FIDO Alliance

Passkey Central

Authenticate Conference

    Building the Trust Layer for Agentic Payments with AP2 and Verifiable Intent

    Nishant Kaushik, CTO, FIDO Alliance

    Our agents are getting more capable by the day. They write code, respond to emails, detect vulnerabilities, and optimize workflows. And increasingly, they will shop and pay on our behalf.

    But handing over financial autonomy to AI systems isn’t just a UX evolution. It’s a fundamental shift in how commerce operates. Without strong guardrails, it risks fragmentation, inconsistent security, and unclear accountability.

    As the industry moves toward agentic payments, where AI agents initiate and execute transactions under delegated authority, there is a growing recognition that we need a common foundation for trust. The contributions of Google’s Agent Payments Protocol (AP2) and Mastercard’s Verifiable Intent (VI), co-developed with Google, into the FIDO Alliance represent a pivotal step toward establishing that foundation.

    This post explores what these technologies bring to the table, why they matter together, and how standardization within the Alliance could shape the future of AI-driven commerce.

    Agentic Payments in AI-Powered Commerce

    Agentic payments refer to transactions carried out autonomously by AI agents acting on behalf of users, within predefined rules and constraints. Unlike traditional payments where a human explicitly approves each transaction, agents can decide if, when, and how to transact based on instructions they received. They can

    • Find relevant products at an approved merchant
    • Check for approved pricing on the product
    • Select optimal payment rails
    • Enforce spending policies
    • Execute conditional or recurring transactions

    This is a structural shift in commerce. Payments are moving from user-triggered events to continuous, policy-driven processes embedded across the commerce lifecycle.

    At scale, this introduces both opportunity and risk. Analysts project agentic commerce could drive trillions in transaction value by 2030. But that scale demands a new level of rigor in how we represent identity, consent, and authorization.

    Today’s infrastructure assumes a human is present at checkout. It offers limited support for:

    • Delegated authority to software agents
    • Persistent, machine-readable consent
    • Verifiable evidence of user intent

    Without standardization, we risk a fragmented ecosystem of incompatible “AI payment” models — each with its own semantics, security posture, and integration burden.

    What is needed is a shared, interoperable trust layer for identity, consent, and delegation.

    AP2: The Mandate and Coordination Layer

    AP2 (Agent Payments Protocol) is an open protocol that defines how the key participants in an agentic payment flow — AI agents, merchants, wallets, and payment providers — coordinate around user authorization. At its core is the concept of mandates: Verifiable Digital Credentials (structured, cryptographically signed objects) that capture what a user has authorized an agent to do.

    AP2 introduces two primary mandates:

    • Checkout Mandate: This captures the details about and conditions on what the user wants to buy.
    • Payment Mandate: This captures the details about and conditions on how the user wants to pay (amount, instrument, timing).

    Each mandate also transitions between two stages across the lifecycle of the transaction, defined to support both Human-Present and Human-Not-Present (Autonomous) transactions: 

    • The mandates will start as Open, during which they capture the user’s constraints and goals for the transaction as well as payment (budget, allowed instruments) before a specific cart is finalized for autonomous execution.
    • When the checkout is finalized, the mandates will transition to Closed, in which they capture the user’s (or agent’s) authorization for a specific transaction amount bound to a finalized checkout.

    The diagrams below provide a simplified conceptual view of how they fit into the agentic transaction flows (you can find more technical details here).

    FIDO Alliance image 4

    Fig 1: Human-Present Agentic Transaction

    FIDO Alliance image 5

    Fig 2: Human-Not-Present Agentic Transaction

    With each mandate being tamper-evident and verifiable, they form a durable record of consent that goes beyond ephemeral UI interactions. Using them, AP2 acts as the policy and coordination layer that answers a fundamental question:

    Who is allowed to do what, on whose behalf, and under what constraints?

    Verifiable Intent: The Evidence Layer

    If AP2 defines how intent is created and shared, Verifiable Intent defines how it is proven.

