Agentic Payments: Who's Liable When the AI Pays?

AI agents are already initiating transactions on behalf of consumers. The regulatory frameworks that govern who's responsible when they go wrong are not.

That gap between what the technology can do and what US compliance infrastructure currently covers is the most pressing risk management challenge facing payments leaders in 2026. It won't wait for regulatory clarity before it starts creating real problems.

The Scale of What Is Already Happening

Google's "Buy for Me" feature, live since November 2025, lets users delegate purchases without touching a checkout. FIS followed in January 2026 with the payments industry's first dedicated agentic commerce infrastructure, built with Mastercard and Visa specifically to handle agent-initiated transactions at scale.

The numbers are hard to ignore. McKinsey forecasts agentic commerce could generate up to $1 trillion in orchestrated transactions in the US alone. Global B2C sales through AI agents are projected to reach $3–5 trillion by 2030. As Mastercard's chief digital officer put it recently: "Typically in payments, it takes 10 to 15 years to have a global technology adopted but the pace of this technology is something else."

Regulators will not keep pace. The institutions building internal frameworks now will be ahead when they do.

Three Gaps the Regulation Hasn't Caught Up With

Authorisation frameworks are evolving. Traditional authentication was designed around a present, consenting payer and the industry has already built sophisticated tools to verify and protect that journey. Agentic payments introduce a new layer: an AI acting on standing instructions across multiple merchants, often without a human in the loop at the moment of transaction. The technology to monitor and score those transactions exists. What's missing is the regulatory clarity on how consent should be structured and documented when the initiator isn't human.

Liability needs a clearer allocation model. If an agent overpays, routes to the wrong merchant, or gets socially engineered, the question of who absorbs the loss sits between the consumer, the PSP and the company that deployed the agent. Reg E and Reg Z don't resolve it. That's a policy gap, not a detection gap, the fraud signals are catchable, but the dispute resolution frameworks haven't been written yet.

Agent identity is where the industry is moving fastest. KYC and KYB are well-established. Know Your Agent, verifying what the agent is, who authorised it, and what transaction scope it holds, is the next frontier. FIS built its January 2026 agentic commerce launch explicitly around KYA data, giving issuers agent identity credentials alongside card details for every transaction. Institutions that embed that metadata into their monitoring and case management workflows now will have both the audit trail and the compliance posture regulators will eventually formalise.

What Forward-Leaning Institutions Are Doing Now

The practical response doesn't require waiting for the OCC or CFPB. Banks are defining agent transaction policies internally: spending limits, permitted merchant categories, step-up triggers for human review. Every agent-initiated transaction is being tagged with metadata, agent type, authorisation scope, consent timestamp, so that transaction monitoring, AML screening and dispute resolution have something to work with.

Real-time risk scoring and automated case management are proving particularly relevant here. The volume and speed of agent-initiated transactions makes manual review impractical, and the institutions investing in AI-driven detection and investigation workflows now are building exactly the audit trail that regulators will eventually require.

Visa's Trusted Agent Protocol and Mastercard's Verifiable Intent framework are worth tracking as the most developed industry-level responses to agent identity, and the most likely forerunners of eventual regulatory standards.

Join the Conversation in New York

Liability, consent architecture, Know Your Agent, model risk and agentic fraud are on the agenda at the 5th Financial Innovation Forum - Payments & RegTech, 18 June 2026, Convene Convention Centre, New York.

Senior contributors from TD Securities, Integria AI, Microsoft, Morgan Stanley, JP Morgan, The Clearing House, Federal Reserve Financial Services, Standard Chartered, HSBC, Mizuho, Oliver Wyman and more will address the practical steps US payments leaders need to take, before regulators take them for you.

Request the full agenda or secure your place →

For sponsorship or registration enquiries: info@qubevents.com

Sources: FIS Agentic Commerce Launch (January 2026) · McKinsey Agentic Commerce Forecast · CB Insights Fintech Funding Q3 2025 · MPE 2026 Mastercard Keynote (April 2026)