Back to blog
Agentic Infrastructure16 min read

Agent Identity Verification: The Control Plane for Agentic Payments

How AI agents prove identity in agentic payments. Visa, Mastercard, Nuvei, AP2 and ERC-8004 compared, and why a portable identity layer beats siloed registries.

Parth Chaudhary
Parth Chaudhary
Agent Identity Verification: The Control Plane for Agentic Payments

Key Takeaways

  • Agent identity verification is becoming the control plane for agentic payments: the layer that decides whether an agent is real, who it represents, and what it may do before any money moves.
  • In roughly 30 days, Visa (Agent Score and an Agentic Registry, June 10), Mastercard (Agent Pay for Machines with Verifiable Intent), Nuvei (Know Your Agent, July 2), Google AP2, and American Express each advanced their own agent-trust model.
  • Each model verifies agents inside its own perimeter, so a Visa-verified agent has no standing on Mastercard rails or with off-network merchants. The result is fragmentation, not one shared identity.
  • ERC-8004 offers a neutral, chain-agnostic identity, reputation, and validation substrate that any rail can read without owning the root identity. Reference deployments reached mainnet in early 2026, though the standard is still a draft.
  • The durable pattern is layered: portable identity (ERC-8004), mandate proofs (AP2), programmable execution (account abstraction), and policy enforcement, which at Abstraxn is in active development.

The trust layer is becoming the product

Agent identity verification is no longer a back-office security detail. It is becoming the control plane for agentic commerce: the place where a merchant, issuer, wallet, network, or smart account decides whether an AI agent is real, who it represents, what it is allowed to do, and whether a payment should move.

The pattern is now visible. On June 10, 2026, Visa announced Agent Score, an Agentic Registry, and its Large Transaction Model at Visa Payments Forum 2026, while describing Visa Intelligent Commerce as the platform that gives AI agents the trust, controls, and connectivity needed to discover, initiate, and complete transactions. In the same period, Mastercard is pushing Agent Pay for Machines, Nuvei is building a Know Your Agent layer, Google AP2 uses verifiable credentials to capture user intent, and American Express is publishing its own agentic commerce developer kit. The thesis is simple: over roughly 30 days, trust in agentic payment flows fragmented into competing registries and trust perimeters. (usa.visa.com)

This is not a failure of the card networks. It is what every serious payment network has to do when software starts spending money. The deeper problem is portability. A Visa-verified agent has meaning inside Visa's trust surface. A Mastercard-credentialed agent has meaning inside Mastercard's trust surface. An American Express registered agent has meaning inside the Amex ACE framework. A merchant that accepts agents across card networks, wallets, stablecoins, bank payments, and on-chain rails now faces a map of partially overlapping trust systems rather than one shared identity layer.

The neutral answer is not another network-specific registry. It is a portable identity substrate beneath all of them: chain-agnostic on-chain identity, reputation, and validation that each rail can read, enrich, or apply policy against without owning the root identity. ERC-8004 is the clearest current expression of that idea.

Why human-first card authentication breaks for agents

Traditional card authorization asks familiar questions: is the credential valid, is the account in good standing, does the transaction look risky, and should the issuer approve it? 3-D Secure adds a consumer-authentication layer for card-not-present transactions. EMVCo describes EMV 3DS as a way for merchants and issuers to authenticate the consumer, using transaction, payment method, and device data, with challenges such as one-time passcodes or biometrics for higher-risk cases. (emvco.com)

That works when the shopper is a human at the point of purchase. It becomes incomplete when the buyer is an agent. The merchant does not only need to know whether the cardholder can be authenticated. It also needs to know whether the agent is legitimate, whether it is acting for the authenticated user, whether the purchase matches the user's mandate, and whether the agent's software identity should be allowed through fraud and bot controls.

Visa's Trusted Agent Protocol frames this gap directly. Visa says merchants need to recognize trusted agents, verify credentials, preserve consumer visibility, and avoid confusing legitimate agentic traffic with malicious bots. The protocol uses agent-specific cryptographic signatures and carries information such as agent intent, consumer recognition, and payment information. Visa also notes that its initial specifications apply to the Visa network in this phase, while positioning the protocol as complementary to broader standards. (usa.visa.com)

The core issue is not that 3-D Secure is obsolete. It is that 3-D Secure authenticates a cardholder journey, while agentic commerce requires a delegated-action journey. In a delegated-action journey, the question becomes: did the right user authorize the right agent to perform the right action under the right constraints at this specific merchant or service?

