Velera, the nation's largest credit union service organisation, processes debit and credit card transactions for more than 4,000 financial institutions across North America. When Elizabeth Wadsworth, Vice President of Decision Intelligence and Transformation at Velera, told PYMNTS that "AI agent authorisation is something that is really important," she was describing the challenge from the fraud prevention side. How do you verify that an AI agent spending a member's money is actually authorised to do so?

That is the right question. But it is only half the problem.

The other half is what happens after the transaction settles and the member says, "I didn't want that." For the major banks, that dispute lands in an automated workflow with dedicated chargeback teams, established evidence pipelines, and the infrastructure to process millions of cases annually. For a credit union with 50,000 members and a three-person fraud department, the same dispute could consume a disproportionate share of operational capacity.

Credit unions are not banks. That distinction matters for more than regulatory purposes. It defines the operational reality of how disputes get handled.

The largest US banks process chargebacks through dedicated departments with hundreds of analysts, automated case management platforms, and direct integrations with the card network dispute systems. JPMorgan Chase and Bank of America each serve over 60 million consumer accounts. Their dispute operations are built to absorb volume spikes.

The average credit union serves roughly 20,000 members. Many serve fewer than 10,000. Their dispute operations typically consist of a small team handling chargebacks alongside other operational responsibilities. According to Credit Union Times, credit unions often struggle with fragmented tools and legacy silos when managing disputes, fraud, and compliance cases. These disjointed systems hinder teams' ability to maintain consistency, visibility, and control as volumes increase.

That fragmentation is manageable when dispute volumes grow predictably. It becomes a serious operational risk when an entirely new category of disputes arrives, one that does not fit existing reason codes, requires evidence types the current systems cannot process, and generates patterns no analyst has seen before.

As we detailed in our analysis of the agentic commerce dispute crisis, the chargeback system was designed for a world where a human initiated every transaction. Agent-initiated purchases break the evidentiary foundations that dispute resolution depends on: IP geolocation, device fingerprints, browser data, session logs. None of these exist when the buyer is software running on a cloud server.

To Velera's credit, the organisation is not ignoring the challenge.

Wadsworth's comments to PYMNTS focused on the fraud vector: criminals using AI to clone voices, create synthetic identities, and mimic legitimate member behaviour to evade detection. She described fraud "hitting all sides" of the member lifecycle, from account creation through login to transactions. The response Velera is building centres on risk-based authentication, device-bound credentials, passkeys, and tokenisation of sensitive identity data.

But CU Today reported that Wadsworth has also called for "an entire redesign of payments and chargeback ecosystems" in response to agentic commerce. The entire process built over decades, authentication, authorisation, fraud scoring, chargebacks, must be rethought when the initiating party is an autonomous agent operating under delegated authority.

That is the correct diagnosis. The question is whether 4,000 credit unions can execute a chargeback ecosystem redesign before agentic transaction volumes arrive.

Velera is also investing in governance. In 2025, the company built a governance framework to help credit unions manage AI risk, and the 2026 PYMNTS/Velera Credit Union Tracker Series, "Critical Moment: The AI Imperative for Credit Unions", examines the adoption gap directly. The infrastructure investments are real. Whether they extend deep enough into dispute resolution is the open question.

Banks are regulated by the OCC, the FDIC, or the Federal Reserve. Credit unions answer to the NCUA, the National Credit Union Administration, and that difference is not cosmetic.

The NCUA's 2026 supervisory priorities flag fraud as "a pervasive and elevated risk" and commit examiners to reviewing credit union fraud detection and internal controls. The agency has updated its AI resource hub to consolidate guidance for federally insured credit unions, including references to FinCEN alerts on deepfake fraud targeting financial institutions.

What the NCUA has not done is issue guidance on agentic commerce disputes. There is no supervisory letter on how credit unions should handle chargebacks initiated by member-authorised AI agents. No examination procedures for evaluating whether a credit union's dispute infrastructure can process intent records, mandate logs, or agent identifiers. No framework for assessing whether the delegation of purchasing authority from a member to an AI agent constitutes a pre-authorised transfer under the Electronic Fund Transfer Act.

