Agentic Commerce Explained: What Happens When AI Agents Start Paying for You
By
Olegs Cernisevs
08.06.2026
10 min
Agentic commerce is the shift from you asking “buy” to an AI agent doing it for you — finding the product, choosing it, and paying on your behalf. It was the loudest theme at Money20/20 Europe this year, on the stage and on the floor.
I spend my days inside payment infrastructure and fraud controls, so let me set out plainly what agentic commerce and agentic payments are, how an agent actually pays, and what you should understand before handing one your card.
Key takeaway. The technology that lets an agent pay already exists — which is exactly why it's risky. The safeguards (confirmation steps, spending limits, audit trails) are still being built. Until they catch up, keep a hand on the controls.
What is agentic commerce?
Agentic commerce is online shopping where an autonomous AI agent runs the buying journey for you. You give an intent — “find a toy for the dog and order it” — and the agent searches, compares options, and places the order. In the more advanced versions, it doesn't stop to ask: it pulls your saved card from settings, checks out, and tells you it's done.
The demand is real — but read it carefully
Surveys through late 2025 and into 2026 show many shoppers already use AI for product research and comparison. Morgan Stanley and Bain both project AI-mediated shopping will take a meaningful slice of e-commerce by 2030, and McKinsey estimates AI agents could drive around a trillion dollars of US transactions by then.
But “people use AI to compare prices” and “people are ready to let AI spend their money unsupervised” are two very different claims. The gap between them is where the interesting questions live.
What are agentic payments?
Agentic payments — also called AI agent payments or machine-initiated payments — are the money-movement step inside that flow: a transaction triggered by software acting for you, not by you tapping “confirm” in the moment. The agent uses a credential you authorised in advance (usually a stored card), and it settles through the same rails as any other
online card payment.
Here's the part most demos skip. In many of today's setups, the receiving payment system doesn't know an agent was involved at all. There's no flag in the authorisation saying “initiated by an AI agent.” To the network it looks like you walked up and made an ordinary purchase. The only thing infrastructure can sometimes see is the absence of a step — say, no 3-D Secure challenge — which says something about how it was authenticated, but nothing reliable about who, or what, decided to spend.
How AI agents actually pay
Mechanically, an agent pays the way any stored-credential flow works. You've linked a card to a service or created a token — a click-to-pay credential, a wallet token, an account-on-file. The agent can reach those settings, presents the credential at checkout, the merchant submits the authorisation, and it goes through. No new infrastructure is strictly required for the basic version. That's precisely why it can already happen, and why it's hard to see.
The friction-free experience is the selling point and the hazard at once. “I want to spend zero time, I just write one request” is a real desire. But the same missing confirmation step that makes it effortless means anyone or anything that can reach your agent can move real money with no checkpoint:
- a child on a parent's phone,
- a partner sharing a device,
- a voice assistant mishearing — even someone talking in their sleep.
The control problem: who decided to buy?
When you shop yourself, you make small judgement calls without noticing: is this seller legitimate, does the site look real, are the terms reasonable. An agent may check some objective signals — or it may not. You don't control, and often can't inspect, the basis on which it chose. You asked for a dog toy; you don't necessarily know which seller it bought from, on what terms, or whether the listing was what it appeared to be.
That loss of visibility is the heart of the spending control problem. The convenience comes from delegating judgement — but judgement is exactly what you most want to keep when money is leaving your account.
This is why the serious work is converging on putting checkpoints back in: scoped authorisations, spending limits, and a confirmation step at the moments that matter. A sensible middle path is an agent that proposes and a person that approves above a threshold — not an agent that simply acts and reports back.
Honestly, the technology isn't yet at the point where unsupervised spending is wise. The most responsible current designs keep a human in the loop. The fully autonomous “I said I want it, it's done” version is where the risk concentrates, and it's the version fraud and security teams worry about most.
The accountability gap
Now the genuinely hard part, and the one I think consumers underestimate. Suppose the toy arrives in the wrong colour, or never arrives. With an ordinary purchase you have a paper trail: an order confirmation, a merchant identity, an email to point to when you raise a dispute. With an opaque agent purchase you may have none of that. You don't know who you bought from, so you don't know whom to dispute against — and if the agent never surfaced a confirmation, you may not even be able to prove what you ordered.
This cascades. The card issuer can struggle to process a dispute because it doesn't know the counterparty. The merchant may not realise the buyer was an agent. And there's a darker tail risk: if you can't see who you transacted with, you can't rule out that an agent bought from a seller you'd never knowingly support — a sanctioned entity, or an outfit using merchandise sales to launder funds. You could join a chain you never chose to, without knowing.
