Tag Archives: UCP

Visa CLI and X402 CONVERGENCE

Posted on by
1

Last week I wrote about MPP and x402 solving the internet’s original sin: the inability of machines to pay machines without a human in the loop. This week, Visa made that argument a lot easier to make.

Visa Crypto Labs quietly launched Visa CLI, a command line tool that gives AI agents a wallet. One npm install. One setup command. And your agent can pay for anything on the internet, charged to a real Visa card, without an API key, without a pre-funded crypto wallet, without human intervention.

I got beta access this week and tested it. Here’s what I learned, and why I think the CLI is the most important signal yet that the incumbent payment networks are serious about the agentic commerce era.

Continue reading

The Evolution of Checkout: Invisible, Instant, and Everything In Between

Posted on by
Reply

My friend Simon Taylor at Fintech Brainfood published a provocative piece this week: The Checkout is Dead, Part 2. His thesis is elegant — the future of agentic commerce is invisible. No cart. No confirmation screen. No “Pay Now” button. Just an event in the world, and money moves.

IMHO He’s right about the general direction. But he’s wrong about the scope and timeline. Not everything fits in instant, and its really important to look not only at OpenAI’s instant checkout FAILURE at Walmart, but also their internal success (ie Sparky driving 35% sales increase with internal checkout).

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

Owning Your Bot’s Actions: Target Part 2

Posted on by
Reply

In my previous post, covering Target’s “Your Bot is Your Responsibility”  was the only move they could make. When you let an AI bot loose with your credit card, you are effectively handing your car keys to a teenager; you can’t act surprised when there’s a dent in the bumper. But Target’s stance isn’t just a legal shield; it is a flare gun fired over a massive Governance Gap. Today’s agentic commerce is high on technology and standards, but dangerously low on the commercial terms that actually make markets function. To be clear, it’s not for lack of effort from V/MA, nor is it technology; it is resistance to change.

Continue reading

Target’s Consumer Terms “Your Bot Is Your Responsibility”

Posted on by
Reply

Target updated its consumer terms on March 22, 2026 to clarify that AI agent-initiated purchases are the customer’s responsibility.

  • The timing is not coincidental — it’s a signal that Google’s “Buy For Me” launch is coming,
  • The new language is blunt: if a customer authorizes an AI shopping agent to act on their behalf, those transactions are “considered transactions authorized by you.”
  • Added a disclaimer that it “does not guarantee that third-party AI tools will act exactly as you intend in all circumstances.”
  • Target wants to be very clear about who owns the risk: Your bot is your responsibility.

Google “Buy For Me” Is the Trigger

In May 2025, Google announced its agentic checkout feature: track a price, set your threshold, and when it drops, tap “buy for me.” Behind the scenes, Google adds the item to your cart and completes checkout via Google Pay — without you touching a keyboard.

Target is a named Google Gemini retail partner, announced by Google CEO Sundar Pichai at NRF 2026. This is not a generic partnership. When “Buy For Me” goes live at scale, it will represent the first true machine-to-machine (M2M) agentic commerce program with mass consumer reach. An automated, bypass-checkout flow with no human in the loop at the moment of purchase. Target sees this coming. Their terms update is the legal groundwork being laid before launch.

Why Target Is Uniquely Exposed

Target has the largest card services footprint of any US merchant. Approximately 25 million customers that hold a portfolio including:

  • Decoupled debit (Circle card – aka Target Red Card)
  • Closed loop
  • Co-brand credit (issued with TD Bank)
  • Prepaid products

These cards, with integrated loyalty and discounts, drive roughly 24% of Target’s total sales. It is a massive proprietary stake in payments (and a massive liability exposure if agentic purchases go wrong at scale).

The ACP Problem: Simulating the Consumer’s Device

As I wrote in Device Graph Extinction, Stripe’s Agentic Commerce Protocol (ACP) is currently the most operationally capable agentic payment protocol in the market. ACP is notable for one specific capability: it can simulate a consumer’s device environment, backfilling device telemetry (via Stripe Radar data) for transactions that originate from an agent rather than a human. In plain English: ACP can make an automated M2M transaction look, to a merchant’s fraud system, like a normal human-initiated purchase.

This is a direct threat to the 30-year fraud investment that merchants like Target have made. Their risk models depend on behavioral signals — time on site, device fingerprints, navigation patterns. An agent that simulates a device but bypasses the checkout UI strips all of that signal away.

Target’s new terms are also a message to OpenAI and Stripe ACP: You may be able to simulate and bypass controls. But if you do, the consumer owns the fraud — not us.

The Paze Problem: Why Target Won’t Accept a Bank-Led Solution

As I outlined in my analysis of UCP Enables a New Economy, the US bank consortium’s Paze wallet has failed to gain merchant traction, and that failure is structural and political.

Target will not participate in an agentic commerce framework that excludes its proprietary card portfolio. The Paze consortium represents only the top 6 V/MA Issuers. It excludes other cards and also serves as a blocker to V/MA (DAF and TAF) rule sets. If Target is going to take risk in agentic, it certainly isn’t going to add to that risk in a new payment system they have not control over, AND excludes their cards (Duh).

