Santander and Mastercard’s live AI-agent payment pushed the industry past the stage of talking about agentic commerce as a future use case and into the reality of a transaction moving through live banking infrastructure. In doing so, it placed an AI agent at the point of spend within a system that still assumes the person initiating the payment is also the one making the decision and carrying the liability.
That assumption is far easier to sustain when a payment draws on existing funds than when it creates a debt that someone must later repay. And may dispute. As soon as an agent moves from guiding a choice to completing the transaction, the usual alignment between instruction, authorisation and liability becomes harder to see.
Card authorisation has long rested on a simple premise: the person using the card is the one deciding to spend. Even when the transaction runs through a wallet, an app or a stored credential, the model still relies on a cardholder who is directly involved in the act of payment.
Agentic payments
Agentic payments stretch that arrangement. The customer may have set the rules, the budget or the merchant preference in advance, but the point of execution can now sit with software acting later and at speed. The question then extends beyond whether the transaction was authenticated to whether the debt it created was taken on with the kind of consent and clarity card systems have traditionally relied on.
Mastercard has responded by building a stronger trust layer around delegated intent. Once software acts on a customer’s behalf, the usual signs of presence and intent at the moment of payment carry less weight than they do in an ordinary card transaction. Santander’s pilot showed that this can be handled inside a tightly controlled framework with predefined permissions.
The challenge becomes very different once the same model moves into ordinary credit flows, where issuers are dealing with borrowing, repayment and dispute risk rather than a bounded test case.
Risk models built on human behaviour
Fraud systems and credit models have been trained to read people. How they spend, how quickly they move, where they buy, and what tends to happen before repayment trouble begins to show. An AI agent, even when acting entirely within a customer’s instructions, is unlikely to look much like that. It may search more widely, compare more aggressively, transact at unusual times and behave with a consistency that looks odd against a human baseline. Some legitimate payments will appear suspicious. Some suspect ones may look routine. Signals that once separated ordinary behaviour from risky behaviour will arrive in forms the system is not used to reading.
Research from Capgemini indicates that 71% of consumers want generative AI integrated into shopping interactions. Meanwhile, 58% say they already use generative AI instead of traditional search for recommendations. That does not mean autonomous purchasing becomes mainstream overnight, but it does suggest the move from AI-assisted discovery to AI-executed transactions will not stay theoretical for long. For issuers, that means transaction systems are about to encounter a new behavioural signature without much history behind them.
The pressure does not sit only with fraud screening. Credit decisioning is built on assumptions about how people build balances, revolve debt, repay over time and run into repayment trouble. An AI agent may be acting entirely within a customer’s instructions while still producing patterns those models were never trained to read cleanly. A sudden increase in spend, an unusual merchant mix or a burst of late-night activity may deserve scrutiny when a person generates it.
The same signals may be perfectly consistent with a software agent searching widely, responding instantly to price changes or executing against preset rules with much greater speed and regularity than a person would. Once that behaviour starts landing in the credit book, signals that once carried meaning around affordability, intent or emerging repayment risk become less reliable as indicators.
Signals the authorisation layer does not carry
The transaction also arrives with gaps that matter more once software is involved. Existing payment messages can identify the merchant, the amount, the credential used and the authentication path. What they do not natively describe is whether the action came from a customer or an agent, what spending authority had been delegated, whether that authority was limited to a category, merchant or price threshold, and whether the funding source was intended to be debit, charge or revolving credit. A payment can be technically valid while still leaving the issuer with too little context about how the decision was made.
A controlled pilot can solve some of that by imposing rules around the transaction from outside the standard message, which is effectively what bounded testing is for. Everyday credit use is less forgiving. If the issuer is expected to approve the payment, apply the right controls, score the exposure and later defend the outcome in a dispute, those signals have to be legible inside the flow rather than reconstructed around it after the event.
At that point, the question is less about whether the payment experience works and more about whether the issuer-side controls underneath it can carry the weight. That includes the ability to apply rules in real time, restrict how a credential can be used, and keep a clear record of how the transaction was authorised and what kind of exposure it created.
The missing context does not stop at authorisation. It follows the transaction further down the line, when an issuer has to explain why a payment was approved, whether the agent acted within its delegated scope. And how that scope should be evidenced if the customer challenges the transaction. Card systems are used to relying on the credential, the authentication path and the transaction record.
Digital versus Traditional Wallets
Agentic payments demand something more granular: a clearer account of who or what acted, under what limits, and with what right to create a liability on the customer’s behalf. The control layer around that decision, including how credentials are restricted and how delegated authority is defined, starts to matter much more than it did in a conventional wallet or stored-card journey.
Infrastructure many issuers built out for tokenised wallets now looks more like part of the control architecture for agent-led spend. Because the payment credential itself may need tighter restrictions than the market has been used to applying.
Santander and Mastercard have shown that an AI agent can now make it all the way through a live payment flow. What follows from that is less about whether software can reach the point of spend and more about what the rest of the stack needs to know once it gets there. If agentic payments are to move beyond controlled deployments and into ordinary credit use, issuers will need clearer ways to tell who acted, under what authority, against which funding source, and with what liability attached. Until those signals travel cleanly through the flow rather than being inferred around it, agentic payments on credit will remain easier to demonstrate than to absorb into everyday card operations.
Learn more at paymentology.com
- Artificial Intelligence in FinTech
- Digital Payments
- Embedded Finance
- Neobanking