The Rails Nobody Voted On
Through 2025, every major incumbent in global payments shipped a version of the same infrastructure: tokenised rails for AI agents to complete purchases autonomously. The convergence is less a market signal than a regulatory gap being filled by private hands.
In April 2025, Mastercard became the first of the major card networks to announce dedicated infrastructure for agentic payments. Agent Pay, as they called it, was a framework that lets AI systems complete transactions using Mastercard's existing tokenisation and fraud detection infrastructure. The partners named at launch included Microsoft on the AI side, with Checkout.com and Adyen on the merchant side.
By October, both Visa and Mastercard had launched merchant-facing frameworks for agentic commerce. Visa's was called Intelligent Commerce. Mastercard's follow-up was the Agent Pay Merchant Acceptance Framework, a no-code onboarding product sitting on top of the April tokenisation work. On 27 October, Mastercard and PayPal deepened their longstanding partnership to integrate Agent Pay directly into PayPal's wallet, allowing AI agents to complete transactions on behalf of PayPal users.
Stripe had moved in September. Their Agentic Commerce Protocol, co-developed with OpenAI, went live on 29 September 2025, powering Instant Checkout in ChatGPT. Google's Agent Payments Protocol (AP2) launched around the same time, with Mastercard, PayPal, American Express, Klarna, Shopify and Cloudflare among its backers.
That is five distinct infrastructure efforts from the most powerful incumbents in global payments, all shipping within the same calendar year. This is not a coincidence. It is also not coordination. It is something more structurally interesting: convergence.
What the technology actually does
All of these approaches share a common mechanism: tokenisation. Instead of an AI agent storing or transmitting a card number, it receives a scoped payment token: a cryptographically-linked credential tied to a specific merchant or basket value. The token can be revoked. The original card number is never exposed to the agent or the platform running it.
Stripe's implementation uses what it calls a Shared Payment Token (SPT), scoped to a specific merchant and basket total. Mastercard and Visa build on network tokenisation standards that have existed since the EMV migration of 2014, now extended to agent-initiated contexts.
The authentication layer is where it gets interesting. Underpinning both Visa's and Mastercard's October frameworks is Cloudflare's Web Bot Auth technology, developed with Microsoft, Shopify, Checkout.com, Worldpay and Adyen. As Cloudflare's Chief Strategy Officer Stephanie Cohen said at launch: "Securing the future of commerce is a shared responsibility, especially as AI agents begin to act on behalf of consumers." That a single infrastructure provider sits beneath both Visa's and Mastercard's frameworks is not something either company announced prominently. It is, however, the more consequential fact.
Two competing open standards. Multiple proprietary frameworks. The same Cloudflare authentication layer under most of them. The technical landscape is already more layered than the press releases suggest.
The regulation that isn't there
Here is where I find myself back in FCA territory, and where I think the trade coverage has been consistently thin.
PSD2's Strong Customer Authentication requirements were designed for human-initiated transactions. A consumer presents their device, authenticates with a biometric or PIN, confirms the transaction. The regulation's security properties rest on that human presence. PSD3, which was in consultation through 2024 and 2025, carries the same assumption forward. The draft technical standards from the European Banking Authority do not contain provisions specifically addressing agent-initiated authorisation. Neither does the FCA's Open Banking framework.
The EU AI Act has obligations around high-risk AI systems, and there is a reasonable argument that an AI system initiating financial transactions on a consumer's behalf meets the Act's definition of a high-risk application (Annex III, point 5b covers AI systems used in financial services for creditworthiness assessment and credit scoring; the agentic payments case is adjacent but not identical). What the Act does not do is specify how payment authorisation should work when the authorising party is a machine.
The practical result is that the companies building this infrastructure are, in the absence of a regulatory framework, making the regulatory decisions themselves. What counts as adequate consumer authorisation (the consent given when a user instructs an agent to "buy me running shoes under £80") is currently defined by each platform's terms of service, not by a supervisory authority. What constitutes a valid revocation mechanism for an agent's payment token is a product decision at Mastercard and Visa, not a regulatory one.
I am not arguing that this infrastructure is dangerous. The tokenisation and fraud-detection properties are genuinely sound. I am noting that the decisions being made now, about scoping rules, revocation standards, liability frameworks, and interoperability requirements, will be difficult to revisit once they become de facto standards.
Who wins, and what it costs
The payment networks have an obvious and rational motive for positioning themselves at the centre of this infrastructure. Agentic commerce, if it develops the way the 2025 launches assume it will, means a significant portion of purchases will be initiated without a human at a checkout page. The discovery and evaluation that previously happened on a brand's own site happens inside an agent's reasoning. The network that authenticates the agent, scopes the token, and processes the transaction becomes, in a meaningful sense, the commerce infrastructure.
The merchants in the middle have a different view. If an AI agent is buying on a consumer's behalf, the merchant fulfils the order and receives payment through the network. What they do not receive is a customer. The brand relationship that ecommerce spent two decades constructing, built on owned checkout experiences and first-party data, sits somewhere upstream of the transaction. The implications of this are worth reading alongside the ChatGPT checkout analysis published elsewhere in this series, and the consumer trust work that looks at how buyers actually respond to agent-mediated purchasing.
Stripe's positioning is worth watching separately. The Agentic Commerce Protocol is an open standard, not a proprietary network product. Stripe's developer ecosystem and speed of iteration are different strengths from Visa and Mastercard's fraud-detection depth and global network scale. Whether the open-standard approach gains traction against the proprietary-framework approach will be one of the more consequential technology stories in payments over the next few years.
What to do about this
If you are a European payment service provider or a UK retailer with an agentic checkout deployment in progress, two things are worth attending to now rather than later.
First: the liability question. Under PSD2, liability for an unauthorised transaction turns on whether strong customer authentication was applied. In an agent-initiated transaction where the consumer's only act was instructing the agent at some earlier point, the authentication chain is genuinely unclear. Your payment provider's terms will have something to say about this; so will your own terms of service. If neither document currently addresses agent-initiated transactions, that is a gap to close before go-live, not after.
Second: the interoperability question. If your checkout accepts Mastercard Agent Pay tokens but not Stripe SPTs or Google AP2 credentials, you have already made a network affiliation choice. That is a reasonable commercial decision. It should be a deliberate one, not a default that emerged from your payment provider's SDK.
The infrastructure being built across 2025 is technically solid. The regulatory scaffolding around it is, as of this writing, largely absent. That gap will close eventually. The question is whether it closes on terms the industry designed in private, or on terms that include a public interest process. Given the pace of the builds, I suspect we will find out which it was only after the fact.
Data sources and further reading
- Mastercard Agent Pay (Mastercard, primary product page)
- Mastercard and PayPal join forces for agentic commerce (PayPal newsroom, October 2025)
- Visa and Mastercard both launch agentic AI payments tools (Digital Commerce 360, October 2025)
- Stripe powers Instant Checkout in ChatGPT and releases Agentic Commerce Protocol (Stripe newsroom, September 2025)
- Visa, Mastercard race to agentic AI commerce (Payments Dive)
Stay Connected
Follow LLCommerce on LinkedIn
Get the latest AI commerce insights, analysis, and industry news delivered to your feed.
Large Language CommerceAbout the Author
Payments & Regulation Correspondent
Helena covers the payments rails of commerce and the regulation underneath them. Ex-FCA, now independent. Half-German, half-British, fully sceptical of any pitch deck that uses the word 'frictionless' as if it were a virtue.