The next era of digital payments might not begin with instant payments, stablecoins, or a brand-new rail. It might start with something far quieter but equally transformative: software that can make payments on our behalf. As of 2025 we have already seen
applications that can search, catlog and suggest items for us to shop. Agentic Commerce, takes this to the next steps where AI can search, decide, and pay within limits we define. And now, two of the world’s largest payment networks, Mastercard and
Visa, have taken the first step to make it real. Their announcements marked a quiet but historic shift. Card networks are opening their rails to AI-powered agents that can transact securely using the same infrastructure we already trust today.
This isn’t going to be an alarmist take about the dangers of agentic banking or a glowing endorsement either. As someone who works at the intersection of payments and fraud prevention, I feel both excitement and caution. I believe this next step can make
payments more efficient and secure, but it will also test how well we can adapt our fraud defenses to a new kind of participant: the intelligent agent.
When I asked an executive from a large American bank about their plans for agent-led transactions, he said it was still too early to discuss specifics. While that is true, anyone following the pace of innovation in AI is aware of how quickly things are changing.
Each week brings a new model, a new capability, and a new partnership. Payments are simply the next frontier.
So what exactly are Mastercard and Visa promising? In simple terms, they enable trusted software agents to initiate payments on behalf of individuals. Today, if I use a mobile app to order coffee, I am the one approving the transaction. In the future, an
AI agent could do this for me. It would know my usual order, check the available balance, look for offers, and complete the purchase without me pressing pay. The key difference is that I would have given it permission or “agency” to act within clear boundaries.
To make that possible, Mastercard has introduced the concept of registered agents. Only agents approved and listed in their network registry will be allowed to transact. The Issuing banks will decide whether their customers can enable a particular
agent and what controls to apply. Each registered agent can have its own spending budget, transaction limits by merchant type, and time or location restrictions. If anything seems off, the bank can disable that agent immediately without blocking the entire
card. Visa’s Intelligent Commerce follows a similar model. It focuses on how agents discover, decide, and pay securely using existing network tokens. Both initiatives share the same goal. They do not change the rails of payments. They redefine who
is allowed to use them.
To understand the potential, it helps to look at what is already happening elsewhere. In China, Alipay and Luckin Coffee have been experimenting with conversational ordering. Customers can chat with a digital assistant that takes their order, confirms the
price, and completes payment in one seamless interaction. That is agentic commerce at a single-merchant level. It works beautifully within one ecosystem. Now imagine the same concept scaled across the entire Mastercard or Visa network. Suddenly, we are talking
not about millions of payments but billions, spanning every merchant that accepts a card. That is the magnitude of change when networks embrace agentic commerce.
As the holiday season approaches, it is easy to picture what this might look like. Imagine building your Christmas shopping list, setting a spending limit, and telling your digital agent to take care of the rest. It scours the internet for the best deals,
cross-checks prices, applies loyalty points, and executes purchases within your budget. The shopping still happens on familiar card networks, only now the buyer is a piece of software acting responsibly on your behalf.
The reason this matters is scale. Payments only change the world when they scale. Even if only one percent of card transactions become agent-initiated, that represents hundreds of billions of dollars each year. A fraction of adoption will still require banks,
merchants, and fraud systems to evolve. This is not a futuristic side project. It is a near-term reality with massive implications for how we define trust and risk.
Whenever technology shifts, risk shifts too. The question is not whether agentic commerce will bring new fraud challenges, but how different those challenges will be from the ones we face today. In human-led commerce, the weak link is usually the person.
Fraudsters exploit our emotions. They trick us with phishing emails, fake customer support calls, or cleverly timed messages. We rely on one-time passwords, behavioral biometrics, and device checks to confirm that the person transacting is genuine.
In agent-led commerce, the vulnerability moves from the person to the software. Instead of persuading a human to click a link, an attacker might try to manipulate an agent. They could inject malicious instructions, steal cryptographic keys, or compromise
the agent’s runtime environment so that it behaves differently while still appearing legitimate. These are subtle, technical threats rather than emotional ones. Detecting them will require a new kind of visibility.
The good news is that agentic commerce is being built with security at its core. Every registered agent will have a verified identity, a cryptographic key that proves it holds permission to act, and a defined scope that limits where and how it can spend.
A compromised token is useless without its matching key. A rogue agent that tries to act outside its limits will be declined automatically. If an issuer suspects something unusual, it can revoke that agent’s authorization instantly while keeping the rest of
the card active.
Fraud controls will evolve to focus on consistency rather than intuition. Instead of asking, “Does this person look like themselves?” the question becomes, “Is this agent behaving as it should?” Banks and payment providers will monitor agent IDs, versions,
and transaction patterns the same way they monitor device fingerprints today. If an agent that typically executes one small payment per day suddenly initiates dozens from a new network address, that pattern will raise an alert. In other words, we shift from
behavioral biometrics for people to behavioral analytics for software.
These same principles strengthen transparency. Every transaction initiated by an agent will carry clear data about who started it, from where, under what policy, and within what limits. That level of provenance in knowing who initiated a payment, where it
originated, and why is the cornerstone of effective fraud control. Instead of guessing at intent after the fact, risk systems can rely on verifiable data at the moment of authorization.
The opportunity for the broader fraud prevention community is enormous. New data points will enter our risk models: agent identity, provider, runtime environment, key fingerprints, and transaction scope. Our challenge will be to interpret them intelligently.
Fraud prevention has continually evolved in tandem with technological advancements. We adapted to the rise of e-commerce, to mobile banking, to real-time payments. Agentic commerce is simply the next chapter.
Some might still ask whether giving AI agents the power to transact makes payments more dangerous. My view is the opposite. It can make them safer. The traditional internet commerce model relies on stored card numbers, saved passwords, and fragile layers
of user verification. Those are the reasons so much of today’s fraud exists. Agentic commerce replaces that system with something far stronger. It uses tokenized credentials that can be limited to specific agents, cryptographic proofs that prevent replay attacks,
and real-time revocation that stops abuse instantly. It is not foolproof, but it is a significant leap in control and traceability.
This moment reminds me of earlier milestones in payments. When magnetic stripes replaced handwritten signatures, people worried that copying cards would be too easy. When chip and PIN arrived, many believed customers would never remember their codes. Even
mobile wallets were once dismissed as unnecessary. Each of those transitions felt uncertain at first. And each one, in hindsight, made payments more secure and convenient. Agentic commerce will likely follow the same trajectory.
We are at the start of that journey. The rollout will be gradual, and the learning curve will be steep. But I see no reason to fear it. This is an opportunity to reimagine how trust is established in digital payments. By combining cryptography, registration,
and thoughtful oversight, we can create a framework where intelligent agents transact responsibly, transparently, and safely.
I don’t have all the answers about what agentic commerce will look like a year from now, but I’m excited to find out. What matters is that we approach it with curiosity, collaboration, and the confidence that trust can evolve alongside technology.
Because for the first time in payments, trust will not just be verified by people. It will be coded, cryptographically bound, and continuously learned. And that is something worth getting excited about.
