00 Β· Executive Summary

Agentic Payments: State of the Field β€” April 2026

This section is self-contained. A reader who only has time for one file should be able to close their laptop afterwards and still brief a board, a product team, or a regulator. Full technical, legal, and market detail is in the downstream sections, each linked below.

1. TL;DR β€” Six findings

  1. Agentic payments moved from slide-ware to production rails inside twelve months. Between April 2025 and January 2026 every major card network (Visa, Mastercard, American Express), the two dominant LLM platforms (OpenAI, Google), the two dominant PSPs (Stripe, PayPal), and the CDN that fronts ~20 % of the web (Cloudflare) all shipped protocols, SDKs or live checkout integrations for AI-agent-initiated commerce.[^visa-tap][^mc-agentpay][^acp-launch][^ap2-launch][^cf-press][^paypal-devdays]
  2. Three technical camps have crystallised, and they are not yet interoperable. (a) Google's AP2 uses W3C Verifiable Credentials ("Mandates") over A2A/MCP;[^ap2-spec] (b) OpenAI + Stripe's ACP uses a SharedPaymentToken flow with the merchant kept as Merchant-of-Record;[^acp-spec] (c) Coinbase's x402 revives HTTP 402 for stablecoin micropayments settled by a "facilitator".[^x402-docs] Visa's Trusted Agent Protocol and Cloudflare's Web Bot Auth sit underneath all three as an identity/attestation layer.[^visa-tap][^wba-draft]
  3. Identity, not payment, is the hard problem. Every production protocol bolts onto existing rails (card network tokens, ACH, stablecoins); what is genuinely new is Know-Your-Agent (KYA) β€” cryptographically proving that request X from bot Y is acting under delegated authority from human Z, and that the scope has not been exceeded.[^csa-ap2][^ack-catena]
  4. Market-size forecasts diverge by ~10Γ—. Kearney projects 25 % of global e-commerce (10–12T/yr)couldbeagentβˆ’ledby2030;McKinseyβ€²srangeis10–12 T/yr) could be agent-led by 2030; McKinsey's range is3–5 T globally with up to $1 T in U.S. retail.[^kearney][^mckinsey][^dc360-mckinsey] These are scenarios, not base rates β€” flag them as such to any investor who quotes them.
  5. The binding constraints are regulatory and reputational, not technical. CFPB, FCA/PSR, and EU AI Act overlays onto PSD2/PSD3 have not yet resolved who is liable when an agent buys the wrong thing, gets prompt-injected, or disputes a charge.[^linklaters][^cba-wp] Current industry consensus is to keep Merchant-of-Record and liability frameworks identical to human card-not-present commerce while the law catches up.[^acp-spec][^justt]
  6. The "machine economy" thesis is real but small. Stablecoin-denominated agent-to-agent micropayments (x402, ERC-8004, Skyfire, Crossmint) measure transaction counts in the millions and notional values in the tens of millions of dollars as of Q1 2026 β€” meaningful as proof-of-concept, trivial against card volumes, and where most of the net-new economic activity (APIs paid per call, pay-per-crawl, autonomous data purchases) is expected to originate.[^cf-x402][^erc8004][^skyfire-tc]