Target’s logic is straightforward: we will not accept an agentic architecture that pushes risk onto us for transactions we can’t see, can’t control, and can’t dispute through our own instruments.

Merchant of Record and the Checkout Control Imperative

IMHO Visa and Mastercard have built a very solid technical and rule infrastructure to manage agentic risk. DAF (Device Authentication Framework) and TAF (Transaction Authentication Framework), along with VAS services like Visa TAP and Mastercard AgentPay, are designed precisely to govern M2M payment flows with liability shift potential. It is open, and standardized.

While AgentPay and Intelligent Commerce will play in ROW, US Banks are effective blockers. For example, AP2 mandates could be sent in “buy for me” BUT retailers own the risk, don’t control authorization process (or including AP2 Mandates within a 3DS payload), AND US banks have no plans to act on them.

Without issuer participation in a formal liability shift framework, merchants like Target bear 100% of the fraud risk — as they do today in US eCommerce. A “Buy For Me” flow that bypasses merchant checkout also bypasses the device data capture that powers Target’s risk models.

Target must own the checkout experience. It is not stubbornness. It is the only available mechanism for risk management in the absence of a network-governed liability shift that includes their full card portfolio. As I noted in UCP Enables a New Economy, UCP’s embedded checkout (iFrame) flow preserves exactly this.

Google Buy For Me represents the first REAL Machine to Machine (M2M) agentic transaction flow. Since merchants own the risk, they can set the consumer terms. Target’s consumer terms act as a liability fence before the product launches. If a consumer’s Gemini agent buys 47 shower curtain rings at 3am, Target wants it on the record that this was an authorized transaction. I also see it as a message to the ecosystem. Any AI platform (Gemini, ChatGPT, Stripe ACP) that attempts to simulate a consumer device or bypass the checkout flow is operating in a zone where the consumer owns the consequences. Target will not absorb the cost.

Until network stakeholders align, the “Your Bot Is Your Responsibility” policy is what the liability infrastructure looks like at the starting line of M2M, I believe the V/MA frameworks will succeed in long term, but Issuers and merchants must buy in.

Related reading: UCP Enables a New Economy | Stripe Agentic Commerce Protocol (ACP) | Device Graph Extinction

Explaining the Death of OpenAI’s Instant Checkout

Posted on by
Reply

Short Blog

To my regular readers, you know the flow of data within a network is complex (see Data Games). The news that OpenAI is effectively shelving its “Instant Checkout” initiative in favor of a referral-based “conversational commerce” model shouldn’t come as a surprise. While the tech press might frame this as a strategic pivot, those of us in the eCommerce trenches know it for what it is: a collision with merchant’s role in risk, costs, CX, control and their own AI dreams.

OpenAI attempted to solve its monetization problem by trying to seize control of the top of the funnel, betting that the sheer volume of consumer demand would force merchants to bow to their interface. They were wrong. They fundamentally miscalculated the power dynamics of the transaction and the complexity of the global conversion funnel, a funnel that Google understands intimately because they serve both ends of it globally (ie merchant partners).

Continue reading

Strategic Innovation Era: Part 1 – Agentic Commerce

Posted on by
Reply

The opposite of Web3, the biggest companies are investing in AI and DLT to redesign the value chain. This one is long.. 12 pages. This is not a repackaging of prior blogs, today I break down how I see Banks, Retailers and Google collaboratively investing to make agentic work. It won’t be a hockey stick, but it will fundementally redesign the value chain. An extinction-level event for those who don’t invest. My main focus is on Google’s unique capability to manage MANY AGENTS and how that orchestration happens from an economic perspective. My predicted winners: Google, First-Mover Retailers like Walmart, Card Networks, and new intermediaries that can build specialized agents.

© Starpoint LLP, 2026. No part of this site, blog.starpointllp.com, may be reproduced or retransmitted, in whole or in part, in any manner without the permission of the copyright owner. Also, see our Legal/Disclaimer (this is a highly opinionated and partially informed blog). Enterprise readers, please consider Enterprise Subscription (not required for Starpoint Clients).

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

UCP Enables a New Economy

Posted on by
3

Yesterday, Google’s CEO unveiled Universal Commerce Protocol (UCP) at NRF.  UCP represents a defining moment in the architecture of digital commerce; the strategic imperative is no longer merely about organizing the world’s information but about organizing the world’s commercial intent and empowering merchants to leverage their own data to construct superior customer experiences.  This shift is not incremental; it is a fundamental re-platforming of the digital economy, where Google is uniquely positioned to serve as the orchestrator within a “virtuous cycle” of interaction among retailers, consumers, and intelligent agents. 

“For many people, discovery is the fun part of shopping. Making a decision is where things get harder. As an indecisive shopper myself, I’m looking forward to the day when agents can help me get from discovery to purchase.

At Google, we’re busy laying the groundwork for this agentic ecosystem to work well. That includes building a common language for these systems and services to talk to each other.

As a next step we are introducing the Universal Commerce Protocol (UCP), designed for the era of agentic commerce. It was built to meet the needs of retailers AND customers, keeping the full customer relationship front and center — from the moments of discovery to decision and beyond”. – Sundar Pichai NRF – Jan 11 2026

Continue reading