What each network model verifies

The emerging models all orbit the same trust problem, but each answers it from inside its own commercial and technical perimeter.

Visa: readiness, registry, token context, and trusted agent messages

Visa's June 10, 2026 announcement gives merchants two important primitives: Agent Score and an Agentic Registry. Agent Score evaluates whether AI agents can navigate, understand, and complete tasks on a merchant website. The Agentic Registry, described in the release as a directory, includes agents and merchants that Visa has verified as legitimate participants in agentic commerce. Visa also adds token enhancements that embed identity, permissions, and behavioral signals more deeply into credentials, so trust travels with the transaction. (usa.visa.com)

Visa's earlier Trusted Agent Protocol supplies the message-level trust layer. It helps merchants distinguish legitimate agents with commerce intent from bots, while carrying agent intent, consumer recognition, and payment information. This is practical and merchant-friendly, but the key boundary remains visible: the initial TAP specifications apply to the Visa network in this phase. (usa.visa.com)

Mastercard: credentialed agents, Verifiable Intent, and machine-speed settlement

Mastercard Agent Pay for Machines focuses on machine-to-machine and agent-driven transactions that are continuous, low-latency, and often low-value. Mastercard says the service supports credentialing, permissioning, transacting, and settling across cards, accounts, and stablecoins. It also says every agent is credentialed, and with Verifiable Intent, can be recognized and transact with trust across ecosystems. (s25.q4cdn.com)

This is a powerful model for agent-native commerce, especially where agents pay for services, APIs, data, compute, or logistics events without a human clicking through each step. But from a merchant's point of view, Mastercard verification still enters through a Mastercard trust lens. It can be part of an open ecosystem, but it does not automatically make the same agent identity portable across every non-Mastercard surface.

Nuvei: protocol compatibility plus Know Your Agent

On July 2, 2026, Nuvei completed a live first-party in-agent payment proof of concept with Visa, Arvato Systems, and Kings and Priests. Nuvei says its strategy includes a Protocol Compatibility Layer for ACP, AP2, or MCP, routed across networks, and a Know Your Agent component that registers and credentials agents, validates consumer mandates, scores agent reputation, and keeps actions auditable. Nuvei is targeting initial availability in the second half of 2026 for protocol compatibility, the KYA registry, agent risk scoring, network certifications, and a developer sandbox. (prnewswire.com)

Nuvei's approach is notable because it explicitly acknowledges protocol fragmentation. It tries to give merchants one interface to multiple agent standards and networks. Still, its KYA registry is a processor-led control point. It can connect many rails, but it does not, by itself, create a universally resolvable agent identity outside Nuvei's ecosystem.

Google AP2: verifiable mandates for intent

Google announced AP2 on September 16, 2025 as an open protocol for agent-led payments across platforms. Its core trust object is the Mandate, a tamper-resistant, cryptographically signed digital contract that acts as verifiable proof of user instructions. AP2 uses verifiable credentials to capture intent for human-present purchases and delegated tasks where the human is not present at the moment of execution. (cloud.google.com)

AP2 is critical because it separates payment authorization evidence from any single payment method. It can support cards, bank rails, stablecoins, and other methods. Yet AP2 primarily answers the mandate question: what did the user authorize? It still needs a way to resolve agent identity, reputation, and validation across ecosystems.

American Express: verified agents and purchase intent

The American Express Agentic Commerce Experiences developer kit points in the same direction. American Express says ACE supports trusted agentic transactions, tokenized agentic payment credentials for verified agents, and verification of Card Member purchase intent. It also says Account Enablement, Intent Intelligence, and Payment Credentials specifications are available as of April 14, 2026, while Agent Registration and Cart Context specifications are still under development. (americanexpress.com)

American Express agent identity verification reinforces the same strategic conclusion: every major network wants to verify agents, bind them to user intent, and protect its own cardholder and merchant relationships. That is rational. It also multiplies the number of registries a merchant may need to understand.

The fragmentation cost for merchants

Fragmentation is not just architectural ugliness. It creates operational drag.

