How Agentic Commerce Changes Chargeback Liability: What Merchants Need to Know About Visa Trusted Agent Protocol and Mastercard Verifiable Intent

Agentic Commerce Is Here — And It's About to Rewrite Your Chargeback Playbook

Within the next 12 to 18 months, a growing share of your transactions won't be initiated by a human being clicking "Buy Now." They'll come from AI agents — autonomous software acting on behalf of consumers to compare prices, select products, and complete purchases without direct human involvement at the point of sale. This shift has massive implications for agentic commerce chargeback liability merchants need to understand right now, before the first wave of agent-initiated disputes hits their queue.

Visa and Mastercard have already published competing frameworks — the Visa Trusted Agent Protocol and Mastercard Verifiable Intent — to define how liability flows when an AI agent transacts on a cardholder's behalf. Stripe is building agent-compatible payment methods. But none of these players are telling you, the merchant, what this actually means for your dispute win rates, your fraud stack configuration, or the evidence you'll need to collect when a cardholder says, "I never authorized that — my AI did it on its own."

This article fills that gap. It's a tactical guide for payment operations managers and fraud analysts at mid-market merchants who need to prepare now, not after the first six-figure chargeback loss from an agent-initiated transaction.

Why AI-Agent Transactions Break Traditional Authorization and Dispute Models

Every chargeback rule in the Visa and Mastercard ecosystems rests on a foundational assumption: a human cardholder either authorized a transaction or they didn't. The entire dispute lifecycle — reason codes, compelling evidence requirements, liability shift rules for 3DS — is built around proving or disproving that a specific person intended to make a specific purchase.

Agentic commerce obliterates this assumption.

Here's what a typical agentic transaction looks like:

A consumer configures an AI agent with preferences: "Buy me the cheapest available flight to Denver on June 15 under $400, economy class, any airline."
The agent searches multiple merchant sites, selects an option, and completes the purchase using stored payment credentials.
The consumer may not see the specific transaction until after it's completed.

Now consider the dispute scenario. The cardholder calls their issuer and says: "I didn't authorize this specific charge." Technically, they didn't — at least not in the way current authorization frameworks define it. They authorized an agent to act within parameters, but they never saw this particular merchant, this particular amount, or this particular product before the charge hit their statement.

Under today's rules, that's a textbook Reason Code 13.1 (Visa) or 4837 (Mastercard) — cardholder did not authorize the transaction. The merchant loses.

The Core Problem: Consent Delegation

Traditional card-not-present authentication proves the cardholder is present. 3D Secure proves the cardholder's device is present. Neither proves that an intermediary software agent was legitimately delegated authority to transact.

This creates three immediate problems for merchants:

No established evidence type for proving agent authorization in a dispute response
No liability shift mechanism equivalent to 3DS for agent-initiated transactions (yet)
No clear distinction in transaction data between a legitimate agent purchase and an account takeover using automated tools

If you're processing $10M+ annually and you're in a vertical likely to see early agent adoption — travel, consumer electronics, grocery delivery, SaaS subscriptions — you need to understand how the networks plan to solve this.

Visa Trusted Agent Protocol vs. Mastercard Verifiable Intent: A Merchant Operations Comparison

Both Visa and Mastercard recognized that agentic commerce needs a new trust layer. Their approaches differ meaningfully, and those differences will affect how you collect evidence, route transactions, and fight disputes.

Visa Trusted Agent Protocol (TAP)

Visa's approach centers on registering and vetting AI agents as trusted intermediaries in the payment chain. Key elements:

Agent Registration: AI agents must be registered with Visa through their platform operator (e.g., the company that built the agent). Visa maintains a registry of approved agents.
Credential Binding: The agent's authority is cryptographically tied to the cardholder's credentials. When an agent initiates a transaction, it passes a token that proves both the cardholder's identity and the agent's registered status.
Liability Framework: If a transaction is initiated by a registered Trusted Agent and the credential binding is valid, liability shifts toward the issuer — similar to a successful 3DS authentication. If the agent isn't registered or the binding is broken, the merchant bears liability as they would in any standard CNP transaction.

What this means for merchants: You'll need to verify that inbound agent transactions include valid Trusted Agent tokens. Transactions from unregistered agents should be treated as high-risk. Your gateway or processor must support TAP token validation — if they don't, you're flying blind.

Mastercard Verifiable Intent

Mastercard takes a different philosophical approach. Rather than registering agents, Mastercard focuses on capturing and preserving the cardholder's original intent — the instructions they gave the agent before the purchase.

