Digital commerce is changing to cut humans out of the purchasing loop, and everyone in the payments stack is fighting for their spot in this new setup.
Last month, Google launched Universal Cart across Search, Gemini, YouTube, and Gmail. Weeks earlier, Stripe introduced Link's wallet for AI agents and on-demand single-use cards. We now have the consumer layer from Google and the payments infrastructure from Stripe. Agent-driven commerce is moving from concept to reality, and the industry is racing to adapt.
But there is a big gap in who is actually ready for this. Many still ask: is agentic commerce a trend or the real thing? And the answer is: it's real, but unevenly distributed.
The big platforms and payment networks are sprinting ahead. Merchants, on the other hand, are mostly unprepared for AI traffic, treating it as an experimental channel. Consumers are even further behind. While people like the idea of delegating tasks, letting an AI actually spend your money is a huge leap that most haven't tried yet.
Because of this, a lot of people think the whole thing is overhyped. The reality is that retailers don't want to overhaul their entire catalogs for a channel that currently brings in zero volume.
Here is how the different pieces of the payments industry are dealing with this shift, and what it looks like from where I sit in the infrastructure.
Credentials: the lifespan problem
We've spent thirty years building payment credentials that are meant to last. PANs sit on plastic cards for years. Network tokens stay in vaults. Wallet tokens live on your phone across thousands of purchases. The entire payments industry is built on the assumption that a credential is persistent.
Agent payments break this completely. Stripe's new issuing tools mint single-use virtual cards on demand. They are scoped to one specific merchant, a set amount, and a short time window. The new protocols wrapping these cards abstract things even further into pure "intent." Trust is no longer based on a long-lasting credential; it's based entirely on the exact moment it was issued through agent authorization mechanisms.
The authorization protocols handle this fine, but everything else breaks. Things like card-on-file, vault management, dispute windows, and refund logic don't make sense when the original card only existed for eleven seconds. Fraud signals lose their value when the credential doesn't persist.
Then there is the regulatory and technical headache of CIT versus MIT (Customer-Initiated versus Merchant-Initiated Transactions). For years, payments fell cleanly into two buckets: either the user was present to authenticate (CIT), or they weren't, relying instead on a prior agreement (MIT).
Agentic commerce shatters this binary. If an AI buys groceries while you sleep, is it a CIT because your agent represents you, or an MIT because you aren't physically there to pass a 3D Secure challenge? Right now, the industry is trying to force agent traffic into the MIT bucket using mandates, but fraud engines and SCA (Strong Customer Authentication) regulations haven't caught up to the idea of AI payment authentication — a machine passing a challenge on a human's behalf.
This is a massive technical shift, but most people talking about AI completely miss it.
Agentic Commerce protocols
To understand how agentic commerce works, you need to know the five live AI payment protocols currently being pushed:
ACP (Stripe + OpenAI): A tactical approach built to run on existing payment rails.
AP2 (Google): An architectural standard using cryptographically signed mandates. It carries the proof of the user's intent, while the actual money settles on whatever rail the agent chooses.
UCP (Google + Shopify): Focused on the actual commerce flow: carts, catalogs, and checkout.
MPP (Stripe + Tempo): Built for machine-to-machine transactions using stablecoins.
MCP (Anthropic): Not specific to payments, but it's becoming the standard for giving AI models the context they need to act.
These aren't necessarily competing against each other. ACP is about merchant trust, AP2 is about mandates, and UCP handles the store handshake. Builders are probably going to end up supporting a mix of these, meaning the translation layer sitting above them will be critical.
How networks are preparing for agentic payments
Visa and Mastercard announced their own agent tokenization plans back in April. They are both making the same move: expanding the concept of network tokens from "hiding a card number" to "representing an AI agent's identity", and establishing a trusted framework for agent identity.
Simon Taylor explained this perfectly recently: the networks are shifting their value. They don't just want to be the rails that move the money, they want to be the trust standard that secures the transaction, regardless of how it's funded. Whether the money moves via cards, Open Banking, or stablecoins, the agent token stays the same.
Visa went a step further in Europe by partnering with banks like Revolut, Barclays, and Commerzbank to actually test these transactions in production. They learned their lesson when Apple Pay caught them off guard, and they don't want to repeat that mistake.
