Agent Commerce — payments and checkout for the agent web

What is Agent Commerce?

The Frontier category covering payments, checkout flows, and transaction infrastructure for AI-agent-initiated commerce — including payment protocols (ACP, UCP, AP2, Visa Trusted Agent Protocol, Mastercard Agent Pay) and the merchant-side requirements for accepting agent transactions.

By the numbers

• 4,700% — YoY growth in AI-driven traffic to U.S. retail sites by mid-2025 (Adobe Analytics (via Search Engine Journal))
• 11× — growth in orders attributed to AI search on Shopify since January 2025 (Shopify (via Search Engine Journal))
• $1T — projected U.S. retail revenue orchestrated by AI agents by 2030 (McKinsey + Gartner (via Search Engine Journal))
• ~50M — shopping-related ChatGPT queries per day (≈2% of total) (OpenAI (via Search Engine Journal))

Why it matters

Agent commerce is happening now, not in 2030. The Adobe and Shopify growth curves are not forecasts — they're actuals. The Forrester estimate that one-third of retail marketplace projects will be abandoned by 2026 as answer engines divert traffic tells the same story from the other side: traffic that used to land on a Google SERP and click into a marketplace is increasingly absorbed inside ChatGPT, Perplexity, and Gemini, and converted there.

The payment-network layer is moving fastest. Two competing stacks are converging — ACP (OpenAI + Stripe) and UCP (Google + Shopify) — both built around the same problem: how does a merchant verify an agent is acting with user consent, and how does the agent authorize payment without breaking PCI scope? ACP solves it with Shared Payment Tokens that keep credentials at the AI platform. UCP solves it with cryptographic Mandates and Verifiable Digital Credentials (the AP2 layer). The merchant who supports both gets routed agent traffic from both; the merchant who supports neither gets routed around.

Identity at the payment layer is the load-bearing problem. Every protocol in this space is, ultimately, a different attempt to answer: prove this agent is acting on behalf of a real user who consented to this specific transaction. Mastercard's Agentic Tokens, Visa's HTTP Message Signatures, Google's Mandates, OpenAI/Stripe's Shared Payment Tokens — different cryptographic shapes, same goal. The merchant who treats identity as a solved problem (because their processor handles it) wins. The merchant who hand-rolls authentication for each agent platform paints themselves into a corner.

Most merchants haven't started, and that's the opportunity. Our calibration corpus is honest: 97% of e-commerce sites fail our agent-friendly faceted-navigation check, 60% break carts under bot UA, 3% expose machine-readable pricing. The merchants who get the basics right — guest checkout, valid Schema.org/Product, no bot-fingerprinting at cart, server-rendered prices — earn disproportionate routing from agents that are explicitly trained to skip non-functional sites. The list of brands already in pilot rosters (Etsy, Walmart, Instacart, URBN, SKIMS, Glossier, Coach, etc.) compounds: AI shopping agents learn the defaults and route to them next time.

The 2026-2028 window matters because defaults harden. AI Overviews, ChatGPT Shopping, Perplexity Shop, and Claude commerce are still building their merchant rosters. Once those defaults stabilize, displacement is hard — agent-routing systems treat known-good merchants as a positive prior. Today's pilot retailers are tomorrow's defaults.

Sub-topics

Frontier watchers (tracked, not yet scored)

• F-ACO Agent Checkout — Does your checkout flow work for an agent acting on a user's behalf? Includes guest checkout availability, server-rendered prices and stock, predictable error responses, no bot-fingerprinting at cart or payment.
• F-PAYN Payment Networks — Does your stack support at least one of the converging agent-payment protocols (ACP, UCP, AP2, Visa Trusted Agent, Mastercard Agent Pay), either directly or through your processor?

Where it's heading

Convergence in 2026-2027. ACP and UCP both target the same problem; the technical differences are smaller than the marketing positioning suggests. Expect at least partial cross-compatibility (UCP already supports MCP and A2A transports; ACP supports REST and MCP). The Linux Foundation's Agentic AI Foundation, announced in December 2025 with eight platinum members (AWS, Anthropic, Block, Bloomberg, Cloudflare, Google, Microsoft, OpenAI), is positioned as the venue for this convergence — paralleling the role W3C plays for the original web.

Identity-for-agents matures. Today, "is this agent authorized to spend the user's money for this specific transaction" is solved by each protocol independently. The next layer — delegated authorization (the user gives an agent scoped credentials), capability tickets (the agent presents proof of authorization for a specific action), agent-specific KYC (the agent platform verifies the user) — is in active development across the same vendor coalition.

Merchant tooling proliferates. Shopify, Stripe, Adobe Commerce, BigCommerce, WooCommerce all have agent-commerce integrations on roadmaps for 2026. Most merchants will adopt by upgrading their platform, not by hand-rolling protocol implementations. The merchants who adopt early through their platform compound through the protocol layer below them.

Surfaces stabilize. ChatGPT Shopping, Perplexity Shop, Gemini Shopping, and Claude commerce are converging on a small set of "default" merchants per category. Once those defaults harden in 2027-2028, displacement gets harder. The reason agent commerce is an "act now" Frontier and not a "watch carefully" Frontier is that the cost of late entry compounds — both at the protocol layer (you have to retrofit) and at the routing layer (the agent's parent system has already learned defaults that aren't you).

The four protocols at a glance. ACP (OpenAI + Stripe, Sept 2025) — payment + checkout via Shared Payment Tokens, transports REST and MCP, available to all merchants on Stripe. UCP (Google + Shopify, Jan 2026) — full commerce journey via Mandates + Verifiable Credentials (AP2), transports REST / MCP / A2A / AP2, available to all Shopify + Google-mediated merchants. Visa Trusted Agent Protocol (Oct 2025) — agent authentication via HTTP Message Signatures, relevant to card-issuing banks and processors. Mastercard Agent Pay (April 2025) — agent-scoped tokens via Agentic Tokens, also relevant to card-issuing banks and processors. ACP and UCP are the two converging stacks most merchants will end up supporting; Visa and Mastercard primitives reach you through your processor.

Common mistakes

• Waiting for the dust to settle. The dust is not going to settle in 2026 in a way that lets you skip implementation. Five protocols converging is the dust settling; pick one and ship.
• Refusing all bot-UA traffic on checkout. Standard 'block bots at the cart' CDN config blocks legitimate agents. Your fraud team thinks they're protecting you; they're routing you out of agent-driven shopping.
• Hand-rolling agent integrations instead of using AP2 / ACP / UCP. The protocol layer exists so you don't have to. Custom integrations don't compound; protocol support does.
• Not having guest checkout. A prerequisite for current-generation agent checkout. If your account-creation step is mandatory, you've eliminated the agent-conversion path.

Frequently asked

Related

• Usability (SUB-GRADE) — Closest sibling. Agent Commerce builds on agent-usable cart, search, and checkout.
• Agent Protocols (FRONTIER HUB) — ACP and UCP both ride MCP and A2A as transports.
• Platform Ecosystem (FRONTIER HUB) — Shopify, Salesforce, Adobe Commerce mediate most merchants' agent-commerce posture.
• Framework Overview (FRAMEWORK) — The entry point — what AAIO covers and how it grades.