Google and Mastercard have transferred their competing AI agent payment frameworks to the FIDO Alliance, the standards body best known for passwordless authentication, in a move that signals how seriously payments companies are taking the shift toward autonomous AI-driven commerce.
The FIDO Alliance announced it will launch two new technical working groups focused on building open standards for AI agents that can execute purchases and other transactions on behalf of users. Google has donated its Agent Payments Protocol (AP2), first introduced in September 2025, while Mastercard is contributing its Verifiable Intent framework, announced in March 2026 as an open-source standard for what it calls agentic commerce.
What the Working Groups Will Cover
The new Payments Technical Working Group will develop standards for how AI agents handle transaction flows, payment credentials, and merchant interactions. This group will draw directly from the technical specifications Google and Mastercard have already built, aiming to create a unified approach rather than allowing fragmented proprietary systems to dominate the market.
A separate Agentic Authentication Technical Working Group will focus on how users securely delegate purchasing authority to AI agents. This covers questions such as how a user proves they authorized an agent to act, how spending limits are enforced, and how revocation works when a user wants to withdraw permission.
FIDO Alliance Executive Director Andrew Shikiar said in the announcement that “to scale this safely, people need to trust that these actions are secure, authorized and truly reflect their intent.” That framing reflects the core challenge: AI agents capable of initiating purchases without explicit human approval at the moment of transaction introduce significant fraud and trust risks.
Why this Matters for Ecommerce Operators
Agent-led commerce is no longer speculative. Google, Amazon, Shopify, and OpenAI have all demonstrated or deployed tools where AI agents can browse inventory, compare products, add items to cart, and complete checkout. The technical question is not whether this will happen, but how payment authorization and fraud liability will work when the buyer is a machine acting under broad instructions.
For merchants, the implications are operational and financial. If an AI agent places an order that a customer later disputes, who bears the chargeback risk? How do existing fraud detection tools, built to analyze human behavior patterns, adapt to agent-driven traffic? What does “customer consent” mean when the purchase decision was made by an algorithm interpreting vague instructions like “reorder my usual grocery list but cheaper”?
The FIDO Alliance’s work aims to answer these questions with standardized protocols that work across platforms. That matters because fragmentation in this space would force merchants to integrate with multiple proprietary agent payment systems, each with different authentication flows, liability models, and technical requirements. A common standard reduces that integration burden and creates clearer rules for dispute resolution.
How this Differs from Existing Payment Standards
Traditional card payment standards, including those Mastercard itself administers, assume a human is present at the point of transaction, either physically or digitally. Even stored credentials and one-click checkout require the user to initiate the final purchase action.
Agentic commerce breaks that model. The user may authorize purchasing power days or weeks before a transaction occurs, with only high-level constraints such as category, price ceiling, or frequency. The agent interprets intent, selects products, and completes checkout autonomously. That requires new primitives for expressing and verifying delegated authority, which is what Mastercard’s Verifiable Intent framework is designed to address.
Google’s AP2 protocol, originally built to support its own AI shopping tools, takes a similar approach but with different technical architecture. By contributing both to a neutral standards body, the companies are signaling they prefer interoperability over proprietary control, likely because they recognize that consumer trust in agent-led payments depends on consistent security expectations across platforms.
Competitive Context and Adoption Timeline
Amazon has not publicly joined this effort, and it operates its own closed-loop payment system that could adopt agent commerce features without external standards. Shopify, which has partnered with OpenAI and built its own AI shopping assistant, has not announced a position on FIDO’s framework. PayPal and Stripe, both critical to checkout infrastructure, are also not named in the initial announcement.
That means widespread adoption is not guaranteed. The standards will matter most if they are implemented by the platforms where agents actually operate: search engines, messaging apps, voice assistants, and ecommerce marketplaces. Merchants should watch for announcements from Shopify, Amazon, Meta, and Apple about whether they will adopt FIDO’s agentic commerce protocols.
No implementation timeline has been provided. Technical working groups at standards bodies typically operate on 12- to 24-month cycles before publishing initial specifications, followed by pilot testing and gradual rollout. Merchants are unlikely to face immediate integration requirements, but the direction is now clear.
What Merchants Should Monitor
Ecommerce operators should track whether their payment processors and platform providers announce support for FIDO’s agentic commerce standards once they are published. Merchants using Shopify, BigCommerce, Adobe Commerce, or other platforms will depend on those providers to handle the technical integration, but understanding the liability and dispute implications will require direct attention.
Merchants should also consider how agent-driven traffic will appear in their analytics and fraud tools. Current systems flag unusual purchasing patterns, rapid repeat orders, and bot-like behavior. Legitimate AI agents will exhibit some of those same signals, which means fraud detection models will need recalibration to distinguish between authorized agents and account takeover attacks.
The shift toward agent-led purchasing is being driven by the companies that control the largest consumer AI platforms. Merchants do not get to opt out, but they do get to shape how the standards develop.
FIDO Alliance working groups are open to participation from member organizations, and ecommerce platforms and payment processors should ensure merchant concerns about liability, fraud, and customer experience are represented as these protocols are finalized.
