The Agent Payment Protocol War: When AI Starts Spending Money

Draft v2 | 2026-06-11

---

June 10, 2026. San Francisco.

Visa announced a strategic partnership with OpenAI at its Payments Forum, embedding the world's largest payment network into ChatGPT and enabling AI agents to initiate online payments on behalf of users. Hours later, Mastercard launched Agent Pay for Machines, recording agent permissions on the Polygon, Solana, and Base blockchains, aimed at machine-to-machine microtransactions.

The two largest global payment networks chose the same day to show their cards. AI Weekly's assessment was blunt: "Both sides had each other's timeline intelligence. The race for credentialing, fraud, and identity standards in agent commerce is fully underway."

This article answers one question: over the past 18 months, agent payments went from zero to six major protocols standing side by side. What happened? Who is solving what? Who is grabbing territory? And what remains unsolved?

Chapter 1: AI Companies Move First

Operator: The First Attempt

In January 2025, OpenAI released Operator, an AI agent embedded within ChatGPT. It could browse the web for users, select products, fill in forms, and place orders. This was the first time an agent attempted "buying things" inside a consumer-grade AI product.

The payment flow, however, was crude. Operator completed payments by simulating human clicks: filling in credit card numbers, clicking "Submit Order," handling CAPTCHAs. At its core, it was an automation script operating a browser — not real agent payment. The user experience was also rough: the agent could stall at the final step, requiring a human to take over.

Operator proved one thing: agents can handle the first half of the shopping flow (search, compare, decide) but get stuck at the last step. That step isn't just a technical question of "how to pay" — it's a question of trust. How does a merchant know this request comes from a legitimate AI agent, not a scraper or attacker? How does a bank know the user actually authorized the transaction?

AI companies realized that payment isn't a "feature." It's the prerequisite for agents to evolve from conversational tools into economic actors. Without payment capability, agents will always stop at "helping you choose" and never reach "helping you buy."

ACP: The First Agent Commerce Protocol

OpenAI and Stripe moved earliest.

In September 2025, the two jointly launched two things: the Agentic Commerce Protocol (ACP) and the Instant Checkout product.

ACP is an open standard designed to connect buyers, AI agents, and merchants to complete a full purchase flow. Its core technology is the Shared Payment Token (SPT): a one-time payment token created by Stripe, bound to a specific merchant and exact amount, with a time limit that causes it to expire automatically. ChatGPT passes the SPT to the merchant via API, and the merchant can choose to accept or decline.

There's a design choice here that's easy to overlook: merchants have veto power. The agent doesn't "charge you" — it "places an order for you, and the merchant decides whether to accept it." This design reduces the risk of agents overstepping their authority, but it also means merchants need additional integration work.

ACP's code is open-sourced on GitHub (Apache 2.0), jointly maintained by OpenAI, Stripe, and Meta. Stripe's documentation shows that ACP's Delegated Payment Spec supports two token formats: original card numbers (fpan) and network tokens (network_token). Direct integration is limited to PCI DSS Level 1 merchants or payment processors.

Shopify automatically enabled ACP support for its 1 million+ merchants through Stripe. This is the largest merchant coverage of any agent commerce protocol to date.

Instant Checkout was ACP's first consumer-grade product. It charged merchants a 4% processing fee.

Six months later (March 2026), OpenAI discontinued Instant Checkout. The 4% rate was untenable in the payments industry: standard credit card interchange fees run about 1.5–3%, and Stripe's own standard rate is 2.9% + $0.30. Instant Checkout layered an AI surcharge on top of existing payment costs, and merchants weren't willing to pay more for the agent channel than for a regular one.

Instant Checkout's failure is an important industry lesson: agent payment can't simply add cost on top of the existing payment stack. AI companies either need to find cheaper settlement paths or convince payment networks to lower rates for agent channels. The Visa × OpenAI partnership clearly chose the latter approach.

