Payment in Agentic Commerce

The central question of Agentic Commerce is not "Can an agent find a product?" — but "Can an agent pay securely?" Payment is the critical infrastructure that makes AI-powered commerce possible in the first place.

The Core Question

How does a human authorize an AI agent to spend money on their behalf — securely, in a controlled manner, and with full traceability? The answers from the various players differ fundamentally.

SharedPaymentToken (Stripe/ACP)

The ACP by OpenAI and Stripe uses SharedPaymentTokens — temporary, single-use payment tokens. The user stores their payment method in ChatGPT. During a purchase, the agent generates a token that authorizes exactly one transaction: bound to a specific amount, a specific merchant, and a specific session.

Advantages: Simple, per-transaction control, no standing authorization. Disadvantage: Each purchase requires explicit confirmation — less autonomous.

Mandates (AP2)

The Agent Payments Protocol (AP2) goes a step further with Mandates: digitally signed authorizations that define rules. "Maximum $200 per transaction, only at grocery merchants, valid until December 2026." Within these boundaries, the agent can pay autonomously — without per-transaction confirmation.

Advantages: Greater autonomy, granular control, revocable. Disadvantage: More complex, requires more trust from the user.

Visa Intelligent Commerce

Visa focuses on AI-powered payment optimization: The system recognizes patterns in transactions, assesses risks in real time, and can make payment suggestions. For Agentic Commerce, this means: Visa provides the fraud detection and risk assessment layer that other protocols (ACP, AP2) can leverage.

Visa's advantage: Decades of experience in transaction security, a global network with over 4 billion cards.

Mastercard Agent Pay

Mastercard's "Agent Pay" enables AI agents to initiate and manage transactions within the Mastercard network. In parallel, Mastercard is a partner in the AP2 protocol. The combination of a global payment network and open protocol participation makes Mastercard a central infrastructure player.

PayPal Agent Toolkit

PayPal has developed an Agent Toolkit that gives AI systems access to PayPal payments. First integration: Perplexity — the AI search assistant can complete purchases via PayPal. PayPal is also an AP2 partner and brings its digital wallet infrastructure with hundreds of millions of active accounts.

Consent Models

How users authorize agents to pay is not yet standardized. Currently, three models exist:

• Per-Transaction Consent (ACP): The user confirms each individual purchase. Safest option, but least autonomous.
• Rule-Based Consent (AP2 Mandates): The user defines rules — the agent acts autonomously within these boundaries.
• Blanket Consent (Future): The user gives the agent full autonomy for certain categories. Not yet implemented, ethically debated.

In Europe, the GDPR will likely require explicit, informed consent — blanket consent is likely to face regulatory challenges.

Fraud Protection

When no human is sitting at the checkout, new challenges arise:

• Agent spoofing: A malicious agent impersonates a legitimate agent and initiates transactions
• Prompt injection: Manipulation of the agent through tampered product data that tricks it into unwanted purchases
• Mandate abuse: Exploitation of overly generous mandate definitions

The answers: Cryptographic signatures (AP2), tokenized single-use credentials (ACP), AI-based anomaly detection (Visa, Mastercard), and the Trusted Agentic Commerce Protocol (TACP) by Forter for identity verification.