Following the launch of protocols for agents, the payments industry has begun recognising a shift akin to the advent of the internet. Yet many financial institutions, fintechs and businesses haven’t fully grasped its implications. While banks pursue incremental digital improvements, Visa and Mastercard have launched platforms enabling AI agents to conduct transactions autonomously. With 99% of executives planning deployments and 65% already running pilots, this isn’t just a technical evolution—it’s a new paradigm for interacting with financial services.
The move from manual to agent-assisted commerce is accelerating faster than predicted. Visa’s Intelligent Commerce and Mastercard’s Agent Pay have moved beyond the pilot stage to handle real transactions. A major inflexion point is approaching, and businesses must prepare for a new era of digital commerce.
Keeping pace with agentic demands
Financial infrastructure built for the self-hosted era cannot meet the demands of autonomous agents. Visa and Mastercard have deployed tokenised credentials and API-first architectures, but legacy banking systems—built on monolithic mainframes—lag behind. These outdated platforms lock institutions into lengthy development cycles, while competitors are already processing real-time agent transactions.
Yet cloud migration alone isn’t enough. Many “modern” systems are just rebranded legacy architectures, offering limited adaptability. The real edge lies in platforms with real-time, no-code configurability, dynamic rule engines that adjust instantly, and composable services that support emerging agentic use cases.
Network tokenisation is the cornerstone of agent-driven payments. It replaces sensitive card data with dynamic tokens, allowing agents to transact securely across touchpoints. Traditional PCI frameworks, built for human-led transactions, aren’t suited to agents managing hundreds of tokens in diverse environments.
Trouble in paradise
Yet the tokenisation landscape remains fragmented. Many systems—originally built for Apple Pay—were rushed and hard-coded. As tokenisation expanded to e-commerce and Click to Pay, compliance took precedence over flexibility. Today, many issuers still auto-approve token requests with minimal risk assessment, a vestige of Visa and Mastercard’s early, binary risk logic.
Adopting a true cloud-first stack isn’t a minor upgrade—it’s the entry requirement for the agentic era. Institutions need tokenisation platforms with real-time configurability and granular control. Simply moving legacy systems to the cloud isn’t enough; infrastructure must be rebuilt with an API-first design optimised for machine-to-machine interactions.
Institutions clinging to legacy systems are betting against a transition that’s already underway. Their refusal to adopt configurable, cloud-native infrastructure will limit their relevance as autonomous agents begin bypassing traditional banking channels in favour of responsive, agent-compatible partners.
Personalisation drives survival
Generic financial products are becoming obsolete. Mastercard’s Agent Pay highlights the hyper-personalisation agents demand—curating purchases based on style, weather, and venue, then transacting across multiple merchants. Network tokenisation powers this via tokens with fine-grained controls: spend limits, timeframes, merchant types and geographies.
This level of contextual decision-making makes traditional one-size-fits-all financial products appear primitive by comparison. It also requires a fundamental shift in risk management. Instead of evaluating individual transactions at the point of sale, financial institutions must now assess and manage risk at the moment of token provisioning for AI agents. Legacy tokenisation platforms, many of which automatically approve e-commerce token requests with minimal evaluation, are completely unprepared for this paradigm shift.
The trust challenge in agentic commerce is unprecedented. We’re asking consumers to allow computer programmes to research products, make recommendations and use their money to pay for purchases autonomously. How can anyone trust something like that? The answer lies in sophisticated tokenisation that moves risk management from the point of sale to the point of token provisioning.
The gap between expectations and the reality of agents in commerce is stark. While 66% of shoppers express interest in AI agents securing high-demand items and 65% want agents that can buy products at target prices, only 47% feel comfortable with agents making recommended purchases on their behalf. This trust deficit is partially addressed through network tokenisation’s enhanced security, which enables personalisation of transactions without exposing sensitive payment credentials to agents. Consumers can grant agents particular tokens with multi-dimensional controls, including spending limits, time constraints, merchant category restrictions and geographic boundaries, creating granular control over autonomous purchasing decisions.
Of course, consumers will not instantly adopt the new behaviours brought about by agentic commerce, with automated purchasing and payments disrupting typical expectations for online purchases. As merchants, payment processors, banks and fintechs educate consumers on secure adoption of agentic purchasing and refine their infrastructure to accommodate agents, trust among the public will build in the new model for online commerce.
Embedding levers for personalisation at every possible point of the payments value chain is essential for agent adoption in commerce. Financial institutions must build comprehensive systems that capture and respond to individual preferences, positioning themselves to support the hyper-personalised interactions that autonomous agents will demand. This means creating platforms capable of instant customisation and dynamic product configuration, utilising cloud-first infrastructure to unify data sources and enable access for agents. Tokenisation platforms must evolve beyond simple approve/deny decisions to sophisticated risk engines capable of real-time evaluation of agent capabilities and spending patterns.
The institutions excelling at personalisation today will become the preferred partners for tomorrow’s autonomous agents. Those that fail to build these capabilities will watch as intelligent systems route around them in search of more responsive alternatives.
Leadership in the era of agents
Digital payment technology is the primary point of integration for the adoption of agentic AI in e-commerce. Innovative banks and payments companies already support the programmable transitions that autonomous agents require, making it the natural entry point for institutional transformation. Network tokenisation serves as the critical enabler, but only when implemented through platforms capable of real-time configuration and sophisticated risk management at the point of token provisioning rather than transaction processing.
The best-positioned institutions are partnering with providers of genuinely configurable tokenisation platforms—not cloud-hosted relics. These systems must scale to millions of agent-led transactions, utilising advanced risk engines and providing real-time fraud detection. The infrastructure decisions made today will decide who thrives as agents take over financial transactions.
Customer hesitation remains significant, with only 24% of American consumers feeling comfortable sharing data with AI shopping assistants. However, this trust gap creates an opportunity for companies to build robust and transparent systems that can earn consumer confidence and gain market share by better serving the AI-first consumers of the future. Tokenisation addresses many consumer security concerns by ensuring that AI agents operate within predefined constraints through sophisticated token controls, providing granular protection that can help bridge the trust gap.
