Agentic Commerce and the networks
Agents open the door to A2A
Key insights in this post
Visa & MasterCard both announced “Agentic Commerce” initiatives
Agentic Commerce will allow consumers to ask agents to do their shopping
The networks will provision tokens into agents similar to how they do with Apple Pay
Their strategies aim to keep agents secure while facilitating innovation
The announcements differ in small ways, although those differences could just be missing from the press releases
MasterCard will certify Agents to meet safety and security standards; this is a helpful service but it is not clear why the networks don’t do this collectively rather than creating friction by certifying separately
Visa will collect data to help agents and consumers validate instructions
It is not clear what data Visa has that is useful for this task
It seems Visa plans to use Open Banking to take the data from issuers and get different data from the agents
It is not clear that the networks are the right parties to do this service
The announcements don’t address some key issues
Who bears the liability if an Agent fails to follow the consumer’s exact instructions: The Agent, the Consumer, or the Merchant?
Could Agentic Commerce open the door to A2A substitution for cards:
Agents remove consumer inertia to getting the best deal, even by marginal amounts, which may not always mean paying with a card, e.g.,
To avoid merchant surcharges
To earn merchant discounts or other benefits
Merchants can manage down the cost of acceptance with A2A, without adding friction to the purchase journey — all the negotiation is simply math that can be completed in nano-seconds
It is unlikely Networks can prevent this kind of switching via rules, but they could adjust pricing to avoid losing volume
None of this is happening imminently, and it may not impact all transactions — so there is plenty of time to adjust
Introduction
Visa and Mastercard are trying to get ahead of the curve on Agentic Commerce. A few weeks ago, I wrote a post about AI Agents helping consumers optimize their finances. Agentic Commerce is a similar idea that optimizes their shopping life.
I have no doubt this is on the horizon. For all the reasons I outlined in the prior post, AIs can eliminate consumer inertia to hunt out the best deals on pretty much everything we buy. The question today is what impact this has on consumer payments.
I spent months at JPM focused on Internet of Things (IoT) commerce and it amounted to a whole lot of nothing. Even if IoT commerce succeeded, we concluded that the winners would not be issuers or networks or acquirers:
In-car the winners would be Apple Pay & Google Pay because it would take too long to update the auto fleet with onboard wallets and then sign-up merchants. 10 years later, in-car commerce is still very limited
On-the-move (wearables) the winners would be Apple & Google who had the biggest wearables share (e.g. Apple Watch) and phones also move with consumers. Rings, Fitbits, et al. never become meaningful payments form factors
In-home, the winner would be card-on-file at merchants. It would take too long to turn over the appliance fleet, and fulfillment required a proximate merchant, typically with a card on file (e.g., Amazon, Walmart)
To the degree IoT commerce emerged at all, it emerged that way – either the OS wallets or cards-on-file did all the payments. For example, my EV authenticates itself to a charging station, but the actual transaction is completed with a card-on-file in the cloud – not a card embedded in the car itself.
Our industry periodically goes through frenzies like IoT where everyone is frightened of being left behind, but no one really knows how things will play out. Hype takes over and consultants get rich. A2A & Stablecoins are in that phase today. Is Agentic Commerce?
I believe Agentic Commerce will succeed where IoT commerce didn’t, but will Agentic Commerce require new payments arrangements or make do with the old ones? Recent network announcements provide evidence for both views.
The network announcements
Visa & Mastercard announced roughly the same initiatives at roughly the same time. The idea is to provision network tokens into Agents. They expect agents to work just like Apple Pay: when the Agent initiates a purchase, they will pass the merchant a tokenized version of a credit or debit card which the merchant then clears and settles through normal acquiring.
This anchors the network role in Agentic Commerce because tokenization and detokenization are network-level functions. The model also minimizes the work that issuers and acquirers have to do to participate. This is what the networks should be doing: Keeping the ecosystem both current and secure.
I see two differences between the press releases worth calling out:
Mastercard will certify Agents to ensure they meet safety and security standards
Visa will collect data to help agents and consumers validate instructions
I assume both networks will do both of these eventually.
