Key Takeaways
- An AI agent navigated a real merchant website and completed a payment using an HSBC UK-issued card. This was a live e-commerce site, not a controlled test storefront.
- Visa has made its direction explicit: agentic payments run on the existing card network rather than a new dedicated rail. Trusted Agent Protocol handles agent identity for merchants, and Visa Payment Passkeys handle cardholder authentication.
- The technology works, but consumer protection rules have not caught up. Both UK Strong Customer Authentication and Section 75 were written on the assumption that a human presses the button.
What happened on a working e-commerce site, not a sandbox

HSBC UK and Visa complete an industry-first agentic card transaction on a live merchant website, with biometric authentication and customer spending controls.
www.resultsense.comA UK bank card has been used for a purchase initiated by an AI agent. HSBC UK and Visa describe it as an industry-first end-to-end agentic transaction.
Everything hinges on one phrase: live merchant website. Until now, agentic payment demonstrations have typically run on test storefronts built for the purpose, with payment flows and inventory integration arranged so the experiment would succeed. This one left that environment. Real money moved on a merchant site that is actually trading.
Andy Rankin, Chief Payments Officer at HSBC UK Consumer Banking, said in the announcement carried by Finextra that AI-powered commerce is set to be the next evolution in how people shop. In the same breath he added that customers must remain firmly in control of their money. The pairing of those two statements tells you where the bank is positioning itself.
Visa's choice: no new rail
The industry had two possible paths for handling agentic payments. One was to launch a new payment protocol designed for AI agents. The other was to make the existing card network capable of carrying agent-initiated transactions.
Rob Cameron, Group Country Manager for UK and Ireland at Visa, made clear which one was chosen.
AI agents are beginning to initiate transactions in real-world environments, and our role is to ensure every transaction remains secure, transparent and trusted. By connecting our issuer partners like HSBC UK, with merchants and AI systems through our network, we are enabling this next phase of commerce using the infrastructure and protections already in place.
"Using the infrastructure and protections already in place" is the strategic core. Build a new rail and merchants take on a new integration, consumers take on a new protection framework, and regulators take on a new supervisory object, all from scratch. Ride the existing card rails and fraud detection, dispute handling, and merchant agreements all carry over as they are.
Two protocols split the work
The card rails could not simply be reused unchanged, though. Two gaps had to be filled.
The merchant-side question of what this visitor actually is is answered by Trusted Agent Protocol (TAP), designed with Cloudflare. It lets merchants distinguish a malicious bot from a legitimate AI agent acting on a consumer's delegation. Visa pairs it with an Agent Directory so that agent identity reaches merchants in a consistent form. The design deliberately avoids demanding new merchant infrastructure, folding into existing risk and policy frameworks instead. Cloudflare and Akamai support the implementation side.
The issuer-side question of whether this reflects the customer's intent is answered by Visa Payment Passkeys. Each transaction is authorised in a way that links it to a verified user and their explicit instruction. HSBC UK's description of biometric authentication maps onto this piece.
HSBC UK is one issuer among more than thirty
Read this as a standalone announcement and you will misjudge it.
On 2 July, at the Visa Payments Forum in Paris, Visa announced live agentic commerce transactions across Europe. That release states that more than 30 European issuers had already completed agent-executed transactions, and HSBC UK appears on the list. So do Barclays, Lloyds Banking Group, NatWest, Nationwide Building Society, Revolut, Klarna, ING, BBVA and Commerzbank. Participating merchants included Frasers, Cleverbridge and BrickDepot.
The accurate reading is that HSBC UK's announcement restates, for its home market, an individual bank's participation in the framework Visa laid out on 2 July. The "industry first" claim is scoped to an end-to-end agentic transaction on an HSBC UK-issued card. Across Europe, HSBC UK is not the first.
Mathieu Altwegg, Head of Product and Solutions for Visa in Europe, compares this stage to the rollout of contactless. In the sense of assembling standards, infrastructure and partners and moving as an ecosystem, the parallel holds.
UK consumer protection rules did not anticipate this transaction
Now that the technology works, questions previously handled in the abstract are taking concrete shape. This is the heaviest part of what the trial exposed.
