We are entering a new phase in the evolution of digital payments, one in which transactions are no longer initiated solely by humans but by intelligent agents acting on our behalf. Stripe and OpenAI, with their Agentic Commerce Protocol, offered an early glimpse of this future when they enabled ChatGPT to make payments through Stripe's infrastructure. It was a striking moment: AI didn't just recommend a product, it could also buy it.
Now, Google's Agent Payments Protocol (AP2) takes that concept several steps further. Announced earlier this fall alongside more than 60 major partners in payments, fintech, and technology, AP2 lays the foundation for a universal standard for agentic transactions — one where intent, authorisation, and proof are cryptographically verifiable across systems and networks.
It's still early days, and everyone's figuring out what this might look like. But one thing's clear: this could be the start of a major shift in how payments work.
What is AP2?
At its core, AP2 addresses a simple but profound shift: what happens when an AI agent, rather than a human, makes a purchase on your behalf?
Today's payment systems generally make fundamental assumptions:
- A human is "present" and consciously presses a "Buy" or "Pay" button
- The context (what was agreed, what was in the cart, etc.) is visible and auditable at each step
- Liability and accountability can be attributed to humans or known parties
When you introduce agents that act semi-autonomously (with some delegation), those assumptions break down. AP2 aims to restore trust, accountability, and clarity in this new era.
The key ideas behind AP2
AP2 introduces a few new concepts that might sound technical at first, but they solve a pressing issue: how to make sure an AI agent actually does what a user intended when it makes a payment on your behalf.
Mandates: your digital instructions
At the heart of AP2 are mandates: cryptographically signed, tamper-proof digital contracts. They record what a user authorised an agent to do, and under what conditions. You can think of a mandate as a secure "paper trail" of consent, forming a verifiable chain from intent → cart → payment.
Intent mandate vs Cart mandate
AP2 splits this into two stages:
- Intent mandate
This captures what the user intended. It's like giving your agent a clear instruction sheet, for example: "Book my train tickets if they’re under €80 and for next Thursday only". The Intent mandate stores those rules in a signed, auditable form so that later, anyone can confirm what permissions the agent had.
- Cart mandate
This records the actual actions taken by the agent. Once the agent finds a matching offer, it creates a Cart mandate, the equivalent of a final shopping cart: what's being bought, from whom, and at what price.
For transactions where the human is still involved, both mandates are created: first intent, then cart. For fully delegated tasks (say, an AI travel assistant automatically booking tickets), the user signs an intent mandate upfront, and the agent might generate the cart mandate once the conditions set by the user are met.
Together, these two mandates create a transparent audit trail: what was authorised, what was executed, and by whom… a foundation for trust and dispute resolution.
Verifiable Credentials (VCs): the proof layer
Each mandate is backed by Verifiable Credentials: cryptographic certificates that prove authenticity and authority. These ensure that a mandate genuinely came from the user and not from a compromised or spoofed agent.
Payment-agnostic by design
AP2 isn't tied to any single payment network. It's designed to work across various payment methods, including cards, bank transfers, real-time payment rails, stablecoins, and even cryptocurrencies (through extensions like "A2A x402"). This flexibility lets different systems and currencies coexist under a single protocol.
Built for interoperability
Finally, AP2 is layered on top of broader agent communication standards, such as Agent2Agent (A2A) and the Model Context Protocol (MCP). That means agents, merchants, and payment providers can all communicate with each other in a consistent way, regardless of the underlying technology.
In short, AP2 lays the groundwork for a world where AI agents can transact safely, with provable intent, clear accountability, and transparent records of what actually happened.
Why banks should care
AP2 is more than just a technical experiment. It signals a paradigm shift, and for banks and payment providers, the implications are immediate and profound. Here's why:
1. More agent-driven transactions = more complexity & more disputes
Once users start delegating financial tasks (e.g. "rebalance this portfolio," "refill my subscription if price drops more than 20%," "buy groceries under €50"), the sheer volume of autonomous actions could explode. With that, the potential for disputes, misinterpretations, fraudulent actions, overreach, and liability claims increases dramatically.
If an agent misinterprets ambiguous instructions, or if there's a mismatch between the user's actual intent and the agent's execution, who is responsible? The user? The agent builder? The bank? The merchant?
2. Banks will be asked to validate and mediate agent activity
Under AP2, banks and other financial intermediaries may be expected to validate that a mandate is authentic and valid, including verifying signatures and credentials. They will need to ensure that an agent's transactions stay within the bounds authorised by the user, while also detecting anomalous or potentially fraudulent behaviour that differs from typical patterns. Banks may be called on to support auditing or retroactive investigations into agent actions, helping determine liability when things go wrong. In some cases, they might also need to flag mandates or delegated tasks that are unsafe or overly broad. These responsibilities are significant, given the new and evolving nature of agent-driven behaviour.
3. The legacy systems gap
Most payment infrastructure was built on the assumption of human-initiated flows, rule-based fraud engines, and well-understood fraud heuristics. Agentic flows break many of those assumptions. This exposes a clear gap between today's systems and the new expectations of new cryptographic attestations and real-time agent decision-making.
The impact of this gap will surface in dispute handling and chargeback flows, where today's systems assume clear human intent and traceable authorisations. Agent-driven transactions blur those lines (with algorithmic intents, cryptographic consent, and shared liabilities).
4. The standards and risk arms race will be early and brutal
Because AP2 is still young, many edge cases haven't been fully stress-tested. The first movers will be under pressure: What constitutes a valid mandate in a borderline case? How to handle conflicting intent? How to resolve a dispute where the agent acted within mandate, but the user contests the outcome? The decisions made now may set long-term precedents, and banks will want to influence them, rather than simply being passive consumers.
Reframing dispute management for the agentic payments era
The emergence of AI agents making payments on behalf of users will redefine how banks approach dispute management, as we will face a growing number of complex, high-volume disputes where traditional dispute systems are no longer sufficient.
In this new landscape, banks will need Agentic Dispute Management solutions that are designed for this shift. Solutions that can combine AI automation & agentic self-service to deflect false disputes and resolve valid cases at machine speeds.
We see this as the next evolution of payment operations: one where machine intelligence, automation, and human oversight coexist seamlessly. With our Agentic Dispute Management solution, Amiko, we enable this vision: a system built for agentic interaction, enabling banks to manage payment disputes with the same intelligence and precision that AI agents bring to payments.
The shift to agentic finance and payments demands agentic infrastructure, and dispute management is no exception.
As AP2 and agentic commerce evolve, the opportunities are enormous: from efficiency gains and richer customer experiences to entirely new forms of financial interactions. Early adoption, standards governance, and liability frameworks will shape how quickly agentic payments mature. What's certain is that automation will deepen, delegation will grow, and liabilities will become more distributed.
At Rivero, we are helping banks prepare for this shift and capture the opportunities it creates by building the agentic payment operations infrastructure that ensures trust, compliance, and efficiency today and in the future.
Do you want to learn more about our agentic dispute management system? Let's talk.