Certifying Agents
Mastercard’s release highlights how it will certify Agents to be worthy of ingesting PANs and exchanging for tokens. Here is the specific language in their press release:
“Securely registering and authenticating trusted agents: The program will require trusted AI agents to be registered and verified, after which they will be able to make secure payments on behalf of their users.”
The assumption is that consumers enter an in-the-clear card number (PAN) into their Agent(s) of choice, who will exchange those PANs for encrypted tokens. Tokens are useless if stolen, but still clear & settle like regular PANs.
The other option is “push provisioning” from the issuers, where the consumer pushes a token from their card issuer’s digital channels. This is easy with only two major OS Wallets, but might be harder with dozens of Agents. Having a network in the middle to securely funnel issuer tokens to commerce agents will accelerate the process.
Security is a traditional network role. Agents are a new actor in the card ecosystem, like Apple Pay in its day, and the networks want to keep the ecosystem secure.
But, why does each network need to separately certify each agent? All networks face the same challenges and will address them in the same ways. So why aren’t they federating certification efforts in a shared utility? Alternatively, they could have reciprocity for each other’s certifications.
The way they are contemplating it requires every Agent to certify at least 4 times for credit, and maybe 6 or 7 times for debit. The industry already has a network club (EMVco) that coordinates the EMV standard and other network-centric topics. Couldn’t the networks collaborate on a certification standard to simplify processes and lower costs?
In the terminal world, each network certifies independently and that introduces costs and delays. Why replicate that inefficiency in the Agentic world? At the end of the day, all networks will certify all legitimate Agents, so why create 4+ bureaucracies instead of one?
No competitive advantage will accrue to any network from better certification, so why not do it together? A utility is pro-competitive because it speeds time-to-market and reduces ecosystem cost. If it implements best practice, it also improves overall security.
The networks compete for issuer branding, not for Agent certifications. No agent will want to be exclusive with any network as it would limit opportunity with cardholders using cards from the other networks. This is an opportunity to get it right up front.
Additional Data
Visa’s press release discusses getting additional data to and from the Agents to improve personalization:
“Consumers share basic Visa spend and purchase insights with their consent to improve agent performance and personalize shopping recommendations.”
Why do the agents need Visa to do this? Visa itself only sees the basic ISO 8583 data used to authorize, clear, & settle transactions. This data isn’t all that useful for target marketing as it usually doesn’t contain SKU data, just merchant name, amount, data & time, etc. See this post for all the excessive detail.
Networks don’t know if the consumer has other cards (particularly if those cards are on other networks) nor do they have any insight into the consumer’s primary checking account where they receive direct deposits and pay bills. Using a data aggregator like Plaid or MX, the agent could get all the basic data directly from card issuers and depositories.
As a network Visa knows nothing about the consumer’s demographics, which are essential to personalization. They may not even know what city and state the consumer lives in. The only ways they could get that data is if the issuers share it with them or direct from consumers, via open banking. My experience is that big issuers won’t willingly share – they view that data as their crown jewels and don’t trust what the networks might do with it.
So, Visa will likely use an aggregator to take this data without the issuer’s permission or involvement. That will not endear them to issuers. Ownership of transaction data was a contentious issue in my time in banking and I doubt that contentiousness has gone away for an even broader array of data.
Open questions from the press releases
I saw at least two big questions that weren’t dealt with in the releases:
Is the Agent liable for Reg Z & E purposes?
Can Agents substitute A2A for cards?
The networks may have solutions but chose not to reveal the answers.
Liability
Reading these press releases raises a question about how Agentic Commerce will execute transactions. These announcements contemplate autonomous agents that are empowered to purchase on their own. This can happen in real time, or the agent can notify the consumer when it finds an item so the consumer can give final approval to purchase.
The closest analogy today is replenishment services. In our household we have pet food, coffee, some paper goods, and a few other items on replenishment services. Everything is paid for with a card-on-file. Our suppliers likely exchange those cards for network tokens to reduce their PCI risk.
We generally end up with more than we need, then have to cancel or delay the next order. So, we have the benefit of “set and forget”, but create exceptions that are a pain to address. The only chargeback would be if we get a delivery after we delay or cancel, but usually the merchant voluntarily gives a refund.
