As artificial intelligence agents increasingly execute purchases on behalf of consumers and businesses, the global payments infrastructure faces a structural crisis: it was built to verify human intent, not autonomous software.
The Shift from Identity to Intent
Current payment stacks rely on binary authentication—confirming if a user is who they claim to be. However, AI agents introduce a new variable: whether the software is acting within the specific delegated authority of its human user.
"There’s nothing in the payment stack today that thinks about intent," noted Ixopay Chief Technology Officer Jill Willard during the 2026 PYMNTS "Summer School" series.
In this new environment, a payment system must perform a four-part verification process:
- Is the agent valid?
- Is the agent’s intent valid?
- Is the agent itself authentic?
- Is the agent behaving in an expected manner?
This transition renders traditional static identity checks insufficient. Payments providers are now forced to treat identity as a continuous, dynamic signal rather than a one-time login event.
Orchestration as a Control Layer
As merchants diversify their payment methods and providers, orchestration is becoming the central nervous system of autonomous commerce. While many firms historically viewed orchestration solely as a routing mechanism, it now encompasses a broader suite of tools, including tokenization, 3DS authentication, fraud controls, and operational failover strategies.
The primary challenge for developers is that autonomous software does not necessarily eliminate the need for infrastructure; it adds a new participant that the infrastructure must manage. Payments platforms are increasingly functioning as "operating layers" that synchronize network rules, fraud signals, and AI behaviors across complex digital ecosystems.
Tokenization and the Future of Auditability
Tokenization, originally designed to replace sensitive card data with surrogate values to reduce fraud, is being repurposed for the AI era. Future tokens are expected to carry more than just credential data; they will likely store the context and "verifiable intent" of a transaction.
"You’re going to want auditability of the transaction," Willard explained. "Having a plan for exactly how you’re going to be able to take a transaction and replay it from beginning to end and understand who initiated it from a human perspective, what agent transacted it, what was the human’s intent—all of that needs to be encapsulated somewhere."
This evolution turns the token into a piece of forensic evidence. By embedding metadata into the transaction flow, merchants can maintain compliance and reconstruct the decision-making process of an autonomous agent after a purchase is completed.
Visibility Requirements in Automated Commerce
The rise of AI agents creates a paradox for merchants: while automation reduces the need for human intervention, it simultaneously increases the need for granular visibility. Merchants can no longer rely on simple bot-detection tools like CAPTCHAs to filter traffic, as they must distinguish between malicious automated threats and legitimate AI agents acting on behalf of customers.

As human oversight of individual purchases wanes, the burden of governance shifts to the monitoring systems that supervise the software making those financial decisions.
Key Considerations for Agentic Commerce
- Continuous Identity: Payment systems are moving toward verifying agent behavior throughout the entire transaction lifecycle rather than just at the point of entry.
- Metadata-Rich Tokens: Future payment tokens will likely serve as audit logs, recording the "intent" behind a purchase to satisfy regulatory and compliance requirements.
- Intelligence Over Routing: Orchestration platforms are shifting focus toward real-time monitoring and anomaly detection to account for the unpredictable nature of autonomous agent behavior.
Worth a look