There's a growing consensus that agentic commerce is about to happen. AI agents that can browse, decide, and buy on your behalf. The demos look good. The funding rounds are large. The virtual card infrastructure is real.
But the hard problems haven't been solved. They've been dressed up.
What's worth noting is that "agentic payments" actually describes two very different problems. One of them is largely solved. The other isn't close.
Two sides of agentic payments
Merchant-side agents are AI systems that act on behalf of a business to collect payments. A voice agent that takes a card payment over the phone. A chat agent that generates a payment link mid-conversation. A booking bot that sends an SMS payment request after confirming an appointment.
These agents don't need to navigate someone else's checkout. They operate within the merchant's own payment infrastructure. The agent determines intent and amount, then hands off to a payment service — voice checkout, a dynamic payment link, an embedded form. The human pays through a standard, secure channel. The agent never touches card data.
This works today. PolyAI voice agents take PCI-compliant payments in production. Insurance platforms run AI agents that collect premiums over the phone. Debt collection agencies automate payment plan setup through voice and messaging. The infrastructure exists — multi-PSP routing, PCI DSS Level 1 compliance, real-time payment confirmation back to the agent.
Consumer-side agents are the inverse. AI systems that act on behalf of a buyer to make purchases. An agent that browses, compares, and buys on your behalf. An agent that books your travel, reorders your supplies, manages your subscriptions.
This is what the funding rounds are about. This is what the demos show. And this is what isn't solved.
The virtual card isn't new
The core mechanic behind most consumer-agent payment products is a scoped virtual card. Merchant-locked, amount-capped, single-use. The agent gets a card, the card enforces the rules, and the merchant sees a normal transaction.
This is solid infrastructure. It's also fifteen years old.
OTAs and corporate travel platforms have been issuing merchant-locked virtual cards through providers like Conferma and WEX since the early 2010s. The booking system selects the supplier, generates a card scoped to that merchant and amount, and the traveller never touches it. No human in the loop. Automated, merchant-locked, single-use.
What's changed is the interface. Wrapping this mechanic in an AI SDK with natural language intent is a genuine developer experience improvement. But calling it a new payment primitive is a stretch. The primitive existed. The wrapper is new.
The consent problem is worse than it looks
Here's where it gets interesting.
If a consumer agent needs to spend money, someone needs to approve it. In most current implementations, the agent prompts the human for confirmation before the card is issued or the transaction is fired.
But think about what that means. The entire premise of agentic commerce is removing humans from the transaction flow. If the agent has to pause, surface a confirmation dialog, and wait for a thumbs up, you haven't built autonomous commerce. You've built a chatbot with a credit card.
The deeper issue is the approval prompt itself. The agent controls it. The agent decides what to show you, how to frame it, what context to include or omit. A well-behaved agent surfaces the merchant name, the amount, and the item. A compromised or misaligned agent frames the request however it likes.
The scoped card can enforce parameters. It can cap the amount and lock the merchant. What it cannot do is verify that the approval request was honest. That the agent accurately represented what it was buying, or why.
This isn't theoretical. It's a social engineering surface that scales with agent adoption. The more trust you delegate, the more the approval prompt becomes the attack vector.
Note that merchant-side agents don't have this problem. The merchant controls both the agent and the payment infrastructure. The agent isn't making purchasing decisions — it's facilitating a transaction the human has already initiated. The human called to pay a bill, asked to book an appointment, or requested a quote. The agent is collecting payment, not recommending a purchase.
The real bottleneck is the checkout itself
Set aside the card issuance and the consent model. Assume you have a perfectly scoped card and legitimate approval. The consumer agent still has to complete a purchase.
On the open web, that means filling forms. Clicking buttons. Handling 3DS challenges. Navigating bot detection. Dealing with cookie consent walls, CAPTCHAs, inconsistent DOM structures, and checkout flows that change without notice.
Most of the real purchase surface is unstructured and actively hostile to automation. It was designed for humans with browsers, not for software with credentials.
This is the actual hard problem. A clean payment credential doesn't help if the agent can't reliably get to the point where it enters one.
The long-term fix is merchant-native agent checkout APIs. Direct programmatic interfaces where an agent can authenticate, select items, and complete a transaction without navigating a UI built for humans. Stripe's work in agentic commerce is pointing in this direction. So is the broader API-first commerce movement.
But merchant adoption of agent-native APIs is a years-long process. The incentive structure isn't aligned yet. Merchants have no reason to build agent checkout flows until agent commerce represents meaningful volume. And agent commerce can't represent meaningful volume until merchants expose those flows.
That's a chicken-and-egg problem that virtual cards can't solve.
Again — merchant-side agents sidestep this entirely. The agent isn't navigating a third-party checkout. It's operating the merchant's own payment flow. The merchant controls the interface. There is no hostile checkout surface to automate against, because the agent is the checkout.
What actually solving the consumer side looks like
Genuine consumer-agent payments infrastructure needs three things that don't exist yet.
A consent model that doesn't depend on the agent's own representation. Something like a cryptographic proof of intent, where the parameters of the transaction are attested independently of the agent requesting it. The card issuer, the merchant, and the approval layer need to form a trust triangle that doesn't collapse if one node is compromised.
A checkout surface that agents can interact with reliably. Either merchant-native APIs or a standardised agent checkout protocol that works across merchants. Not browser automation. Not screen scraping with GPT-4 vision. A proper interface.
And an economic model that gives merchants a reason to participate. Agent commerce needs to offer merchants something better than their current checkout conversion rate. Lower abandonment, higher average order value, reduced support overhead. Without that, the APIs won't get built.
The companies that solve these problems will define the category. The ones shipping scoped virtual cards with approval dialogs are building the first 10% and marketing it as the full stack.
Where this actually is
The merchant side of agentic payments — AI agents collecting payments on behalf of businesses — is real and in production. Voice agents take card payments. Chat agents send payment links. The infrastructure handles PCI compliance, multi-PSP routing, and real-time confirmation. This is a solved problem with growing adoption.
The consumer side — AI agents spending money on behalf of humans — is where the venture capital is flowing and the demos are impressive. But the hard problems (consent, checkout surfaces, merchant incentives) remain unsolved. The virtual card provides a payment credential. It doesn't provide trust, a checkout interface, or a reason for merchants to participate.
Both sides are "agentic payments." Only one of them works today. The interesting work on the other side hasn't started yet.