So will Agentic Commerce be more like replenishment services where you give it a task and it fulfills it when conditions are met; or, will Agentic Commerce be more like a personal shopper where they recommend a purchase, but you get final say before any transaction occurs? Of course, both could coexist. But there is a difference between the two from a liability perspective.
Cardholder control
Here, the Agent finds what you want and presents it to you ready to put into the merchant’s shopping cart, but, the consumer confirms the checkout. The Agent itself doesn’t need payment credentials since the consumer controls checkout – and can pay with guest checkout, a wallet, a form-filler, or card-on-file. If the consumer has changed their mind, they can simply cancel the transaction before checking out.
In this model the Agents do the shopping, but the consumer does the payment. This adds friction but reduces risk. This is not fundamentally different from the status quo.
Agent control
Here you tell an Agent to monitor for a particular item, perhaps at a particular price ceiling. It can purchase from any merchant if the price falls below $x or if the Agent can find a coupon that would take it below the strike price. That is the kind of Agent I want!
The Agent patiently monitors to meet your conditions; after a few weeks it finds the item and purchases it – without further approval by you. From a Regulation E/Z perspective, did you “authorize” the final purchase? You did authorize the Agent to make the purchase but how does the merchant prove that the Agent had your “Power of Attorney”? What if the item was on clearance with an as-is sale condition or a no returns policy clearly stated? Do you have the right to charge that transaction back for lack of authorization? What if the agent exercises discretion to get the item in a different color or a near identical item from a different manufacturer? Does that violate authorization?
This feels like a variation on second-party “fraud”. If the Agent varies even a little from your explicit approval conditions do you have a valid claim? If the merchant did everything right, will it still have to honor the chargeback? Is the Agent itself the actual purchaser (the first party) and gets stuck with the chargeback?
Visa seems to anticipate some of this:
“Allows consumers to easily set spending limits and conditions, providing clear guidelines for agent transactions. Commerce signals are shared in real-time with Visa, enabling Visa to effect transaction controls and help to manage disputes.”
It seems odd to me that these controls reside at the network rather than the Agent. In particular, unless the merchant shares SKU, the network can’t tell whether it is the right item or not. This raises a few issues:
Does the merchant want Visa to see SKU? Merchants are as sensitive about sharing SKU as issuers are about sharing customer demographics. Will there be controls on Visa that limit data use for other purposes (e.g., marketing, offers)?
Why does the agent or the issuer need Visa in the middle of this? Couldn’t Visa just set a rule that Agents must faithfully execute instructions and any deviation is the liability of the Agent? The Agent will get its marching orders directly from the consumer and it is in the Agent’s long-term interest to get that right
Big organizations like the networks aren’t known for their technological agility, so keeping the monitoring at the center is likely to add friction and slow down progress. This design strikes me as more in the interest of the network than the Consumers, Merchants, Agents, Issuers or Acquirers.
Without getting detailed data and instructions, the networks can’t do a good job of adjudication. A consistent certification process and liability framework across all networks would help govern the system without introducing friction.
Steering to A2A
Another likely outcome of Agentic Commerce is greater use of A2A. Agents representing the consumer may negotiate with agents representing the merchant to select a mutually optimal payment method. For example,
The Agent knows the consumer’s card earns 1.5% cash-back but the merchant offers accelerated free shipping in return for using A2A (pay-by-bank/ACH). The agent might have instructions to accept such offers if the price for accelerated shipping is worth more than the 1.5% rewards plus the lost float
The merchant has a 3% surcharge on Credit Cards, so the Agent switches to A2A to save the ~1.5% gap (3% surcharge - 1.5% rewards – 1 month float)
The Agent uses open banking to see if the card carries a balance and if the consumer’s DDA has enough cash to buy the goods. The Agent calculates the savings from avoiding the revolve cost and, if it is cheaper, switches to A2A or perhaps an installment lender like Affirm, Klarna, or AfterPay if they are cheaper
The math for any of these situations is not complex. It gets trickier if the merchant offers its own rewards points or some other non-monetary amenity like advanced access to new products or warranties. Anything hard to price may confound the agent.
Another challenge is that steering from Credit Cards to A2A changes the consumer protections from Reg Z to Reg E. These are roughly comparable although Reg E is a bit more challenging to navigate. That could be resolved by setting limits, i.e. transactions above a certain limit stay on Credit/Reg Z despite the potential savings, all other transactions may shift to A2A despite the switch to Reg E. Regulatory arbitrage to benefit the consumer!
