Authorizing Agentic Payments

AI agents are making payments — booking flights, renewing subscriptions, and buying gifts — without human review and approval for specific transactions using a set of parameters the principal preauthorized. The legal question that arises is whether a particular payment was actually authorized.

This question arises in two contexts: disputes between a user and their financial institution and disputes between a user and the platform initiating payments on their behalf. The first is largely settled — a user who hands credentials to a third party, human or AI, is responsible for what follows unless the financial institution was notified of a revocation or breached its own security procedures. This alert focuses on the second. That is where the real risk lives.

Legal Frameworks

In the context of consumer transactions, the Electronic Fund Transfer Act and Regulation E govern unauthorized electronic fund transfers from consumer accounts. Under this law, a transfer is presumed authorized if a consumer furnishes credentials to authorize an agent to make payments, even if the agent acts outside the scope of what the consumer intended.

Also in the consumer payment context, the Truth in Lending Act (TILA) and Regulation Z govern unauthorized use of consumer credit cards. Under this rule, a credit card payment is authorized if the person who initiated it has actual, implied, or apparent authority to act, a broad standard that arguably covers an agent acting outside its actual scope of authority. However, TILA permits a consumer to dispute a purchase of goods or services that is not accepted by the consumer or is not delivered as agreed. This leaves more room for a consumer to back out from an agentic transaction, but in practice, it will be the merchant that bears the loss, not the financial institution (more discussion below).

Commercial payment orders and all wire transfers are governed by state law — specifically, the Uniform Commercial Code (UCC), Article 4A, which has been adopted in substantially identical form by all 50 states and the District of Columbia. Under the UCC, a bank and its customer may agree in advance on a commercially reasonable security procedure. In general, if the bank follows that procedure in good faith, the payment order is binding on the customer — even if it was unauthorized.

Payment Networks

In recent months, Visa and Mastercard have issued new rules or guidance governing agentic transactions. These rules or guidance try to “slow down” adoption (for both users and agentic payment providers), ensure users of agentic payments accurately define the scope of delegation, and provide a secure transaction environment. For example, Visa requires that a provider of agentic payments (i.e., the platform that enables users to place orders through AI agents) must be registered with the network and establish a defensible chain of authorization by verifying and authenticating the user’s instruction, enforcing transaction controls that reflect the scope of the user’s delegation, and preserving records and transaction-level details.

Although complying with the network rules will likely shield participants in the agentic transactions from network fines and assessments, it does not preclude customer claims against platforms enabling agentic payments for breach of contract or exceeding the delegated authority.

Principal – Agent Disputes

Overall, while the current legal framework does not specifically address agentic payments, the risk allocation between customers and financial institutions is sufficiently clear. Financial institutions may further limit their exposures by limiting, restricting, or disallowing a customer’s use of bank-issued payment credentials in connection with agentic payments.

The legal framework does not, however, resolve the issue between a user of agentic payments and the provider of agentic payments when the agent allegedly acts beyond its scope of authority. Where the statutes leave gaps, common-law principles apply. It must be a case-by-case determination, and the answers depend on the facts: what the user said, what the agent understood, and what records exist.

Agentic payment platforms can present a menu of preferences and criteria for users to select. Absent a system malfunction, the executions are expected to comply with these selected preferences. The controversy will be in the details that the parties are silent about. Because no party can specify all contingencies in the world, there will always be a challenge that an aspect of a transaction not previewed or approved by the user is not authorized by the user. And frankly, given the lack of human judgment involved in the transactions, it is foreseeable that when filling the gaps, the AI agent’s decision may not be reasonable or desirable from human experience. For example, an agent could book a connecting flight ticket that is fully compliant with the user’s specifications, yet the connecting time is only one hour, and the passenger has to clear customs and recheck bags at the same time. The user could dispute the transaction as unauthorized because it should have been an implicit condition that the ticket is usable in the real world. To make things more complicated, each merchant has different terms and conditions and return and exchange policies. Should an agentic payment provider assume a transaction is authorized to the extent the most material conditions are satisfied (e.g., refundable versus final sale), or should the user be required to review and consent to the terms and conditions before each purchase? The latter will be more effective in risk mitigation, but it will also make the product less attractive.

Merchant Exposure

Merchants that accept agentic payments face two distinct risks.

The first is authorization disputes. As discussed above, the scope of a user’s delegation in an agentic transaction is often imprecise, and a consumer who later regrets a purchase has a plausible argument that the agent acted outside its authority. Large merchants can contractually shift that risk to the agentic payment platform; smaller merchants are less likely to have that leverage.

The second is buyer’s remorse dressed up as a Regulation Z dispute. Agentic transactions are not designed to promote deliberation — that is the point of them. But Regulation Z permits a consumer to dispute a purchase of goods or services not accepted or not delivered as agreed, and a consumer who simply dislikes what the agent chose has an incentive to frame that dissatisfaction as an acceptance or delivery failure. The card issuer is required by law to credit the consumer’s account after conducting a reasonable investigation, but the merchant bears the loss in practice. Merchants with elevated chargeback rates risk penalties or termination by their processors and acquirers.

For merchants, the practical response is to ensure their terms and conditions are clear, accessible, and, ideally, surfaced to the user before the agent completes the transaction rather than buried in a flow the agent never presents.

Strengthening the Defense

The following is a starting point for agentic payment providers and merchants to build a defensible authorization chain:

• Define the scope of delegated authority precisely. Specify the transaction type, amount thresholds, merchant or category restrictions, and timing parameters. Clarify whether the agent has discretion, and how much, for making a decision as to conditions that are not specified by the user.
• Capture authorization in retrievable form. A voice prompt or checkbox is not enough. The record needs to establish what the consumer reviewed and authorized, when, and under what conditions.
• Build approval checkpoints for higher-risk transactions. Unusual merchants, atypical amounts, and new payment rails warrant a pause-and-confirm step before execution.
• Scrutinize merchant terms and conditions. Build smart analysis of merchant terms and conditions, and alert users of unfavorable terms before execution to avoid unpleasant surprises.
• Preserve revocation rights. Allow users to narrow or withdraw agent authority easily; the system should reflect those changes before the next transaction executes.
• Align terms and dispute processes across the payment chain. Customer agreements, merchant terms, and chargeback procedures should be consistent.
• Surface clear terms at the right point in the flow. Present clear and accessible terms and conditions (including refund and return policies) before the agent completes the transaction.

* * *

To discuss your questions about this Fintech Flash or other payment-related matters, please contact Sammy Tang at xtang@goodwinlaw.com. Sammy has extensive experience with payment product development and structuring; money transmitter licensing and compliance; payment network rules; user, business partner, and vendor contracts; transaction due diligence; bank partnership arrangements; and agency inquiries and investigations.

Goodwin’s Fintech group strategically leverages its regulatory, transactional, and litigation and enforcement practices to provide full-service support in every vertical of fintech and financial services, including lending, payments, alternative finance, deposits, brokerage and wealth management, digital currency and blockchain, and transactions, including bank partnerships and deal due diligence. Our team is led by partners Mike Whalen, Crystal Kaldjob, Kim Holzel, Alex Callen, and Sammy Tang. The team represents one-third of the fintechs on Forbes’ Fintech 50 list and is highly ranked by Chambers and Legal 500.