Intent Capture: The agent platform must record the cardholder's original parameters (budget limits, product preferences, timing constraints) in a structured, verifiable format.
Intent Attestation: At transaction time, a cryptographic attestation of the cardholder's intent is included in the authorization message. This attestation links the specific transaction to the specific instructions the consumer gave.
Dispute Evidence: In a chargeback scenario, the intent attestation becomes compelling evidence. If a merchant can show that the transaction fell within the cardholder's stated parameters, the dispute should resolve in the merchant's favor.

What this means for merchants: You'll need to capture and store intent attestation data alongside standard transaction records. Your dispute response workflow must be updated to include this attestation as evidence. The quality of your evidence repository becomes even more critical.

Side-by-Side for Payment Ops Teams

Dimension	Visa TAP	Mastercard Verifiable Intent
Trust anchor	Agent identity (registry)	Cardholder intent (attestation)
Liability shift trigger	Valid Trusted Agent token	Valid intent attestation
Merchant evidence requirement	Proof agent was registered + token valid	Intent attestation + transaction within parameters
Processor dependency	Must support TAP token passthrough	Must support intent attestation in auth message
Timeline	Pilot phase, rules expected in Visa Core Rules updates	Framework published, integration specs rolling out

If you process on both networks — and most mid-market merchants do — you're going to manage two parallel evidence collection workflows. Plan for that now.

New Chargeback Risk Scenarios You Haven't Seen Before

Agentic commerce doesn't just add a new transaction channel. It creates entirely new dispute categories that your current fraud rules and representment playbooks aren't built for.

Scenario 1: Unauthorized Agent Transactions

A cardholder's AI agent is compromised — through prompt injection, API key theft, or a malicious plugin. The agent makes purchases the cardholder never intended. The cardholder files a dispute claiming unauthorized use.

The problem: This looks identical to a legitimate agent transaction in your transaction logs. The credentials are valid. The agent token (Visa) or intent attestation (Mastercard) may even be present if the attacker is sophisticated enough.

Your exposure: Without additional behavioral signals, you'll lose this dispute every time.

Scenario 2: Agent-Initiated Subscription Renewals and Reorders

A consumer sets up an agent to manage recurring purchases — "Reorder my protein powder when I'm running low." The agent renews a subscription or reorders a product. Three months later, the consumer disputes the charge, claiming they forgot the agent was active or that the agent exceeded its mandate.

The problem: This is friendly fraud amplified by automation. The consumer genuinely authorized the agent, but the temporal gap between authorization and transaction makes it easy to claim otherwise. Issuers will be sympathetic to cardholders who say, "I didn't know my AI was still buying things."

Your exposure: Subscription and reorder merchants could see dispute rates spike 15–30% on agent-initiated recurring charges if they can't produce clear proof of ongoing agent authorization.

Scenario 3: Deepfake Identity Fraud at Agent Onboarding

An attacker creates a synthetic identity, uses it to set up an AI agent with stolen payment credentials, and lets the agent run automated purchases. The real cardholder disputes all charges.

The problem: The agent was legitimately registered (Visa) and intent was legitimately captured (Mastercard) — but the person behind the agent was fraudulent from the start. Both network frameworks assume the initial identity binding is valid. If it's not, the entire chain of trust collapses.

Your exposure: You're liable for every transaction the fraudulent agent completed, with no liability shift available.

Updating Your Fraud Prevention Stack for Agent Traffic

Generic fraud rules built for human shopping behavior will fail on agent traffic. Here's what to change.

Velocity Rules Designed for Agents

AI agents don't browse. They don't add items to a cart, leave, and come back. They execute transactions in rapid, deterministic sequences. Your current velocity rules will either:

Flag every agent transaction as fraud (false positives that block revenue), or
Miss actual fraud because you've loosened rules to accommodate agent speed

What to implement:

Create a separate velocity rule set for transactions identified as agent-initiated (via TAP token, intent attestation, or user-agent header)
Set agent-specific thresholds: allow higher transaction frequency but flag sudden changes in purchasing categories, amounts outside historical norms, or transactions from agents not previously seen on your platform
Monitor the ratio of agent-to-human transactions per account — a sudden shift from 100% human to 100% agent on an established account is a red flag

Anomaly Detection for Non-Human Purchase Patterns

Agent transactions will have distinct behavioral signatures:

Session duration near zero — no browsing, no product page views
Consistent, predictable timing — agents may transact at the same time daily or weekly
No device fingerprint variation — the same API endpoint, every time
Perfect form completion — no typos, no corrections, no hesitation

Build detection models that distinguish between:

Legitimate agents (consistent patterns, registered tokens, valid attestations)
Scripted attacks masquerading as agents (bot traffic without valid agent credentials)
Compromised legitimate agents (valid credentials but anomalous behavior)

Platforms like Cellix that ingest transaction data across multiple processors can surface cross-gateway patterns — an agent making purchases with the same credentials across three different merchant accounts is a signal you won't see in a single-gateway view.

