Agentic payments are live on three continents. The protocols are in production. The infrastructure is real. This is the complete guide to what agentic payments are, how they work, who is building them, and what breaks when AI agents handle money.

Agentic payments are financial transactions initiated, authenticated, or completed by an AI agent acting on behalf of a human or enterprise. Instead of a person tapping a card or clicking "buy," an AI system performs some or all of those steps within parameters the human has set. The human may approve each step, set constraints and walk away, or never be involved in individual transactions at all.

That's the definition. Here's the context.

Every major shift in commerce has required a new payment infrastructure layer. In-person commerce needed plastic cards and point-of-sale terminals. Visa and Mastercard built that layer. Internet commerce needed developer-friendly payment APIs that could process a transaction without a physical card present. Stripe built that layer. Machine commerce, where software is the buyer, needs infrastructure that can authenticate a non-human entity, enforce spending policy at machine speed, and settle transactions across payment rails that were designed for people.

That layer is being built right now. By multiple companies. On multiple continents. With no agreement on standards.

Before going further, a distinction worth drawing clearly.

Agentic commerce is the full lifecycle. An AI agent discovers products, compares options, selects a merchant, negotiates terms, completes checkout, arranges fulfilment, and handles returns or disputes. It covers everything from the moment a consumer or enterprise delegates a task to an agent through to post-purchase resolution.

Agentic payments is the money part. How the agent authenticates itself to the payment system, how it proves it has authority to spend, how the transaction is authorised and settled, and what happens when something goes wrong financially. Agentic payments sit inside agentic commerce the same way card processing sits inside retail. You can't have one without the other, but they're different disciplines with different infrastructure, different risks, and different people responsible for building them.

This guide focuses on the payments layer. We've covered the broader agentic commerce stack separately.

Compare an agentic payment with one you already make. When you buy something online today, you initiate the purchase, authenticate your identity, authorise the payment, and receive confirmation. You're present at every step.

An agentic payment shifts one or more of those steps to an AI agent. The shift can be partial. An agent might find the product and fill in the form while you hit the final "confirm" button. Or the shift can be total. An agent might monitor your business's inventory levels, identify that you're running low on packaging materials, compare prices across four suppliers, negotiate volume discounts, place the order, and pay the invoice. You find out when the boxes arrive.

The differences show up at every stage of the transaction lifecycle:

That last row is the one that keeps payments executives up at night. We have written extensively about the dispute crisis in agentic commerce and the missing dispute layer. The chargeback system was built on the premise that a human made the purchase and a human is unhappy about it. When an agent made the purchase, the liability question gets complicated fast.

The authentication column is equally significant. A human's identity is verified through something they know (password), something they have (phone), or something they are (fingerprint). An agent's identity is verified through cryptographic signatures, token-based credentials, and policy frameworks that did not exist 18 months ago. Visa's Trusted Agent Protocol and Mastercard's Verifiable Intent framework are two of the earliest production attempts at solving this, and they take fundamentally different approaches.

Not all agentic payments are created equal. The difference is how much the human is involved.

The human initiates and completes the transaction. The agent helps in the middle.

You tell ChatGPT you need a new pair of running shoes under $150. The agent searches across merchants, compares prices, checks reviews, and presents you with three options. You pick one. You confirm the purchase. You enter your payment details or approve with a saved method.

This is what ChatGPT shopping does today for US users. Over one million Shopify merchants are accessible through the platform. Google's partnership with Gap brings a similar experience to Gemini. The agent does the legwork. The human holds the wallet.

The infrastructure requirements here are modest. The agent needs access to product data and a way to hand off to a checkout flow. Existing payment rails handle the rest. This model carries the least risk because the human sees everything before money moves.

The human sets parameters. The agent executes within those constraints. The human may or may not confirm each transaction.

You tell your agent: "Book me the cheapest direct flight to New York leaving Friday morning, and a hotel within walking distance of the office for under $250 a night. Use my corporate card." The agent searches flights, compares hotels, selects the best options within your constraints, and books both. You get a confirmation notification.

