Agentic Payments: Who's Building the Rails

Within eighteen months, a significant percentage of the payment authorizations hitting your gateway won't come from a human tapping a phone or clicking "Buy Now." They'll come from an AI agent — autonomous software acting on a cardholder's behalf, executing purchases, paying invoices, and reordering inventory without a single human confirmation step. The transaction will arrive at your acquirer looking almost identical to a normal card-not-present auth, except for one critical difference: no one was on the other side.

This isn't speculative. Visa announced its Intelligent Commerce platform with OpenAI integration going live in Q2 2025. Mastercard's Agent Pay is piloting with Anthropic's Claude for B2B procurement. Juniper Research projects AI-initiated transaction volume will reach $3.5 trillion by 2030, up from roughly $22 billion in 2024 — a 159x increase.

If you run payment operations for a mid-market merchant, this shift will reshape your authorization rates, fraud models, and processor relationships faster than EMV migration or 3DS2 rollout ever did. We broke down the basics in our recent carousel — here's the full picture.

What Agentic Payments Actually Are

The term "agentic payments" describes a specific technical architecture, not a marketing buzzword. Three components make it work:

The AI Agent as Transaction Initiator

An AI agent — built on foundation models like GPT-4, Claude, or Gemini — acts as an autonomous purchasing entity. Unlike a chatbot that recommends products and hands you a checkout link, an agentic system completes the entire transaction loop: it identifies the need, selects the merchant, negotiates or confirms the price, submits payment credentials, and handles confirmation — all without a human click-to-confirm.

Real-world use cases already in pilot:

• Consumer: An agent monitors your grocery consumption patterns and reorders staples from your preferred retailer when inventory drops below threshold. No app notification. No approval tap.
• B2B Procurement: An agent scans supplier catalogs, compares pricing against contracted rates, issues a purchase order, and pays the invoice — collapsing a 3-5 day procurement cycle into minutes.
• Travel: An agent rebooks a cancelled flight, selects the optimal alternative based on your stated preferences and loyalty status, and pays the fare difference — all before you land and check your phone.

Pre-Authorized Spending Policies

The critical governance layer is the spending policy — a set of rules the cardholder defines before granting the agent autonomy. Think of it as a programmable allowance:

• Budget caps: $500/month for groceries, $2,000/month for SaaS subscriptions
• Category restrictions: Agent can transact at MCC 5411 (grocery stores) but not MCC 5813 (bars)
• Merchant allowlists: Only approved vendors for B2B procurement
• Time windows: Transactions permitted only during business hours
• Per-transaction limits: No single purchase above $150 without human escalation

Visa's published guidance recommends a $250 default consumer limit and $10,000 for B2B agents. These aren't arbitrary — they're calibrated to balance autonomy against the fraud exposure inherent in removing human confirmation from the loop.

Tokenized Agent Credentials

Here's where the payments plumbing gets interesting. Visa and Mastercard aren't reusing existing card-on-file tokens for agents. They're issuing unique tokens per AI agent instance, decoupled from any physical card or device.

This matters enormously for payment operations teams. A tokenized agent credential carries its own identity — distinct from the cardholder's PAN, distinct from an Apple Pay device token, distinct from a merchant's stored credential token. This creates a new entity in the four-party model: the agent isn't the cardholder, isn't the merchant, and isn't a payment facilitator. It's a fifth participant using dedicated credentials.

For acquirers and processors, this means new token types to route, new data fields in authorization messages, and new risk assessment requirements. For merchants, it means your checkout flow and payment acceptance architecture need to recognize and handle agent-initiated transactions as a distinct channel.

How the Transaction Actually Flows

Understanding the mechanics helps you identify where your systems will break. Here's the four-party flow adapted for agentic commerce:

Step 1: Agent Initiates Purchase

The AI agent (running on OpenAI, Anthropic, or another platform's infrastructure) identifies a purchase need and constructs a transaction request. It sends the merchant a tokenized credential bound to the cardholder's spending policy. The request includes the agent's unique token, the transaction amount ($127.50, for example), and metadata identifying it as agent-initiated.

Merchant-side implication: Your checkout API needs to accept agent credentials. If you only support redirect-based checkout (where a human browser session is required), agent transactions will fail at the front door.

Step 2: Network Validation

The transaction hits the card network — Visa Intelligent Commerce or Mastercard Agent Pay. The network performs several agent-specific checks in roughly 50 milliseconds:

• Validates the agent token is active and not revoked
• Checks the transaction against the cardholder's pre-authorized spending policy ($127.50 against a $500 monthly limit with $372.50 remaining)
• Appends an AI-initiated flag to the authorization request

That flag is the linchpin. It tells the issuer this transaction wasn't initiated by a human with behavioral biometrics, device fingerprints, or geolocation data. The issuer needs that signal to route the auth through the correct risk model.

