The rise of AI is changing the landscape of payments. One notable way in which this is evident is through the introduction of “agentic payments.” This innovation involves AI-powered digital agents managing, authorising, and executing payments on behalf of individuals or organisations. With the recent launch of “ChatGPT agent”, among others, the prospect of delegating daily financial decisions to AI agents is quickly becoming a reality. As these technologies become widespread, they give rise to important legal and regulatory considerations.

What are agentic payments?

Agentic payments refer to transactions initiated and managed by AI-powered digital agents. These agents can operate within conversational or digital platforms, acting autonomously on the user’s behalf. They are designed to authenticate users automatically on trusted sites, suggest optimal payment methods, and alert users when interacting with new or potentially risky domains.

For example, instead of a customer scrolling through different websites, a customer might instruct its AI agent to find what the customer wants by setting parameters (such as price, availability, make etc), and executing a transaction without further customer input. Customers would also be able to use agents to track prices and complete purchases automatically once the price falls within a certain range.

Even more concretely, imagine this: you're running late for a meeting when you receive a notification on your phone from you AI agent, notifying you that it is aware your usual coffee shop has a queue and so it’s ordered your regular order from the café next door and paid using your preferred card, and it’ll be ready on your arrival. No need to open an app, enter payment details or interact at all with the coffee shop.

Key legal considerations

Naturally, there are several important legal considerations to bear in mind with respect to agentic payments. In particular, existing UK payments regulation and our current payment infrastructure are designed for human-initiated transactions. There are accordingly several issues which will need careful consideration:

• Authority to bind – all payments involve the entry into contracts by those involved in the payment. The use of an AI agent within the contracting process raises questions as to the valid formation of these contracts. For example, can AI agents conclude valid agreements without direct human involvement, and what rights do users have to undo an AI-initiated payment, and how are merchants protected? What happens if the agent does something not within the original contemplation of the user in setting up the agent, or something unforeseeable?

• Transaction authorisation – related to the above, if an AI system initiates payments on behalf of a customer, regulated payment services providers will need to consider how they can satisfy themselves that the customer has authorised the relevant transaction. How this interacts with existing requirements for regulated payments firms to implement strong customer authentication and account/payment information access approvals also requires additional analysis. Similar considerations apply with respect to requirements for customers to consent to payment transactions, and how existing rules regarding the point at which customers can withdraw consent would apply.

• Fraud – among other things, AI systems are exposed to risks from “prompt injection” and/or “memory poisoning”. These involve malicious actors manipulating AI agents by inputting deceptive or adversarial instructions and/or information, which can cause the agent to make unauthorised payments or expose sensitive data, which create additional liabilities for firms involved. Systems designed to protect against fraud will also need to guard against the ability of AI agents to impersonate humans. The increased autonomy offered by AI agents is also likely to lead to a significant growth in the speed, volume and complexity of payment transactions, meaning that firms will need to reconfigure their transaction monitoring and challenge processes in order to keep pace and continue to manage interactions with customers and their agents effectively.
• Data privacy – agentic payments typically require the exchange of significant amounts of personal and financial data between agents and parties, which naturally raises questions about compliance with data privacy laws. These laws require companies to provide transparency to retail users as to which third parties will have access to personal information (such as product searches and purchases) and what that data will be used for. Even before widespread agentic adoption, this is a cumbersome process in the complex payments ecosystem. Agentic transactions will significantly exacerbate these issues. The principles of data minimisation and security will also be important considerations, and organisations will need to implement appropriate guardrails for their agents to ensure that their use of customer data is proportionate and necessary for the transactions that they are instructed to undertake, and that the agent only externalises its users’ data when appropriate security guarantees and use restrictions are in place.

What’s next?

The potential impact of agentic payments is enormous, but given this potential there are also a host of questions about how different segments of the market might be impacted or might benefit from them. For example:

• How will companies with large ecommerce presences make their brand visible for an AI agent? Companies will have to find ways to “talk” to agents rather than humans, and we might consequently expect there to be far less of an ability to rely on persuasion or brand power, and much more of a focus on ensuring key data points are available for agents to process. Much like the market shifts from physical to online retail, re-architecting sales processes to cater for markets where consumers are less “present” will have profound implications for payment processes.
• How might corporate treasurers benefit? Treasurers could stand to benefit from the efficiencies that would come with the ability to automate invoice checking and payments to suppliers once valid invoices are submitted, as well as the optimisation of funds e.g. by automatically routing payments from accounts with surplus cash and moving funds between accounts based on real time interest rates.
• How will payments hardware providers adapt? Payment hardware may well have to evolve to support genuine AI authentication, so might we expect to see biometric integration that can distinguish between human-authorised AI actions and unauthorised access attempts? What might these look like, and could they involve continuous authentication methods that monitor behavioural patterns in real-time? These innovations will need to be balanced with the need to continue to protect customer privacy in a robust, scalable way, leading to increasing demands for effective digital identity frameworks capable of encouraging mass adoption.
• Who will build and offer these agents and associated compliance solutions? Agents will presumably have to have some form of integration with regulated payments providers, but will the payments providers offer agents as a service themselves (and if so would they rely on technology vendors to build them)? If the tech firms dominate the market for these agents, how might that reshape the payments and financial services landscape?