This is the model Mastercard's Agent Pay framework enables. Live on three continents through the Santander and Visa partnership, and with infrastructure deployed across Latin America, Europe, and Asia-Pacific, delegated agent payments are in production today. The agent operates within a policy envelope: approved merchants, spending limits, transaction types. Anything outside the envelope triggers a human approval step.

The infrastructure is more complex. The agent needs a verified identity, a way to prove it has authority to transact, spending constraints enforced at the network level, and a mechanism for the human to review and override. Mastercard's Verifiable Intent creates a cryptographic record of what the human actually authorised, which becomes critical if a transaction is later disputed.

The agent transacts independently based on standing policy. No human approval per transaction.

An enterprise's procurement agent monitors inventory across 12 warehouses. When stock of any component falls below the reorder threshold, the agent solicits quotes from approved suppliers, evaluates them against historical pricing and delivery performance, places the order, and pays the invoice. The finance team reviews a weekly summary. Individual transactions are not approved by a human.

This model does not require new payment rails. It requires new governance. Who is liable when the agent orders from the wrong supplier? What happens when the agent's pricing model is exploited by a supplier that figured out the algorithm? How does the enterprise audit thousands of autonomous transactions?

The autonomous model is where enterprise procurement, fleet management, and supply chain operations are heading. It is also where the regulatory vacuum is widest. No jurisdiction has published guidance on liability for fully autonomous agent transactions.

None of this infrastructure existed two years ago. All of it is in production today. We mapped the full agentic commerce stack for Q1 2026. Here's the payments-specific breakdown.

Before an agent can pay, it needs to find something to buy and understand what the merchant accepts.

OpenAI's Agentic Commerce Protocol (ACP), built with Stripe, handles checkout for ChatGPT shopping. It defines how an agent calls a merchant's checkout endpoint, updates the session as items change, and receives order events via webhooks. Google's Universal Commerce Protocol (UCP) is more ambitious, standardising the full journey from product discovery through post-purchase management with over 20 partners including Shopify, Visa, Adyen, and Target.

Both are open source. Both are in production. They don't talk to each other.

The hardest unsolved problem in agentic payments is proving that an agent is legitimate, acting on behalf of a specific human, and authorised to spend their money.

Visa's Trusted Agent Protocol (TAP) uses cryptographic signatures to authenticate agents at the network edge. Built with Cloudflare and Akamai, it answers the question: is this agent who it claims to be?

Mastercard's Verifiable Intent answers a different question: did the human actually tell the agent to do this? It creates a tamper-proof record of the consumer's authorisation that can be referenced later in the event of a dispute.

Vouched introduced KYA (Know Your Agent), applying the same logic as KYC (Know Your Customer) to non-human transaction initiators. Their MCP-I protocol gives agents a way to present verifiable identity credentials to merchants.

These frameworks overlap but don't replace each other. Proving an agent is real is not the same as proving a human told it to buy something. The industry needs both solved. Right now, different companies are solving different halves.

Three protocols now define how agents actually move money.

Coinbase's x402 embeds payments directly into HTTP. A server returns a 402 status code with payment metadata. The agent constructs a signed stablecoin payment and retries with the payment in an HTTP header. Settlement is onchain, instant, and irreversible. The x402 Foundation now includes Cloudflare, Google, and Visa.

Stripe's Machine Payments Protocol (MPP) is payment-method agnostic. Agents can pay with stablecoins, cards, or buy now pay later through a single specification. For the 4.5 million businesses already on Stripe, integration takes a few lines of code. Transactions appear in their existing dashboard.

Mastercard's Agent Pay provides governance and tokenisation for agent-initiated transactions on card rails. It is live with acquiring partners including Fiserv, which adopted both Visa and Mastercard frameworks simultaneously.

Agents need somewhere to hold payment credentials and manage spending authority.

MoonPay's Open Wallet Standard (OWS) is the first open specification for AI agent wallets. It defines how agents store, manage, and present payment credentials across providers without locking into a single wallet vendor. The standard covers wallet creation, credential management, transaction signing, and spending policy enforcement.

Before an agent spends money, someone needs to define what it is allowed to spend. This is the governance layer.

