Target updated its consumer terms on March 22, 2026 to clarify that AI agent-initiated purchases are the customer’s responsibility.

• The timing is not coincidental — it’s a signal that Google’s “Buy For Me” launch is coming,
• The new language is blunt: if a customer authorizes an AI shopping agent to act on their behalf, those transactions are “considered transactions authorized by you.”
• Added a disclaimer that it “does not guarantee that third-party AI tools will act exactly as you intend in all circumstances.”
• Target wants to be very clear about who owns the risk: Your bot is your responsibility.

Google “Buy For Me” Is the Trigger

In May 2025, Google announced its agentic checkout feature: track a price, set your threshold, and when it drops, tap “buy for me.” Behind the scenes, Google adds the item to your cart and completes checkout via Google Pay — without you touching a keyboard.

Target is a named Google Gemini retail partner, announced by Google CEO Sundar Pichai at NRF 2026. This is not a generic partnership. When “Buy For Me” goes live at scale, it will represent the first true machine-to-machine (M2M) agentic commerce program with mass consumer reach. An automated, bypass-checkout flow with no human in the loop at the moment of purchase. Target sees this coming. Their terms update is the legal groundwork being laid before launch.

Why Target Is Uniquely Exposed

Target has the largest card services footprint of any US merchant. Approximately 25 million customers that hold a portfolio including:

• Decoupled debit (Circle card – aka Target Red Card)
• Closed loop
• Co-brand credit (issued with TD Bank)
• Prepaid products

These cards, with integrated loyalty and discounts, drive roughly 24% of Target’s total sales. It is a massive proprietary stake in payments (and a massive liability exposure if agentic purchases go wrong at scale).

The ACP Problem: Simulating the Consumer’s Device

As I wrote in Device Graph Extinction, Stripe’s Agentic Commerce Protocol (ACP) is currently the most operationally capable agentic payment protocol in the market. ACP is notable for one specific capability: it can simulate a consumer’s device environment, backfilling device telemetry (via Stripe Radar data) for transactions that originate from an agent rather than a human. In plain English: ACP can make an automated M2M transaction look, to a merchant’s fraud system, like a normal human-initiated purchase.

This is a direct threat to the 30-year fraud investment that merchants like Target have made. Their risk models depend on behavioral signals — time on site, device fingerprints, navigation patterns. An agent that simulates a device but bypasses the checkout UI strips all of that signal away.

Target’s new terms are also a message to OpenAI and Stripe ACP: You may be able to simulate and bypass controls. But if you do, the consumer owns the fraud — not us.

The Paze Problem: Why Target Won’t Accept a Bank-Led Solution

As I outlined in my analysis of UCP Enables a New Economy, the US bank consortium’s Paze wallet has failed to gain merchant traction, and that failure is structural and political.

Target will not participate in an agentic commerce framework that excludes its proprietary card portfolio. The Paze consortium represents only the top 6 V/MA Issuers. It excludes other cards and also serves as a blocker to V/MA (DAF and TAF) rule sets. If Target is going to take risk in agentic, it certainly isn’t going to add to that risk in a new payment system they have not control over, AND excludes their cards (Duh).

Target’s logic is straightforward: we will not accept an agentic architecture that pushes risk onto us for transactions we can’t see, can’t control, and can’t dispute through our own instruments.

Merchant of Record and the Checkout Control Imperative

IMHO Visa and Mastercard have built a very solid technical and rule infrastructure to manage agentic risk. DAF (Device Authentication Framework) and TAF (Transaction Authentication Framework), along with VAS services like Visa TAP and Mastercard AgentPay, are designed precisely to govern M2M payment flows with liability shift potential. It is open, and standardized.

While AgentPay and Intelligent Commerce will play in ROW, US Banks are effective blockers. For example, AP2 mandates could be sent in “buy for me” BUT retailers own the risk, don’t control authorization process (or including AP2 Mandates within a 3DS payload), AND US banks have no plans to act on them.

Without issuer participation in a formal liability shift framework, merchants like Target bear 100% of the fraud risk — as they do today in US eCommerce. A “Buy For Me” flow that bypasses merchant checkout also bypasses the device data capture that powers Target’s risk models.

Target must own the checkout experience. It is not stubbornness. It is the only available mechanism for risk management in the absence of a network-governed liability shift that includes their full card portfolio. As I noted in UCP Enables a New Economy, UCP’s embedded checkout (iFrame) flow preserves exactly this.

Google Buy For Me represents the first REAL Machine to Machine (M2M) agentic transaction flow. Since merchants own the risk, they can set the consumer terms. Target’s consumer terms act as a liability fence before the product launches. If a consumer’s Gemini agent buys 47 shower curtain rings at 3am, Target wants it on the record that this was an authorized transaction. I also see it as a message to the ecosystem. Any AI platform (Gemini, ChatGPT, Stripe ACP) that attempts to simulate a consumer device or bypass the checkout flow is operating in a zone where the consumer owns the consequences. Target will not absorb the cost.

Until network stakeholders align, the “Your Bot Is Your Responsibility” policy is what the liability infrastructure looks like at the starting line of M2M, I believe the V/MA frameworks will succeed in long term, but Issuers and merchants must buy in.

Related reading: UCP Enables a New Economy | Stripe Agentic Commerce Protocol (ACP) | Device Graph Extinction