2. What changed in 2025 β€” Timeline

Date Event Why it matters Source
2025-04-29 PayPal Dev Days: Agent Toolkit + MCP server GA First Tier-1 wallet to expose its full merchant API (orders, invoices, disputes, subscriptions) to LLM agents via MCP.[^paypal-devdays] PayPal Newsroom
2025-04-30 Mastercard Agent Pay launched with Microsoft, IBM, Stripe, Braintree, Checkout.com, Ant/Antom First card network to formalise "Agentic Tokens" as an extension of its tokenisation service; issuer pilots with Citi and U.S. Bank.[^mc-agentpay] PaymentExpert
2025-04-30 Visa Intelligent Commerce announced Kick-off for Visa's multi-month build toward Trusted Agent Protocol; sets the "card-network-led" framing.[^visa-vic] Visa IR
2025-05-06 Coinbase x402 public release HTTP 402 revived; stablecoin micropayments go from thought-experiment to SDK-in-production on Base, Ethereum, Polygon, Arbitrum, Solana.[^x402-docs] Coinbase / x402.org
2025-05-20 Catena Labs (Sean Neville, ex-Circle) exits stealth β€” $18 M a16z crypto seed Announces open-source Agent Commerce Kit (ACK); frames "AI-native financial institution" thesis.[^catena-bw] BusinessWire
2025-05 Nekuda β€” $5 M seed (Madrona, Amex Ventures, Visa Ventures) Startup positioning at the Agent-Wallet / Mandate layer; both card networks hedging via venture arms.[^nekuda] Crowdfund Insider
2025-09-16 Google AP2 announced First protocol to formalise Intent / Cart / Payment Mandates as W3C Verifiable Credentials; built on A2A + MCP.[^ap2-launch][^ap2-spec] Google Cloud
2025-09-29 OpenAI Γ— Stripe ACP + Instant Checkout in ChatGPT First consumer-scale agentic checkout UX; live with Etsy at launch.[^acp-launch] OpenAI / Stripe
2025-10-06 Cloud Security Alliance publishes AP2 security framework First independent security review of an agentic-payment protocol.[^csa-ap2] CSA blog
2025-10-14 Visa Trusted Agent Protocol announced (with Cloudflare, Adyen, Checkout.com, Coinbase, Fiserv, Microsoft, Shopify, Stripe, Worldpay, Nekuda) Attestation-layer standard using RFC 9421 HTTP Message Signatures + Web Bot Auth; positioned as rail-agnostic.[^visa-tap] Visa IR / BusinessWire
2025-10-14 Walmart Γ— OpenAI Instant Checkout First Top-3 U.S. retailer live on ACP; scale-test for consumer agentic commerce.[^walmart] Walmart / CNBC
2025-10-21 Cloudflare collaborates with Amex, Mastercard, Visa, PayPal on Web Bot Auth Agentic identity becomes a shared-infrastructure problem, not a per-network one.[^cf-press] Cloudflare press
2025-10-27 Mastercard Γ— PayPal accelerate global agentic commerce Wallet + network convergence; PayPal/Venmo/Braintree brought into Agent Pay.[^mc-paypal] PayPal Newsroom
2026-01 (NRF Big Show) Universal Commerce Protocol (UCP) β€” Google + Shopify, with Walmart, Etsy, Wayfair, Target, Visa, Stripe, Mastercard Public attempt to converge AP2 and retailer product feeds into a single discovery/checkout protocol.[^ucp] Google Developers Blog

(See Β§08 Merchant & Retail and Β§06 Card Networks for event-by-event detail.)

3. Landscape map

Player Protocol / product Status (2026-04) Primary rail
Google AP2 (Agent Payments Protocol) Open spec v0.x, reference code on GitHub Rail-agnostic; demos on cards + stablecoin[^ap2-spec]
Google + Shopify UCP (Universal Commerce Protocol) Announced Jan 2026, early partners Cards + wallets via AP2[^ucp]
OpenAI + Stripe ACP (Agentic Commerce Protocol) + Instant Checkout Live with Etsy, Shopify sellers, Walmart Card-present-like via Stripe SharedPaymentToken[^acp-launch][^acp-spec]
Visa Trusted Agent Protocol + Visa Intelligent Commerce Spec published Oct 2025, pilots H1 2026 Visa card + attestation layer over any HTTP[^visa-tap]
Mastercard Agent Pay (Agentic Tokens, APIs, Acceptance Framework) Issuer pilots (Citi, U.S. Bank) Mastercard card + tokenisation[^mc-agentpay]
American Express Agentic Commerce program Partnership framework, Cloudflare collab Amex card[^amex][^cf-press]
PayPal Agent Toolkit + MCP server GA since Apr 2025 PayPal / Venmo / Braintree[^paypal-devdays]
Stripe Agent Toolkit + Issuing for agents GA Cards + virtual cards per agent[^stripe-news]
Cloudflare Web Bot Auth, pay-per-crawl, x402 Foundation co-chair IETF draft, production on CF network HTTP layer (any rail)[^wba-draft][^cf-press]
Coinbase x402 + CDP facilitator Live on Base (free < 1 k tx/mo), Ethereum, Polygon, Arbitrum, Solana USDC / EIP-3009 / Permit2[^x402-docs]
Skyfire Agent identity + stablecoin wallet (KYA) Post-seed, live Coinbase Base / USDC[^skyfire-tc]
Nekuda Agent wallets, Agentic Mandates Seed stage, Visa IC integration Cards via Visa IC[^nekuda]
Catena Labs Agent Commerce Kit (ACK), open source Post-seed Stablecoin-first[^catena-bw]
Crossmint Stablecoin wallets, virtual cards, MoneyGram payout Live Stablecoin + card rails[^crossmint]
Ethereum Foundation ERC-8004 "Trustless Agents" Draft EIP On-chain identity[^erc8004]
Anthropic MCP (Model Context Protocol) β€” not payments, but substrate GA since Nov 2024 n/a β€” transport[^mcp]

