On April 8th, Visa launched Intelligent Commerce Connect — a single integration point that lets AI agents make payments across any protocol, any network, any token vault. Two weeks earlier, Mastercard completed live agentic transactions in Australia. Google’s Universal Commerce Protocol has Shopify, Walmart, and Target signed up. Stripe and OpenAI are running the Agentic Commerce Protocol inside ChatGPT. Coinbase’s x402 has processed fifty million stablecoin payments over HTTP. And that’s just the stuff that launched in the past six months.
Something is happening here. And the payments industry — the part that builds the plumbing rather than writes the press releases — needs to think carefully about what it means. Because when you map the protocols against the infrastructure they’re trying to replace, what you see is a lot of complexity being added to a system that already resists change.
The lasagna
I’m going to call it a lasagna rather than a stack.1 Every payment — card, A2A, mobile wallet, wearable — passes through the same fundamental layers. Practitioners don’t even think about them anymore. But they matter here, because agentic commerce is trying to replicate them without having solved all of them.
Identification. Who is paying? The identity chain runs: form factor → credential → payment account → KYC’d entity. The form factor is the thing you carry — a plastic card, a virtual card in a wallet, a wearable. The credential is the PAN or token. The payment account is what the credential points to, and the account is what’s been KYC’d — tied to a person or legal entity that proved their identity to an issuing institution. In A2A and Wero, the credential is the IBAN or proxy, the form factor is the enrolled wallet, the payment account behind it equally KYC’d. The identity always resolves to a person or a legal entity. Always.
Authentication. Prove it’s you. Identification and authentication fuse through SCA — the multi-factor paradigm: something you have (a device, a card), something you know (a PIN), or something you are (a biometric). Cards have all three: PIN at the terminal, biometrics in the wallet, 3DS challenge for e-commerce. A2A uses the same framework — app confirmation, biometric verification, device binding. Different mechanisms, same principle: a human proves they are the identified account holder.
Authorisation. Approve the spend. The issuer checks the balance, runs the fraud model, applies risk rules, returns an approval or decline. In A2A, the PSP or bank does the equivalent. Always a decision by the institution holding the money, based on evidence that the identified, authenticated human requested it.
Acceptance & initiation. Who starts the transaction, and how? The POS terminal was the fixed point — a merchant device that read a card. That model already expanded: the terminal became a Point of Interaction — any device, any form factor, any channel. Request to Pay flipped initiation: the payee requests, the payer confirms. Direct debits are creditor-initiated. “Who starts it” matters — it determines the interaction flow, the authentication trigger, the liability chain. And in every case so far, one of the parties initiating is human.
Settlement. Move the money. Card payments settle through scheme clearing — Visa and Mastercard net out at T+1 (or faster). A2A instant payments settle through SEPA CSMs and TIPS — final, irrevocable, in seconds.
Disputes. When something goes wrong. Cards have chargebacks — fifty years of scheme rules governing how a consumer can reverse a transaction. A2A payments handle this differently, and the dispute mechanisms for instant payment schemes are still evolving — a topic that deserves its own post.
Six layers, tightly coupled. Not a stack where you can swap one layer without touching the others — more like a lasagna where changing the pasta changes how the cheese melts. Authentication depends on identification. Authorisation depends on authentication. Settlement depends on authorisation. Disputes depend on all of the above. Each layer involves different actors — issuers, acquirers, schemes, PSPs, merchants, regulators — and changing one layer means renegotiating interfaces with every actor in the layers around it. Even incremental changes — migrating from ISO 8583 to ISO 20022, rolling out SCA under PSD2 — take the better part of a decade.
This is why the smart movers in payments target the cheese topping, not the pasta layers. Look at Wero. EPI’s wallet doesn’t touch settlement — SEPA CSMs and TIPS stay exactly where they are. It doesn’t rebuild identification — the bank’s KYC stays. It doesn’t reinvent authorisation — the PSP’s risk engine stays. What Wero adds is a new acceptance layer on top: the wallet experience, the QR codes, the P2P flow, the merchant checkout. New cheese on an existing lasagna. That’s how you move relatively fast in an industry built on interdependency.
Now look at the agentic lasagna.
Too many protocols, too much reinvention
The agentic payments space has fragmented into an alphabet soup of competing standards — ACP, UCP, AP2, TAP, x402, MPP. The coverage frames it as a “protocol war.” It isn’t. These protocols operate at different layers, and understanding which layer each one covers is the first thing a practitioner needs to get straight.2
The acceptance and initiation layer is the most mature. ACP — built by OpenAI and Stripe — standardises the agent checkout flow: discover, create checkout, add payment details, complete. Google’s UCP goes broader — product discovery through post-purchase support, with twenty-plus partners. These protocols define agent-initiated transactions as a new acceptance category. Not merchant-initiated, not customer-initiated, not creditor-initiated. The agent is a third party initiating on behalf of the customer — software acting with delegated intent.