The concept is similar to how corporate cards work today: pre-set merchant categories, spending limits, and approval workflows. The difference is that policy enforcement needs to happen at machine speed for thousands of simultaneous transactions. Several research groups and startups are exploring formal policy constraint architectures, but nothing has reached production yet.

Production implementations of pre-transaction authorisation are thin. Most agent frameworks today rely on simple spending caps and approved merchant lists. The sophisticated policy engines that autonomous agents will need are still largely in research.

After authorisation, the money moves.

Traditional card rails remain the dominant settlement mechanism. Santander and Visa completed live agentic payments across Latin America in March 2026 on production Visa networks. The three-day clearing window, interchange fees, and chargeback framework all apply.

Stablecoins offer an alternative. x402 settles on USDC in seconds with no intermediary. Stripe's Tempo network, launched alongside MPP, provides stablecoin settlement purpose-built for machine payments.

The settlement layer is where the philosophical divide in agentic payments runs deepest. Card networks want agent payments on their rails because it preserves interchange revenue. Crypto-native protocols want instant settlement because it suits high-frequency, low-value agent transactions. Both have legitimate arguments. The market has not chosen.

Nothing.

Not a protocol. Not a specification. Not a sandbox demo. The chargeback system assumes a human initiated the transaction, a human is unhappy with it, and a human files the dispute. None of those assumptions hold when an agent is the buyer. We've covered this extensively: the agentic dispute crisis, the missing dispute layer, and the specific risk to credit unions that don't have the resources to handle what's coming. This is the widest hole in the stack. And nobody's job description includes filling it.

The landscape is moving fast enough that any snapshot is slightly out of date by the time it's published. But the strategic positions are clear.

Visa is playing the long game. The Trusted Agent Protocol, agent-specific payment tokens, Passkey authentication for agent actions, and partnerships with Cloudflare and Akamai position Visa as the trust layer for agentic commerce. Visa is also a member of the x402 Foundation, hedging its bet on settlement rails. The strategy is ecosystem breadth: be present at every layer, partner with everyone, and let the market pick winners while ensuring Visa infrastructure is underneath regardless.

Mastercard prioritised speed to market. Agent Pay is live on three continents. Verifiable Intent shipped in production. The expansion into Latin America demonstrates Mastercard's willingness to deploy in emerging markets where regulatory frameworks are still forming. Mastercard is betting that the first network to process significant agent payment volume sets the standard.

Stripe took the developer-first approach it takes to everything. MPP is an open protocol, but the easiest path to integration runs through Stripe's existing infrastructure. With 4.5 million businesses already on the platform, Stripe does not need merchants to adopt new rails. It needs them to flip a switch. The partnership with OpenAI on ACP gives Stripe access to whatever ChatGPT's shopping feature becomes.

Coinbase is the crypto-native bet. x402 makes stablecoins the settlement layer for the internet itself, embedded at the HTTP protocol level. The approach is radical: rather than building agent payment infrastructure on top of existing rails, build it into the web's foundation. The x402 Foundation's membership, which includes Google and Visa alongside Cloudflare, suggests the industry takes the bet seriously even if daily transaction volume remains modest.

OpenAI controls the discovery layer for a significant share of AI-assisted shopping. ChatGPT shopping is live for US users with over one million merchants accessible. OpenAI's strategy is to own the top of the funnel: the moment a consumer asks an AI to find something to buy. It has not built its own payment infrastructure, partnering with Stripe instead. That makes OpenAI powerful at discovery but dependent on others for everything below.

Google is the only company competing across discovery, checkout, and settlement simultaneously. UCP covers the full commerce journey. The Gap partnership puts Gemini-powered checkout in front of consumers. Google's Agent Payments Protocol (AP2) bridges stablecoin and fiat settlement. Google is also a member of the x402 Foundation. The breadth is unmatched, but Google has a history of launching commerce initiatives that do not reach critical mass.

MoonPay is building the wallet layer. The Open Wallet Standard positions MoonPay's infrastructure as the place where agents hold credentials and manage spending authority, regardless of which payment protocol or settlement rail is used. It is a bet on being the Switzerland of agentic payments: neutral infrastructure that every protocol needs.