The UK's Payment Services Regulations 2017 are built, at regulation 67, on the principle that a transaction is authorised only where the payer has consented to that specific transaction. A human reviews the cart, sees the amount, and presses buy. That sequence was the consent. When an agent autonomously selects products and decides to purchase within parameters the consumer set, where exactly did consent to the specific transaction occur? At the moment the spending cap was configured, or at the moment of each individual payment? The point is unsettled.
Strong Customer Authentication has the same problem. Legal analysis from Pinsent Masons notes that SCA requirements were designed for human-initiated payments and are not well suited to autonomous agents executing multiple transactions on a consumer's behalf. The same analysis observes that it is unclear whether liability sits with the consumer who deployed the agent, the developer of the AI system, the payment service provider, or the merchant. Visa Payment Passkeys exist precisely to underwrite SCA compliance on the issuer side. But that resolves who performed the authentication, not who erred in the judgement.
For a credit card purchase above £100 and up to £30,000, Section 75 of the Consumer Credit Act 1974 lets the consumer pursue the card issuer as well for breach of contract or misrepresentation. It is the flagship of UK consumer protection, and it too was drafted in 1974 on the assumption that a human is buying. If an agent misreads a product description and buys the wrong item, is that merchant misrepresentation or agent error? Chargeback rules were likewise assembled around human-initiated fraud.
Regulators see the situation. In its Payments Regulatory Priorities report published on 25 March 2026, the FCA said it would consider whether changes to the regulatory framework are needed to accommodate AI systems that autonomously initiate and execute payments, a step beyond its established habit of applying existing frameworks to new technology. FCA chief executive Nikhil Rathi said in a speech that accountability for regulated activities must remain clear where agentic systems are deployed, while acknowledging that traditional rule-making alone will not keep pace.
UK consumers are more cautious than assumed
Read only the announcements from the pushing side and adoption looks like a matter of time. The demand-side data paints a different picture.
According to Checkout.com's report "Agentic Commerce 2026: The State of Consumer Demand and Merchant Readiness", UK consumers are markedly more cautious than the global average. 41% of Brits trust no organisation at all to operate an AI shopping agent, well above the 27% global figure. A further 37% say they will never delegate purchases to AI, against 24% globally. Only 23% expect at least 10% of purchases to be AI-driven within a year, below the global 33%.
The conditions for earning trust are specific. The top non-negotiables cited by UK consumers were easy cancellation (31%), the ability to revoke permission instantly (31%), and a requirement to show options before buying (27%). On the merchant side, 69% recognise that real-time revocation of permissions will be critical to adoption.
Agent-involved transactions currently account for 3% of the total, while 89% of merchants are actively preparing for agentic commerce. Technology, regulation and consumer sentiment are each moving at a different speed.
What e-commerce merchants should prepare
For merchants outside the UK, this development matters in two ways.
First, the choice between blocking agent traffic as bots and welcoming it as customers is becoming technically tractable. Mechanisms like TAP and the Agent Directory introduce a third option into what has been a binary. Because they are designed to slot into existing risk frameworks as signals, the cost of adoption is lower than standing up new infrastructure. It is worth checking now whether your WAF or bot mitigation is blanket-blocking legitimate agents.
Second, dispute handling design is becoming a competitive factor. Instant revocation and easy cancellation, the things UK consumers asked for, are things merchants can offer voluntarily before the regulation settles. Whether you can make agent-placed orders as easy to cancel as human ones, or easier, will shape whether agents choose you.
Note that no timeline for broader customer availability has been disclosed. Nor has any fee structure specific to agentic transactions or any additional merchant-side cost been published.
Conclusion
What HSBC UK and Visa demonstrated is that agentic payment is being designed not as something new, but as a new entrance to existing card payment. Rather than launching a dedicated rail, add one layer of trust on top of infrastructure that already runs. That decision is likely to accelerate adoption.
The working technology also sharpened the outline of the homework left over. Where does consent form, and who pays when an agent buys the wrong thing? Now that the FCA has said it will review the regulatory framework, the thing to watch next is not the count of trials but where that review lands. Until the rules firm up, merchants have to design trust with their own hands.