Evidence Collection for Agent-Initiated Disputes

Start collecting these data points now, even before agent transactions hit your system at scale:

Agent identifier — Unique ID for the agent platform or specific agent instance
Authorization chain — Full record of how the agent obtained payment credentials (token provisioning event, credential-on-file consent timestamp)
Intent data — If available via Mastercard Verifiable Intent, store the full attestation payload
Agent registration proof — If available via Visa TAP, store the token validation response
Behavioral log — Session replay or API call log showing the agent's interaction with your checkout
Consumer notification records — Any confirmation email, push notification, or in-app message sent to the cardholder after the agent completed the purchase

This evidence set goes beyond what any current Visa or Mastercard compelling evidence requirement mandates. But when the first disputes arrive and the rules are still being interpreted, over-documentation will save you.

Preparing Your Payment Operations Team

Monitoring Dashboards

Add these metrics to your payment operations dashboard:

Agent transaction volume — percentage of total transactions identified as agent-initiated, trended weekly
Agent transaction dispute rate — separate from your human-initiated dispute rate (you need to see these diverge early)
Agent authorization approval rate — are issuers declining agent transactions at higher rates? That's a signal your auth optimization needs updating
Unregistered agent attempts — transactions that claim to be agent-initiated but lack valid TAP tokens or intent attestations
Agent-specific chargeback reason code distribution — track which reason codes are most common on agent disputes to inform your representment strategy

Processor-Level Routing Considerations

If you route transactions across multiple processors or gateways — common at the $50M+ processing level — you need to confirm each processor's roadmap for agent transaction support:

Does the processor pass through TAP tokens and intent attestation data? If they strip this data during processing, you lose your evidence.
Can the processor flag agent-initiated transactions with a distinct transaction type? You need this for separate reporting and rule application.
Does the processor's risk scoring model account for agent behavior? If it doesn't, expect elevated false decline rates on legitimate agent traffic.

Get answers to these questions from your processor account teams now. If a processor can't support agent transaction data passthrough within the next two quarters, consider routing agent traffic to one that can.

Dispute Response Playbooks for Agentic Transactions

Build a dedicated playbook — don't bolt agent disputes onto your existing CNP dispute workflow. The playbook should include:

For "Unauthorized Transaction" claims on agent purchases:

Pull the agent registration/token validation record
Pull the intent attestation (Mastercard) or credential binding proof (Visa)
Pull the consumer's original agent configuration showing the purchase was within delegated parameters
Pull post-purchase notification delivery confirmation
Submit with a narrative that explicitly explains the agent authorization chain to the dispute analyst

For "Not as Described" claims on agent purchases:

Standard product evidence, plus
Proof that the product delivered matched the agent's selection criteria
Evidence that the consumer had visibility into what the agent selected before or immediately after purchase

For "Recurring/Subscription" disputes on agent-managed renewals:

Original subscription consent with agent delegation acknowledgment
Each renewal notification sent to the consumer
Any "manage your agent" interface screenshots showing the consumer's ability to modify or cancel agent-managed subscriptions

Key Takeaways

Agentic commerce chargeback liability merchants face is fundamentally different from traditional CNP disputes — existing evidence types, fraud rules, and representment strategies won't work when no human initiated the purchase.
Visa and Mastercard are taking divergent approaches. Visa's Trusted Agent Protocol validates the agent's identity; Mastercard's Verifiable Intent validates the cardholder's original instructions. You need to support both frameworks if you process on both networks.
Three new dispute categories — unauthorized agent transactions, agent-managed subscription fraud, and deepfake identity compromise at onboarding — will hit mid-market merchants first, particularly in travel, electronics, and subscription verticals where agent adoption will be highest.
Your fraud stack needs agent-specific velocity rules, behavioral anomaly detection tuned for non-human patterns, and a dramatically expanded evidence collection workflow that captures agent identifiers, intent attestations, credential binding proofs, and consumer notification logs.
Start building dedicated agent transaction monitoring and dispute playbooks now — before agent volume scales. The merchants who have instrumented their systems and trained their teams before the first wave of agent disputes will maintain their win rates. Everyone else will learn the hard way.