AI agents are coming for commerce.
That is the shiny version.
The less shiny version is that software is about to start shopping, comparing, selecting, initiating, and possibly paying on behalf of people and businesses at a scale the industry has not fully digested yet.
Everyone wants to talk about the magic. Agents finding the best deal. Agents booking travel. Agents ordering office supplies. Agents renewing subscriptions. Agents buying software. Agents handling procurement. Agents making commerce feel conversational, automated, and frictionless.
Very exciting.
Also, congratulations. We just reinvented card-on-file with a god complex.
Because once the agent gets to the payment step, the old payments questions do not disappear. They get louder.
Who authorized this? What credential was used? What were the user’s instructions? What merchant was involved? What limits applied? Was this transaction user-initiated, agent-initiated, recurring, delegated, approved in real time, or approved three weeks ago inside a settings page nobody remembers clicking?
Was the merchant legitimate?
Was the agent legitimate?
Was the purchase within policy?
Was the payment credential tokenized?
Was the issuer given enough context to make a good authorization decision?
And when something goes wrong, who gets to say, “Not it”?
That is where agentic commerce stops being a keynote and becomes a risk program.
Visa’s June 2026 announcements around agentic commerce are worth paying attention to because they are not just “AI can buy stuff now” headlines.
Visa announced a strategic collaboration with OpenAI to enable secure Visa payments within agentic commerce. The stated goal is to support seamless and trusted payments across OpenAI experiences, with Visa providing its global network, credentialing capabilities, tokenization, risk capabilities, real-time authorization, fraud monitoring, and user-defined permissions and controls such as spending limits, merchant categories, and required approvals. Visa’s announcement on its OpenAI collaboration is available here.
That matters.
Because the payments industry has already learned, repeatedly and usually the expensive way, that convenience without control is just fraud with better UX.
Visa also announced broader Intelligent Commerce capabilities, including Agent Score, an Agentic Directory, token enhancements, and a Large Transaction Model intended to improve fraud detection, authorization performance, and trust in agent-driven transactions. Visa described its Agentic Directory as a way for merchants to know which agents can be trusted to transact on their sites, and for agents to know they are interacting with legitimate merchants. Visa’s Intelligent Commerce announcement is available here.
Again, that is not just AI hype.
That is the network saying, in payments language, “If agents are going to transact, the ecosystem needs identity, permissioning, credential controls, merchant trust, issuer signals, and risk data.”
Which is another way of saying: the robot still needs underwriting.
One of the first mistakes people will make is calling the AI agent the customer.
It is not.
The customer is still the person or business on whose behalf the agent is acting. The agent is the interface, the delegate, the workflow layer, the decision assistant, or the execution mechanism. That distinction matters because payments are built around authorization, consent, authentication, liability, dispute rights, credential use, and transaction context.
When a human clicks “Buy Now,” the ecosystem has a rough mental model. Not perfect. But familiar.
When a card-on-file merchant bills a stored credential, there are rules and indicators for that. When a recurring subscription runs, there are frameworks for that. When a merchant initiates a transaction after prior consent, there is language for that. When a customer initiates a transaction in-session, there is language for that too.
Agentic commerce starts bending those categories.
What happens when a user gives an agent permission to buy office supplies under $500 from approved vendors, but the agent selects a merchant the user has never seen before? What happens when the agent books travel within budget but picks a non-refundable fare? What happens when a consumer tells an agent to “find the best deal,” and the agent buys from a fake merchant with a perfect-looking site and a terrible refund policy?
The issue is not whether the agent can initiate a transaction.
The issue is whether the ecosystem can understand what kind of transaction it is.
Payments people should already feel their eye twitching.
Here is the part nobody wants to put on the conference slide: agentic commerce is going to create weird disputes.
Not necessarily because the technology is bad. Because delegation creates ambiguity.
A customer may say the agent bought the wrong thing. The merchant may say the transaction was authorized. The issuer may see a tokenized credential and valid transaction data. The platform may point to the user’s permissions. The agent provider may say the user approved the workflow. The merchant may have fulfilled exactly what was ordered.
Everyone may be telling the truth.
That is what makes it fun.
Fraud and disputes are not always clean stories. Sometimes the payment was technically authorized but commercially misunderstood. Sometimes the user gave broad permission and then regretted the outcome. Sometimes the merchant was legitimate but the product was not what the user expected. Sometimes the agent followed instructions that were too vague. Sometimes the agent got manipulated by bad merchant content, fake reviews, urgency cues, or hostile page design.
Agentic commerce does not remove these problems.
It industrializes them.
That means platforms, merchants, issuers, acquirers, gateways, and ISVs need better audit trails. What did the user authorize? What did the agent see? What instructions were active? What merchant was selected? What policy controls applied? What credential was used? Was there a step-up approval? Was the transaction inside the approved category, dollar limit, merchant list, or time window?
If you cannot answer those questions, your future dispute process is going to be a group project from hell.
Most people still think about tokenization as a card-number replacement trick.
Take the PAN, replace it with a token, reduce exposure, move on.
That version is not wrong. It is just incomplete.
