A-Comm Analysis · April 2026

Agent-originated transactions are at the 1999 position.

Every era of commerce needed a new data layer. Visa led the fifteen-year build-out that made card-not-present safe at scale — AVS, CVV2, 3-D Secure, tokenization, Advanced Authorization, Compelling Evidence 3.0. Agent-originated commerce has none of it on the rails today.

Trust substrates and protocol layers are built outside the dominant vendors and become universal by being open.

Live · Worldwide commerce risk, today
$0
Global card fraud · last 24h
Losses absorbed by issuers, networks, and merchants combined.
Source: Nilson Report #1259 (Feb 2024)
$0
Merchant total cost of fraud · last 24h
Every $1 of raw fraud costs merchants $3 in ops, chargeback fees, labor, and lost revenue.
Source: LexisNexis True Cost of Fraud 2023 × Nilson
Agent-originated transactions aren’t in either number yet. They’re coming.

How the counters are calculated

Both numbers tick from a rate derived from annual industry data divided by seconds in a year, then accumulated from the start of the current UTC day.

Global card fraud (2024)$34.35B
÷ seconds per year31,536,000
Rate$1,089 / sec
Global card fraud (2024)$34.35B
× merchant cost multiplier3.0×
Merchant total cost of fraud$103.05B / yr
÷ seconds per year31,536,000
Rate$3,268 / sec
Sources:
Nilson Report Issue #1259 (Feb 2024) — global card fraud base.
LexisNexis Risk Solutions True Cost of Fraud Study 2023 — merchant cost multiplier. The study reports a multiplier of $3.75 for US-only merchants; we use a globally-weighted 3.0x here to stay conservative.
The argument

The 1999-to-2015 parallel

In 1999, a card-not-present authorization reached an issuer with almost no structured context. No AVS match. No CVV2. No 3-D Secure. No tokenization. No compelling-evidence schema. Every authorization was a guess against a stolen number, priced into chargebacks after the fact.

Visa led the fifteen-year build-out that followed. Each signal was standardized, schematized, threaded through the authorization or dispute message, and surfaced to the risk models of every participant in the stack. That build-out was not one protocol. It was a data layer — structured, interoperable signals describing the context of each transaction. It is the reason card-not-present volume authorizes at modern loss rates today.

An agent-driven purchase reaches the network carrying none of that context. Not which discovery surface the consumer started on. Not what intent the consumer actually expressed. Not what delegation authority the agent was operating under. Not what policy boundary the merchant enforced. Not what cart the authorization maps to. None of this is in the authorization message.

The precedent for what to do next is built. The standards pattern is proven. What’s left is the work.

The data layer, built one signal at a time
Each layer was built by whoever moved first — sometimes a network, sometimes a multi-network consortium, sometimes a tech company outside the networks. Each one became an industry standard.
1994 · First merchants online
The first secure web transaction
Dan Kohn’s NetMarket sells a Sting CD over SSL on August 11. Pizza Hut’s PizzaNet follows weeks later. Merchants begin discovering the web as a commerce surface — bearing all the risk on the server side.
1996–1997 · Networks ship first signals
AVS, CVV2, CVC2, CID
CNP fraud arrives at scale. Networks publish the first signals merchants can use to filter risky transactions — address-match and the card-back code. The first context an authorization ever carried beyond the card number itself.
1998 · The pattern is set
PayPal pivots to eBay merchants
PayPal launches as a Palm Pilot consumer wallet. By 1999–2000 it pivots to serve eBay sellers who needed a way to accept payments. Consumer-side innovation only succeeds once merchant infrastructure adopts it — the canonical proof of the pattern.
2001 · First liability shift
3-D Secure 1.0
Verified by Visa launches; SecureCode follows. Merchants who authenticate via 3DS push fraud liability to the issuer. The first formal rule that liability follows evidence.
2004 · One baseline for merchants
PCI-DSS
Visa, Mastercard, Amex, Discover, and JCB jointly publish a single security baseline merchants engineer to once, not five times. The first time the industry agrees on one merchant-facing standard.
2010–2014 · Merchant infrastructure era
The merchant stack stops being self-built
Stripe, Square, Shopify, Adyen ship in close succession. Merchants stop building their own commerce stacks. In parallel, an entire category of merchant-data infrastructure emerges — ML-driven fraud detection, chargeback guarantee, embedded risk scoring — built by independent startups, not networks.
2014 · The PAN stops being the unit of value
Tokenization · EMVCo Spec + Apple Pay
EMVCo publishes the open Payment Tokenisation Specification. Apple ships Apple Pay on top of it before any network ships a competitive consumer wallet. Merchants stop being honeypots for stored card numbers.
2023 · Networks codify, merchants source
Compelling Evidence 3.0
Networks formalize what evidence wins a digital-goods dispute. The schema is theirs; the evidence comes from the merchant-data layer that startups have spent the past decade building. Merchants finally have a deterministic rulebook for fighting back.
2026 · The next merchant-data layer
Agent-originated transactions
The merchant-data layer built for card commerce was designed for device fingerprints, IP heuristics, behavioral velocity. Agent-originated transactions break those schemas. The next-generation merchant-data layer is what AEP ships.
Built alongside the consumer-side protocols

Four roles, one ecosystem

Agentic commerce needs four pieces of infrastructure to scale safely. Three of them are well underway. The fourth — the merchant-side data layer — is the missing one.