AP2 and MCP: Google and Anthropic Take Different Paths

On September 16, 2025, Google joined 60+ organizations in releasing AP2 (Agent Payments Protocol). AP2 isn't a complete payment scheme — it's a cryptographic signing authorization framework: token delegation, authorization constraints, cryptographic authorization. Supporters include PayPal, Coinbase, Mastercard, American Express, Adobe, and Alibaba.

AP2's positioning is "payment-agnostic." It doesn't care whether the underlying settlement goes through cards or chains; it only handles the security and verifiability of authorization. This is a smart position: Google doesn't operate a payment network (Google Pay's market share is far behind Visa/Mastercard), but it has technical strengths in identity and authorization layers. AP2 can serve as an extension layer for both A2A and MCP.

The A2A (Agent-to-Agent) protocol, released the same day, addresses agent discovery and inter-agent communication. Google's strategy is clear: don't fight for the settlement layer — own the middleware for authorization and communication. The 60+ organization coalition signals that Google is building a "platform," not a "product."

Anthropic took a third path. MCP (Model Context Protocol) tackles the problem of integration complexity: before MCP, connecting 10 agents to 100 data sources required 1,000 custom integrations. MCP's middleware layer reduced that to 110. In September 2025, Visa built on MCP by launching the Visa MCP Server, giving agents standardized access to Visa's payment infrastructure. In December 2025, Anthropic donated MCP to the Linux Foundation's Agentic AI Foundation, co-founded with Block and OpenAI.

MCP doesn't directly handle payments, but it's the "plumbing" of the agent payment ecosystem. Without a standardized integration layer, agents need custom code for every payment network.

Characteristics of This Phase

The defining feature of Q4 2024 through Q3 2025: AI companies drove protocol design, while payment networks prepared technically but hadn't yet made their moves.

Three key judgments:

First, AI companies were in a bigger hurry than payment networks. OpenAI had 900 million weekly active users but no payment capability — a critical gap in closing the commercial loop for agent products. Payment networks weren't in a rush: whether the buyer is an agent or a human, settlement ultimately flows through cards or chains. Visa and Mastercard's infrastructure already exists.

Second, Instant Checkout's failure demonstrated that agent payment can't add cost on top of existing payment economics. This directly shaped the subsequent Visa × OpenAI partnership model.

Third, protocol design was stratifying. ACP handles the transaction flow, AP2 handles authorization security, MCP handles integration connectivity — each layer has a different dominant player. This layered structure became even more pronounced once payment networks entered the fray.

Chapter 2: Payment Networks Show Their Cards

In spring 2025, Visa and Mastercard both began building agent payment infrastructure. But the dense cluster of launches came in the fall, tracking the AI companies' cadence.

Visa: Identity First

Visa launched its Intelligent Commerce initiative in April 2025. The scope went beyond "agent payments" — it aimed to build an entire commercial infrastructure for the AI era.

But the first problem Visa chose to solve wasn't "how to pay." It was "who is paying."

In October 2025, Visa released TAP (Trusted Agent Protocol). TAP addresses three prerequisite questions:

Signal Agent Intent: The agent declares its purchase intent to the merchant. In traditional e-commerce, this signal is a human clicking "Buy"; in an agent scenario, a machine-readable purchase intent declaration is needed.

Recognize Consumer: The merchant identifies the real consumer behind the agent. When an agent initiates a transaction, the merchant doesn't see "some AI buying something" — they see "User Zhang, via Agent A, is purchasing this item."

Transmit Payment Credentials: Payment credentials are transmitted securely. The credentials don't expose the user's actual card number but are transmitted via tokenization.

TAP is live on the Visa Developer Center and GitHub. Supporting partners include Microsoft, Nuvei, Shopify, Stripe, and Worldpay. Visa has publicly stated that TAP aligns with ACP and Coinbase's x402 standard. This means TAP isn't meant to replace ACP — it adds an identity verification layer before ACP.

Visa's Chief Product and Strategy Officer Jack Forestall said something worth noting at the launch: "AI will transform commerce more profoundly than the internet or mobile technology ever did." He placed agent payments on the same historical arc as the internet and mobile payments — not an incremental improvement, but a paradigm shift.

Mastercard: Token Extension

Mastercard's Agent Suite, released the same month, took a different technical approach.