4. Key protocols at a glance

AP2 β€” Agent Payments Protocol (Google, 2025-09-16). Three verifiable credentials form the trust chain: an Intent Mandate (what the user authorised), a Cart Mandate (what the merchant agreed to sell), and a Payment Mandate (what was actually charged). Credentials are W3C VCs with W3C DIDs as subjects, transported over Google's A2A protocol and/or Anthropic's MCP.[^ap2-spec] It is payment-rail-agnostic; reference implementations cover cards and stablecoins. See Β§03 AP2 Deep Dive.

ACP β€” Agentic Commerce Protocol (OpenAI + Stripe, 2025-09-29). Two OpenAPI specs (Delegate Authentication + Agentic Checkout) plus a Stripe SharedPaymentToken that lets an agent present a user's card to a merchant without handing over the card itself. The merchant remains Merchant-of-Record, preserving existing chargeback/fraud liability models.[^acp-spec][^acp-launch] See Β§04 ACP Deep Dive.

x402 (Coinbase, 2025-05-06). Revives HTTP 402 "Payment Required": a server replies 402 with a paymentRequirements payload; the client (agent) presents an EIP-3009/Permit2 authorisation for USDC; a facilitator (Coinbase CDP by default, free for first 1 000 tx/mo on Base) settles on-chain. Designed for pay-per-API, pay-per-crawl, micropayments.[^x402-docs][^cf-x402] See Β§05 x402 & Crypto.

UCP β€” Universal Commerce Protocol (Google + Shopify, 2026-01). A commerce-catalogue + checkout convergence layer built on top of AP2 that standardises product feeds, offer normalisation and cart hand-off across retailers. Launch partners include Walmart, Etsy, Wayfair, Target, Visa, Stripe, Mastercard.[^ucp] See Β§08 Merchant & Retail.

Trusted Agent Protocol (Visa + Cloudflare, 2025-10-14). An HTTP-layer attestation scheme: the agent signs requests using IETF RFC 9421 HTTP Message Signatures, adds a Web Bot Auth key bound to its principal, and the merchant verifies agent identity, mandate scope and consent before processing. Explicitly rail-agnostic β€” runs atop Visa, but the cryptography does not require a Visa card.[^visa-tap][^wba-draft] See Β§06 Card Networks.

Web Bot Auth (Cloudflare IETF draft). HTTP Message Signatures + key-directory conventions so that "good bots" (including payment agents) can be cryptographically distinguished from scrapers and attackers. Co-opted by Visa TAP and Amex as the identity primitive.[^wba-draft][^cf-press] See Β§06 Card Networks and Β§09 Security & Trust.

5. Market-size claims β€” and how uncertain they are

Use these figures with care. They are vendor/consultancy forecasts, modelled under explicit assumptions about AI adoption curves that have not yet been tested at scale. Quote ranges, not point estimates.