Beyond the major platforms, a wave of startups is building the connective tissue.

Skyfire launched the first dedicated payment network for AI agents, with its own Know Your Agent (KYA) protocol using JSON Web Tokens to give agents verifiable identities. Skyfire works across both stablecoin and Visa tokenised credentials, bridging the two settlement worlds rather than picking a side.

Nekuda raised a $5 million seed round backed by both Amex Ventures and Visa Ventures. Two competing card networks investing in the same startup tells you how urgent they consider the problem. Nekuda's SDK provides a Secure Agent Wallet and Agentic Mandates framework, and the company is a launch partner for Visa Intelligent Commerce.

The startup activity is worth watching. When the venture capital arms of Visa and Amex are both writing cheques in the same space, the infrastructure gap is real and the incumbents know they can't fill it alone.

Most coverage of agentic payments stops at the protocol layer. Here is what it actually looks like when the technology meets a real business problem.

You tell your agent you're flying to Berlin next month for a conference. The agent searches flights, checks your airline loyalty programme, finds a direct route on your preferred carrier for £340, and holds the fare. It searches hotels within walking distance of the venue, filters for your usual preferences (quiet room, high floor, free cancellation), and presents two options. You approve both. The agent books them on your corporate card, adds the confirmation to your calendar, and sets a price alert in case the flight drops before the booking window closes.

This is agent-assisted moving toward agent-delegated. The human reviews and approves. The infrastructure that makes it possible: Google's UCP or OpenAI's ACP for discovery, Mastercard's Agent Pay or a standard card rail for payment, and Visa's TAP or Mastercard's Verifiable Intent for proving the agent has authority to transact.

What makes this different from using a travel website? Speed and memory. The agent already knows your preferences from previous trips. It doesn't show you 40 options. It shows you two. And it monitors for changes after booking, something no human reliably does.

A facilities management company operates 200 commercial buildings. Each building consumes cleaning supplies, maintenance parts, and seasonal materials on predictable cycles. Today, a procurement team of 12 people manages supplier relationships, compares quotes, issues purchase orders, and reconciles invoices. It's skilled work, but most of it follows patterns that haven't changed in years.

With agent-autonomous payments, an AI procurement agent monitors consumption data across all 200 sites. When stock at any location drops below the reorder threshold, the agent solicits quotes from approved suppliers, compares against historical pricing and delivery performance, selects the best option, issues the purchase order, and schedules payment within the supplier's terms. The procurement team reviews a weekly dashboard. They intervene on exceptions: a new supplier, an unusual price spike, a contract renewal negotiation. The routine work is gone.

The infrastructure: Stripe's MPP or card rails for payment execution, virtual cards with spending limits per supplier category, and a policy engine that defines what the agent can and can't do. The governance gap here is real. The agent needs spending authority that's auditable, revocable, and granular. Most enterprises don't have that infrastructure yet, which is why the autonomous model is still early.

The value is concrete. Twelve people managing routine procurement become three people managing exceptions and strategy. The agent processes thousands of transactions per week with no overtime, no errors from fatigue, and no maverick spending. The savings aren't incremental. They're structural.

This is the use case that looks the most different from anything in payments today.

An AI research agent needs access to a proprietary dataset. The data provider's API returns a 402 status code: payment required. The agent reads the price ($0.003 per query), checks its spending policy (data acquisition budget of $50 per day, $0.01 per query maximum), confirms the price is within bounds, constructs a signed stablecoin payment using Coinbase's x402 protocol, and retries the request with payment attached. The data arrives. The transaction settles onchain in seconds. No human was involved. No checkout page was rendered. No card was charged.

This is where agentic payments diverge most sharply from traditional commerce. The buyer is software. The seller is an API. The transaction value is fractions of a penny. The volume could be thousands of transactions per hour. Traditional payment rails can't process a $0.003 card transaction economically. Interchange alone would exceed the transaction value. Stablecoin settlement makes micropayments viable because there's no intermediary taking a percentage.

