vs. TAP: The Protocol Wars of Agentic Commerce | PayRam, accessed March 22, 2026, https://payram.com/blog/acp-vs-ap2-vs-tap

5. Integrate the Agentic Commerce Protocol - Stripe Documentation, accessed March 22, 2026, https://docs.stripe.com/agentic-commerce/protocol

6. Announcing Agent Payments Protocol (AP2) | Google Cloud Blog, accessed March 22, 2026, https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol

7. Developer’s Guide to AI Agent Protocols, accessed March 22, 2026, https://developers.googleblog.com/developers-guide-to-ai-agent-protocols/

8. Agentic Payments Explained: ACP, AP2, and x402 | Orium, accessed March 22, 2026, https://orium.com/blog/agentic-payments-acp-ap2-x402

9. About the Universal Commerce Protocol (UCP) and UCP-powered checkout feature on Google - Google Merchant Center Help, accessed March 22, 2026, https://support.google.com/merchants/answer/16837055?hl=en-IE

10. About the Universal Commerce Protocol (UCP) and UCP-powered checkout feature on Google - Google Merchant Center Help, accessed March 22, 2026, https://support.google.com/merchants/answer/16837055?hl=en

11. Building the Agentic Commerce Stack: How to Connect the x402 Payment Protocol with the Universal… - Medium, accessed March 22, 2026, https://medium.com/@iamanuragsaini/building-the-agentic-commerce-stack-how-to-connect-the-x402-payment-protocol-with-the-universal-ac7241974f08

12. UCP vs ACP: Which Agentic Commerce Protocol Should Retailers Choose? - Paz.ai, accessed March 22, 2026, https://www.paz.ai/blog/ucp-vs-acp-which-agentic-commerce-protocol-should-retailers-choose

13. Trusted Agent Protocol - Visa Developer, accessed March 22, 2026, https://developer.visa.com/use-cases/trusted-agent-protocol

14. GitHub - visa/trusted-agent-protocol: Establishing a universal standard of trust between AI agents and merchants for the next phase of agentic commerce., accessed March 22, 2026, https://github.com/visa/trusted-agent-protocol

15. Specifications - Trusted Agent Protocol - Visa Developer, accessed March 22, 2026, https://developer.visa.com/capabilities/trusted-agent-protocol/trusted-agent-protocol-specifications

16. Trusted Agent Protocol - Visa Developer, accessed March 22, 2026, https://developer.visa.com/capabilities/trusted-agent-protocol

17. Agentic token framework: Driving trusted AI transactions - Mastercard, accessed March 22, 2026, https://www.mastercard.com/global/en/news-and-trends/stories/2025/agentic-commerce-framework.html

18. Visa and Mastercard both launch new agentic AI payments tools - Digital Commerce 360, accessed March 22, 2026, https://www.digitalcommerce360.com/2025/10/16/visa-mastercard-both-launch-agentic-ai-payments-tools/

19. Getting Started - Trusted Agent Protocol - Visa Developer, accessed March 22, 2026, https://developer.visa.com/capabilities/trusted-agent-protocol/docs-getting-started

20. Agentic Payments: x402 and AI Agents in the AI Economy - Galaxy, accessed March 22, 2026, https://www.galaxy.com/insights/research/x402-ai-agents-crypto-payments

21. Agentic payments protocols compared: Which is best for your AI agents? (ACP vs AP2 vs x402) - Crossmint, accessed March 22, 2026, https://www.crossmint.com/learn/agentic-payments-protocols-compared

22. The x402 protocol and agentic commerce - The Paypers, accessed March 22, 2026, https://thepaypers.com/payments/expert-views/x402-standardising-the-protocol-for-agent-to-agent-commerce

23. Sam Boboev | Substack - Fintech Wrap Up, accessed March 22, 2026, https://www.fintechwrapup.com/t/deep-dive

24. Sam Boboev (@samboboev): “ Deep Dive: How Fintech Block Is Replacing Processes and People with Agents Block just made the cleanest public claim so far that “AI gains” can justify a headcount reset at scale. Jack Dorsey framed the February 2026 reduction as an “AI overhaul,” cutting more than 4,000 rol…” - Substack, accessed March 22, 2026,

1. accessed March 22, 2026, uploaded:ffggghhj.jpg-6feb5b1b-b147-489e-8bbb-4151b9205c5b

2. Webinar | Architecting Agentic Payments: The Two Pillars of Success, accessed March 22, 2026, https://www.ixopay.com/webinars/webinar-replay-architecting-agentic-payments

3. Introducing the Agentic Commerce Suite: A complete solution for selling on AI agents, accessed March 22, 2026, https://stripe.com/blog/agentic-commerce-suite

4. Sam Boboev (@samboboev): “Welcome to the new edition of the Fintech Wrap Up. This week’s themes orbit around infrastructure power shifts in fintech — from who controls payment rails to how capital markets are repricing platforms and digital assets. What happened? Fintech’s biggest players continue to sc…” - Substack, accessed March 22, 2026,

1. Sam Boboev (@samboboev): “Welcome to the new edition of the Fintech Wrap Up — where things are getting a bit more autonomous. What happened? This week’s theme is clear: finance is being rewired for a world where software, not humans, is increasingly in the driver’s seat. Agentic commerce is emerging as…” - Substack, accessed March 22, 2026,

Disclaimer:

Fintech Wrap Up aggregates publicly available information for informational purposes only. Portions of the content may be reproduced verbatim from the original source, and full credit is provided with a “Source: [Name]” attribution. All copyrights and trademarks remain the property of their respective owners. Fintech Wrap Up does not guarantee the accuracy, completeness, or reliability of the aggregated content; these are the responsibility of the original source providers. Links to the original sources may not always be included. For questions or concerns, please contact us at sam.boboev@fintechwrapup.com.