Step 3: Acquirer Processing

Your acquirer — Stripe, Adyen, Worldpay, or whoever processes your transactions — routes the auth to the issuing bank's network. Standard processing fees apply (typically 2.4% + $0.10 for card-not-present, though agent-specific interchange categories are still being defined by the networks).

The critical detail here: 3DS exemptions. Current SCA regulations require strong customer authentication for card-not-present transactions, but agent transactions can't complete a 3DS challenge — there's no human to authenticate. Acquirers are working with networks to establish trusted agent exemption pathways, similar to how recurring transactions and merchant-initiated transactions (MITs) are handled today under PSD2. If your acquirer doesn't support these exemptions, every agent transaction will either fail 3DS or get declined.

Step 4: Issuer Approval and Settlement

The issuing bank (Chase, Citi, Barclays, etc.) evaluates the auth against the cardholder's agent spending policy and its own risk models. If approved, settlement follows standard timelines — typically T+1. The issuer earns its interchange, currently around 1.8% for qualified card-not-present transactions.

The problem? Issuers' risk models aren't ready. Which brings us to the biggest operational challenge.

The Approval Rate Problem: 12-18% Higher Decline Rates

Early pilot data tells a stark story: issuers are declining agent-initiated authorizations at rates 12-18% higher than human-initiated transactions in the same merchant categories.

The reason is structural, not a temporary glitch. Legacy fraud detection models rely heavily on signals that don't exist in agent transactions:

• Behavioral biometrics: Typing cadence, mouse movement patterns, touch pressure — none of these exist when an API makes the request
• Device fingerprinting: Browser version, screen resolution, installed fonts — an agent running on cloud infrastructure produces server-side fingerprints that look identical to bot traffic
• Geolocation: An agent executing from an AWS data center in Virginia doesn't produce a geolocation signal consistent with a cardholder in Chicago
• Session analysis: Time-on-page, browsing history, cart behavior — all absent

Every one of these missing signals triggers a risk flag in conventional fraud models. Stack enough flags and the transaction gets declined or routed to manual review, which an autonomous agent can't complete.

What this means for your revenue: If 15% of your future transaction volume comes from agents (a conservative estimate for e-commerce by 2028), and those transactions see a 12-18% higher decline rate, you're looking at a 1.8-2.7% hit to top-line revenue from false declines alone. For a merchant processing $50M annually, that's $900K to $1.35M in lost sales — from customers who authorized the purchase and had available credit.

The fix requires network-level agent trust scores — a reputation system for agent credentials that replaces behavioral biometrics with credential lineage, policy compliance history, and transaction pattern analysis. Platforms like Cellix are building agent-specific risk scoring models that incorporate these signals, but the broader industry infrastructure is still maturing.

Who's Building the Rails — And What It Means for Merchants

Three major buildouts are shaping the agentic payments infrastructure:

Visa Intelligent Commerce

Visa's approach centers on tokenized agent credentials with real-time spending controls built into the network layer. Their partnership with OpenAI — announced in early 2025 and going live in Q2 — means GPT-powered agents will be able to initiate Visa transactions natively.

Key technical details for merchants:

• Agent tokens will be issued through Visa Token Service (VTS), the same infrastructure that powers Apple Pay and Google Pay tokens
• Real-time spending policy enforcement happens at the network level, before the auth reaches the issuer
• Visa is introducing new transaction identifiers that distinguish agent-initiated transactions from standard MITs

Mastercard Agent Pay

Mastercard's framework emphasizes biometric-free authentication for AI agents — acknowledging that requiring human biometric verification defeats the purpose of autonomous commerce. Their pilot with Anthropic's Claude focuses on B2B procurement, where the transaction values are higher and the business case for autonomous purchasing is clearest.

Notable specs:

• $10,000 default agent limits for B2B transactions
• Agent credential provisioning through Mastercard's Digital Enablement Service (MDES)
• New data fields in the authorization message spec for agent identity and policy metadata

PayPal and Shopify: The Checkout Layer

While Visa and Mastercard are building network-level infrastructure, PayPal and Shopify are attacking the merchant checkout layer. Both are developing agentic checkout APIs that let AI agents complete purchases without browser redirects, pop-up windows, or any UI interaction.

Early results are promising: pilot integrations with Amazon's Alexa+ showed 23% faster conversion compared to standard checkout flows. That speed advantage comes from eliminating every friction point designed for human interaction — CAPTCHA, email confirmation, address selection dropdowns.

For merchants on Shopify or accepting PayPal, these APIs represent the fastest path to accepting agent transactions. But they also introduce a strategic dependency: if your checkout is optimized for one agent platform's API, you may be locked out of transactions from agents using a different payment rail.