What is the end game?
Merchants have always been frustrated at their inability to manage down acceptance costs. Only the mega-merchants accomplish this, but nobody outside the top ~10. Agents offer an alternative. A merchant Agent negotiating with a consumer Agent can arrive at a bargain that saves them both money at the expense of issuers and networks.
Network rules may ban these types of steering tactics if the Agent uses the tokenization utilities, but there are ways around any such rules. The always coming, never arrives "merchant settlement" may ban such rules outright. If the agent is empowered by the consumer to make those trade-offs, I don’t see a way to stop them.
Acquirers may even help the Agents:
At large merchants, acquirers are indifferent to payment method as they charge a small fee per transaction, not by value
At smaller merchants they may come out ahead
Acquirers often charge a flat, value-based fee but absorb the acceptance costs themselves – switching to A2A benefits their own economics
Acquirers may even provide merchant-side agents to their SMBs as a value-added service, in the same way they provide surcharging technology today
This sets off an arms race. Issuers and Networks will try to anchor consumers to cards while merchants and A2A providers collaborate to manage down acceptance costs. Acquirers sit in the center and benefit either way. Consumers just win.
I think negotiation between consumer-side agents and merchant-side agents is inevitable and some shift to A2A is likely. The question is the magnitude of the shift:
Large purchases have more savings on offer for both sides, but less likelihood that the consumer’s DDA has enough balance
Small purchases usually don’t offer enough savings to incent change
Purchases of a few hundred dollars up to maybe $1,000 may be the target range
The networks could restructure interchange for any purchase band that sees attrition. They already differentiate by card type, CNP vs. CP, vertical (MCC) and merchant size. They could add a dimension for transaction size. Networks don’t share in interchange so they would be trading some of the issuers’ revenue to sustain their own volumes. For issuers, keeping some is better than losing all.
Such a development would require issuers to restructure rewards – big purchases still get big rewards and small purchases still get modest rewards, but mid-sized purchases get less. Since the average purchase is under $100, the bulk of transactions are unaffected. But the issuers still lose.
More bad news: This A2A analysis applies to Stable Coins as well.
Conclusions
I opened this post with a story about IoT payments. They never amounted to anything but consumed a lot of mindshare for a time. Even if they had emerged as a force, the payments arrangements would be similar to legacy commerce.
So will Agentic Commerce change the payments landscape or follow the IoT path? Anyone who reads my posts consistently knows I am a skeptic … but, not about this. I do think Agentic will change the way we shop in the same way I thought Agents will help consumers manage their finances: By treating everything as a strictly economic trade-off. Agents ignore marketing tactics and are not subject to behavioral economics. That overcomes consumer inertia to seek out the best deals.
Once consumer-side agents are negotiating with merchant-side agents I am confident a “Coasean bargain” will be reached for the consumer’s economic benefit — which incudes more use of A2A. A Coasean bargain is …
“… when bargaining is costless and property rights are well-defined, private parties can reach an efficient outcome regardless of the initial allocation of those rights.”
The underlying theory won the Nobel prize in Economic Science in 1991. The Coasean Bargain requires:
No transaction costs (Agents have none)
Equal market power (the consumer agent can buy elsewhere for a better deal)
Accurate information (everything is transparent in this vision)
The network plans are not consistent with these, but “Dueling Agents” bring the theory to life for consumer commerce. The winners are the consumers, the losers are whoever depends on today’s “inertia profits”.
None of this is happening imminently, and it doesn’t impact all transactions - Consumers take time to adopt; but, over time, it will shift the payments market.
I agree. I expect that the initial use cases will be where the purchase is for a specific SKU and the consumer just wants to make sure they are getting the best deal. For example, we are about to get a new coffee machine, we know the make and model we want, and we just care about price at. this point. But eventually you may want the Agent to do the "discovery" using general specs with price being only one spec -- alongside reviews, detailed spec comparisons, etc. But in the near term, these Agents will be automated price seekers.
It's probably my marketing background talking, but most people make buying decision based on emotions. While I could see some people outsourcing their groceries to an agent, I feel most people will always do the shopping.