There's also an emerging integrity problem security teams are already flagging: AI can manufacture the very evidence disputes rely on. We've started to see forged transaction-supporting documents — and an AI that can shop for you can also generate a plausible-looking confirmation. When the proof itself can be synthesised, “just show us the receipt” stops being a sufficient control. The regulatory framework hasn't caught up; it's being written behind the technology, not ahead of it.
What the card networks are building
The good news: the industry has decided this needs to be governed rather than improvised. The major networks have moved from slideware to live frameworks. Visa rolled out Visa Intelligent Commerce, positioning itself to authenticate, authorise and tokenise agent-initiated payments, with European pilots beginning in early 2026. Mastercard launched Agent Pay, combining Agentic Tokens with agent-aware identity and checkout. On the software side, protocols such as the Agentic Commerce Protocol and Google's Universal Commerce Protocol aim to standardise how agents, merchants and payment systems talk to each other.
Realistically, the near-term payoff is more modest than the marketing: largely, beginning to record which agent initiated a transaction inside the network's own data, so disputes become traceable again. That genuinely starts to close the accountability gap, even if it's less dramatic than the headlines. The harder problems the networks are circling are the right ones — confirming intent, applying a meaningful second factor, and making an agent-initiated payment distinguishable from an ordinary one.
Adoption is also bumpy where it's been tried. Reports through early 2026 noted some in-chat checkout experiments were paused or pulled back, and that in-chat purchase conversion lagged well behind sending shoppers to a merchant's own site. That's not a verdict that agentic commerce fails — it's a sign the consumer experience and the trust scaffolding are still being built. The genie is half out of the lamp; the question is whether the safeguards arrive before the volume does.
What to check before letting an agent pay
If you're going to experiment — and many people will — a few practical checks materially cut your exposure. They're the same instincts behind
secure online payments applied to a new context:
- Keep a confirmation step for anything that matters — prefer an agent that proposes and waits for approval over one that acts silently.
- Set a spending limit — cap per-transaction and total agent spend so a mistake is bounded.
- Use a dedicated, low-balance credential — don't expose your main account; a separate virtual card you can freeze instantly is ideal.
- Insist on an audit trail — only use agents that reliably surface the merchant, amount and a retrievable order confirmation. You need it for any dispute.
- Check strong authentication still applies — be wary of setups that quietly skip card payment confirmation; convenience isn't worth losing fraud protection.
- Know who's liable before you delegate — read how the agent and payment provider allocate responsibility for an unauthorised or mistaken purchase.
Frequently asked questions
What is agentic commerce?
Online shopping in which an autonomous AI agent runs the buying journey for you — searching, selecting and completing the purchase from an instruction you give, sometimes without pausing to confirm each step.
What are agentic payments?
Transactions triggered by software acting on your behalf (also called AI agent or machine-initiated payments), using a credential you authorised in advance, settling through the same rails as any other online card payment.
How do AI agents make payments?
They use a stored or tokenised credential — a saved card, wallet token or account-on-file — you've linked to a service. The agent presents it at checkout and the payment is authorised, often with no real-time confirmation from you.
Can an AI agent use a payment card?
Yes — typically a card you've already stored or tokenised. Notably, the receiving system often can't tell an agent was involved; there's usually no ‘agent-initiated’ flag in the authorisation.
Who is responsible if an AI agent makes the wrong payment?
Unsettled and risky. Delegating the decision doesn't cleanly delegate the consequences; the relationships entered through an agent are often still yours. Without a merchant identity or order proof, disputes get hard. Check how your agent and provider allocate liability.
How can users control AI agent spending?
Spending limits, scoped authorisations, a confirmation step above a threshold, and a dedicated low-balance card or token you can freeze — so any single mistake is bounded and recoverable.
Are agentic payments safe?
They can be made safer with the right controls, but the fully autonomous, no-confirmation version concentrates risk: family fraud, mistaken purchases, missing audit trails, even AI-forged evidence. The tech isn't mature enough for unsupervised spending yet.
What security checks may apply to AI agent payments?
Emerging network frameworks aim to add agent-aware identity, intent confirmation and a meaningful second factor, and to record which agent initiated a transaction so disputes are traceable. Strong authentication such as 3-D Secure may still apply depending on the flow.
Can spending limits help with AI agent payments?
Yes — per-transaction and total limits are among the most effective safeguards, because they cap exposure regardless of what the agent does, turning a potential disaster into a bounded, recoverable error.
What should consumers check before allowing an AI agent to pay?
Keep a confirmation step for meaningful purchases, set a spending limit, use a dedicated low-balance credential, insist on a retrievable audit trail, verify strong authentication still applies, and understand who's liable for a mistaken or unauthorised payment before delegating.
Share this article