Old World vs. New World: What Actually Changes

The shift from device-bound to agent-initiated payments isn't uniformly positive. Here's an honest assessment:

What Gets Better

Friction disappears for trusted transactions. Today, 3DS challenges fire on roughly 34% of card-not-present transactions in European markets. For pre-authorized agents with established trust scores, that drops to effectively 0%. No challenge, no redirect, no abandoned cart.

Reorder speed collapses. The average B2B reorder cycle — from identifying a need to submitting payment — takes 72 hours when it involves procurement approvals, PO generation, and invoice processing. Agent-initiated replenishment in pilot programs averages 15 minutes from trigger to settled transaction.

What Gets Worse

Fraud rates will increase before they decrease. Human-initiated card-not-present fraud currently runs at approximately 0.1% of transaction volume (Nilson Report, 2024). Early agentic pilots are seeing rates of 0.4-0.7%, driven by a new attack surface: agent spoofing.

Agent spoofing works like this: an attacker provisions a fraudulent agent token, associates it with stolen cardholder credentials, and sets up a spending policy that looks legitimate. Because the transaction bypasses all human-verification signals, the issuer's fraud model has fewer signals to catch the fraud. The attacker's "agent" then makes purchases that appear to be authorized autonomous transactions.

This is the most significant fraud risk in the agentic payments ecosystem, and it's why credential lineage — the ability to trace an agent token back through its provisioning chain to a verified cardholder identity — will become a critical risk signal.

What Payment Teams Must Do Now

You don't need to rebuild your payment stack today. But you do need to start three workstreams immediately:

1. Register for Agent-Credential APIs

Both Stripe and Adyen now offer agent-credential APIs in beta. These APIs allow you to register your AI workflows — whether they're customer-facing purchasing agents or internal procurement bots — for tokenized authentication.

The registration process involves:

• Defining the agent's identity and purpose
• Specifying the spending policies the agent will operate under
• Receiving a unique agent token from the card network via your acquirer
• Integrating the token into your agent's transaction initiation flow

Target timeline: Complete registration by Q3 2025. Early registrants get priority access to production environments and better support during the inevitable integration hiccups.

2. Build Your Spending Policy Architecture

Don't wait for the networks to define your policies. Start mapping out:

• Category-level limits: What MCCs should your agents transact in?
• Per-merchant caps: Should an agent be able to spend more at a contracted supplier than a new vendor?
• Velocity controls: How many transactions per hour/day/week before requiring human review?
• Escalation triggers: What dollar amount or category triggers human approval?
• Time-based restrictions: Should agents transact outside business hours for B2B? What about weekends for consumer?

Document these policies now, even if you don't have the technical infrastructure to enforce them yet. When agent credential provisioning goes live, the merchants who can articulate their policies clearly will onboard in days. Those who haven't thought it through will take months.

3. Retrain Your Fraud Models

This is the most urgent technical workstream. Your current fraud models — whether rules-based, ML-driven, or a hybrid — are trained on human behavioral signals that don't exist in agent transactions. Running agent-initiated auths through these models will produce one of two outcomes, both bad:

• High false-positive rates: Legitimate agent transactions declined because they look like bots (because they are bots — authorized ones)
• High false-negative rates: Fraudulent agent transactions approved because the model doesn't know what "normal" agent behavior looks like

You need agent-specific risk scoring that evaluates credential lineage, policy compliance, transaction pattern consistency, and network-level trust signals instead of device fingerprints and behavioral biometrics. Start building training datasets from your pilot agent transactions now, even if volumes are low.

Key Takeaways

• Agent-initiated transactions are arriving in production by Q3-Q4 2025 — Visa's OpenAI integration and Mastercard's Anthropic pilot are not roadmap items, they're live deployments. Your payment stack needs to accept agent credentials or you'll silently lose transactions you never see.

• Approval rates will suffer without proactive issuer engagement — 12-18% higher decline rates for agent transactions mean real revenue loss. Work with your acquirer to ensure agent-initiated auths carry the correct flags, exemptions, and trust signals that issuers need to approve them.

• Fraud models trained on human behavior will fail on agent transactions — The 4-7x increase in fraud rates during pilots isn't a permanent state, but it will persist until you build agent-specific risk scoring based on credential lineage and policy compliance rather than behavioral biometrics.

• Spending policy architecture is a competitive advantage, not a compliance checkbox — Merchants who define granular, category-aware, time-bound spending policies will attract agent traffic because the networks will route agents toward merchants with clear policy frameworks. Start documenting your policies today.

• The window for shaping this infrastructure is 12-18 months — Once the networks, acquirers, and major agent platforms lock in their technical standards, merchants will be adopters, not architects. Register for beta APIs, join pilot programs, and get your transaction data into the training pipeline now — the merchants who build institutional knowledge during the pilot phase will own the economics of the agentic era.