Automated Commerce Reaches the Consumer Checkout

The Week AI Agents Reached the Checkout

Over three days in June, the people who run consumer businesses got a concrete answer to a question they had been treating as hypothetical: their next customer might be software. On June 10, 2026, Visa took the stage at its own Payments Forum in San Francisco and described a shopper telling ChatGPT to "order paper towels," then showed how a tokenized Visa credential would let the assistant actually pay for the order. The same day, Mastercard shipped Agent Pay for Machines, a way for software agents to pay one another at high frequency and low value. A day earlier, on June 9, Santander's Getnet had opened the other side of that transaction, letting merchants accept payments started by an AI agent. And on June 11, a federal appeals court spent a morning weighing whether a retailer can keep such agents out at all.

Packed into one week, those moves push agent shopping past the demo reel. The two largest card networks now treat a software buyer as something to support at checkout, an acquirer has wired up the merchant side to receive it, and a court has started drawing the boundaries. For anyone selling consumer goods or services, that convergence resets the planning conversation. Agents buying in volume is no longer a someday scenario; it is a payment option the networks are racing to offer. The harder decisions are about limits: what an agent may purchase, who signs off on the expensive orders, and whether a store can refuse one outright.

Two networks, one day, the same bet

It is rare for Visa and Mastercard to ship competing capabilities on the same date by accident, and they did not. Both companies have spent the past year describing a near future in which a person delegates errands to an assistant and the assistant carries a payment credential the merchant can trust. On June 10 they each made that real.

Visa's announcement, a strategic collaboration with OpenAI, puts tokenized Visa payments inside ChatGPT and other OpenAI surfaces, with the Codex developer tooling aimed at enterprise and developer workflows. The mechanism matters more than the branding. A tokenized credential means the agent never handles the actual card number; it carries a stand-in that works only within rules the cardholder set in advance. Jack Forestell, Visa's chief product and strategy officer, framed the moment as the largest change to commerce in a generation, a claim worth treating as positioning rather than fact, but the engineering underneath it is mundane in the reassuring way payments are supposed to be.

Mastercard moved at a different altitude. Agent Pay for Machines is built for agents transacting with other agents, high-frequency, low-value payments that settle across cards, bank accounts, and stablecoins, with the human's permissions recorded on-chain (Polygon first, then Solana and Base). The company launched it with more than 30 partners, including Stripe, Adyen, Coinbase, and Cloudflare, a roster that signals how quickly the supporting cast is consolidating around a shared approach. "Agentic payments will enable buying and selling among AI agents at fundamentally different scales," said Jorn Lambert, Mastercard's chief product officer, pointing at a transaction layer that sits underneath ordinary consumer checkout rather than replacing it.

Read together, the two launches say the same thing to a retailer: assume an agent can present itself at your checkout and pay, because the network side of that work is now handled by the companies that handle it for everyone else. What used to be a research project at a single platform is becoming standard automated retail technology, offered by the incumbents, on the same week, with overlapping partner lists.

The merchant has to say yes, too

A consumer wallet is only half of a sale. Someone on the other end has to accept an order that no human placed by hand, and that side opened first. On June 9, Santander's Getnet announced that merchants can now accept payments initiated by AI agents, whether the store's own agents or third-party agents operating through conversational platforms. The design is deliberately platform-agnostic, built on open standards, already compatible with Mastercard Agent Pay and with Visa's agent commerce work on the roadmap. "We want to provide the infrastructure so that merchants, platforms, and agents can transact securely," said Juan Franco, Getnet's chief executive.

The reason an acquirer is bragging about being protocol-agnostic is that there is no single protocol yet. A merchant looking at agent commerce today faces several competing standards with overlapping ambitions, among them the Trusted Agent Protocol, the Agentic Commerce Protocol, and a handful of machine-payment specifications attached to the various network launches. Picking one is a bet; supporting all of them is expensive. Acquirers like Getnet are competing to absorb that fragmentation so a merchant can integrate once and accept agent orders no matter which standard the buyer's agent speaks.

For a store, the practical consequence is unglamorous. The automated customer experience now has to serve software as well as people: product data a machine can read and trust, prices and availability an agent can act on without a human in the loop, and an acquirer that will accept an agent-initiated order instead of flagging it as fraud. Automated e-commerce built for a human clicking through a cart does not automatically work for a buyer that reads structured data and submits an order in milliseconds. The catalog, not the checkout button, becomes the storefront.

The real contest is the controls

Strip away the branding and every one of these launches describes the same safety model. Visa's payments operate within "clearly defined user permissions, policies and controls, including spending limits, merchant categories or required approvals," enforced through tokenized credentials and real-time authorization. Mastercard's framework adds credentialing, permissioning, and policy controls, with the human's grants recorded so each agent action can be checked against them. The vocabulary is shared because the worry is shared: an agent that carries a payment credential without boundaries is a liability.

That shared vocabulary points at where the durable work actually sits. The networks supply the credential and the settlement. What they cannot supply is your judgment about what your agents should be allowed to do. A spending limit is only useful if someone sets it to the right number. A required-approval step only protects you if it fires on the orders that deserve a second look and stays out of the way on the ones that do not. Merchant-category restrictions only help if they match how your business actually buys. Those are configuration decisions, and they belong to whoever runs the agent, not to the card network settling its payments.

