Agentic commerce is a model of e-commerce in which an artificial intelligence (AI) agent performs one or more commercial tasks on a user’s behalf. Depending on the system and the user’s instructions, the agent may discover products, compare options, select a merchant, place an order, initiate payment, or support post-purchase activity.
It differs from AI-assisted shopping because the agent may take action, rather than only provide recommendations for a person to follow.
Agentic commerce is broader than agentic payments. Agentic payments concern payment authorization and execution. Agentic commerce covers the wider journey, including discovery, merchant selection, ordering, fulfillment, returns, and support. The amount of autonomy an agent receives depends on the authorization model used by the agent platform, merchant, and payment providers.
User authorization: The user defines a goal and may set limits such as an approved budget, product type, merchant, location, or delivery deadline. A request to find suitable products is different from permission to complete a purchase, so the system must preserve the scope of the user’s instruction.
Agent activity: The AI agent interprets the request, gathers information, compares options, and may interact with merchant systems. Some agents stop before checkout and ask for approval. Others may complete actions within previously established limits.
Merchant representation: The agent relies on product descriptions, prices, availability, shipping terms, and refund or return policies supplied by the merchant. If this information is incomplete or outdated, the agent may present terms that the merchant cannot honor.
Payment and fulfillment: In merchant-led implementations, the merchant accepts or declines the order and handles fulfillment and customer support through its existing systems. The payment service provider (PSP), acquirer, and other payment participants process the resulting transaction through the applicable payment flow.
Evidence: Risk and operations teams may need to reconstruct what the user authorized, what information the agent received, what the agent represented, what the merchant accepted, and what the merchant delivered.
OpenAI’s Agentic Commerce Protocol describes one implementation in which the agent passes order information to the merchant while the merchant retains control of payment, fulfillment, and customer support.
The first failure pattern is inaccurate merchant data. An agent may rely on a price that has changed, inventory that is no longer available, or a return policy that is inconsistent across the merchant’s website and structured data. The order can be technically valid while still failing to match the user’s expectations.
The second is unclear authorization. A user may authorize research but not purchase, or may set a budget that the agent applies differently from what the user intended. PSPs and acquirers do not control every agent’s authorization design, but they may still need evidence that distinguishes a user-directed purchase from an action taken outside the user’s stated limits.
The third is merchant drift after activation. A merchant may change its catalog, introduce restricted products, revise subscription terms, or alter its fulfillment model after approval for an agentic channel. These changes resemble the post-onboarding risks addressed through merchant web monitoring, but agent-driven transactions can surface the mismatch directly to consumers.
Ballerine’s current agentic commerce framework identifies inventory changes, policy drift, merchant legitimacy signals, and behavioral anomalies as relevant monitoring areas.
Hypothetical example: A user instructs an agent to purchase a household appliance with free returns. The agent selects a merchant whose structured policy data states that returns are free, but the merchant’s current terms include a restocking fee.
When the user requests a return, the merchant applies the fee. The user may raise a dispute because the delivered terms differ from what the agent presented. That dispute may proceed into the normal chargeback process, depending on the facts and applicable rules.
Agentic commerce does not replace conventional merchant-risk controls. It increases the importance of applying them continuously and extending them to the information that agents read. Merchant verification still establishes whether the business is legitimate, who owns or controls it, and whether its declared activity fits the PSP’s or acquirer’s risk appetite.
Risk teams should monitor merchant identity and business status, catalog and inventory changes, pricing, refund and return policies, subscription terms, unusual transaction patterns, and disputes. They should also preserve time-stamped records showing the merchant’s policy and catalog state when an agent interaction occurred.
The purpose is to maintain enough evidence to understand where an interaction failed and apply the appropriate remediation.
A minor data inconsistency may require a merchant update and recheck. A material change in products, business model, or policy may require enhanced review or temporary removal from an agentic channel. Readiness should therefore be treated as a maintained condition, not a one-time approval.
Ballerine’s Trusted Agentic Commerce Enablement Platform helps PSPs prepare, govern, and audit merchants across agent-driven commerce. During initial readiness, the platform checks merchant eligibility and legitimacy, supports agent-specific policy controls, and generates readiness profiles for PSP oversight and agent-platform evaluation.
After enablement, Ballerine supports continuous governance through inventory and catalog change detection, policy drift monitoring, merchant legitimacy signals, behavioral anomaly detection, remediation workflows, and audit-ready evidence. The platform records checks and policy states so PSPs can maintain oversight without treating agentic commerce as a one-time onboarding event.
Reduced manual efforts
Improved review resolution time
Increase in detected fraud