Visa’s Intelligent Commerce announcement specifically talks about enriching tokens with more data, context, and assurance. Visa said token enhancements are designed to provide more details on transaction type, where the token is being used, and who is making the payment. Visa also described token assurance signals based on provisioning and behavioral history, with identity, permissions, and behavioral signals embedded more deeply into credentials so trust can travel with the transaction across devices, channels, and use cases, including autonomous AI-agent transactions. Visa’s Intelligent Commerce announcement is available here.
That is a big shift.
In agentic commerce, tokens are not just about hiding the card number. They become part of the trust fabric. The token can help communicate whether the credential use makes sense, whether the transaction context is expected, whether the agent has appropriate permission, and whether the issuer has enough signal to approve the transaction without making the customer re-authenticate every time their digital assistant buys printer paper.
This is where ISVs and platforms need to pay attention.
If your payment architecture treats all tokens the same, you may miss the point. Processor tokens, gateway tokens, network tokens, merchant-specific tokens, wallet tokens, and future agentic credentials may all have different portability, control, lifecycle, authorization, and data implications.
“The card is tokenized” is not enough detail anymore.
That is like saying “we have security” and pointing at a lock icon.
Agentic commerce also changes the merchant side of the equation.
Historically, merchants optimized websites for humans, search engines, conversion funnels, and occasionally accessibility if someone in leadership had recently attended the right webinar.
Now merchants may need to think about whether agents can understand them.
Can an AI agent identify the product accurately? Can it understand price, availability, shipping, return policy, subscription terms, cancellation terms, merchant identity, reviews, restrictions, and fulfillment expectations? Can it distinguish legitimate checkout flows from confusing or manipulative ones? Can it determine whether the merchant is trustworthy enough to transact with?
Visa’s Agent Score concept is aimed at evaluating whether AI agents can navigate, understand, and complete tasks on a merchant’s website, while the Agentic Directory is aimed at verifying legitimate agents and merchants participating in agentic commerce. Visa’s Intelligent Commerce announcement is available here.
That should make merchants and platforms sit up a little straighter.
Because if agents become meaningful shopping interfaces, bad merchant data becomes a payment problem. Confusing terms become a payment problem. Buried cancellation flows become a payment problem. Misleading product pages become a payment problem. Inconsistent inventory, unclear fulfillment timelines, sloppy descriptors, and vague refund policies become payment problems.
To be fair, they were already payment problems.
Agents just remove some of the human patience that used to absorb the mess.
Agentic commerce will not only affect big AI platforms and global networks. It will also affect the software companies sitting between merchants, customers, payment providers, and business workflows.
Vertical SaaS platforms, marketplaces, procurement tools, expense platforms, travel platforms, healthcare platforms, B2B ordering systems, subscription platforms, and embedded finance companies all need to ask a basic question:
Where do we sit in the trust chain?
Are you just presenting merchant offers? Are you enabling agent-led checkout? Are you storing credentials? Are you setting permissions? Are you enforcing spend limits? Are you routing transactions? Are you providing merchant data? Are you helping agents understand inventory, pricing, policies, and fulfillment? Are you responsible for transaction logs, approvals, or dispute evidence?
The more involved you are, the more your controls matter.
It will not be enough to say, “The network handles tokenization” or “The AI platform handles the agent” or “The processor handles the payment.” Those may all be partly true and still operationally useless.
If your product experience influences what the agent sees, what the user authorizes, what merchant is selected, what payment method is used, or what evidence exists after the transaction, you are in the risk story.
Congratulations. You have been added to the group chat.
The future of commerce may be intelligent, automated, conversational, and programmable.
It will still need boring controls.
That means clear permissions. Spending limits. Merchant category controls. Approved merchant lists. Step-up approvals. Token lifecycle management. Audit logs. Transaction context. Dispute evidence. Fraud monitoring. Agent identity. Merchant verification. Data quality. Customer communication. Exception handling. Liability allocation. Incident response.
The boring stuff is what keeps the magic from becoming a loss event.
And this is where a lot of companies will stumble. They will get excited about AI-led commerce and forget that the back office has to survive the front-end innovation. They will launch agent-friendly workflows before they understand consent. They will let users delegate purchasing authority without enough guardrails. They will assume tokenization solves everything. They will treat agent identity like a technical feature instead of a risk requirement.
Then something will go wrong, and everyone will suddenly rediscover governance.
A timeless classic.
Agentic commerce is coming.
It may be useful. It may be powerful. It may change how consumers and businesses discover, compare, buy, and pay.
But it is not magic.
It is delegated commerce. Automated commerce. Context-heavy commerce. Credentialed commerce. Risk-managed commerce. And yes, in many ways, it is card-on-file with a god complex.
That does not make it bad.
It makes it serious.
If you are an ISV, platform, PayFac, marketplace, merchant, processor, or payments company, now is the time to understand how agentic commerce could affect your payment flows, token strategy, permissions model, merchant data, fraud controls, dispute evidence, and customer experience.
Because when agents start buying, the question will not just be whether the payment went through.
The question will be whether everyone can prove it should have.
Payments Therapist helps ISVs, platforms, PayFacs, merchants, and payment companies understand where new payment experiences collide with old payment realities: authorization, tokenization, compliance, risk, fraud, disputes, and operational controls.
AI may change the interface.
It does not eliminate the need to know what the hell happened.