The Next Battle in Payments Is Not Fraud. It Is Intent.

The payments industry has spent decades solving a remarkably difficult problem. Every generation of technology, from magnetic stripes and PIN pads to EMV chips, tokenization, mobile wallets, and biometric authentication, has been focused on answering a deceptively simple question: who authorized this transaction?

For a long time, the answer was imperfect. Cards could be copied, signatures forged, credentials stolen, and accounts compromised. Yet through a combination of technical innovation, network rules, fraud analytics, and liability frameworks, the industry gradually reduced uncertainty. Today, a properly authenticated transaction can be verified with a level of confidence that would have seemed extraordinary twenty years ago.

As I was reading about Mastercard’s Agent Pay initiative, however, I found myself wondering whether the industry is preparing to solve an entirely different problem. Agentic commerce does not challenge our ability to identify the customer. Instead, it challenges our ability to determine whether the customer’s intention has been correctly understood.

Traditionally, payment networks have been responsible for verifying identity, authorization, and settlement. They were never expected to determine whether a purchase was wise, beneficial, or aligned with the customer’s goals. If I purchase an overpriced television, invest in a poor stock, or subscribe to a service I ultimately do not need, the payment network has no role in evaluating the quality of my decision. Its responsibility ends once it confirms that I authorized the transaction.

Agentic commerce changes this relationship in a subtle but profound way. In the emerging model, a customer may grant an AI system permission to act on their behalf within a defined scope and budget. The customer establishes objectives, constraints, and spending limits, while the AI evaluates options and executes transactions autonomously. In such a scenario, the payment itself may be perfectly valid. The merchant may have delivered exactly what was ordered. The network may have processed the transaction flawlessly. Yet the outcome may still be undesirable because the agent misunderstood the user’s intent.

This distinction matters because it transforms payment risk into decision risk.

Historically, the greatest concern was unauthorized activity. Tomorrow’s concern may be authorized activity that nobody actually wanted.

Imagine an AI assistant tasked with managing a company’s cloud infrastructure budget. The company grants the agent authority to spend up to five thousand dollars per month. The agent identifies a need, provisions resources, and spends four thousand dollars. The transaction follows every rule. Authentication succeeds. The merchant delivers the service. Settlement occurs without incident. Months later, someone discovers that the AI misunderstood a requirement and purchased resources that were never needed.

Who is responsible?

The payment network will likely argue that the transaction was authorized. The merchant will argue that the requested services were delivered. The issuing bank will point to the customer’s delegated authority. The model provider may argue that the system operated within expected probabilistic behavior. Yet the customer remains convinced that a costly mistake occurred.

This question reveals why discussions about agentic commerce quickly evolve into discussions about governance.

Many observers assume that the answer will be insurance. After all, modern payment ecosystems already contain multiple layers of risk transfer that most consumers never notice. Fraud losses, purchase protection, chargeback rights, extended warranties, merchant reserves, and network arbitration frameworks are all funded through small fractions of transaction economics distributed throughout the system. It is therefore tempting to imagine a future product called Agent Liability Protection, covering losses caused by autonomous decision errors in much the same way that existing products cover fraudulent transactions.

While such products may eventually emerge, I suspect the industry will pursue a different path first.

Banks rarely begin by transferring risk. They begin by measuring it.

Fraud detection systems do not eliminate fraud; they estimate the probability that fraud is occurring. Credit scoring models do not eliminate defaults; they estimate the probability that a borrower will fail to repay. Anti-money laundering systems do not prove criminal activity; they estimate the likelihood that suspicious behavior warrants investigation.

Agentic commerce may follow the same pattern.

Before we build insurance products that compensate for poor AI decisions, we will likely build AI systems that evaluate the quality of other AI decisions.

Imagine a second agent whose responsibility is not to make purchases but to evaluate them. Instead of asking whether a transaction is fraudulent, this system would ask whether the transaction appears consistent with the user’s historical objectives, preferences, and behavioral patterns. Such an agent might determine that a purchase is technically authorized while simultaneously concluding that it is highly inconsistent with the customer’s known goals.

In other words, we may eventually see the emergence of intent scoring.

The transaction would no longer be evaluated solely through the lens of fraud probability. It would also be evaluated through the lens of decision probability. How likely is it that this purchase reflects what the customer genuinely wanted?

The implications become even more interesting when considering independence and oversight.

One of the lessons repeatedly reinforced throughout financial services, accounting, and risk management is that self-assessment has limited value. KPMG does not audit KPMG. Banks do not permit traders to independently approve their own risk exposures. Internal audit functions are intentionally separated from operational responsibilities because organizations recognize that competence alone does not eliminate bias.

The same principle may eventually apply to artificial intelligence.

An AI system capable of purchasing goods and services may also be capable of evaluating its own decisions. Technically, such a design could function quite well. Yet regulators, insurers, auditors, and enterprise customers may eventually ask a different question. They may ask whether the same system should be allowed to grade its own homework.

The concern is not dishonesty. The concern is correlated failure.

If both the purchasing agent and the auditing agent share the same architecture, training data, assumptions, and blind spots, they may consistently arrive at the same incorrect conclusions. The danger is not that one system fails. The danger is that every system involved fails in exactly the same way.

Consequently, future agentic ecosystems may resemble organizational structures that have existed for decades. One AI may execute purchases. A second AI may evaluate risk. A third AI may verify compliance requirements. Human operators may review exceptions and anomalies. What initially appears to be a revolutionary technological model may ultimately recreate the familiar separation of duties that already exists within banks, payment networks, and large enterprises.

This observation leads to a broader conclusion.

The first generation of AI agents will likely be judged by their ability to complete tasks efficiently. The second generation will be judged by something far less glamorous: whether independent parties are willing to trust and validate their decisions.

For decades, payments focused on answering the question, “Who authorized this transaction?” Agentic commerce introduces a more complicated challenge. We may soon need systems capable of answering an entirely different question:

“Who authorized the decision?”

The answer to that question may determine whether autonomous commerce becomes a niche experiment or the next major evolution of the global payments ecosystem.