A merchant preparing for agentic payments may need to answer different versions of the same questions for every rail:

  • Is this agent registered with the network my customer wants to use?
  • Does the agent carry a mandate format I can verify?
  • Does my fraud stack treat this as a bot, a buyer, an API client, or a delegated identity?
  • Which registry is the source of truth if the same agent has different identifiers across rails?
  • Which party owns dispute evidence if the purchase is technically authorized but semantically wrong?
  • How do I apply my own policies consistently when each network carries identity and permissions differently?

The hidden cost is duplicated integration. A merchant can integrate Visa trust signals, Mastercard credentialing, Nuvei KYA, AP2 mandates, and American Express ACE. Each may be valuable. But without a portable identity layer, the merchant still lacks one stable agent object that can be referenced across all of them.

This is where neutral identity matters. The goal is not to replace Visa, Mastercard, American Express, Nuvei, or AP2. The goal is to give all of them a substrate they can resolve.

ERC-8004 as the neutral identity substrate

ERC-8004, Trustless Agents, proposes blockchain-based registries for discovering and trusting agents across organizational boundaries without pre-existing trust. The official draft defines three lightweight registries: an Identity Registry, a Reputation Registry, and a Validation Registry. It also states that payments are orthogonal to the protocol, which is precisely why ERC-8004 can sit beneath many payment rails instead of competing with them. (eips.ethereum.org)

The Identity Registry gives an agent a portable on-chain handle based on ERC-721, with an agent registration file that can point to endpoints, A2A cards, MCP servers, ENS names, DIDs, wallets, and supported trust models. The Reputation Registry lets counterparties post feedback signals. The Validation Registry lets validators record responses to verification requests, including approaches such as stake-secured re-execution, zkML verifiers, or TEE oracles. (eips.ethereum.org)

ERC-8004 also speaks directly to chain portability. The draft says registries can be deployed on any L2 or mainnet as per-chain singletons, and that an agent registered and receiving feedback on one chain can still operate and transact on other chains. That makes it a chain-agnostic identity pattern, not merely an Ethereum mainnet database. (eips.ethereum.org)

Reference deployments reached Ethereum mainnet in early 2026, with reporting describing ERC-8004 as live on mainnet for agent identity and reputation. The standard remains a draft, so builders should treat the interface as evolving, but the direction is already clear: agents need durable identity that is not trapped inside a single processor, wallet, or card network. (forbes.com)

How portable identity composes with account abstraction

Portable identity becomes far more useful when it can be tied to execution controls. That is where account abstraction enters.

Ethereum's account abstraction roadmap describes smart contract wallets as accounts that can embed custom logic directly into the wallet. EIP-4337 enables smart contract wallet support without changing Ethereum's core protocol, using UserOperation objects that are collected and executed through an EntryPoint contract. (ethereum.org)

For agentic payments, the composition looks like this:

  1. ERC-8004 resolves who the agent is. A smart account, merchant, or payment adapter can read the agent identity, registration file, endpoints, and public reputation or validation references.
  2. AP2 or a network mandate resolves what the user authorized. A verifiable credential or mandate proves the scope of the user's instruction.
  3. The payment rail resolves how value moves. Visa, Mastercard, American Express, bank rails, stablecoins, or x402 can settle the transaction.
  4. Account abstraction resolves how rules are executed. A smart account can enforce signer rules, budget limits, session keys, paymasters, time windows, or approval thresholds before a transaction is submitted.
  5. Policy and mandate enforcement connects the layers. This is in active development, not something merchants should assume is universally shipped today. The design pattern is to evaluate agent identity, mandate scope, merchant context, and transaction data before allowing execution.

The key insight is that identity should be stable while payment rails remain plural. A single agent may use a Visa token at one merchant, a Mastercard credential for machine services, an American Express credential for premium travel, AP2 mandates for wallet interoperability, and stablecoin settlement for API calls. The agent should not need to become five different agents to do that.

Best practices for building around agent identity verification

If you are preparing for agentic commerce, do not wait for one winner. Build for layered trust.