01 · Consumer mandate
How the consumer authorizes the agent
AP2 · Google
The consumer signs a mandate defining what the agent can do on their behalf — cart limits, merchant scope, transaction boundaries.
02 · Agent ↔ merchant
How the agent and merchant communicate
ACP · OpenAI · Stripe · PayPal
The agent and merchant exchange product info, cart state, and confirmation in a structured, machine-readable format during the transaction.
03 · Network authentication
How the network verifies the agent
TAP · Visa  ·  Agent Pay · Mastercard
The network authenticates that the agent is legitimate, that the consumer authorized it, and that the transaction can clear the rails.
04 · Merchant evidence — the missing layer
What the merchant records as it happens
AEP · A-Comm · Apache 2.0
Discovery, intent, delegation, cart, authorization, fulfillment — captured at the moment each layer occurs, hash-chained, cryptographically verifiable. The trust substrate the ecosystem needs — and the evidence that determines liability when something goes wrong.

Trust in the agentic era is bidirectional: consumers trust their agent, merchants trust the agent, networks trust the merchant’s evidence. AEP is the cryptographic substrate that lets each party verify the others independently — without trusting any single vendor or network.

The natural question

Why a startup builds this layer.

The pattern is consistent: networks build authentication, tokenization, and dispute schemas. The merchant-side data layer has been built outside the networks for fifteen years — ML-driven fraud, chargeback guarantee, PSP-embedded risk scoring. Networks acquire into the category. They don’t compete in it. AEP fits the same pattern.

01 · Category

Networks don’t build the merchant-data layer

Network-side infrastructure (authentication, tokenization, dispute schemas) is network-built. Merchant-side data infrastructure has been built by independent startups for fifteen years — networks acquire into the category rather than compete in it. AEP is the next instance of the same pattern, for the agent era.

02 · Generation

The existing layer was built for card commerce

Today’s risk and evidence schemas were designed for card-not-present patterns — device fingerprints, IP heuristics, behavioral velocity. Agent-originated transactions break those schemas. The merchant-data layer for the agent era has to be built from scratch, for the agent era.

03 · Open by default

Apache 2.0 from day one

Networks rarely open-source critical infrastructure — it’s their moat. AEP can’t be a moat. It has to be the substrate the whole ecosystem runs on, and open is the only way that works.

What the network faces today

Four gaps the current data layer can’t close

Adapted from A-Comm’s technical memo to the Visa Agentic Commerce team, 23 April 2026. Each of these represents a risk-infrastructure gap the industry built solutions for in the CNP era — and has no solution for in the agentic era yet.

No segmentation of agent-originated volume

Risk engines, issuer-side and acquirer-side, are scoring mixed signal. A consumer-initiated tap-to-pay and an agent-initiated purchase reach the same decisioning model with the same fields. The contamination compounds every quarter as agent share grows.

No structured agentic signal for authorization

Issuer decline logic and network-level rules are running on consumer-era data at the moment agent traffic is the fastest-growing transaction class on the rails. The authorization message has no field for “which agent,” “what delegation,” or “what intent.”

No agent-originated evidence in dispute flows

Compelling Evidence 3.0 was designed for consumer-initiated patterns. Agent-originated chargebacks reach representment without the context that would resolve them in pre-arbitration. Representment win rates on this class are materially below baseline.

No standards posture on what agentic data should look like

Protocols like TAP, Mastercard Agent Pay, AP2, and ACP address how the consumer authorizes the agent and how the agent handshakes with the network and merchant. The data layer that feeds every downstream risk and dispute system is open for whoever defines it first. The industry has this choice exactly once.

The next row, written as an open standard

A-Comm Evidence Protocol (AEP) is the agent-era equivalent of the merchant-data infrastructure built for card commerce — designed from day one for agent-originated transactions instead of retrofitted from card-era schemas. Published under Apache License 2.0, the same open-standard model as EMVCo, PCI SSC, OAuth, and OpenID. Eight sequential per-transaction artifacts, each SHA-256 hashed and chained to the prior artifact, so the full bundle is tamper-evident end-to-end.

Discovery
The AI agent and discovery surface that originated the transaction.
Referral
How the agent arrived at the merchant surface, with attribution signals.
Intent
The consumer’s natural-language intent that produced the agent action.
Delegation
The authority the consumer granted to the agent, carried in a protocol-neutral envelope with sub-wrappers for Visa TAP, Mastercard Agent Pay, Google AP2, OpenAI / Stripe / PayPal ACP, and others.
Policy
The merchant’s policy-engine decision against the delegation — approved, step-up required, or rejected.
Cart
The cart the agent assembled on the consumer’s behalf, bound to the intent.
Authorization
The authorization result, bound cryptographically to every prior layer.
Fulfillment
The post-transaction outcome — shipment, delivery, service completion.
Read the AEP specification →

See where your business stands with AI agents.

Run a free business scan Contact partnerships