The core was an expansion of MDES (Mastercard Digital Enablement Service) tokenization capabilities. MDES is the tokenization infrastructure underpinning Apple Pay and Google Pay: when you add a card to Apple Pay, MDES creates a device-level token that replaces the real card number. For agent scenarios, MDES creates an Agentic Token, bound to a specific agent, specific merchant scope, and specific consent policy.

The key advantage of this design is reusing an established security model. Apple Pay's tokenization has been validated across billions of transactions; consumers and merchants are both familiar with the mechanism. Agents simply add a new token type.

In March 2026, Mastercard acquired crypto payment infrastructure company BVNK for approximately $1.8 billion. The acquisition's signaling value outweighed its technical significance. BVNK provides stablecoin payments and enterprise-grade crypto infrastructure. Mastercard wasn't just buying a tech team — it was buying an on-chain settlement pipeline.

Forbes later commented: "If incumbents were confident the agent economy would stay on the card rail, they wouldn't be spending billions on stablecoin plumbing. That's a signal: payment networks are double-heading their bets."

PayPal: Sides with OpenAI

On October 28, 2025, PayPal announced adoption of ACP, connecting its global merchant network to ChatGPT. Tens of millions of PayPal merchants' products could be discovered and purchased through ChatGPT. PayPal manages merchant routing, payment verification, and orchestration. Simultaneously, PayPal expanded its internal ChatGPT Enterprise usage to 24,000+ employees.

PayPal's choice reveals something: in a landscape where ACP, AP2, and TAP coexist, the largest payment platform chose OpenAI's protocol. This isn't a technical judgment — it's a commercial one. Accessing ChatGPT's 900 million weekly active users has more immediate value than joining some "neutral" protocol.

The Landscape by End of 2025

By the end of 2025, the agent payment landscape had largely taken shape. Six major protocols coexisted, each solving problems at different layers. But "coexistence" doesn't mean "peace." Every protocol carries ecosystem lock-in intent:

• MCP becoming a Linux Foundation standard gives Anthropic a first-mover advantage at the integration layer.
• ACP's million-merchant Shopify coverage gives OpenAI a moat at the transaction flow layer.
• TAP and Agent Pay give Visa and Mastercard leverage at the identity and token layer.
• AP2's 60+ organization support gives Google a broad coalition at the authorization layer.

Technically complementary, commercially competitive. The question of who becomes the "settlement layer" for the agent economy remains unanswered.

Chapter 3: Where the Six Protocols Fit

The key to understanding these six protocols is identifying which layer of the Agent payment flow each one occupies. A single Agent payment traverses at least five layers: identity (who is initiating the transaction), authorization (how the user controls the Agent), integration (how the Agent connects to payment systems), communication (how Agents coordinate with each other), and payment execution (how the money moves).

Identity layer: TAP (Visa). Agent registration, identity attestation, and signal传递. Visa's design philosophy is to focus on verifying "who the actor is" rather than reinventing the payment interface. TAP complements Cloudflare's HTTP Message Signatures proposal: TAP handles Agent identity in payment scenarios, while Cloudflare covers the broader spectrum of Agent request verification.

Authorization layer: AP2 (Google). Cryptographic signing for authorization, in a payment-agnostic framework. AP2's cryptographic mandates can serve as extensions to both A2A and MCP. PayPal, Coinbase, Mastercard, American Express, Adobe, and Alibaba have all joined AP2.

Transaction flow layer: ACP (OpenAI + Stripe). The end-to-end flow from product search to cart, checkout, and order confirmation. Shared Payment Token is the first implementation compatible with ACP's delegated payment specification. Shopify's 1M+ merchants currently form the largest Agent commerce network.

Integration layer: MCP (Anthropic → Linux Foundation). Standardizing how Agents connect to any data source or tool. The Visa MCP Server is the largest MCP integration case in payments. MCP reduces integration complexity from N×M to N+M.

Communication layer: A2A (Google). Agent discovery and collaboration. Complementary to AP2, it addresses inter-Agent discovery and task delegation.