Consumer-goods operators should sit with this part of the week, because most of them will run buy-side agents long before they finish selling to them. Procurement, replenishment, supplier payments, and ad spend are exactly the repetitive, rule-bound work that agents are good at, and they all involve real money leaving the building. A tool like AgentPMT sits on that buyer's side of the arrangement, the side the networks do not cover. Its budget system sets per-agent spending limits, restricts which tools and vendors an agent can touch, and resets on a schedule, which is the same guardrail language Visa and Mastercard use, expressed as something a finance team can actually configure. Purchases that cross a threshold can route to a person for biometric approval on a phone, the human-in-the-loop checkpoint the networks reference but leave to the buyer to define. An encrypted vault injects credentials only at the moment of use, so the agent completes a payment without ever seeing the card or key, the buyer-side echo of the tokenization the networks do on their end. And a running audit feed logs every agent action down to the request and the response, so a disputed order has a paper trail.

None of that competes with Visa or Mastercard; it lives one step earlier, where a business decides what its own agents may spend before any network is involved. The networks are commoditizing the payment side, which is good for everyone. The configuration and accountability that sit on top stay with each company, and they do not arrive in the box. For agents that settle in stablecoins rather than card payments, the same logic extends on-chain: AgentPMT's x402Direct handles fully autonomous settlement in stablecoins on lower-cost blockchains, with spend caps enforced in code, an approach adjacent to the stablecoin agent payments Mastercard is building toward. It is also model-agnostic, working the same whether the agent runs on ChatGPT, Claude, or Gemini, which matters when no business wants its purchasing controls tied to a single AI vendor.

Can a retailer even keep agents out?

Every payment launch this week assumes agents are welcome. A federal courtroom spent June 11 testing the opposite assumption. The Ninth Circuit Court of Appeals heard oral arguments in Amazon v. Perplexity, a dispute over Perplexity's Comet browser, which logs into a user's Amazon account and shops on their behalf. Amazon wants it blocked. Perplexity argues that a user who authorizes an agent has extended that user's own access to the site.

The panel sounded skeptical of that theory, at one point comparing Comet to ordinary browsers like Safari and Chrome to probe where a user-directed agent stops looking like a normal visitor and starts looking like unauthorized access. The legal hinge is the Computer Fraud and Abuse Act (CFAA), a 1986 statute written long before anyone imagined software logging into a storefront on a person's behalf. A ruling for Amazon would hand retailers, booking platforms, banks, and loyalty programs a tool to wall off user-delegated agents from logged-in experiences.

So the same week points in two directions at once. The card networks are building agents into the buying experience while one of the largest retailers in the country fights in court to keep a specific agent out of its own. Both can be rational. A store that profits when an agent completes a sale has every reason to welcome it; a store that views an agent as a middleman that strips away its merchandising, its upsells, and its direct relationship with the shopper has every reason to resist. Whatever the panel decides, the case puts a real question in front of every business with a logged-in customer experience: which agents are you willing to recognize, and how would you prove a given agent was authorized to act for the person it claims to represent. Agent identity, in other words, stops being a developer detail. AgentPMT assigns each agent a cryptographic identity and the audit trail to match, the "know your agent" capability merchants will want no matter how the court rules.

What this week starts

It helps to treat June 2026 as two separate programs that happened to begin together. One is being sellable to agents: machine-readable product data, an acquirer that accepts agent-initiated orders, and a clear stance on which agents you will let into a logged-in account. The other is running agents of your own safely: spend controls, approval checkpoints, and an audit trail standing before the first agent is pointed at a supplier. The same ai services for business that already draft purchase orders and manage ad campaigns are a short step from authorizing payment, and that step is where the budgets and approvals have to exist already.

Neither program is finished, and neither is optional for long. Internal buy-side agents are business automation services with a credit line attached, and the firms that set their own limits this year get to define how their agents behave instead of inheriting a vendor's defaults later. An agent that finds, compares, and pays for goods is automated self service taken to its end point, with the shopper, or the purchasing team, delegating the whole errand rather than the search.

The payment rails arrived this week, faster and more in unison than most retail teams expected. They will keep getting cheaper and more standardized, because that is what the networks compete on. The piece that will not commoditize is the set of rules each business writes for its own agents: what they may buy, who approves the costly calls, and whether every action leaves a record. That is the work worth starting now, while the defaults are still yours to set.

---

Sources

• Visa Partners with OpenAI to Power the Next Generation of AI Commerce, Visa Newsroom
• Visa and OpenAI Unlock Agentic Commerce, PYMNTS
• Mastercard launches protocol to let AI agents pay each other, send micropayments, Fortune
• Mastercard prepares for a future where AI agents make payments, CoinDesk
• Mastercard Enables AI Agents to Pay Each Other, PYMNTS
• Santander's Getnet Plugs Merchants Into Agentic Commerce, PYMNTS
• Perplexity's Bid for AI Bot Access to Amazon Gets Cool Reception, Bloomberg Law