What agentic commerce means for banks and issuers
AI agents push banks further back than Apple Pay ever did. A user authorizes a spend inside ChatGPT or Gemini. The bank never sees the context, the merchant, or the AI's identity. They just see a card transaction hit the account.
Banks can still decline the transaction, but many of these flows bypass traditional issuers completely. If an AI uses a Stripe-issued single-use card, the authorization decision happens at Stripe's partner bank, not at Chase or Santander.
Visa's Agentic Ready program is meant to give banks a counter-move. It exposes the metadata (like the specific AI agent and the spending limits the user approved) to the issuer at authorization time. Banks can use this to apply specific fraud rules or require extra authentication. But if they want to keep their relationship with the user, they have to move fast and actually implement these tools.
Acquirers: the neutral ground
Most articles ignore acquirers, but this is where the actual money moves.
Stripe's pitch is simple: they offer an integration suite to get merchants into the AI channel quickly, as long as Stripe gets to process that specific volume. If a merchant uses Stripe for everything, it's a closed loop. If they don't, Stripe handles the issuing side while the merchant's regular acquirer handles the rest.
Then you have companies like Worldpay and Adyen. Their argument is neutrality. Worldpay's CPO Cindy Turner makes the case that merchants should be able to accept any agent on any protocol. They are pitching multi-agent interoperability and dispute tools built specifically for AI.
The battle here isn't about whether Stripe "wins." It's about which specific channels Stripe takes over, and which ones stay with the traditional acquirer ecosystem.
How merchants are integrating agentic commerce
There are three main approaches to AI merchant integration and Agentic Commerce adoption for merchants & digital platforms:
Shopify tries to make it invisible. They handle the UCP protocol with Google in the background. Merchants don't have to pick a protocol, they just make sure their product feeds are structured so agents can read them easily (what some are calling Agent Engine Optimization, or AEO).
Google is aggregating the cart on the consumer side. Universal Cart lets users shop across any merchant that supports UCP, monitoring stock and prices. Google hands off the checkout or uses Google Pay, but they avoid becoming the actual seller.
Amazon is embedding its own agents. They are building AI that acts on behalf of consumers across the internet. When independent merchants open their stores to AI agents, they might end up letting Amazon's AI control the checkout process on their own websites.
AI shopping agents and the trust problem
The companies building the actual AI (OpenAI, Google, Anthropic, Microsoft) want to own the direct relationship with the user. But this has proven harder than expected.
Google initially showed an Android demo where a user could just click once to buy concert tickets from a photo. People online immediately pointed out that nobody would trust a button like that. By the time I/O happened, Google had pivoted to Universal Cart, a system where the user has much clearer boundaries.
Everyone building real flows is actually adding more friction and confirmation steps, not removing them. The demos make it look easy, but the reality of payment infrastructure is much messier.
My view from the infrastructure: is agentic commerce an overhyped trend?
I've worked in Fintech and Payments for years now, bridging the gap between technical integration, UX design, and product strategy. Over the years, I've worked across issuers, gateways, and orchestrators, dealing with everything from raw PANs to wallet tokens.
Until recently, I mostly ignored the "agentic commerce" headlines. But now I'm digging into it, and so are my peers. We read these announcements very differently than the AI press does.
The biggest shift isn't that AI can buy things. It's that refunds, disputes, fraud detection, and other operational systems were built for a world where humans drove transactions. The real engineering challenge starts there.
Also, the people saying this is overhyped aren't entirely wrong. Demand from consumers is not the bottleneck right now, it's coordination. Identity frameworks, liability models, and onboarding standards are still immature. Payments will likely lead the way, with Stripe currently ahead thanks to its strong merchant footprint.
Agentic commerce will likely move slower than the tech itself. Trust takes time, especially in markets where consumers have experienced financial instability firsthand like Latin America. Delegating your wallet to an AI is a much bigger leap than saving a card online. The right approach isn't to rush adoption, but to keep humans in the loop, make the technology reliable, and earn trust gradually.
Finally, we haven't even solved the liability problem for AI hallucinations. If a user tells an AI to "buy coach tickets" and the model misreads the intent and buys first-class, who pays for the mistake? The merchant? The AI developer? The user? Chargeback rules were not written for "AI misinterpretation," meaning the first major dispute is going to set a messy precedent.
Our job right now is just to build the rails. We should pay attention to B2B for actual volume, and take the consumer AI demos with a grain of salt. Whether consumers start using this next year or in five years, the infrastructure needs to be ready.