  • Kearney. Roughly 25 % of global e-commerce by 2030 could be agent-led, implying ~$10–12 T/yr in online sales routed through AI agents.[^kearney] (consultancy forecast)
  • McKinsey. A range of 3–5Tβˆ—βˆ—globallyby2030foragenticcommerce,withβˆ—βˆ—upto3–5 T globally by 2030 for agentic commerce, with up to1 T in U.S. retail specifically.[^mckinsey][^dc360-mckinsey] (consultancy forecast)
  • Kearney vs McKinsey spread. The top end of Kearney's range is ~2–4Γ— McKinsey's β€” a reminder that neither is a measurement; both rest on assumed agent-adoption, agent-share-of-basket, and GMV conversion rates.
  • Vendor-reported pilot KPIs. Mastercard cites "double-digit lift" in test cohorts[^mc-agentpay] (vendor marketing); Visa cites "reduced friction" in early TAP pilots[^visa-tap] (vendor marketing); Walmart has not published conversion metrics from its ChatGPT Instant Checkout launch.[^walmart]
  • Machine-economy (stablecoin / x402) volumes. The Payments Association and Chainlink both frame this as nascent β€” "billions of micropayments" is the directional claim, but no audited consolidated volume figure exists.[^payments-assoc][^chainlink] Reported on-chain x402 facilitator volumes through Q1 2026 are in the tens of millions of dollars.[^cf-x402]

Bottom line for investors: the direction is secular; the slope is speculative. See Β§12 Future Directions for a scenario-based model.

6. Top five pain points

  1. Identity / KYA. No universally adopted way for a merchant to verify which agent is hitting its endpoint, on whose behalf, under what scope, and whether that scope has been revoked. Visa TAP, Web Bot Auth, ERC-8004 and W3C DIDs all compete here.[^visa-tap][^wba-draft][^erc8004] See Β§09 Security & Trust.
  2. Prompt injection and mandate spoofing. The attacker's easiest lever is not the payment rail but the agent's context window. Google Security, Simon Willison and recent arXiv surveys all treat this as the dominant class of production risk.[^google-sec][^willison][^arxiv-prompt] See Β§09 Security & Trust.
  3. Interoperability / protocol fragmentation. AP2 β‰  ACP β‰  x402 β‰  TAP. UCP attempts convergence but is Google-led and not yet endorsed by OpenAI/Stripe.[^ucp][^orium] See Β§11 Open Problems.
  4. Liability, dispute and chargeback. PSD2's Strong Customer Authentication, CFPB Reg E, and UK FCA rules were written for human-present or recurring-mandate flows; agent-initiated disputes are an open question.[^linklaters][^cba-wp][^justt] See Β§10 Regulation & Compliance.
  5. Micropayment UX and economics. Sub-dollar flows are uneconomic on cards (interchange + acquirer fees); stablecoins solve unit economics but import custody, volatility, and regulatory risk, and still lack mainstream consumer wallets.[^x402-docs][^cf-x402] See Β§11 Open Problems.

7. Report roadmap

Downstream sections (all relative to sections/):

8. Reading guide by audience

A note on methodology and citations

Every dated claim above is anchored either to a primary source (vendor press release, IETF / W3C document, SEC / IR filing, GitHub-hosted spec) or, where primary is not available, to two independent secondary sources. Consultancy forecasts are labelled as such. Vendor KPIs are flagged (vendor marketing) inline. Where the research brief (research/source_brief.md) supplied a URL, we verified it resolved; if it did not, the claim is omitted rather than invented, per the brief's hard rules.

