As the digital economy evolves, a new frontier is emerging through agentic commerce, where AI agents can assist consumers with the buying process (agent-assisted commerce) as well as autonomously find and buy products, guided by the consumer’s intent (autonomous agentic commerce). This paradigm shift provides consumers and businesses with unparalleled convenience and efficiency — but it also presents new challenges related to trust, security and interoperability. 

With the proliferation of agentic AI, merchants are increasingly confronted with several critical dilemmas, such as: How can they distinguish between legitimate AI agents and malicious bots? How do they know the consumer authorized the agent to make the purchase? How can they know if the agent has carried out the consumer’s instructions correctly? 

Without a standardized method to verify the identity of agents and consumer intent, merchants risk increased fraud, reputational damage and ultimately a poor experience for their genuine customers. 

These challenges underscore the need for a scalable, backward-compatible, trust-driven framework that enables merchants to support payments in an agentic environment, preserving confidence and integrity in every interaction. 

Infusing security and transparency into agentic commerce 

To address these challenges, we are introducing the Mastercard Agent Pay Acceptance Framework. 

We know merchants are busy. Our framework enables their secure participation, with scalability and ubiquity, without demanding significant development or integration from them.

For those merchants seeking deeper integration, there is already a proliferation of agentic protocols meeting the needs of specific agents and use cases. Accordingly, this framework is designed to establish an essential consistent standard for agent verification and data exchange compatible with recently announced agentic protocols.

We have been working with our partners in the space to build the foundations of agentic commerce throughout the year, and we have developed this framework based on their feedback and input. In sharing the framework on Mastercard Developers, we continue to invite feedback from industry stakeholders to support its ongoing refinement.

The framework focuses on:

Registering and enabling AI agents to transact with agentic tokens

Mastercard’s Agent Pay Acceptance Framework begins by registering and verifying AI agents before they are permitted to transact on the Mastercard network. Each agent is uniquely identified and then enabled to initiate transactions using agentic tokens - dynamic, cryptographically secure credentials that ensure every transaction is both traceable and authenticated. This provides the core foundation for all participants to recognize when an agent is involved.

Enabling merchants to transact with trusted agents with minimal lift

Merchants often operate with limited technical resources and must balance competing priorities. Mastercard’s Agent Pay Acceptance Framework helps them recognize trusted AI agents and accept secure, tokenized transactions with minimal effort. By implementing the emerging Web Bot Auth standard (as outlined in the framework) at the Content Delivery Network (CDN) layer, merchants can verify agent authenticity without deploying new code, ensuring that Mastercard-approved agents can transact with them while blocking untrusted traffic.

Once verified, the trusted agents can then use existing checkout forms on merchant websites to submit a Dynamic Token Verification Code — an agentic token formatted for standard card payment fields — enabling secure, seamless transactions. This no-code approach lowers barriers and makes agentic commerce accessible to businesses of all sizes. 

Unlocking rich data exchange for agentic-first merchants

As agentic commerce matures, many merchants will evolve from no-code implementations to deeper integrations with agents, either directly or via protocols like Model Context Protocol (MCP), Agent2Agent (A2A), and Agentic Commerce Protocol (ACP), providing a path for richer and more personalized experiences.

Mastercard’s framework supports this transition by offering a standardized set of data elements that enhances interoperability and transaction integrity. These include:

• Trusted agent recognition: Ensures only verified agents can initiate transactions, protecting merchants from malicious automation.

• Purchase intent data: Provides detailed visibility into the consumer’s intent —whether agent-assisted or autonomous, including cart contents, transaction limits and validity windows. This data also provides the merchant with an audit trail that may be used to help avoid and/or resolve potential cardholder disputes.

• Agentic tokens: Secure cryptographic credentials that safeguard sensitive payment data, improve approval rates and enable programmable transaction-level controls.

• Consumer identity: Enables personalized engagement and loyalty retention by identifying returning consumers in agent-mediated environments.

To further strengthen trust, Mastercard is contributing to the FIDO Payments Working Group to define how verifiable credentials can be used to securely authenticate agent and consumer interactions. These credentials are portable, privacy-preserving and aligned with global standards — ensuring that consumer identity and intent can be reliably verified across parties.

Collaborating for interoperability

Mastercard’s vision for agentic commerce is not being built in isolation. We are partnering with key industry players to ensure a consistent and unified approach to agentic commerce, which is scalable, secure and widely adopted. 

For example, we’ve partnered with Cloudflare to support Web Bot Auth in Mastercard Agent Pay. Web Bot Auth builds on the IETF RFC 9421 standard and offers a scalable, no-code approach to cryptographically verify agent identity. By incorporating and extending the Web Bot Auth protocol in Mastercard’s merchant specifications for Agent Pay, millions of Mastercard-accepting merchants will be able to easily identify trusted agentic traffic, support recognized consumer experiences, and securely accept payments, with trust, security and interoperability at the core.

In addition, we are also working with our acceptance partners to help scale seamless adoption of Mastercard’s Agent Pay Acceptance Framework to their customers. 

These partnerships are instrumental in shaping a future where agentic commerce is not only possible, but trusted and ubiquitous.

As AI agents become more capable and autonomous, the need for trust, transparency and interoperability becomes paramount. Mastercard Agent Pay and our acceptance framework are a bold step toward a future where merchants and consumers can engage with AI agents confidently and securely. 
 
By setting the standards today, Mastercard is ensuring that the commerce of tomorrow is built on a foundation of trust.