When AI Clicks “Pay”: The Emerging Compliance Risks of Agentic Commerce

When AI Clicks “Pay”: The Emerging Compliance Risks of Agentic Commerce

AI-driven “agentic commerce” is no longer theoretical. Today’s AI assistants can already search for products, compare options, populate shopping carts, check out, initiate payment, and make returns—all on behalf of a person who may never see the website on which a transaction is executed. In some cases, users move all the way through checkout using stored payment credentials. While many systems still operate within guardrails (e.g., requiring human user confirmation or operating under preset limits), the direction is clear: AI agents are beginning to autonomously initiate and execute financial transactions on consumers’ behalf. As these capabilities continue to expand, the line between human- and machine-initiated transactions continues to blur, and legal and regulatory implications come into sharper focus.

What Forms of Agentic Commerce Exist Today?

Today’s implementations of agentic commerce generally fall into two practical tiers. The most common is assisted e-commerce, where AI tools support product discovery, comparison, and checkout within a chat box or embedded interface, but the user still provides explicit approval before any payment is executed. A step closer to autonomy is semi-agentic systems, in which the AI is permitted to complete transactions with minimal or no additional user input once predefined conditions are met. These systems include features such as price-tracking with automatic purchase triggers, where the user sets parameters in advance, and the AI executes the transaction when those parameters are satisfied. Autonomous AI agents that manage the full shopping lifecycle on a user’s behalf are growing rapidly. Often, a user gives an agent “goals,” and the agent identifies and executes transactions to implement those goals without a contemporaneous human decision that traditional payments laws assume will exist.

Agentic Commerce vs. Compliance

The shift to an increasingly automated shopping experience reframes the regulatory conversation. When an AI assistant pays a bill or clicks “buy,” central compliance questions will revolve around authentication, authorization, fraud, and who bears responsibility when an AI’s actions do not align with a consumer’s wishes or when rogue agents are deployed to execute bogus transactions. For regulators, banks, fintechs, and merchants, existing concepts of consent, liability, and consumer protection strain when transactions are initiated by software rather than people. Current regulatory frameworks concentrate on authorization, fraud controls, and dispute resolution, all of which were designed for human-initiated transactions. As agentic commerce continues to move into the mainstream, market players will need to rethink their approach to payments compliance for online transactions.

Key Considerations

• Authentication: Before a transaction is approved, it is important to authenticate the agent (e.g., that it is a valid agent and that it is associated with a specific entity on whose behalf it is permitted to act).
• Authorization: Once an agent is authenticated, it is also prudent to ensure the agent is authorized for the particular transaction (e.g., has the user empowered it to implement the type of transaction, the frequency, the dollar amount, etc.). Companies must be able to demonstrate, through auditable records, the scope of the user’s mandate (i.e., what the agent is permitted to do), the specific action taken by the agent, and the details of the resulting transaction.
• Consent: Typically, users must review and consent to a merchant’s terms of service and privacy policy. If an agent visits a merchant site that the user has never visited and “clicks” I agree, is that binding consent to the terms by the user? Merchants would be well advised to ensure it is a human that is agreeing to the terms (using CAPTCHA or other technology) or that the user has expressly authorized the agent to accept the terms on their behalf.
• Fraud Risk: Agentic systems introduce a new attack vector for fraud: the threat model shifts from stolen credit cards to stolen or manipulated agents. Credential compromise or malware can be used to distort user preferences, resulting in transactions that technically follow preset rules but do not reflect user intent. As a result, companies facilitating agentic payments will need to bolster authentication and transaction-risk scoring protocols.
• Disputes and Chargebacks: Agentic commerce is likely to increase the frequency of consumer disputes arising not from credential theft, but from unexpected or unwanted AI-initiated transactions. For example, if an AI agent purchases a higher-priced product because it misunderstood a user’s preferences, the consumer may view the charge as “unauthorized,” while the bank and merchant may view it as a valid agent-directed transaction. This eventuality may necessitate a broader recalibration of customer support flows, refund policies, and dispute resolution procedures. Accordingly, systems that can explain why a purchase occurred, what instruction the agent followed, and what conditions were satisfied that triggered the AI to execute the payment are more likely to prevail when disputes inevitably arise.
• Risks Related to Subscriptions and Privacy: Allowing an AI to start, upgrade, or renew subscriptions raises disclosure and cancellation issues, particularly as federal and state regulators continue to scrutinize negative option practices. Agentic payment systems are also more likely to require broader data sharing across agents, wallets, issuers, merchants, and third-party AI providers, increasing compliance exposure related to privacy and vendor management.

Putting It Into Practice

As AI agents transition from helping consumers shop to actually initiating and executing payments, participants in the payments ecosystem need to be aware of these and other legal issues that may arise. In the event of fraud, disputes will arise as to who is liable to the consumer. Regulators are likely to focus on fundamentals: whether transactions were properly authorized, whether disputes can be resolved quickly and fairly, and whether consumers are protected when automation produces unintended outcomes. Institutions should begin mapping their current authentication, consent, and dispute workflows to anticipated agentic use cases, identifying where existing processes assume human interaction and will need to be redesigned. For merchants, banks, fintechs, and AI providers, each will need to adopt measures to address these issues to mitigate their liability. Winners will be those who treat authentication, authorization, consent, auditability, and explainability as core product features rather than compliance afterthoughts. With the proper controls in place, even the consequences of a rogue AI “shopping spree” can be contained and potentially unwound.