ARKION
Scan
Field Notes/Field Note No. 03
Field Note · Agentic Commerce

Verified Agents.
Non-Repudiable
Transactions.

Mastercard’s CEO just named, in a single interview, the four questions that decide whether agentic commerce works at all. Three of them are non-repudiation problems. The fourth is identity. The substrate that answers all four is non-human identity governance.

Published
June 08, 2026
Category
Regulatory
Read Time
7 min
Reference
FN-03-2026

On June 6, 2026, Mastercard CEO Michael Miebach told Yahoo Finance that agentic commerce is the AI use case “going to touch our lives the fastest and most broadly.” The interview is short. Most of the coverage focused on Mastercard’s new Agent Pay program, which was first announced in April 2025 alongside Microsoft, IBM, and Braintree. What was easy to miss was that Miebach also surfaced, in passing, the underlying trust questions every card network, merchant, and regulator now has to solve before that future ships.

He framed them as concerns. We read them as a roadmap.

“What happens if something goes wrong? Is the agent actually what the agent claims to be? Does it act on your instructions, or does it do something different? And if there’s a misunderstanding, how do you have recourse, and how are you protected?”
— Michael Miebach, CEO, Mastercard · Yahoo Finance, June 6, 2026

Miebach poses three concerns: agent verification, instruction adherence, and recourse. Read them through a PKI lens and they decompose cleanly into four operational requirements — identity, authorization scope, drift, and non-repudiation. That four-way decomposition is ours, not his. The point is that every one of his three concerns is, in the PKI sense, a non-repudiation problem — a property the existing payment stack already enforces brilliantly for humans, and not at all for autonomous agents.

Miebach’s Concerns, Mapped to Four Operational Requirements

The four operational requirements below are ourreading of what Miebach’s three concerns demand technically. Each question is hiding a PKI-shaped requirement that already has a name.

QUESTION 01 · Identity
“Is the agent actually what
the agent claims to be?”
  • The agent submitting a purchase claims to be authorized by a specific consumer or business. The merchant has to verify that claim before accepting the order. Today, in pre-agent commerce, the answer is “the cardholder authenticated with a card, a CVV, and sometimes a step-up.” In agent commerce, there is no cardholder in the loop — only the agent.
  • The only credential that resolves this question without a human in the loop is a cryptographic identity — issued to the agent at provisioning time, scoped, signed by a trusted authority, and verifiable by the merchant in milliseconds.
  • Tokenization is necessary. Tokenization is not sufficient. Tokens prove the transaction is from a known endpoint. They do not prove the agent acting at that endpoint is the authorized one.
QUESTION 02 · Authorization Scope
“Does it act on your
instructions?”
  • The agent was provisioned with a scope of authority — what it is allowed to purchase, up to what limit, in what categories, for what time window. That scope has to be enforceable at the moment of the transaction, not relitigated in a dispute six weeks later.
  • In the existing human payment model, scope is a policy stored somewhere the issuer reads at authorization time. In the agentic model, the scope must be bound into the agent’s identity — so the merchant can verify it the moment the agent presents.
QUESTION 03 · Drift & Deviation
“Or does it do
something different?”
  • An agent that drifts — buys something outside its scope, processes a transaction it shouldn’t, is hijacked by a prompt injection — is not a hypothetical. Every public agentic-system breach we have on file (see FN-01) failed exactly this way.
  • The detection mechanism for drift is continuous monitoring of the agent’s behaviour against the scope encoded in its identity. The control mechanism is push-revoke across the trust domain: the moment drift is detected, the identity is invalidated through a managed revocation channel and short-TTL credentials close the access window in seconds-to-minutes — not the next morning, and not days later when the next CRL publishes.
QUESTION 04 · “What if something goes wrong?”
The non-repudiation
question.
  • When the consumer disputes the charge — and they will — who can prove what? The consumer cannot deny they authorized the agent. The agent cannot deny it made the purchase. The merchant cannot deny they accepted it. The card network needs cryptographic evidence at every step, retained for the full chargeback window, verifiable on demand by a regulator.
  • The single primitive that delivers this property is the cryptographic signature on every transaction, produced by an identity tied through a verifiable chain back to a named human owner — in this case, the consumer.
  • This is the definition of non-repudiation — vocabulary every payments lawyer and risk officer already uses, and the property that disappears the moment the cardholder is replaced by an autonomous agent without an identity layer underneath.
The unifying truth
Mastercard’s Agent Pay program — and every parallel program now in development at Visa, Stripe, PayPal, and Adyen — requires identity, scope, signing, and revocation for autonomous agentsas its substrate. None of those primitives exist by default in any of those vendors’ stacks today. They exist, by construction, in non-human identity governance.

What the Arkion Layer Would Add

We are not in the business of competing with card networks or telling Mastercard how to ship Agent Pay. We are in the business of providing the identity substrate that lets every program of this shape — Mastercard’s Agent Pay, Visa’s Intelligent Commerce, Stripe’s Agentic Commerce Suite, PayPal’s agent rollouts, ChatGPT Agent transactions, Anthropic Computer Use sessions, and the broader Amazon agentic commerce investments — actually deliver the trust properties Miebach surfaced.