Payment framework layer: Agent Pay (Mastercard). Agentic Token + MDES extension, consistent with existing mobile payment tokenization.

Production-grade Agent commerce flows will use 2–3 protocols simultaneously. A typical stack might be: MCP for integration, TAP for identity, AP2 for authorization, and ACP for transaction flow. Both Visa and Mastercard have publicly stated that their protocols "align" with other standards—TAP aligns with ACP and x402, while Agent Pay is compatible with AP2.

But how long will this "alignment" hold? When Agent transaction volume reaches PayPal's projected "25% of e-commerce spending by 2030," every dominant player behind these protocols will have an incentive to slide from "complementary" toward "lock-in."

Chapter 4: Three Core Technical Challenges

Protocols are proliferating rapidly, yet three fundamental technical problems remain far from solved. These are not engineering optimization issues—they are foundational questions that Agent payments, as infrastructure, must answer.

Challenge 1: Who Is Paying?

An Agent initiates a transaction. The signal the merchant receives is "this Agent wants to buy this item." But an Agent is not a legal entity: it has no bank account, no credit history, no legal standing. The human behind it is the actual payer, yet the legal definition of the authorization chain between user and Agent remains unsettled.

Visa TAP's approach is a "Know Your Agent" process. The Agent registers with Visa to obtain credentials; the user completes cardholder verification via Passkey or OTP; Visa generates a scoped token bound to that specific Agent and transaction context. This token can only be used within the authorized scope. The critical design property: a compromised Agent does not cascade damage to the user's card. Each Agent has an independent token—revoking the compromised Agent's token does not require reissuing the card.

Cloudflare proposes a different approach: HTTP Message Signatures. Every HTTP request from an Agent carries an Ed25519 cryptographic signature containing @authority, @path, a timestamp, a public key ID, and other fields. Merchants can verify that the request genuinely originates from a registered Agent, not a forgery. This is not a payment-specific scheme—it is broader Agent identity infrastructure. Cloudflare Chief Strategy Officer Stephanie Cohen frames it this way: "The internet was built for human interaction, but the infrastructure of the future must be built for autonomous interaction."

Both approaches, however, assume the existence of an "Agent registry"—and that this registry is trustworthy. Who operates it? Who guarantees that registration data isn't forged? In cross-border Agent transactions, which jurisdiction does the registry fall under? There are no industry standards or regulatory frameworks for this yet.

A more fundamental question: should Agents have some form of "legal identity"? If an Agent can autonomously make purchasing decisions, does it need some kind of agency certificate? This is analogous to corporate legal agents: a company is not a "person," but the law grants it contracting capacity. Do Agents require a similar institutional arrangement?

Challenge 2: How Does the User Control the Agent?

Visa's Payment Instructions API describes a mechanism called a "digital handshake."

The flow works as follows: when an Agent prepares a purchase, it first presents a summary to the user (product, price, merchant). After the user confirms, Visa records the purchase parameters (who bought what, when, for how much) as a signed record. This signed record functions as the Agent's "permission slip"—if a dispute arises, there is an authoritative log to trace back to.

Users can set control parameters: spending limits (per-transaction caps), merchant category restrictions (only certain types of merchants), and approval thresholds (manual approval required above a certain amount). Visa's official statement: "Transactions operate inside guardrails that the consumer or business sets: spending limits, required approval thresholds, and other permission layers that keep the buyer in command even when an agent is executing the work."

But there is a critical design choice here: in Visa's liability model, fraud liability remains with the merchant. If an Agent makes an unauthorized purchase, the merchant may have to absorb the chargeback cost.

This is consistent with traditional credit card fraud liability allocation: in most markets, if a cardholder claims "I didn't authorize this transaction," the issuing bank processes a chargeback and the merchant bears the loss. But in Agent scenarios, the boundary of "unauthorized" is far blurrier. In traditional transactions, "that wasn't me swiping the card" is a relatively clear-cut judgment. In Agent transactions, "my Agent did make the purchase, but I disagree with what it bought"—is that an Agent execution error or buyer's remorse?