The x402 protocol and Stripe's MPP are both designed for this. The use cases are already live: AI agents paying for compute, data access, model inference, content licensing, and search results. The volume is small today. The architecture suggests it won't stay small.

A mid-size business runs 47 SaaS subscriptions across engineering, marketing, sales, and operations. Some are annual contracts. Some are month-to-month. Several have usage-based pricing that fluctuates. Nobody in the company has a complete picture of what they're spending or whether they're on the right plan for each tool.

An agent-delegated payment system monitors all 47 subscriptions. It tracks usage against plan thresholds. When a tool's usage drops below 30 percent of the plan capacity for three consecutive months, the agent flags it for downgrade or cancellation. When usage consistently exceeds plan limits and incurs overage charges, the agent models the cost of upgrading versus staying on the current plan and presents the recommendation. If the savings exceed a pre-set threshold, the agent executes the plan change automatically. Below that threshold, it asks a human.

The agent doesn't just pay bills. It optimises spending continuously, at a level of granularity that no human team can sustain across 47 products. The infrastructure: standard card or ACH rails for payment, API integrations with each SaaS provider for usage data, and a policy engine that defines the agent's authority to make changes versus recommend them.

A UK-based e-commerce brand sources products from four countries: packaging from Poland, electronics components from South Korea, textiles from Portugal, and specialty ingredients from Japan. Each supplier invoices in their local currency. Today, the finance team manages FX exposure manually, timing payments to catch favourable rates when they remember, absorbing the spread when they don't.

An agent-delegated payment system monitors exchange rates continuously. When a supplier invoice is due and the rate is within the finance team's acceptable range, the agent executes the payment at the live rate. When rates move unfavourably, the agent holds the payment until the last possible date within the supplier's terms, watching for a better window. It logs every payment with the rate achieved versus the benchmark rate, giving the finance team a clear picture of FX savings.

The infrastructure here is a combination of existing payment rails (SWIFT for wire transfers, or stablecoins for faster settlement) and real-time FX data feeds. The agent doesn't need new payment protocols. It needs the authority to time payments within defined constraints and the data to make those timing decisions intelligently.

Here's what we keep coming back to after two months of covering this space. The technology is impressive. The protocols are clever. The companies are well-funded. But the thing that actually changes is more fundamental than any of them.

The assumptions break.

Every payment system in the world was built on a set of assumptions about who is on the other end of the transaction. A person. With a device. With a location. With a pattern of behaviour that can be modelled, scored, and adjudicated. When the entity on the other end is software, those assumptions don't bend. They snap.

Speed. A human takes 30 seconds to complete a checkout. An agent does it in milliseconds. When Revolut reported its 2025 results, the infrastructure ambitions pointed toward exactly this kind of machine-speed transaction processing. Payment infrastructure built for human reaction times will need to handle agent-speed volume, which means latency, timeout, and rate-limiting assumptions all change.

Volume. A human places a few orders a week. An enterprise procurement agent can initiate thousands of transactions per second across dozens of suppliers. The card networks process roughly 65,000 transactions per second at peak today. Agent commerce could multiply that by an order of magnitude within a few years. Capacity planning for payment processors, networks, and banks changes fundamentally.

Evidence. Traditional fraud detection relies on signals that come from human behaviour: IP addresses, device fingerprints, browser cookies, typing patterns, mouse movements. An agent produces none of these. It operates from servers, cloud instances, or edge nodes. It has no consistent device. It does not type. The entire evidence base for transaction risk scoring disappears, and the industry has not yet built a replacement. We explored this gap in our analysis of NVIDIA's agent security findings.

Disputes. The chargeback system is built on a chain of human decisions: the human bought it, the human didn't receive it, the human wants their money back. When an agent bought it on the human's behalf, did the human authorise that specific purchase? If the agent chose wrong, is that the agent platform's fault, the merchant's fault, or the consumer's fault for delegating poorly? Card network reason codes do not account for agent-initiated transactions. The infrastructure for resolving agent payment disputes does not exist, and the consequences for financial institutions that aren't prepared are significant.

