Mastercard Verifiable Intent — The Trust Layer for Agent Transactions

What Is Mastercard Verifiable Intent

On March 5, 2026, Mastercard announced a new open standard for agentic commerce called Verifiable Intent. Co-developed with Google, the initiative has secured commitments from IBM, Worldpay, Fiserv, Adyen, Checkout.com, Basis Theory, and Getnet.

The problem driving this announcement is straightforward. AI agents are beginning to purchase goods on behalf of users, but no standard mechanism exists to prove that an agent actually has permission to act. 3D Secure authentication and SMS verification codes assume a human is present at checkout. When agents complete purchases autonomously, that assumption no longer holds.

What Verifiable Intent provides is cryptographically verifiable proof of authorization. It binds a consumer's identity, specific purchase instructions, and the merchant transaction outcome into a single tamper-resistant record. Trust is built on cryptographically signed facts, not inference.

The SD-JWT Delegation Chain — Technical Core

The technical foundation of Verifiable Intent is a layered credential format based on SD-JWT (Selective Disclosure JSON Web Token). It extends the IETF's SD-JWT specification with commerce-specific capabilities for agent transactions.

Three-Layer Delegation Structure

The delegation chain consists of three layers. Layer 1 is where a credential provider (card issuer or bank) issues an SD-JWT binding user identity to a public key. Through a cnf.jwk (confirmation JSON Web Key) claim, it cryptographically proves that "the holder of this key is this consumer."

At Layer 2, the user signs a delegation to the agent using their own key. The critical element here is the attachment of constraints. Conditions like "under $500," "only at this merchant," and "within 3 days" are cryptographically bound, strictly defining the agent's scope of action.

Layer 3 is the fulfillment credential generated when the agent executes an actual purchase. It cross-references the merchant-signed checkout object against the constraints defined in Layer 2, making it verifiable that the agent acted within its delegated bounds.

Eight Constraint Types

The Verifiable Intent specification defines 8 registered constraint types, including amount bounds, merchant allowlists, budget caps, and recurrence terms. Verifiers are required to support all of them.

Under the traditional model where users verbally instruct agents, there is always a risk of agents interpreting instructions too broadly. Against this problem known as intent drift, Verifiable Intent treats constraints as "first-class authorization boundaries" and converts them into machine-verifiable limits. If an agent attempts to exceed its constraints, cryptographic verification immediately blocks the transaction.

Consider the widely reported case of an OpenAI shopping agent paying $31 for a dozen eggs. With Verifiable Intent constraints applied, the transaction would be rejected the moment it exceeded the amount cap. This is a structural safeguard that does not depend on human judgment.

Selective Disclosure — Balancing Privacy and Verification

Ensuring trust in agent transactions requires sharing information among parties. But sharing everything with everyone is unacceptable from a privacy standpoint. The selective disclosure mechanism adopted by Verifiable Intent resolves this tension through cryptography.

Data is private by default. Each party receives only the minimum information needed to fulfill their role. Merchants see enough to confirm that an agent's authorization is valid, but cannot view the consumer's other purchase constraints or remaining budget. When agentic payment disputes arise, additional information is disclosed only to the extent needed for resolution.

This works by leveraging SD-JWT's selective disclosure capabilities. Individual claims within the JWT are hashed, and original data is presented only when disclosure is required. Cryptographic commitments allow third parties to verify that "disclosed information is indeed part of the original credential."

Immediate Mode and Autonomous Mode

Verifiable Intent defines two operational modes.

Immediate Mode applies when users participate in the purchase process in real time. After the agent assembles a cart and the merchant finalizes checkout details, the user's device performs the final approval signature. This corresponds to AP2's Cart Mandate concept, with short-lived Layer 2 credentials issued.

Autonomous Mode covers scenarios where users sign constraints upfront and agents independently execute purchases within those bounds at a later time. Requests like "book it if the weekend flight drops below $300" fall into this category. It aligns with AP2's Intent Mandate, with agents generating fulfillment credentials within constraint boundaries.

Comparison with Visa Trusted Agent Protocol

In the Visa-Mastercard agentic commerce standardization race, the two companies have taken distinctly different approaches.

As Fintech Wrapup's detailed comparison points out, the two frameworks optimize for different layers of the stack. Verifiable Intent focuses on cryptographic proof of "what the user authorized," while Visa emphasizes authenticating "whether the agent is legitimate and linked to the consumer behind it."

Which should merchants support? The current answer is "both." Each company has designed its framework to function as a complement to other protocols, and foundational technologies like Cloudflare's Web Bot Auth are emerging to underpin both. The trust layer for agentic commerce is forming not as a single standard but as a combination of complementary protocols.

Ecosystem and Cross-Protocol Interoperability

A defining design characteristic of Verifiable Intent is its protocol agnosticism. The specification includes integration mappings for Google's AP2, UCP, and OpenAI/Stripe's ACP.

This design philosophy signals that Mastercard positions Verifiable Intent not as a proprietary network tool but as a cross-industry trust layer. According to PYMNTS reporting, Verifiable Intent will be integrated into Mastercard Agent Pay's intent APIs within the coming months, with real-world deployments starting alongside partner organizations.

The specification is built on existing standards from the FIDO Alliance, EMVCo, IETF, and W3C. The design requires no proprietary infrastructure, offering one answer to the protocol fragmentation problem in agentic commerce. Building on widely adopted specifications lowers adoption barriers for a new protocol.

What E-Commerce Merchants Should Prepare For

Verifiable Intent is at Draft v0.1 as of March 2026, with the open-source specification and reference implementation published at verifiableintent.dev and on GitHub. Full commercial deployment is still ahead, but there are points e-commerce merchants should be aware of now.

The first thing to check is your Payment Service Provider's (PSP) readiness. Major PSPs including Fiserv, Checkout.com, Adyen, and Worldpay are already participating as partners, and as PSP-side support matures, merchant integration burden will decrease significantly.

Next, prepare for changes in dispute resolution. Verifiable Intent's cryptographic audit trail provides the means to prove, through cryptographic evidence, that an agent acted within the user's delegated scope when facing chargeback claims of "the AI bought this without my permission." This could fundamentally change how dispute resolution processes work.

Summary

Verifiable Intent is a framework that shifts the "proof of trust" in agent transactions from inference to cryptography. With Draft v0.1 published and 8 partners plus multiple protocol integration mappings in place, it outlines one path for how the trust foundation of agentic commerce will take shape.