Viewpoint

Agentic Commerce Built into the Core

Written by
No items found.
Andrew Lambert, SVP, Head of Product, Cross River
July 2, 2026
|
4
min read

Build Consumer Protection into Infrastructure, not Agents

Consumers are delegating purchases to AI faster than the infrastructure supporting those transactions is being built. Today, 76% of consumers want AI-powered shopping assistants and 69% have used AI for online shopping.1 They’re reordering essentials, scanning dozens of storefronts for better prices, and offloading routine decisions. The value proposition is clear. AI agents can now search, compare, and increasingly transact on a user’s behalf, compressing what used to be a multi-step journey into a single, automated action.

The problem is that this infrastructure was built for humans, not for autonomous software operating at machine speed. Payment systems, authorization flows, and consumer protections in today’s model all assume a human actively approving each transaction. Agentic commerce removes that checkpoint, and with it, the moment where consumer protection is enforced.

The success of agentic commerce hinges on architects building consumer protections into financial infrastructure from the beginning. Three dimensions demand immediate attention: liability assignment, fraud prevention, and regulatory adaptation.

Liability: how responsibility is assigned when agents transact

If your agent operates within explicit constraints—spending limits, merchant categories, transaction caps—which you set and which is enforced by the infrastructure, the line becomes clear. But if those constraints live in a conversational prompt you gave the agent last week, proving what you "intended" becomes impossible to adjudicate consistently. Infrastructure-level controls are the way to make delegation auditable.  

Agents may act, but infrastructure enables. And liability follows enablement.

Fraud: the risk is different, and the stakes are higher

Half of U.S. consumers state that they would trust agentic commerce if they knew fraud protections were in place.2 They’re right to be cautious, especially since the attack surface is fundamentally different with agentic commerce. Agents won't be deceived by phishing emails or fake login pages designed to trick humans. But they are vulnerable to different threats, like a storefront engineered to exploit how an agent parses product descriptions or pricing structures designed to manipulate decision logic. And because agents operate at machine speed, a single successful exploit compounds across thousands before anyone intervenes.  

These threats are more systematically defensible than the social engineering attacks that cost consumers billions today. You cannot train every consumer to recognize every phishing attempt indefinitely. But humans can program agents with consistent, enforceable security standards. Agents don't fatigue or cut corners at the end of a long day. True defensive capabilities exist here that didn't exist previously. Consumer protection can be embedded in the transaction itself.

Regulation and card network rules will need to catch up

Existing regulatory and card network rules were designed around human intent expressed at checkout.  

Current regulations aren’t written for autonomous agents acting on a consumer's behalf. The real question is what new frameworks should look like without either eliminating the efficiency gains that make agentic commerce valuable or leaving consumers inadequately protected. This is an area where Cross River is actively engaging with regulators and the wider industry.

What infrastructure-first actually means

Trust, compliance, and accountability cannot be bolted on after the system is already operating at scale. They belong in the payments layer, the identity layer, and the transaction layer from the beginning. Done well, this accelerates adoption. Merchants and consumers will embrace agent-driven transactions faster when the underlying system is demonstrably trustworthy.  

In practice, that means identity verification extending to agents themselves, not just the human behind them. Think of it like corporate card controls, but for AI. If an agent is transacting within the financial system, there should be a verifiable way to know what it is, who deployed it, what authorities it holds, and what constraints govern it.  

A consumer’s grocery-shopping agent can spend up to $500 weekly on household essentials from pre-approved merchants. It cannot wire funds internationally or transact on crypto exchanges. Those constraints need to be enforced at the infrastructure layer, the same way a corporate card declines when an employee hits their spending limit. The agent shouldn’t see prohibited transactions as possible.

Compliance is embedded at the transaction level with real-time checks, limits, and flags.  Recourse mechanisms need to operate at the speed agents do. If damage occurs in seconds, resolution cannot take weeks.  

The architecture matters more than the agents running on top of it

The decisions made in the next few months will shape how agentic commerce functions for years. We're doing the architectural thinking now because we believe the trust and consumer protections that underpin finance today must extend fully into this new model.

Consumer protection worked for humans making deliberate choices. Now it needs to work for machines making thousands of choices per second. The companies building agents are moving fast. We’re tackling the infrastructure that makes sure consumers don’t pay the price.

References

1 Capital One Shopping Research: AI Shopping Statistics (2026 Report): Consumer Adoption

- Most consumers (76%) want AI-powered shopping assistants.

- 69% of consumers have used AI for online shopping.

2 PYMNTS: Shoppers Are Ready for AI to Steer the Cart, Not Swipe the Card

- Half of U.S. consumers say they’d trust agentic commerce if they knew that there were fraud protections in place.

About the author
No items found.
Subscribe to our newsletter
You can unsubscribe anytime.

Related Articles