  • Separate identity from payment. Treat the agent's identity as a root object, not as a byproduct of the card, wallet, or processor used for a specific transaction.
  • Accept multiple mandate formats. AP2, network-specific intent proofs, and processor mandates can coexist if your system normalizes them into a common authorization model.
  • Keep merchant policy local. A network can tell you that an agent is verified. Your own system still needs to decide whether that agent may buy a specific SKU, use a specific shipping method, or exceed a risk threshold.
  • Design for evidence. Store the agent identifier, mandate reference, cart state, policy decision, authentication result, and settlement reference together so disputes can be reconstructed.
  • Use on-chain identity as a lookup layer, not a replacement for risk. ERC-8004 can make identity, reputation, and validation portable. It does not magically guarantee that every registered agent behaves well.
  • Avoid registry lock-in. The healthiest architecture lets Visa, Mastercard, Nuvei, American Express, AP2, and ERC-8004 signals enrich one decision graph rather than forcing a merchant into one proprietary trust island.

The strategic takeaway

Agent identity verification is becoming the foundation of agentic payments because payment authorization alone cannot answer the agent-era question. The market no longer asks only whether a cardholder approved a payment. It asks whether an autonomous system is known, delegated, bounded, reputable, and auditable.

Visa, Mastercard, Nuvei, Google, and American Express are all building credible answers. The risk is that those answers remain siloed. A merchant should not need to re-verify the same agent from scratch in every network context, and an agent should not lose its identity each time it changes rails.

The durable architecture is layered: proprietary networks provide payment-specific trust, AP2-style mandates prove user intent, account abstraction enforces programmable execution, and ERC-8004-style identity gives the agent one portable name across ecosystems.

Neutral identity is not a competitor to the payment networks. It is the substrate that lets all of them interoperate without forcing merchants to choose a single trust empire.

To explore how portable agent identity and policy enforcement that is in active development can fit into your agentic payment stack, visit docs.abstraxn.com.

Frequently asked questions

What is agent identity verification?

Agent identity verification is the process of proving that an AI agent submitting an action or payment is a known agent, is acting for a specific authorized user, and is operating within a defined mandate. It answers who the agent is, who it represents, and what it is allowed to do before a transaction is approved.

Why does 3-D Secure not work for AI agents?

3-D Secure authenticates a human cardholder during a card-not-present purchase, often with a one-time passcode or biometric challenge. An AI agent has no phone to receive a code and cannot pass a challenge built to keep software out. Agentic commerce needs a delegated-action check, meaning did the right user authorize the right agent for the right action, rather than a cardholder-presence check.

How is Visa's Trusted Agent Protocol different from Mastercard's Verifiable Intent?

Visa's Trusted Agent Protocol verifies the agent at the web and message layer using cryptographic signatures and a registry of trusted agents, and its initial specifications apply to the Visa network. Mastercard's Verifiable Intent anchors on a signed chain that binds issuer, user, and agent to prove delegated intent. One emphasizes recognizing the agent, the other emphasizes proving what the user authorized, and merchants may need to support both.

What is ERC-8004 and how does it relate to agent identity verification?

ERC-8004, Trustless Agents, defines three on-chain registries for identity, reputation, and validation that let agents be discovered and trusted across organizational boundaries. Because payments are out of scope, it can sit beneath many payment rails as a neutral identity substrate rather than competing with them. Reference deployments reached Ethereum mainnet in early 2026, and the standard remains a draft.

Can a Visa-verified agent be recognized by other payment networks?

Not automatically. Each network's verification carries meaning inside its own trust perimeter. A Visa-verified agent has standing on Visa rails, a Mastercard-credentialed agent on Mastercard rails, and so on. Without a portable identity layer, the same agent can hold different identifiers across rails, which is the core fragmentation problem.

Do merchants need to support multiple agent registries?

In practice, a merchant preparing for agentic commerce may need to read trust signals from several networks and mandate formats. The more sustainable approach is to treat agent identity as a root object and let signals from Visa, Mastercard, Nuvei, AP2, American Express, and on-chain registries enrich one decision graph, rather than committing to a single proprietary registry.

Sources

About the Author

Parth Chaudhary

Parth Chaudhary

Solution Architect

Parth Chaudhary is a Solution Architect at Antier, the team behind Abstraxn. He currently works at the intersection of account abstraction and agentic AI infrastructure, consistently shipping wallets, paymasters, identity primitives, and policy guardrails for autonomous agents in production. Find out more at abstraxn.com or easily spin up an agent at dashboard.abstraxn.com.