Mastercard Chief Digital Officer Pablo Fourez poses three core questions: "How does a merchant distinguish a legitimate AI Agent from a malicious bot? How does it know the consumer authorized the Agent to make this purchase? How does it confirm the Agent correctly executed the consumer's instructions?"

There are no standard answers to these three questions yet. Both Visa's and Mastercard's solutions share the premise that "the technology can do it, but ecosystem participation is required": merchants need to integrate TAP or Agent Pay to verify Agent identity, issuers need to update risk models to handle Agent transactions, and consumers need to learn new authorization interfaces.

The banking concerns cited by AP are more blunt: "Allowing AI agents to buy products on behalf of a consumer raises concerns for both banks and retailers. A customer could overspend, or the agent buys the wrong item, or the customer claims they did not authorize that transaction. Banks have been concerned about potential fraud claims."

In the short term, placing fraud risk on merchants is workable: merchants are willing to accept the risk to access ChatGPT's 900 million weekly active users. In the long term, if Agent transaction volume grows to the level PayPal projects (25% of e-commerce spending), the fraud cost borne by merchants will become impossible to ignore. The payments industry may need an entirely new liability-sharing model.

Challenge 3: Card Rails or Blockchain Rails?

The cost structure of traditional card rails is fundamentally mismatched to the extreme scenarios of Agent transactions.

Consider the math: a $0.05 API call. Card transaction fees run approximately $0.50–$0.80 + 1.5–3.5% interchange. This means a 5-cent transaction could incur 55 cents in payment costs—the payment cost is 11 times the transaction amount. ACH takes 1–3 business days to settle. Wire transfers only operate during banking hours.

This is not a matter of "slightly expensive"—the entire cost structure is inapplicable to microtransactions and machine-to-machine commerce. A key scenario in the Agent economy is API inter-calling: Agent A invokes Agent B's inference service, billed per token, where each transaction might be worth a fraction of a cent. These transactions simply cannot run on card rails.

Stablecoin rails have structural advantages in these scenarios: on-chain settlement completes in seconds (Polygon achieves roughly 5-second finality), fees are a fraction of a cent, operations are 24/7, and smart contract programmability supports conditional payments and automated compliance. Coinbase's x402 protocol (an HTTP-native payment protocol) has already processed over 15.5 million Agent payments, 95% settled through Polygon.

But stablecoin rails lack consumer protection. Card transactions come with chargeback mechanisms, zero-liability policies, and dispute resolution processes. On-chain transactions, once confirmed, are nearly irreversible. For consumer Agent shopping, the consumer protections of card rails are irreplaceable.

The 2026 reality is layered settlement:

Both Visa and Mastercard are making dual bets. Visa's stablecoin settlement pilot reached a $7 billion annualized run rate in April 2026, up 50% quarter-over-quarter, covering 9 blockchains, 130+ stablecoin-linked card programs, and 50+ countries. Mastercard's AP4M directly supports settlement on Polygon, Solana, and Base. Mastercard also acquired BVNK for $1.8 billion in March 2026.

Forbes nails the strategic calculation: "The payment networks have concluded that the safest position is to be the toll booth on every rail—both their own card rails and the stablecoin rails. That is a signal. If they were confident the Agent economy would stay on card rails, they wouldn't be spending billions buying stablecoin infrastructure."

Stablecoin supply exceeded $230 billion in Q1 2026. This is not crypto speculation—it is the maturation of an alternative settlement infrastructure.

Chapter 5: June 10, 2026 — Two Directions

Returning to the two launches on that day. They are not targeting the same market, or even the same category of "payer."

Visa × OpenAI: Letting ChatGPT Swipe Your Card

The technical stack behind this collaboration runs deeper than any prior Agent payment scheme.

Visa Intelligent Commerce's five APIs:

1. Tokenization & Authentication API: Payment token issuance and lifecycle management, cardholder identity verification, Passkey management.
2. Payment Instructions API: User intent registration, payment credential acquisition, purchase result submission.
3. Payment Signals API: Transaction signal sharing for dispute resolution.
4. Personalization API: Personalized recommendations based on spending data (with user consent).
5. MCP Server: Standard protocol interface connecting AI Agents to Visa's payment infrastructure.

