Why AI Agents Break the Old Rules of Payments

Authorization is becoming critical as payments move from explicit clicks to autonomous decisions

TL;DR:
A subtle but important shift is happening in payments. Historically, we’ve only needed to authenticate users, assuming authorization was obvious: if you clicked “Buy,” you meant it. But the rise of AI-driven autonomous agents, taking vague instructions and acting independently, makes verifying explicit authorization urgent and complicated. Payments are no longer just about “are you really you?”—they’re now also about “did you actually mean it?”

Authorization: Payments’ Forgotten Problem

In payments, when discussing the end-user, the focus is usually on authentication, not authorization. Let’s break it down further with some quick definitions:

Authorization is the permission to perform an action.

Authentication is verifying who you are—like entering a password, using Face ID, or a CVV code.

In short:

• Authentication = “Are you really you?”

• Authorization = “Are you allowed to do this?”

Authorization in payments usually gets the meaning of '“can you get credit?” by the card issuer. It doesn’t refer to the concept of “did this user actually approve the transaction?”

Why it is such a dormant topic in the payments domain? Because with payments, authorization is usually pretty straightforward.

If you’re on an e-commerce website and press “Buy,” you’re explicitly giving your authorization. It’s hard to argue otherwise—you entered your credit card details and deliberately clicked the button.

That is why most credit cards guardrails focus on authentication—how do we verify that you, the user, actually own the credit card and that it wasn’t stolen. This is where methods like CVV and 3DS come into play. In device-based transactions like Apple Pay or Google Pay, authentication and authorization are coupled through biometric or PIN-based consent, while physical card payments typically rely on card insertion or NFC taps.

It’s generally hard to make an authorization mistake in payments— the closest to something like this is the Apple lawsuit in 2011, where authorization was questioned, but easy to argue that this was actually an authentication problem. In 2011, parents sued Apple after their kids made unauthorized in-app purchases without re-entering a password, leading to unexpected charges. Apple had an authentication flaw—it required a password for initial app downloads but allowed purchases within a time window without re-verification. This blurred the line between authentication and authorization, as children were technically authorized users but not account owners. Apple later settled for $100M and introduced stricter password requirements. Even then, the issue was mostly about authentication and it is hard to argue that the flaw here was with authorization, rather with authentication mechanism.

We’re writing this post because something important has changed in the payment world. We believe authorization is becoming a critical part of the payment flow. Recent advancements in AI agents are turning payment authorization into a new and interesting challenge.

Why?

Agents are evolving rapidly and can now make payments on behalf of users (if you haven’t seen it yet, check out OpenAI’s demo). These agents take instructions via text or voice in natural language and translate them into actions. This includes browsing the web, searching for information, and even commercial actions like purchasing items on an e-commerce site or booking a flight.

User authorization in these cases isn’t as explicit as the simple “click buy” scenario. A user can express payment intent in many ways:

• “Please buy this for me.”

• “I would like to purchase.”

• “Go ahead and checkout.”

All of these convey the same intent and should lead to the same action. But this gap between intent and execution introduces two potential issues:

1. Mistakes - agents making unintended purchases. This can happen due to lack of proficiency of users operating agents, or because people can just be unclear in their instructions.

2. Friendly Fraud - users creating chargebacks and accusing the agent in unintended purchases. Fraud is a big issue with card transactions, and “the agent did this” accusation is something that is hard to argue with as this technology is still unfamiliar and new.

Unsatisfied customer

As autonomous agents become more capable of running for hours on their own to complete tasks (like the recent Manus demo running dozens of browser instances in parallel), the problem becomes even more pressing. No one wants to wake up to dozens of unauthorized credit card charges from their future Manus.

If you’ve seen the recent series Severance, imagine theres another 'you’, that can carry out tasks on your behalf, but you are completely unaware and cannot control its actions.

a meme for Severance lovers

This opens up a new interesting challenge - how can we know that the user actually intended to purchase and gave authorization to the agent?

The solution - mandates.

Agentic Mandates are the future

One of the solutions we identified early on was the need to record user authorization for every payment intent an agent receives. We call these Mandates, and we believe they’ll play a big role in the future of agentic payments.

A Mandate is a collection of all the contextual data needed to prove user authorization for a payment. To be robust, Mandates should have a few key properties:

1. Verifiability – easy to verify at any point in time. Every key participant in the payment flow (PSP, card issuer, card network, even the merchant bank) should be able to confirm user authorization whenever needed.

2. Liability – Mandates are signed at the moment of authorization using a key, so they can be trusted. This raises a few interesting questions, like whether the agent has an identity and which public key we’re using (we can probably leverage existing infra from the card networks).

3. Data-rich – Mandates should carry enough context so the relevant players can approve and de-risk the transaction.

Mandates serve as a proof of authorization, and holds the key to higher authorization rates and lower risk for agentic payments.

Standardization

Every agent should record a clear Mandate for each transaction. But how can we make something that is agreed upon all of the key participants in the payment flow?

Standardizing Mandate formats and protocols is essential for widespread adoption of agentic payments. Without standardization, each provider may develop proprietary mandate structures, creating fragmentation and inefficiencies in authorization verification. Industry-wide standards, similar to JWT tokens for web authentication or OAuth protocols for delegated access, could ensure interoperability, ease implementation, and accelerate acceptance among issuers, PSPs, networks, and merchants.

Collaborative efforts between key stakeholders—such as payment networks, standards bodies like EMVCo or W3C, and AI developers—can establish common schemas and APIs for mandates. These unified standards would simplify integration, enable consistent verification methods, and build a robust foundation for trust and compliance across the evolving landscape of agent commerce.

Why shouldn’t we just have human in the loop for everything?

This question usually comes up quickly. Human-in-the-loop can work as a simple authorization mechanism for each agentic payment—for example, just pop up and ask for explicit permission via a click before every agent transaction.

Having a human in the loop may work for simple use cases—like approving a one-off purchase—but it quickly becomes impractical as tasks increase in complexity and duration. The ultimate promise of autonomous agents is their ability to independently perform sophisticated tasks, such as organizing multi-city trips, managing ongoing inventory restocking, or negotiating deals, which may unfold over hours or even days. Human approval at every step in these complex scenarios introduces bottlenecks, undermines efficiency, and limits the true potential of automation. To unlock genuinely autonomous, frictionless agentic commerce, we need robust authorization frameworks—such as mandates—that allow users to delegate decision-making with clarity, confidence, and security.

Summary

Authorization in payments has traditionally been straightforward—users explicitly confirm intent by actions like clicking "Buy." However, with the rise of AI-powered agents capable of autonomously executing purchases based on natural language instructions, explicit user intent becomes less clear, creating new risks such as unintended purchases and friendly fraud. This shift reveals a critical need for clear authorization mechanisms to reliably capture user consent.

The solution lies in establishing standardized Agentic Mandates, structured records capturing rich contextual evidence of user authorization. Industry-wide standards—similar to OAuth for web authentication—are essential for seamless integration and interoperability among payment networks, issuers, merchants, and AI developers. These standardized mandates will be foundational for enabling trustworthy, frictionless, and compliant autonomous agent-driven commerce.

At nekuda, we’re building the infrastructure for autonomous payments. If you have insights or want to collaborate, email us at:

ayal@nekuda.ai | barak@nekuda.ai | idan@nekuda.ai