    Verifiable Intent is a cryptographic credential framework that transforms user authorization into portable, verifiable evidence. It enables independent validation by issuers, networks, and merchants, without relying on proprietary logs or opaque systems. Its core elements include:

    • Identity binding: Linking the user to a cryptographic key (often anchored in device-based authentication)
    • Intent statements: Capturing constraints, scope, and delegation rules
    • Selective disclosure: Providing tailored views for different parties (e.g., merchant vs. issuer) that helps preserve customer privacy

    VI is protocol-agnostic and aligns naturally with AP2, but it is not dependent on it. Its role is to ensure that wherever a transaction is evaluated — at checkout, during network routing, or at issuer authorization — there is consistent, verifiable evidence of what the user actually approved. This shifts “intent” from an implicit assumption to an explicit, cryptographically verifiable artifact.

    Why These Layers Belong Together

    Agentic payments break a core assumption: that the user is present at the moment of authorization.

    • Consent may be granted in advance
    • Execution may happen asynchronously
    • Interfaces may be non-standard or invisible

    Yet the need for accountability does not change. Fraud systems, dispute processes, and regulators still require clear answers to fundamental questions: What did the user authorize? What was the agent allowed to do? Did the transaction stay within those bounds?

    AP2 and VI address complementary parts of this challenge:

    • AP2 standardizes how consent and delegation are defined and communicated
    • VI standardizes how that consent is represented and verified as evidence

    Together, they form the foundation of a coherent and scalable trust model for agentic payments.

    Building A Trust Layer for Autonomous Commerce

    The FIDO Alliance has already transformed authentication by promoting standardized, phishing-resistant, hardware-backed credentials. Our Payments Technical Working Group is engaged in work that extends that trust model into the realm of payments, addressing emerging challenges in the evolving commerce ecosystem. Defining standardized protocols for agentic payments is more than just a technical exercise; it’s about shaping how trust is embedded into the next generation of commerce:

    • Establish a universal trust layer for AI-driven transactions across consumer, enterprise, and platform use cases
    • Accelerate regulatory alignment by providing clear, verifiable models of consent and delegation
    • Shift innovation up the stack toward better user experiences, privacy-preserving flows, smarter agents, and value-added services
    • Raise the security baseline by replacing weak credential models with cryptographically enforced authorization
    • Improve dispute resolution through structured, portable evidence of user intent

    Critically, doing this work ensures that agentic payments evolve on an open, interoperable foundation rather than becoming locked into proprietary ecosystems. Without coordination, protocols will inevitably diverge in how they represent consent and constraints. Preventing this semantic fragmentation, by maintaining a consistent, extensible model across the ecosystem, is a core objective of standardization.

    With FIDO’s growing role in digital credentials, there is also a clear opportunity to reuse core primitives in wallet infrastructure, credential formats, cryptographic assurance, and certifications, to reduce duplication and create a unified security substrate.

    Final Thought

    Agentic payments are coming fast. The question has shifted from whether AI will participate in commerce to whether we will build the right trust infrastructure before it does. By contributing AP2 and Verifiable Intent to the FIDO Alliance, Google and Mastercard are giving the industry a timely opportunity to define that foundation, one where we embed strong identity, clear consent, and verifiable accountability into the core of how agents transact on our behalf.

    Type:
    More

    FIDO Alliance Announces Agenda for Authenticate APAC 2026

    Global innovators from Adidas, Apple, Grab, OpenAI, Samsung Electronics and more to share expertise at…

    Read More →

    FIDO Case Study: DragonSoft Security Associates Inc.

    Redefining Cybersecurity Governance: From Vulnerability Detection to Identity-Based Defense 1. Describe your service/platform/product and how…

    Read More →

    Five Billion Passkeys: A Milestone, Not a Finish Line

    Megan Shamas, CMO, FIDO Alliance On World Passkey Day 2026, we are announcing that an…

    Read More →

    12372 Next

    Subscribe to the FIDO newsletter

    Stay Connected, Stay Engaged

    Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.