Contact
Insights
Jun 10, 2026

Mastercard CEO Raises Grave Concerns Over Agentic Commerce: Who Is Liable When AI Spends Your Money?

Contents
Agentic Commerce Studio - Validate AI-agent shopping in your browser

Key Takeaways

  1. Mastercard CEO Michael Miebach used a Yahoo Finance appearance to ask "what happens if something goes wrong?" and to surface the unresolved consumer protection challenges of AI agent payments
  2. Amid an industry awash in optimism, the head of a major payment network raising questions about identity, fraud, and accountability carries real weight
  3. For commerce and payments players, settling the design of chargeback and refund liability before autonomous spending goes mainstream becomes a competitive prerequisite

"What Happens If Something Goes Wrong?"

Mastercard CEO shares grave concerns over AI agentic commerce

Urgent questions are emerging about what happens when AI agents start spending your money.

www.thestreet.com

Imagine a program you have never seen or used buying things on your behalf with your credit card. That future is arriving sooner than many people realize. Michael Miebach, CEO of one of the world's largest payment networks, welcomes the shift but argues consumers should pay attention to the risks it carries.

On Yahoo Finance's "Opening Bid" program, Miebach called agentic commerce the use case where AI will "touch our lives the fastest and most broadly." Yet the weight of his remarks fell on unresolved consumer protection challenges rather than on opportunity.

What he posed was a series of questions the industry has yet to answer. "What happens if something goes wrong?" He then questioned whether AI agents would faithfully follow a consumer's spending instructions. With optimism dominating the conversation, it matters that someone at the heart of payments infrastructure chose to name the brakes.

Is the Agent Actually What It Claims to Be?

The core of Miebach's concern lies in identity verification. He asked, "Is the agent actually what the agent claims to be?" Does it act on your instructions, or does it do something different? And if there is a misunderstanding, how do you have recourse, and how are you protected? The string of short questions reveals just how wide the open terrain is.

The questions cut deep because no settled mechanism yet distinguishes malicious bots from legitimate agents. Visa's research points to a 4,700% surge in AI-driven traffic to U.S. retail sites, most of it automated access carrying no human intent. In a world where agents buy on someone's behalf, merchants must decide in an instant whether the agent before them truly holds a consumer's mandate.

Traditional card payments built identity verification around a human holding a card. Agent payments insert a new layer of software between the human and the card. When it is unclear whose instructions that layer acts on and how far its authority reaches, an additional entry point for fraud opens up. Miebach's question names exactly this structural gap.

Networks are answering with standardization. Visa unveiled its Trusted Agent Protocol in October 2025, using cryptographic signatures to verify an agent's legitimacy and the consumer's authorization. Mastercard's own Agent Pay carries a "Know Your Agent" process that assigns unique identifiers to AI agents so banks can approve or block them.

From "Assisted" to "Purely Autonomous"

Miebach does not expect agent payments to leap straight to autonomy. He described a phased trajectory: "assisted agentic payments first, and eventually we will find our path to just purely autonomous spending." Humans stay in the loop for final confirmation at first, and oversight thins as trust accumulates.

That trajectory already has numbers behind it. According to Plaid's 2026 "State of Intelligent Finance" report, more than half of Americans used AI to help manage their finances over the past 12 months. The same report found that 74% of consumers say they will always want the option to review important financial decisions made by AI.

In other words, consumers want convenience but are reluctant to surrender ultimate control. The "assisted" phase may well last longer than expected. Whether the path leads to full autonomy depends not on technology but on the design of trust.

"Who Is Responsible?" Is the Final Hurdle

Among Miebach's questions, the one the industry struggles most to answer is accountability. When an AI agent orders the wrong color or books the wrong hotel, who foots the bill? Card schemes, consumers, issuers, and AI model providers all tend to resist taking it on.

American Express moved to fill that void. In April 2026, the company announced an agentic commerce developer kit alongside "Amex Agent Purchase Protection." When a registered AI agent transacts with authenticated purchase intent, American Express protects eligible customers from charges tied to agent error, an industry-first commitment.

Regulators are sketching the outline too. Per reporting, the CFPB's January 2026 advisory placed agent-initiated card transactions squarely within the existing dispute-and-chargeback regime. The EU's AI Liability Directive is said to presume fault on the party deploying an agent unless mandate, audit-trail, and consent evidence can be produced.

What becomes decisive here is the definition of who the "purchaser" is. In AI-mediated transactions, it blurs whether the buyer is the consumer, the AI company providing the agent, or the merchant that deployed it. That definition becomes the origin point for chargebacks, returns, warranties, and dispute handling, and it dictates how liability flows. Miebach's repeated question about recourse points exactly at how this missing definition opens a hole in consumer protection.

What Commerce and Payments Players Should Do Now

Miebach's concerns should be read not as mere caution but as an implementation design challenge. The more agent payments spread, the more merchants risk becoming the party that ultimately pays, a point already repeated across the industry. Embedding identity verification, consent, and recourse into the transaction lifecycle becomes the line of defense.

Concretely, that means verifying the agent's identity and the consumer's mandate on every transaction, and keeping records of when and how broadly consent was granted. Mastercard's fraud engine is beginning to ingest new signals such as agent identity, session provenance, and consent freshness, part of the same movement. Operators that hold a clear mandate trail stand in a stronger position when disputes arise.

Optimism and caution are not opposing camps. A payment network's chief executive chose to voice concern precisely because he understands that the design of trust sets the pace of adoption. For commerce and payments players, locking down accountability in both contracts and technology before autonomous spending takes off is what keeps you from scrambling once the wave arrives.

Conclusion

Miebach's question, "what happens if something goes wrong?", strikes at a perspective the optimism around agentic commerce had been missing. Identity, fraud, faithfulness to instructions, and accountability are four issues that technology alone cannot solve; each requires a deliberate design of trust. The standardization and protection moves from Visa and American Express are early attempts to fill that void. Whether autonomous spending advances from "assisted" to "purely autonomous" hinges on how honestly the industry answers these questions. Commerce and payments players are well advised to settle their liability design before the wave of adoption reaches them.

Previouscommercetools Declares 'Autonomous Commerce' and Unveils Sphere, Its AI-Era PlatformNextAI Commerce News Digest (June 10, 2026)
Recommended Articles
Jun 10, 2026

Klarna's CEO on the Fight for 'Top of Wallet' When AI Does Your Shopping

Apr 9, 2026

Mastercard Agent Pay Explained: Agentic Tokens and Verifiable Intent for AI Agent Payments (2026)

Mar 24, 2026

When AI Agents Avoid Stores with High Payment Failure Rates — Payment Reliability Determines Merchant Survival