On the Visa Acceptance Platform, these APIs are exposed as concrete REST endpoints: POST /acp/v1/tokens (card registration), POST /acp/v1/instructions (initiate purchase intent), PUT /acp/v1/instructions/{instructionID} (update intent), POST /acp/v1/instructions/{instructionID}/cancel (cancel), POST /acp/v1/instructions/{instructionID}/credentials (retrieve payment credentials), POST /acp/v1/events (confirm transaction event).

A complete purchase flow looks like this:

Step 1: Card registration. The user loads a Visa card inside ChatGPT. POST /acp/v1/tokens creates tokenized credentials. The real card number is never stored in OpenAI's systems; Visa generates a network token in its place.

Step 2: Agent prepares the purchase. The Agent searches for products, compares prices, selects an option, and presents a purchase summary to the user. The user confirms.

Step 3: Digital handshake. POST /acp/v1/instructions records the user-confirmed purchase parameters (product, price, merchant) and generates a signed record. This record proves the AI received user authorization.

Step 4: Retrieve payment credentials. POST /acp/v1/instructions/{instructionID}/credentials obtains tokenized payment credentials. The credentials are bound to a specific Agent and transaction context and cannot be reused by another Agent or for another transaction.

Step 5: Submit to merchant. The Agent presents the credentials to the merchant. The merchant can accept or decline.

Step 6: Confirm event. POST /acp/v1/events confirms the transaction is complete.

Visa emphasizes a key security design: a compromised Agent does not cascade damage to the user's card. Each Agent gets an independent scoped token; if an Agent is hijacked, only that token needs to be revoked. Users can view and manage all registered Agents within Visa's system.

Visa's choice of OpenAI as the launch partner is straightforward: ChatGPT has 900 million weekly active users (the world's largest AI platform), OpenAI already ships two Agent products — Operator and Codex — and the ACP protocol is ready. This is not an exclusive tie-up. Visa Intelligent Commerce partners include Anthropic, Microsoft, Samsung, Stripe, Mistral, and Perplexity. But OpenAI gets the deepest integration: only OpenAI earned a dedicated joint announcement on Visa's official blog.

One scenario worth watching is Codex. Visa and OpenAI explicitly stated they will explore embedding payment capabilities into Codex: "Beyond agentic commerce, Visa and OpenAI intend to explore embedding payment primitives and trusted agent identity signals into developer-focused experiences powered by Codex." This opens a B2B on-ramp into the Agent economy: Codex Agents could autonomously purchase inference, API services, or other developer tools within user-defined bounds. Codex has surpassed 3 million users (as of April 2026), and these 3 million developers could be the first B2B adopters of Agent payments.

The comparison with Instant Checkout matters. Instant Checkout charged merchants 4%; the Visa collaboration works differently. Users bind their Visa card directly to ChatGPT, settlement runs over the standard Visa network, and merchants do not pay an extra surcharge for the Agent channel. This is a direct product of the Instant Checkout lesson.

Mastercard Agent Pay for Machines: Spare Change Between Machines

AP4M operates on entirely different design assumptions than Visa × OpenAI.

It targets not consumer shopping but high-frequency, low-latency, low-value machine-to-machine transactions. An Agent calls an API, purchases data, rents compute, pays per token — each transaction possibly worth a fraction of a cent.

The core architectural difference lies in the settlement layer. AP4M's Agent permissions and credentials are recorded on the Polygon, Solana, and Base blockchains, not on Mastercard's card network. Settlement happens on-chain, supporting microtransactions down to fractions of a cent.

Mastercard Chief Product Officer Jorn Lambert's description precisely defines this market: "Agent Pay for Machines will create the conditions for a superbloom of AI business models. Machine payments can make it possible for services to be bought and sold among agents at fundamentally different scales than payments today — very high volumes, very small values, very fast and at extremely low latency."