Regulation. No jurisdiction has published comprehensive rules for agent-initiated financial transactions. The EU's AI Act covers AI systems broadly but does not address payment-specific liability for autonomous agents. The US has no federal framework. The UK's FCA has issued guidance on AI in financial services but nothing specific to agentic payments. This is a vacuum, and companies building in it are making regulatory bets that may or may not pay off.

None of this works if we don't talk about what breaks.

Cascading errors. An agent buying the wrong item is a nuisance. An agent that notices the mistake, tries to return it, reorders from a different supplier, triggers a duplicate shipment, and then places a third order to reconcile the inventory discrepancy is a cascading failure. Three transactions deep before a human even knows something went wrong. Agent payment systems need circuit breakers. Most don't have them.

Supply chain attacks. When AI agents rely on third-party libraries and tool integrations to execute payments, the supply chain becomes an attack surface. A compromised dependency can redirect transactions, exfiltrate credentials, or manipulate pricing data. The LiteLLM vulnerability demonstrated that agent infrastructure has the same supply chain risks as any software system, with the added consequence that exploitation means money moves to the wrong place.

The liability vacuum. When an agent overspends, buys the wrong thing, or transacts with a fraudulent merchant, who pays? The consumer who delegated authority? The agent platform that built the AI? The merchant who accepted the payment? The card network whose rails carried it? Contract law and consumer protection regulation were written for transactions between humans and businesses. Agent-initiated transactions introduce a third party, the AI platform, whose liability is undefined in most jurisdictions.

Regulatory uncertainty. Companies building agentic payment infrastructure today are operating in a regulatory gap. That gap will close. When it does, the rules may not match the assumptions baked into the protocols. A regulation requiring human confirmation for all transactions above a threshold would effectively ban the autonomous model. A ruling that agent platforms bear liability for agent errors would reshape the economics of every AI company offering commerce features.

The consumer trust gap. According to Bain & Company research, 72 percent of consumers have used AI in their shopping journey. Only 10 percent have let an agent actually complete a purchase. That's a massive gap between curiosity and trust. We covered the trust gap in depth. The infrastructure is ahead of the willingness to use it. Companies building agentic payments need to plan for a long adoption curve, not a switch that flips overnight.

Now (Q1 2026). The protocol layer has shipped. Mastercard Agent Pay is processing live transactions on three continents. Visa's Trusted Agent Protocol is in production with Cloudflare and Akamai. ChatGPT shopping is live for US users. x402 and MPP are processing real transactions. Prediction markets are already settling agent-driven wagers in seconds. Discovery layers are functional. Trust frameworks exist. Settlement works on both card and stablecoin rails. The foundations are built. Interoperability is not.

Next 12 months. Card networks will update reason codes to account for agent-initiated transactions. The first regulatory guidance specifically addressing agentic payments will emerge, likely from the EU or UK. Enterprise procurement will become the first sector to adopt agent-delegated payments at scale, because the business case for automating thousands of routine purchases is immediate. Agent wallets will move from concept to standard infrastructure. Processor adoption will accelerate as Fiserv, FIS, and their peers push agentic capabilities to merchants and banks through platform updates.

Two to three years. Agent-initiated payments will appear as a standard checkout option alongside card, digital wallet, and buy now pay later. Consumer-facing agent commerce will move beyond shopping assistants to routine purchases: groceries, subscriptions, bill payments, travel. The trust frameworks will mature. Interoperability between protocols will improve through market consolidation rather than industry agreement. One or two discovery protocols and one or two payment protocols will emerge as defaults.

Five years and beyond. The majority of routine, repeatable transactions will be agent-initiated. Humans will handle exceptions, high-value decisions, and novel purchases. The payment industry's revenue models, which depend on per-transaction fees and interchange, will adapt to a world where transaction volume is dramatically higher but individual transaction values may be lower. The companies that control the default agentic payment protocols will shape the economics of commerce for the next decade.

Agentic payments are not a concept paper or a conference demo. They are production infrastructure, processing real money, on live networks, today. The protocols will consolidate. The regulation will arrive. The trust will build. But the foundation is already poured, and every company in payments is now building on top of it.