Question
NHIG Verdict
Mechanism
Is the agent what it claims to be?
Solved
Cryptographic identity issued at agent provisioning. Verified by the merchant in milliseconds. Tied to a named human owner — the consumer.
Does it act on your instructions?
Solved
Scope encoded in the certificate at provision time. Verifiable at the transaction edge. Enforced before the merchant accepts.
Or does it do something different?
Contained
Continuous behavioural monitoring against the scope in the identity. Anomaly surfaces in the ledger. Instant estate-wide revocation when drift is detected.
What if something goes wrong?
Solved · non-repudiation
Every transaction signed by the agent’s identity. The signature chain is retained, verifiable on demand, accepted by network compliance and regulators as evidence.

Three of four solved by construction. The fourth — drift — is contained because the revocation path runs over Arkion’s push-revoke channel inside the trust domain, with short-TTL credentials behind it, so the access window after detection is measured in seconds-to-minutes rather than days. This is the difference between an agentic commerce program that is shippable and one that becomes the next industry-defining loss event.

Why Now, Specifically

The agentic commerce stack is forming in 2026, not 2028. The public signals are already aligned: Mastercard’s Agent Pay shipped commercially in 2025 with a Santander live-payment milestone in 2026. Visa has Intelligent Commerce live. Stripe has shipped both the Agent Toolkit and the broader Agentic Commerce Suite. ChatGPT Agent is live. Anthropic’s Computer Use is live. Amazon is integrating agent-driven shopping into its consumer surfaces. The regulators are catching up quickly: the EU AI Act’s Article 50 synthetic-content disclosure rules take effect on 2 August 2026, and industry counsel reads the draft PSD3 / PSR strong-customer-authentication framework as requiring delegated SCA for autonomous agents acting on behalf of consumers.

What is notyet aligned is the identity layer underneath. The institutions that will define this substrate are the ones that ship a cryptographically-verifiable answer to Miebach’s three concerns — and to the four operational requirements they imply — before the first material loss event forces a regulator to define the substrate for them.

That is the position Arkion is building for. Not as a payments competitor. As the identity substrate — sitting underneath every program of this shape, providing the cryptographic answers to the questions every payments CEO is now asking out loud.

Closing

Miebach’s interview is one of the clearest public articulations to date of the agentic-commerce trust problem. It will not be the last. The next twelve months will see parallel statements from his counterparts at Visa, Stripe, PayPal, and the platforms layered on top. Every one of them will contain a version of the same concerns — and the same four operational requirements.

The answer is not another verified-merchant program, another tokenization layer, another consumer-controls dashboard. The answer is the identity substrate underneath all of them — identified, attested, encrypted, signed, rotated, revoked. The six Arkion capabilities, applied to the agent acting on behalf of the consumer. That is what makes agentic commerce shippable.

Arkion Research Desk
Field Note FN-03-2026 · Distributed under arkion.ai/field-notes
For questions or to discuss findings against your environment: research@arkion.ai
Sources
  • Yahoo Finance, “Mastercard CEO Says AI Agents Could Soon Do Your Shopping” — interview with Michael Miebach, CEO, Mastercard. Published June 6, 2026.
  • Mastercard press release: “Mastercard Unveils Agent Pay, Pioneering Agentic Payments Technology to Power Commerce in the Age of AI.” Mastercard newsroom, April 29, 2025. Partners named at launch: Microsoft, IBM, Braintree.
  • Mastercard newsroom: “Santander and Mastercard complete Europe’s first live end-to-end payment executed by an AI agent.” 2026.
  • Visa, “Intelligent Commerce” — product overview. Visa Corporate (corporate.visa.com).
  • Stripe blog: “Agentic Commerce Suite.” Stripe Agent Toolkit documentation (docs.stripe.com/agents).
  • EU AI Act, Article 50 — synthetic-content disclosure rules. Compliance deadline: 2 August 2026. (artificialintelligenceact.eu/article/50).
  • Ashurst, “AI-powered Payment Agents: The Next Payments Revolution” — industry-counsel analysis of how PSD3 / PSR is being read to require delegated SCA for autonomous agent payments.
  • Arkion Field Note FN-01-2026 — “Six Exploits. Nine Months. One Pattern.” — pattern analysis on credential-failure exploits in agentic systems.
  • Anthropic Computer Use (Oct 2024 API release); ChatGPT Agent (the successor to OpenAI Operator, in production as of 2025).
§ · Forward this Field Note

Recommend Arkion in one click.

01 · EmailEmail this to your CIOPre-written subject and message — opens in your email client.02 · LinkedInShare with your boardOpens LinkedIn share with the page preview attached.03 · ProcurementSend to procurementProcurement-framed subject + body. One click forward.
Next Step

See the identity layer
your agents need.

The six capabilities Arkion delivers — Identify, Attest, Encrypt, Sign, Rotate, Revoke — are the substrate underneath every agentic-commerce program now in development. Read the brief, or run a free read-only scan of your environment.

Read the Machine Workforce BriefRun Discovery Scan