- Key insight: Banks have a narrow window to shape how agent identity verification works before transaction volumes force ad hoc approaches that will be harder to standardize later.
- Supporting data: Morgan Stanley estimates nearly half of online shoppers will delegate purchasing to AI agents by 2030.
- Forward look: Managing identity, authorization, fraud risk and liability is of paramount importance for agentic commerce to be adopted broadly. But the emphasis should fall on identity. Everything else depends on it.
Recently, American Express CEO Stephen Squeri published a
Squeri is the latest in a rapidly growing line. Visa, Mastercard, Google, OpenAI, FIS and PayPal have all shipped agentic commerce products or protocols in the past six months. The payment rails for AI agents are being constructed at remarkable speed.
But there is a
In the early years of e-commerce, the payments industry raced to enable card-not-present transactions. Fraud prevention infrastructure lagged behind acceptance infrastructure. The result was an explosion in card-not-present fraud that cost the industry billions and took years to contain. Charge-backs, liability disputes and the entire 3D Secure apparatus were all consequences of building payment capacity before building the trust layer to support it.
Agentic commerce is following the same pattern. The protocols emerging right now define how AI agents initiate and complete transactions. They handle checkout mechanics, payment tokenization and credential security. These are necessary.
What they don't fully address is the prior question: How does a merchant, or a bank, verify the agent itself before the transaction begins?
Traditional fraud systems rely on signals that AI agents destroy. An agent has no meaningful IP address. No device fingerprint. No behavioral biometrics. It operates at machine speed from cloud infrastructure, and its traffic patterns can look indistinguishable from a bot attack. Visa documented a 25% increase in malicious bot-initiated transactions over six months last year, with a 40% spike in the U.S. Dark web discussion of AI agent exploitation rose more than 450% in the same period.
The identity layer is where banks have both the most exposure and the most leverage. Issuers authorize the transactions. They bear fraud liability. They manage the cardholder relationship. If agent-initiated transactions lack reliable identity signals, banks face a choice between declining legitimate agent traffic, which frustrates customers and suppresses the commerce the networks are investing billions to enable, or approving transactions with degraded risk signals, which increases fraud exposure.
Autonomous large language models sometimes do things they absolutely should not, such as suddenly go off and mine cryptocurrency. Here's what AI-forward banks can do about this problem.
Several identity frameworks are taking shape. Mastercard's Agent Pay ties agents to individual cardholders through the same tokenization infrastructure that already secures mobile payments. Visa's Trusted Agent Protocol uses cryptographic signatures to let merchants verify agent legitimacy at the point of interaction. FIS launched the first issuer-facing agentic commerce offering in January, designed to let banks use know-your-agent, or KYA, data alongside card details to make authorization decisions. Open protocol efforts, like KYAPay, are gaining traction to create portable identity signals that work with existing bot management infrastructure at the network edge, allowing security systems to distinguish verified agents from malicious automation before the agent even reaches checkout.
None of these approaches alone will be sufficient. The ecosystem is too fragmented. Agents will operate across multiple AI platforms, interact with merchants protected by different security vendors and attempt to pay with cards issued by different banks on different networks. Interoperability across identity frameworks will be just as important as interoperability across payment protocols.
This is where Squeri's language about collaborating with AI companies and industry associations to define standards matters. The payment networks cannot solve this alone because the identity verification happens upstream of the payment. The AI platforms cannot solve it alone because they don't control the merchant's security stack. The bot management vendors cannot solve it alone because they don't have visibility into cardholder authorization and the fragmentation of vendors. It requires coordination across all of these parties, and banks need to be at the table driving it, not waiting for the technology vendors to deliver a finished product.
The financial incentive is clear. McKinsey projects that agentic commerce could orchestrate as much as $1 trillion in U.S. commerce. Morgan Stanley estimates nearly half of online shoppers will delegate purchasing to AI agents by 2030. Banks that get the identity and authorization framework right will capture those transactions and the interchange revenue that comes with them. Banks that don't will watch that volume flow to alternative payment methods, stablecoins, embedded finance providers and closed-loop networks with tighter agent verification that are willing to build the trust layer themselves.
The industry has shown it can move fast. The Agentic Commerce Protocol went from announcement to production inside ChatGPT in months. Agent Pay is already processing pilot transactions across multiple countries. Chrome now supports agentic payments natively. That velocity needs to extend to the identity question with equal urgency.
Squeri told shareholders that managing identity, authorization, fraud risk and liability is of paramount importance for agentic commerce to be adopted broadly. He's right. But the emphasis should fall on the first word in that list. Identity comes first. Everything else depends on it.
Banks have a narrow window to shape how agent identity verification works before transaction volumes force ad hoc approaches that will be harder to standardize later. The e-commerce parallel suggests that waiting is the most expensive option.
