While the industry recognizes that agentic commerce is reshaping payments, the more immediate technical friction lies in how it re-engineers data sharing. We are moving past the “top-of-funnel” coordination of inventory and pricing seen in protocols like UCP/MCP, entering the more contentious territory of AP2/ACP to coordinate trust and payment.

The Collaboration Paradox

As I’ve noted in Strategic Innovation Era, we are seeing a “Retailer First” surge. Successes like Walmart’s Sparky and Amazon’s Rufus prove that retailers are intent on controlling their own data and checkout environments.

However, external collaboration is mandatory for scale. I remain a proponent of Google’s approach: rather than a monolithic LLM, they are building a world of specialist model partnerships. But collaboration requires data exchange—the primary point of friction in this stage of strategic innovation.

Breaking the “Closed Loop”

For a decade, the “Data Games” were stable. Retailers shared SKU-level data with Google/Meta to “close the loop” on ad efficacy, as outlined in my 2021 analysis. Agentic commerce breaks these existing flows, as the primary “identifier” is now tokenized by request, by agent. For example: MA AgentPay and Visa TAP breaks data sharing feeds that companies like LiveRamp pioneered (see Identity Driving Payments)

The Intent vs. Authentication Standoff

The technical heart of the friction is the Intent Mandate.

1. Intent Mandate: Captures the consumer’s initial high-level instruction (e.g., “Buy tickets under $200”).
   
2. Cart Mandate: A cryptographic “price lock” between the agent and merchant.
   
3. Payment Mandate: The signal sent to the bank to authorize the funds.

Google has no desire to share consumer Intent Mandates (ever), and banks have no desire to share Transaction Data (ie flow is from RETAILER to Google/Meta not from Bank). For example, ApplePay and GPay want to show transaction history in-wallet; banks want users in their own apps. Currently, Google’s stance is: “I have the signed mandate; handle the transaction.” The bank’s logical response: “If you’re wrong, are you taking the financial liability? I have SCA requirements you aren’t satisfying for me.”

The Risk & Permissioning Problem

As explored in Target’s recent terms, we are at a crossroads for agent permissioning:

• Consumer-Owned Risk: The bot is the user’s responsibility (Target’s stance).
• Merchant-Owned Risk: The current baseline in UCP/ACP flows.
• Issuer-Owned Risk: The desired end-state, but it requires data flows that Google is currently blocking.

Wrap-Up: The Network Necessity

Mastercard continues to  pump out PR for “AgentPay,” but lab success working with bank innovation teams does not equal operational scale. Issuers require the Intent Data to satisfy regulators and manage their own risk.

This is a bi-lateral incentive problem that only the networks (V/MA/Amex) can solve. They are the only entities with the established commercial terms, operating rules, standards and governance to act as the “Trusted Intermediary” for data and liability. Until a common commercial construct is agreed upon, expect a 2-year technical and legal slog. Once resolved, however, this will be the single largest expansion of Value-Added Services (VAS) for the networks in a decade.

Google, expect banks to require both intent data and a say in what credentials are used in signing mandates. 

Feedback appreciated