In one week, Visa signed a partnership with OpenAI to let agents pay across ChatGPT, PayPal launched what it calls the UK's first agentic checkout with Hey Savi, and Visa rolled out a set of AI and stablecoin tools at its Payments Forum. Read the headlines together and you would think the industry just solved agentic commerce.
It did not. It solved the part that was never hard.
Moving money has been a settled problem for decades. A card number, a token, a stablecoin transfer: the rail an agent uses to pay is the most commoditized layer in the entire stack. The hard question is the one PYMNTS put plainly this week. Before an agent pays, who decided it was allowed to?
The constraint on agentic commerce is not payments. It is permission. An agent that can pay but cannot prove it was authorized to is not a feature. It is a liability waiting for a dispute.
The week everyone shipped a rail
The announcements are real and they matter. Visa giving agents a way to transact across OpenAI's surface is a genuine distribution move, and its stablecoin and tokenization tools extend the rails an agent can settle on. PayPal putting checkout inside an agentic shopping flow removes a real friction point. These are useful.
They are also interchangeable. If Visa's rail did not exist, the agent would settle on Mastercard's, or on a stablecoin, or through x402. The buy side has spent a year racing to be the rail an agent reaches for, and the result is what you would expect when many capable companies build the same commoditized thing at once: abundance. There is no shortage of ways for an agent to pay.
What there is a shortage of is a way for the merchant on the other side to know the payment is legitimate before it clears.
The layer the rail sits on
We have argued before, in the MM Trust Layer Model, that agentic commerce is three distinct layers, not one. Discovery, where the agent finds the thing. Authorization, where it establishes that it is permitted to act. Settlement, where money moves. The industry keeps shipping the third layer and calling it the whole stack.
Settlement is easy because it is mechanical. Authorization is hard because it is a trust question, and trust does not commoditize.
The clearest evidence sits in our own x402 adoption tracker. The protocol crossed 100 million transactions on Base, but the most honest production number in its first months was an independent operator reporting 1,183 agent probes and five settlements. The agents reached the paywall and declined to pay. The bottleneck was never the payment handshake. It was that the agent could not judge whether it was authorized to spend, and the resource could not judge whether to trust the agent. Two parties, both unsure of permission, and the transaction simply does not happen.
A rail does not fix that. A faster rail does not fix it either. You can make settlement instant and free and you will still have two parties who do not know if the deal is allowed.
What permission actually requires
Strip the jargon and permission is a chain of questions that a card network spent fifty years answering for humans and has barely started answering for agents.
Did the cardholder actually authorize this agent to spend on their behalf? For how much, with which merchants, until when? Can the agent present that authority at the moment of payment in a form the merchant can verify without calling anyone? And when it goes wrong, and it will go wrong, whose mandate was breached and who eats the loss?
Simon Taylor mapped this cleanly in his work on the agentic payments stack, separating the payment protocols from the mandate and authorization layer that sits above them. That separation is the whole point. The mandate is not the payment. It is the signed, scoped, revocable proof that the payment was permitted, and it is a different piece of infrastructure entirely.
This is the same gap we named in the identity crisis at the heart of agentic payments. A human at checkout carries implicit authority. They hold the card, they passed the authentication, they are present. An agent carries none of that by default. Every scrap of authority it has must be made explicit, signed, and checkable, or the merchant is accepting a payment from a party it cannot identify acting on permissions it cannot see.
Who gets to own the answer
Here is where this week's announcements get more interesting than they first appear. The networks are not only racing to be the rail. They are racing to own the permission layer too, because that is the layer that does not commoditize, and whoever controls it controls the relationship.
Visa's Intelligent Commerce and Mastercard's verifiable-intent work are both bids to be the place an agent's authority is issued and checked. So is the open alternative: a cryptographic proof the agent carries, verifiable by anyone, owned by no one, the direction the x402 reference architecture points toward. These are not the same future. One puts a network in the middle of every agent transaction as the authority of record. The other makes authority portable and lets the merchant verify it without a gatekeeper.
That is the real contest, and it is being fought one layer above the one everyone is announcing. The question is not whose rail the agent uses. It is whose permission the agent carries, and whether that permission travels with the agent or lives inside a single network's walls.
What to watch
Watch for the first agent transaction that clears, gets disputed, and exposes that nobody can produce the mandate that authorized it. That is the moment the industry discovers it built the rail and skipped the title deed. It is coming, because the rails are shipping faster than the permission layer underneath them.
Watch, too, for which standard for proving authorization gets adopted rather than announced. There is no shortage of proposals. There is a profound shortage of merchants who will accept one. As we keep saying, protocols are specifications. Adoption is where they become real, and on the permission layer, adoption has barely started.
The agents can pay. That was always going to be true. Whether they are allowed to, and whether anyone can prove it when it matters, is the question the next year of agentic commerce actually turns on.
Sources
- PYMNTS: Permission, Not Payments, Will Shape the Agentic Commerce Revolution
- Finextra: Visa and OpenAI form agentic commerce partnership
- PYMNTS: Visa Launches AI and Stablecoin Tools to Power Agentic Commerce
- Finextra: Hey Savi and PayPal launch agentic commerce platform with in-app checkout
- Fintech Brainfood: The Agentic Payments Map (Simon Taylor)
If the agent can pay but cannot prove it was permitted to, who do you think the merchant should hold liable when the charge is disputed: the cardholder, the agent's developer, or the network that cleared it?
Charlie Major is a Product Development Manager at Mastercard. The views and opinions expressed in Major Matters are his own and do not represent those of Mastercard.