- Key insights: Google has launched its Agent Payments Protocol, an open protocol that establishes a payment-agnostic framework for users, merchants and payments in agentic AI.
- What's at stake: AP2 was developed with payments and technology companies such as Adyen, American Express, Ant International, Coinbase, Mastercard and PayPal.
- Forward look: The protocol supports multiple payment types, including debit and credit card, stablecoins and real-time bank transfers.
Payments and technology firms have been racing to develop a framework that will guide agentic payments, and Google has asked more than 60 payment and technology companies to help launch the search giant's protocol.
Google on Tuesday launched its Agent Payments Protocol, an open protocol that establishes a payment-agnostic framework for users, merchants and payments in agentic AI. Payment and technology firms such as Adyen, Alipay, American Express, Mastercard, PayPal and Worldpay
The protocol supports multiple payment types, including debit and credit card, stablecoins and real-time bank transfers.
"Innovation doesn't happen in isolation, it needs an ensemble of innovators. That's why we are collaborating in crafting an open standard to make the financial infrastructure of the world ready for agentic commerce," Andreu Mora, Adyen's senior vice president of engineering, told American Banker. "This commitment to collaboration is how we ensure that as AI-driven commerce evolves, it works seamlessly for everyone."
Agentic AI is an AI-powered virtual assistant that can act on behalf of a user autonomously, including, but not limited to, making a payment. Visa and Mastercard were some of the first to
One of the biggest hang ups with agentic payments is that consumers, merchants, financial institutions and payment processors all need to verify that the agent is who it says it is, that it is acting on behalf of the consumer, and that it has the authority to do so.
Google's AP2 protocol is designed to provide interoperable guidelines to how AI agents are authorized, authenticated and held accountable for their actions.
Agentic payments can happen in two modes, Rodri Touza, co-founder of Crossmint, told American Banker. Crossmint is a developer platform for wallets, stablecoins, and agentic commerce and a contributing partner to AP2.
"The first is full independence: an AI agent operates autonomously and makes payments all on its own based on parameters set by a user. The other is a specific task: You might say 'book me a flight' or 'order my usual groceries,' and the agent has to handle the payment in order to resolve that intent," Touza said.
The challenge is that payments weren't built for these kinds of functions. "It's like if you handed your card to a friend: They could misuse it, buy the wrong thing, or get blocked by anti-fraud filters. That creates a poor user experience – and will dramatically slow adoption of AI agents," Touza said.
AP2 uses something it calls Mandates to verify authority and intent in both examples. Mandates are tamper-proof, cryptographically-signed digital contracts that serve as verifiable proof of a user's instructions,
On a one-off transaction for a specific task, the protocol captures an "Intent Mandate" such as, "Find me a gold watch." Once the agent finds the product, it presents that to the user, who then signs a "Cart Mandate" verifying the exact item and price.
For a more independent transaction, such as "Buy Cubs tickets the moment they go on sale," the protocol captures both "Intent Mandates" and collects additional information about pricing, timing and other conditions that allow the AI agent to generate a "Cart Mandate."
"Google's new protocol provides a common language to delegate credentials, set boundaries, and create accountability," Touza said. "That's what allows banks, card networks, and fintechs to treat agent-initiated payments with the same trust as a traditional card swipe. Once the rails are in place, agents can reliably pay for services, content, or even settle with other agents."
For merchants, AI agents are smart distribution channels, Aurelie Guerrieri, chief marketing and alliances officer at DataDome, said in an email. DataDome is a bot and cyberfraud protection company.
"We're already hearing from merchants exploring how to dynamically recognize loyal customers and offer them early access to inventory or time-sensitive discounts," Guerrieri said. "Others are piloting agent-to-agent price negotiations or using AI to instantly suggest alternate products when stock runs low. Google's launch of a protocol for agent-driven purchases is essential to enabling these experiences."
But the guardrails AP2 sets up are just the beginning of a larger fight against fraud, Guerrieri said.
"An agent could leverage stolen credentials to access loyalty accounts, flood pricing [model context protocols] to identify and exploit inconsistencies, or even simulate purchase intent en masse to deplete inventory and block out legitimate buyers.," Guerrieri said. "Identity verification won't be enough. It will be about assessing the intent of the agent, and correlating their behavior with what's expected by the business."