The choice of "superbloom of AI business models" is deliberate. Lambert is saying: once micro-payment infrastructure is in place, a large number of previously infeasible AI business models will emerge. Billing per API call, per inference token, per data fragment — these models are cost-prohibitive on card rails but viable on-chain.

The 31+ partners include Stripe, Coinbase, Cloudflare, Adyen, Checkout.com, Ant International, Aave Labs, Alchemy, Anchorage Digital, MoonPay, Nevermined, OKX, Polygon, Ripple, and the Solana Foundation. The list mixes traditional payment processors, crypto infrastructure companies, and blockchain foundations.

Mastercard's Agentic Token in AP4M works as follows: MDES binds tokenized card credentials to a specific Agent, a specific merchant scope, and specific consent policies. Unlike the consumer scenario, however, AP4M's Agent Token is stored on the Agent side rather than on Mastercard's servers. This design choice supports always-on inter-machine transactions.

Two Directions, One Signal

Placing both launches side by side:

This is not a question of "who wins." The two payment giants are each betting on a different layer of the Agent economy: the consumer layer and the machine layer. The consumer layer requires protection, identity verification, and dispute resolution — the trust infrastructure of card rails is irreplaceable here. The machine layer demands speed, low cost, and 24/7 availability — on-chain settlement has a structural advantage.

But there is an implicit competition: whoever defines the standard first owns the "toll booth" of the Agent economy. Visa is defining the consumer-side standard through OpenAI's 900 million users; Mastercard is defining the machine-side standard through the blockchain ecosystem. In the long run, the two layers may need to interoperate. Consumer Agents may also need to call on machine Agent services (for instance, when an Agent books a flight and needs to invoke the airline's Agent API), and at that point the two standards must connect.

Chapter 6: The Foundation Isn't Finished

Agent payment infrastructure went from zero to six competing protocols in 18 months — an unprecedented pace. But the foundation is far from complete. Five issues must be resolved before Agent transaction volumes can grow significantly.

Fraud Liability Remains Unresolved

Visa places fraud risk on the merchant. This works in the short term but is unsustainable in the long run.

In traditional credit card fraud, "I didn't make this charge" is a relatively clear-cut claim. In Agent transactions, the line between "my Agent did buy it, but bought the wrong thing" and "my Agent bought it, and now I regret it" is blurrier. The Agent holds a signed record proving user authorization, but when the user "authorized A but the Agent bought B" — who bears responsibility for that execution gap?

An IMF analysis piece in 2026 proposed a direction: tokenization could replace not just card numbers but also tokenize multiple trust signals throughout the transaction process — the user's authorization parameters, the Agent's identity and permission scope, the transaction's timestamp and context. These tokenized signals create a replayable audit trail. But the IMF also acknowledges this solves "traceability," not "liability allocation."

A plausible direction is a new insurance/risk-sharing model: payment networks or insurers offer "Agent transaction insurance," with merchants paying premiums to transfer fraud risk. But this requires a pricing model, which requires historical data, and Agent transactions currently lack sufficient history.

China Is a Blank Spot

Visa's coverage in China is limited. Neither Alipay nor WeChat Pay has publicly announced an Agent payment scheme.

China has the world's largest mobile payment infrastructure (Alipay and WeChat Pay combined exceed 1 billion users) and the most mature QR-code payment ecosystem. But Agent payments don't need "scan a code" — they need "delegation": the user authorizes an Agent to complete payments autonomously within a defined scope, without scanning a code to confirm each time. The trust models of the two systems are fundamentally different.

China's regulatory environment adds another layer of specificity. The payments industry is tightly regulated (payment licenses, cross-border restrictions, data localization). If Agent payments involve cross-border transactions — a Chinese user's Agent purchasing from an overseas merchant, for instance — additional compliance arrangements are needed.

But China is also one of the fastest-moving markets for AI Agents. Baidu's ERNIE, Alibaba's Tongyi, and ByteDance's Doubao all have Agent products. If a Chinese Agent payment scheme emerges, it will most likely follow the "Alipay/WeChat Pay + domestic AI Agent" route, forming an ecosystem independent of Visa/Mastercard.