Authentication and authorisation are where the SCA problem bites. SCA was designed for humans: biometrics, PINs, device possession. A machine can’t offer a fingerprint. So every protocol reaches for PKI — cryptographic key pairs, signed credentials, registries — in a different flavour. Visa’s TAP uses RFC 9421 HTTP Message Signatures with a centralised Agent Registry. Google’s AP2 uses W3C Verifiable Credentials with Decentralised Identifiers. Mastercard’s Agent Pay combines VC-based Web Bot Auth with a Know Your Agent framework. And ACP sidesteps the question entirely — Stripe handles SCA on the human side and hands the agent a Shared Payment Token with no cryptographic identity at all.
Three incompatible PKI models and one that avoids it entirely. For the authentication of a single type of entity.
The settlement layer has two competing approaches: settle through existing card rails or settle onchain through stablecoins. Coinbase’s x402 uses HTTP 402 responses with EIP-712 signed payments; Stripe’s MPP does similar on a purpose-built blockchain.
In practice, a real implementation stacks protocols: UCP or ACP for the acceptance flow, AP2 for the trust layer, card rails or x402 for settlement. Simon Taylor’s map is worth studying — the landscape is layered, not competitive. But “layered” isn’t the same as “coherent.” It’s six groups solving different layers of the same problem without coordinating on the interfaces between them.
The two gaps
Acceptance & initiation: well-defined. Authentication: partially covered through delegated mandates and competing PKI models. Authorisation: covered through spend controls and scoped tokens. Settlement: covered through existing rails or new ones. But two layers are barely addressed.
Disputes. When an agent buys something that arrives broken, who files the dispute? The agent can’t — it has no standing in scheme rules. The human might not even know the purchase happened. Card rails have chargebacks. The A2A dispute landscape is evolving. The agentic protocols don’t address disputes at all.
Identification. The most foundational layer. The schemes are implicitly treating the agent as a form factor — another way to present a credential tied to a human’s account, like a virtual card or a wearable. Issue a scoped token. The token points to the account. The account is KYC’d. Done.
But a contactless card doesn’t decide which merchant to visit. A wallet doesn’t comparison-shop. A form factor is passive: it’s presented by a human at a moment of the human’s choosing. An agent is active: it acts autonomously within a mandate, making decisions the human hasn’t individually approved. That autonomy breaks the form factor model — for AML monitoring, for liability, for disputes. The monitoring systems are built on models of human behaviour, and an agent that makes forty purchases across twelve merchants in a single afternoon looks like structuring, not shopping.
Moving at payment speed
Here’s the real problem. ISO 20022 migration started in the 2000s and isn’t fully complete. PSD2’s SCA rollout was announced in 2015, mandated in 2019, effectively enforced by 2021, and still has edge cases being ironed out. EMV chip migration took a decade per market. The layers move slowly — not because the people are slow, but because the interdependencies are real and the scale is enormous.
The agentic protocol designers are building new layers at startup speed on top of infrastructure that moves at payment speed. Six protocols in six months, against a lasagna that took decades to bake. Something has to give. Either the new protocols adapt to the pace and constraints of the existing infrastructure, or they create a parallel system that has to earn trust from scratch — and trust, as anyone who’s lived through twenty years of SEPA implementation knows, doesn’t ship on a timeline.
The smarter path — and the one the card schemes are betting on — is to do what Wero did: add cheese topping, don’t rebuild the pasta. Extend what’s there rather than replace it. That’s what Visa’s protocol-agnostic ICC does — it doesn’t care which acceptance protocol the agent uses, as long as the settlement, authorisation, and identification layers underneath stay on Visa rails. That’s what Mastercard’s Agentic Tokens do — they’re card tokens with programmable controls, not a new trust framework. New topping, same lasagna.
Footnotes
-
A stack implies loose coupling — pull one layer out, the others stand. Payment infrastructure is tightly coupled: each layer depends on the ones around it, the whole thing only works when assembled in order, and if you try to swap a layer in the middle you have to renegotiate every interface above and below it. Also, everyone has an opinion about how to make it properly. ↩
-
The protocol comparison from ATXP and the Crossmint analysis are both worth reading if you want the technical details. I’m staying at the layer level here because the individual protocol specs will change faster than the architectural questions. ↩