Sources

[^visa-tap]: Visa Investor Relations, "Visa Introduces Trusted Agent Protocol β€” An Ecosystem-Led Framework for AI Commerce" (14 Oct 2025). https://investor.visa.com/news/news-details/2025/Visa-Introduces-Trusted-Agent-Protocol-An-Ecosystem-Led-Framework-for-AI-Commerce/default.aspx ; BusinessWire mirror: https://www.businesswire.com/news/home/20251014974512/en/Visa-Introduces-Trusted-Agent-Protocol-An-Ecosystem-Led-Framework-for-AI-Commerce ; GitHub: https://github.com/visa/trusted-agent-protocol [^visa-vic]: Visa Intelligent Commerce announcement (30 Apr 2025), via Visa IR and partner coverage. [^mc-agentpay]: "Mastercard, Microsoft Push AI Agent Pay", PaymentExpert (30 Apr 2025). https://paymentexpert.com/2025/04/30/mastercard-microsoft-ai-agent-pay/ [^mc-paypal]: "Mastercard and PayPal Join Forces To Accelerate Secure Global Agentic Commerce", PayPal Newsroom (27 Oct 2025). https://newsroom.paypal-corp.com/2025-10-27-Mastercard-and-PayPal-Join-Forces-To-Accelerate-Secure-Global-Agentic-Commerce [^acp-launch]: OpenAI Γ— Stripe, "Instant Checkout in ChatGPT / Agentic Commerce Protocol" (29 Sep 2025). https://platform.openai.com/docs/agentic-commerce ; https://stripe.com/newsroom/news/stripe-and-openai [^acp-spec]: Agentic Commerce Protocol spec. https://github.com/agentic-commerce-protocol/agentic-commerce-protocol ; https://docs.stripe.com/agentic-commerce/protocol ; site https://agenticcommerce.dev/ [^ap2-launch]: Google Cloud blog, "Announcing Agent Payments Protocol (AP2)" (16 Sep 2025). https://cloud.google.com/blog/products/ai-machine-learning/announcing-agents-to-payments-ap2-protocol [^ap2-spec]: AP2 specification (GitHub). https://github.com/google-agentic-commerce/AP2/blob/main/docs/specification.md ; site https://agentpaymentsprotocol.info/docs/introduction/ [^ucp]: Google Developers Blog, "Under the hood: Universal Commerce Protocol (UCP)" (Jan 2026). https://developers.googleblog.com/under-the-hood-universal-commerce-protocol-ucp/ [^cf-press]: Cloudflare press release, "Cloudflare collaborates with leading payments companies to secure and enable agentic commerce" (21 Oct 2025). https://www.cloudflare.com/press/press-releases/2025/cloudflare-collaborates-with-leading-payments-companies-to-secure-and-enable-agentic-commerce/ [^cf-x402]: Cloudflare blog, "Announcing the x402 Foundation" (2025). https://blog.cloudflare.com/x402/ [^wba-draft]: IETF draft "Web Bot Auth β€” Architecture" (Cloudflare, Meunier et al.). https://datatracker.ietf.org/doc/draft-meunier-web-bot-auth-architecture/ ; RFC 9421 "HTTP Message Signatures" https://datatracker.ietf.org/doc/rfc9421/ [^paypal-devdays]: PayPal Newsroom, "PayPal Brings Together Developers, AI Leaders to Power Agentic Commerce at Dev Days" (29 Apr 2025). https://newsroom.paypal-corp.com/2025-04-29-PayPal-Brings-Together-Developers,-AI-Leaders-to-Power-Agentic-Commerce-at-Dev-Days ; docs https://paypal.gitbook.com/agent-toolkit-and-mcp-server/agent-toolkit/quickstart ; InfoQ summary https://www.infoq.com/news/2025/04/paypal-mcp-ai-toolkit/ [^x402-docs]: x402 documentation. https://docs.x402.org/ ; core concepts: https://docs.x402.org/core-concepts/facilitator ; GitHub https://github.com/coinbase/x402 [^stripe-news]: Stripe, Agent Toolkit + Issuing for agents; ACP collaboration. https://stripe.com/newsroom/news/stripe-and-openai [^walmart]: Walmart Corporate, "Walmart partners with OpenAI to create AI-first shopping experiences" (14 Oct 2025). https://corporate.walmart.com/news/2025/10/14/walmart-partners-with-openai-to-create-ai-first-shopping-experiences ; CNBC https://www.cnbc.com/2025/10/14/walmart-openai-chatgpt-shopping.html [^amex]: American Express, "Shaping the future of agentic commerce". https://americanexpress.io/shaping-the-future-of-agentic-commerce/ [^csa-ap2]: Cloud Security Alliance, "Secure Use of the Agent