The Consumer Bankers Association convened a symposium on agentic AI payments in late 2025 that warned agentic payment volumes could overwhelm existing dispute systems. That warning was directed at the banking sector. Credit unions, which the CBA does not represent, face the same risk with fewer resources and a different regulator that has not yet addressed the question.

The operational challenge is compounded by a staffing reality that the broader payments industry does not share to the same degree.

Credit unions continue to struggle with hiring and retaining experienced fraud professionals, according to Abrigo's 2026 analysis of fraud threats facing the sector. As workloads increase and expectations rise, the staffing gap becomes a liability. Complex investigations, instant payment alerts, and now the prospect of agent-initiated disputes all compete for the same limited analyst hours.

Now layer on the evidence problem. As we explored in the parent article, when a member's AI agent makes a purchase, the traditional evidence sources that support chargeback representment do not exist. The merchant cannot provide IP geolocation or device fingerprint data because the buyer was a software agent. The credit union cannot point to a clear moment of intent because the authorisation was a delegation, not a direct action.

The protocols being built to solve this, Mastercard's Verifiable Intent, Visa's Trusted Agent Protocol, Google's Agent Payments Protocol, create new evidence types: cryptographic intent records, mandate logs, agent identity certificates. As we covered in our analysis of how Fiserv is integrating both Visa and Mastercard agentic frameworks, the major processors are beginning to adopt these protocols.

But Fiserv serves the merchant acquiring side. On the issuing side, where credit unions sit, the question is different. Can your dispute management platform ingest a Verifiable Intent object? Can your three-person fraud team evaluate a cryptographic mandate log? Can your case management system, which may be a spreadsheet supplemented by the card network's portal, process evidence types that did not exist six months ago?

For most credit unions, the honest answer is no.

There is a strategic dimension that credit union leaders need to consider beyond operations.

As CU Insight noted, who hosts the AI agent and how network rules are written around permissions will determine whether credit union issuers even play a role in enabling agentic commerce across their card programmes. If a member's AI agent is hosted by Apple, Google, or OpenAI, and the agent selects which payment credential to use at checkout, the credit union's card may not be the default choice.

The credit unions that can authenticate agent transactions smoothly, resolve disputes quickly, and demonstrate to members that their card is safe for agent-delegated spending will retain card-on-file status in the agentic economy. The ones that cannot will watch their cards get replaced by competitors whose infrastructure handles the new transaction type.

Among Gen Z and younger Millennials, 80 percent already use AI for financial planning, and roughly three-quarters are comfortable with agentic AI. These are the members credit unions need to retain. They are also the members most likely to delegate purchasing authority to an AI agent and then file a dispute when the outcome does not match expectations.

The window is narrow but not closed.

Velera and other credit union service organisations need to extend their agentic commerce readiness work beyond fraud prevention into dispute resolution. That means building or procuring systems that can ingest the new evidence types the agentic protocols produce, training dispute analysts on agent-initiated transaction patterns, and establishing workflows for the "fourth category" of dispute that Chargebacks911 has identified: technically authorised but experientially wrong.

The NCUA needs to issue guidance. Not just on AI-enabled fraud, which it has addressed, but on the liability and operational implications of member-authorised AI agents conducting transactions. Credit unions need clarity on whether existing EFTA frameworks apply to agent-delegated purchases before the volume arrives, not after.

America's Credit Unions, the merged trade group formerly known as CUNA and NAFCU, should be convening the same conversations the Consumer Bankers Association held in late 2025. The banking sector has at least started asking the questions. The credit union sector cannot afford to ask them later.

And individual credit unions need to audit their dispute infrastructure now. Not for today's volumes, but for a scenario where five to 10 percent of card transactions are agent-initiated and the dispute rate on those transactions is higher than any category they currently process.

When the first wave of agent-initiated disputes hits a credit union with 50,000 members and three fraud analysts, will the cooperative model that built trust over decades survive a category of transaction it was never designed to adjudicate?