Standard Fragmentation

Six protocols coexist; interoperability relies on "alignment" statements rather than a unified standard.

MCP is a Linux Foundation standard, ACP is a GitHub open-source project, AP2 is Google-led, TAP is Visa-proprietary, and Agent Pay is Mastercard-proprietary. In the short term, complementarity is an advantage — Agents can compose protocols from different layers as needed. In the long term, it could become a source of fragmentation: if Visa's TAP and Mastercard's Agent Pay use incompatible Agent identity authentication, merchants must implement two separate integrations.

Historically, standard unification in the payments industry has required a catalytic event. The global rollout of EMV chip standards took 20 years. NFC payment interoperability remains incomplete (Apple Pay still doesn't support non-Apple devices in some markets). Agent payment standardization could be faster (technology moves faster now, and Google/AP2 is already building a cross-protocol authorization layer), but it could also be slower (more stakeholders are involved: AI companies, payment networks, crypto infrastructure, regulators).

Regulatory Vacuum

No major economy's financial regulator has issued specific rules for Agent payments.

The EU's AI Act covers model safety but not Agent transactions. The US financial regulatory framework is still at the level of "AI-generated financial advice" and has not touched "AI autonomously executing financial transactions." The UK FCA's AI sandbox remains in the research phase.

Until regulation lands, all Agent payment schemes are operating in a gray zone. Visa and Mastercard have the compliance capacity to manage this risk, but smaller payment processors and crypto infrastructure companies may not.

The regulatory vacuum also means a consumer protection vacuum. If an Agent spends beyond its authority, what legal framework can a consumer rely on to make a claim? Chargeback mechanisms are an industry rule of the card networks, not a law. Do Agent transactions fall under the same rules? What about cross-border Agent transactions?

The "Root Certificate" Problem of Agent Identity

All Agent identity schemes — TAP, Cloudflare's HTTP Message Signatures, MCP's Agent registration — depend on a trusted registry. This registry is the "root certificate" of Agent identity: all chains of trust ultimately anchor here.

Who operates this registry? If Visa, how do Mastercard's Agents obtain Visa's trust attestation? If a neutral third party, where does its authority come from? If a government regulator, how are cross-border Agent transactions handled?

The internet's TLS certificate system took a decade to build its current trust model (certificate authorities like DigiCert and Let's Encrypt, with browser vendors serving as trust anchors). Agent identity's trust model may need a similar timeline to mature — but the growth rate of Agent transactions won't wait ten years.

Closing Thoughts

The payment networks have made their judgment clear: the Agent economy is not a question of whether, but of scale. McKinsey projects Agent commerce will reach $3–5 trillion globally by 2030. PayPal predicts 25% of e-commerce spending will be Agent-driven. Google AI Shopping Mode already offers 50 billion product listings.

But before that scale materializes, four things must land first: standards, liability, regulation, and interoperability. The dual-launch day of June 10, 2026, is not the finish line — it is the first pour of the foundation.

Simon Taylor wrote on LinkedIn about the impact of Agent payments on merchants: "Every A/B test you're running? Obsolete. Cart abandonment emails? Pointless. Conversion optimization? For agents, not humans." His point: when the consumer is no longer a human but an Agent, the entire optimization logic of e-commerce must be rewritten. Price comparisons, review judgments, purchase decisions — things human consumers spend time on — Agents complete in milliseconds.

The question merchants face is no longer "how do I get a person to click the buy button" but "how do I get an Agent to choose my product." This is the deeper impact of Agent payments: it doesn't just change how we pay. It changes the basic unit of commercial interaction.

---

Disclosure: This article is based on publicly available information, drawing on official releases and developer documentation from Visa, Mastercard, OpenAI, and Google; industry analysis from Eco, Forbes, AI Weekly, CoinDesk, SiliconAngle, Fintech Wrap Up, AP, and Digital Commerce 360; academic analysis from the IMF eLibrary; and technical documentation and GitHub repositories for ACP, AP2, TAP, and MCP. This is not investment advice. Data cited is current as of June 11, 2026.