Visa Built the Agent Checkout Layer. Most Banks Don’t Know Yet.
In late 2025, Visa shipped the Trusted Agent Protocol—an open framework that lets merchants distinguish between bots and legitimate AI agents acting on behalf of consumers. Google launched AP2 with 60+ partners including PayPal, Coinbase, and Mastercard. Mastercard shipped Agent Pay with Microsoft and IBM.
This isn’t a research paper. Real agent-initiated transactions are clearing. Visa is projecting millions of consumers using AI agents to complete purchases by holiday 2026.
I spent years at Visa designing the tokenization infrastructure that sits underneath all of this—the Visa Token Service API that powers Apple Pay, Android Pay, and Samsung Pay. The new agent protocols are built on that same identity and token layer. The difference is that now the entity initiating the transaction isn’t a human tapping a phone. It’s an autonomous agent with its own credentials.
Here’s the problem: most banks have no strategy for authenticating, authorizing, or auditing agent-initiated transactions. Their fraud systems are tuned for human behavior patterns. Their compliance frameworks assume a person is on the other end. Their vendor contracts don’t address agent liability.
The banks that figure out agent-ready infrastructure in the next 12 months will have a structural advantage. The ones that wait for regulatory guidance will be playing catch-up against institutions that already have live agent transaction flows.
This is exactly why we built KnowYourAgent—to treat agent identity as a first-class financial primitive, the same way KYC treats human identity. The infrastructure layer for autonomous commerce is being laid right now. The question is whether your institution is building on it or will be disrupted by it.