The Key Questions in Agentic Commerce. “Who are you?” and “How would you like to pay?”

an article by David Birch

The news that Amazon is suing Perplexity to try and stop the AI startup from helping consumers to buy from their popular online marketplace brings to the fore the growing tension between companies providing agentic AIs and companies that provide products and services.

(It must be noted that Amazon is currently promoting its own AI shopping assistant, Rufus, launched earlier this year. The Amazon CEO Andy Jassy told investors in an earnings call that they expect “over time to partner with third-party agents” which I take mean to that they envisage the future shopping experience being customer AIs of various kinds talking with Rufus.)

US retailers, including apparel retailer Everlane and home furnishing firm Brooklinen, say they are holding off on partnering with agent providers because they do not know how they will be able to identify consumers making purchases.

Why is this such a big deal? Well, it is because purchase data is a key asset and if retailers allow OpenAI (and others) access to that data then they become vulnerable because once the platforms have this data then they can “go directly to advertisers and sell inventory based on the same data”.

Indeed. When it comes down to it, “who are you” (or, more precisely, “who are you and what are you authorised to do”) is the key to agentic commerce. Once that question is answered, payments are not that complicated.

Agentic Commerce is Coming

Agentic commerce (a-commerce) is a really big deal and the fact is that merchants need to develop strategies to deal with it now. Tom Noyes puts it bluntly: We are entering a new era of commerce in which “merchants risk being reduced to mere fulfilment nodes in a supply chain they don’t control”. He is surely correct because a-commerce isn’t an evolution of e-commerce or m-commerce, it is an entirely new way of doing business that will change the way the commerce works at the most fundamental level.

To make a-commerce work, the merchant (or the merchant’s agent) needs to get answers to two fundamental questions, which are “who are you” and “how are you going to pay”. Let’s agree that agentic payments are not a fundamental problem in agentic commerce since we know roughly what to do here (see, for example, Tom Brown’s article on this in TechREG Chronicle, where he suggests an alignment with common law principles of agency while encouraging innovation by placing responsibility on consumers and their chosen agents rather than merchants or issuers ). Payments will not be a fundamental block on the development of a-commerce.

Many of the players experimenting with a-commerce right now are using stablecoins for agent-to-agent payments. This is not necessarily because stablecoins are the optimum mechanism for payment but because “tradfi” does not provide an alternative channel. In many parts of the world, giving agents the ability to instruct instant account-to-account transfer might well be the more cost-effective way to pay. A British customer might be more than happy to give their shopping agent the ability to make an authorised push payment to Marks & Spencer when buying new underwear. If the pants don’t fit and they need to be returned, then Marks & Spencer can make an instant refund. Just to reiterate a common theme: payments are actually quite easy, once you know who everyone is and “how are you going to pay” will have many answers. It is “who are you” that is the critical question.

If my AI-powered software bot (my “agent’) shows up at your shop and orders a table lamp for delivery at an address, what do you (the merchant) actually need to know in order to execute the transaction? You need to know which agent it is (for audit purposes, if nothing else) and you need to know that the agent is authorised to place an order. You do not need to know, for example, who I am. In fact I might well instruct my agent to automatically ignore any merchant who requests any of my personally identifiable information on the perfectly reasonable grounds that I do not want my personal information to be stolen from the merchant when the merchant gets hacked.

Understanding which agent you are dealing with and understanding what that agent is allowed to do is now generally referred to as the Know-Your-Agent (KYA) process. KYA extends traditional identity verification to agents, addressing the challenges posed by non-human actors that lack inherent identifiers like biometrics or government-issued IDs. KYA is built on cryptography, digital signatures and verifiable credentials to establish:

Identity. Confirming who created, controls, and authorises the agent. My good friend Jelena Hoffart recently posted a detailed exposition explaining that as AI agents begin opening accounts, logging in, and making payments, the traditional identity and fraud stack is collapsing; and

Capabilities. Understanding what the agent is authorised to do, to establish the parameters for allowable transactions. For example: my bank might provide my agent with a verifiable credential that says that it is allowed to place orders with certain merchant categories up to certain limits, much as Visa and Mastercard are implementing through tokenisation services right now.

Agents Are A Paradigm Shift

As agents gain economic power, KYA becomes core to stakeholders looking to exploit the new world of a-commerce, which is why it is interesting to see organisations that are out there actively working on the KYA problem at scale. As an example, look at the recent announcement from one of the world’s leading acquirers, Worldpay, that they are working with Trulioo to build KYA framework powered by a “Digital Agent Passport” (DAP), a tamper-proof bundle of credentials that will enable merchants to assess whether an AI agent is legitimate, authorised and acting with proper consent.

I asked Cindy Turner, the chief product officer (CPO) at Worldpay, about the priority of this new KYA framework and she told me that forward-looking merchants are already looking to the industry for support in order to exploit the new opportunities. I was not surprised to hear this because a-commerce is not a speculative future potential direction, it is an imminent shift in the relationship between consumers and merchants (not to mention advertisers – nobody’s agent is going to watch a Super Bowl commercial) and merchants need active strategies to stay in the loop.

There is no doubt in my mind that Worldpay and others are right to prioritise such a framework. The impending shift from human to non-human customers means a power shift to AIs that will control access to customers. Although many industries will be affected, the shift will hit first where products are simpler and more standardized, such as in consumer goods. Here companies often deal with relatively simple products but complex streams of information, and agents will change the role of retailers and brands, as well as how customers choose and buy products.

We are at such early stages that the results of this shift are barely discernible but I will note, just to illustrate this point, that a recent study at Columbia Business School found that AI models frequently made divergent choices when asked to choose among identical assortments (eg, Claude favoured one brand in the fitness watch category nearly twice as often as the other models). These preferences were consistent and measurable, meaning that merchants will soon find themselves in a world where they are vulnerable to shifts in model behaviour, especially when updates roll out: In one case, simply switching from an older to a newer version of a model reshuffled market shares even though the product listings themselves did not change.

I don’t think it is hyperbolic to say that many retailers don’t know what is about to hit them. A strategy is an imperative.