Payments Protocol (AP2): A Framework for Trustworthy AI-Driven Transactions" (6 Oct 2025). https://cloudsecurityalliance.org/blog/2025/10/06/secure-use-of-the-agent-payments-protocol-ap2-a-framework-for-trustworthy-ai-driven-transactions [^ack-catena]: Catena Labs / Agent Commerce Kit (ACK). See [^catena-bw]. [^catena-bw]: BusinessWire, "Circle Co-Founder Sean Neville Takes Catena Labs Out of Stealth…" (20 May 2025). https://www.businesswire.com/news/home/20250520361792/en/Circle-Co-Founder-Sean-Neville-Takes-Catena-Labs-Out-of-Stealth-with-Plans-to-Build-the-First-AI-Native-Financial-Institution [^nekuda]: Crowdfund Insider, "Fintech Startup Nekuda Secures Funding Led by Madrona Ventures…" (May 2025). https://www.crowdfundinsider.com/2025/05/239660-fintech-startup-nekuda-secures-funding-led-by-madrona-ventures-to-enable-agentic-payments/ [^skyfire-tc]: TechCrunch, "Skyfire lets AI agents spend your money" (21 Aug 2024). https://techcrunch.com/2024/08/21/skyfire-lets-ai-agents-spend-your-money/ [^crossmint]: Crossmint, "Agentic Payments" product page. https://www.crossmint.com/solutions/agentic-payments ; CryptoBriefing on Circle Ventures investment https://cryptobriefing.com/circle-ventures-investment-crossmint-stablecoin/ [^erc8004]: ERC-8004 "Trustless Agents". https://eips.ethereum.org/EIPS/eip-8004 ; Ethereum Foundation blog https://ai.ethereum.foundation/blog/intro-erc-8004 [^mcp]: Anthropic, Model Context Protocol. https://modelcontextprotocol.io [^kearney]: Kearney, "Agentic payments: a new frontier in digital commerce". https://www.kearney.com/industry/financial-services/article/agentic-payments-a-new-frontier-in-digital-commerce [^mckinsey]: McKinsey, "Europe's agentic commerce moment β€” decision influence is here, execution is coming". https://www.mckinsey.com/capabilities/quantumblack/our-insights/europes-agentic-commerce-moment-decision-influence-is-here-execution-is-coming [^dc360-mckinsey]: DigitalCommerce360 summary of McKinsey agentic-commerce forecast (Oct 2025). https://www.digitalcommerce360.com/2025/10/20/mckinsey-forecast-5-trillion-agentic-commerce-sales-2030/ [^linklaters]: Linklaters TechInsights, "Agentic payments: what are they, what are the legal risks and what's next". https://techinsights.linklaters.com/post/102l0hm/agentic-payments-what-are-they-what-are-the-legal-risks-and-whats-next [^cba-wp]: Consumer Bankers Association, "White paper examining agentic AI, consumer payments and the future of regulation" (2025). https://consumerbankers.com/press-release/cba-releases-white-paper-examining-agentic-ai-consumer-payments-and-the-future-of-regulation/ [^justt]: Justt.ai, "Agentic Commerce: Preparing for Chargeback and Fraud Risks". https://justt.ai/blog/agentic-commerce-chargeback-risk-preparation/ [^chainlink]: Chainlink, "AI Agent Payments: The Future of Autonomous Commerce". https://chain.link/article/ai-agent-payments [^payments-assoc]: The Payments Association, "AI-powered payment agents: the next payments revolution". https://thepaymentsassociation.org/article/ai-powered-payment-agents-the-next-payments-revolution/ [^orium]: Orium, "Agentic Payments Explained: ACP, AP2, and x402". https://orium.com/blog/agentic-payments-acp-ap2-x402 [^google-sec]: Google Security Blog, "How we estimate the risk from prompt injection attacks on AI systems" (Jan 2025). https://security.googleblog.com/2025/01/how-we-estimate-risk-from-prompt.html [^willison]: Simon Willison, "Design Patterns for Securing LLM Agents against Prompt Injections" (13 Jun 2025). https://simonwillison.net/2025/Jun/13/prompt-injection-design-patterns/ [^arxiv-prompt]: "Prompt Injection Attacks in Large Language Models and AI Agent Systems: A Comprehensive Review", Information 17(1):54 (MDPI, 2026). https://www.mdpi.com/2078-2489/17/1/54 ; see also arXiv:2511.15759 https://arxiv.org/abs/2511.15759