Key Points
- Prove launched the Prove Identity Platform, reframing identity from one-time verification into a persistent, continuously evaluated trust layer that covers people, businesses, and AI agents.
- Together with Fime FACT and HUMAN Security's Agentic Visibility, the trust layer category for agentic commerce effectively formed in a single 48-hour window.
- Merchants and payment players can no longer rely on static KYC alone; checkout flows must evolve to verify "was this action delegated by a real user through a legitimate agent?" at every transaction.
From One-Time KYC to a Persistent Trust Layer
Prove, the leader in digital identity, today launched the Prove Identity Platform, a unified platform that transforms identity from a one-time verification into an ongoing trust layer.
www.businesswire.comOn April 22, 2026, Prove, a U.S. digital identity provider used by 19 of the top 20 U.S. banks, launched the Prove Identity Platform. The strategic shift is clear: the company reframed its positioning from "one-time verification" to "persistent trust layer."
The core idea is that identity should no longer be a single event at onboarding but an ongoing foundation that is evaluated across every interaction. Onboarding, authentication, and fraud monitoring, historically operated as separate tools, are now unified into a single signal designed for an era where AI agents act on behalf of real people.
CEO Rodger Desai framed the thesis bluntly: "AI can fabricate a face or clone a voice, but it cannot replicate a decade of real digital behavior." Prove claims 12 years of authenticated identity history covering roughly 90% of the world's digitally active adults, arguing that this depth of history is what the agent economy will demand.
Three Core Components and an Expanded Agentic Suite
All Prove solutions now run on the new platform, with three components embedded by default. Prove Key Management binds cryptographic keys to user devices for adaptive authentication. Prove Identity Manager provides proactive monitoring of lifecycle events like device, phone number, or carrier changes. Prove Global Fraud Policy converts network-wide fraud intelligence into a unified defense posture.
The most consequential expansion is the Agentic Suite. Prove embeds cryptographically signed consent directly into the identity token so it travels with every agent action. A single token call is designed to deliver proof of humanity, proof of consent, and proof of authorization simultaneously, integrated with frameworks from OpenAI, Anthropic, and Salesforce.
Richard Crone, CEO of Crone Consulting, put the scale of the problem this way:
By 2030, there will be 4 to 40 AI agents acting on behalf of every human on the planet, and none of them should be allowed to act without continuously verified identity behind them.
A Trust Layer Map That Took Shape in 48 Hours
Prove's announcement lands inside a tight cluster of news. One day earlier, on April 21, Fime introduced FACT (Framework for Agentic Commerce Trust), a neutral trust layer where independent auditor agents issue transaction-level attestations and continuously validate that an agent's actions align with user intent and enterprise policy. The same day, HUMAN Security expanded Agentic Visibility inside Sightline Cyberfraud Defense, adding an Adobe integration and giving marketing and commerce teams precise visibility into human-vs-bot-vs-agent activity across product discovery, checkout, and loyalty.
Each takes a different angle: Prove anchors trust in a user's durable digital behavior, Fime issues independent per-transaction attestations, and HUMAN Security classifies and exposes agent activity at the network level.
| Player | Launch | Approach | Key capabilities |
|---|---|---|---|
| Prove Identity Platform | Apr 22, 2026 | Persistent identity foundation | 12-year authenticated history, lifecycle monitoring, signed consent in identity tokens |
| Fime FACT | Apr 21, 2026 | Per-transaction trust attestation | Independent auditor agents, intent validation, continuous policy checks |
| HUMAN Agentic Visibility | Apr 21, 2026 | Network-level visibility | Human vs bot vs agent classification, checkout visibility, Adobe integration |
The implication is that the trust layer for agentic commerce is not going to be filled by a single product. Identity history, transaction-level attestation, and network-level classification have to stack.
Division of Labor with ACP, AP2, and x402
Trust layers sit alongside, not inside, the agentic payment protocols. The Agentic Commerce Protocol (ACP) from OpenAI and Stripe, Google's Agent Payments Protocol (AP2), and Coinbase's x402 define how an agent requests and settles a payment. They do not, on their own, answer "should this agent be trusted" or "did this user actually authorize this action."
What Prove offers is a way to carry that answer as a token that can be consumed by the host side of any of those protocols. Issuer banks, card networks, and merchants all need continuous identity signals to underwrite agent-initiated transactions. Prove's opening reference to Visa naming Anthropic, OpenAI, and Perplexity as agentic commerce partners is telling: the network layer, the protocol layer, and the trust layer must interlock before agent transactions can be reliably approved.
Redesigning Checkout Around "Human or Agent"
The biggest practical change is at merchant checkout. The old binary of "real human vs bot" is replaced by a new question: is this a legitimate agent acting under a valid delegation, or a malicious actor hiding behind one?
With a Prove-style identity token, a merchant can inspect, at request time, who delegated what, under which scope, and for how long. Combined with HUMAN Security's agent classification, merchants can design three-way routing: auto-approve legitimate agent plus valid delegation, step-up auth for legitimate agent outside its scope, and block for unclassifiable agents. No humans can run that logic manually; it has to live in a policy engine that understands the token.
BetMGM is already cited as an early customer, using Prove's Pre-Fill and Unified Authentication on the new platform to reduce onboarding friction while tightening fraud controls. Industries where "getting identity wrong" is an existential risk tend to move first, and e-commerce is about to face the same pressure.
What Merchants and Payment Providers Should Do Next
The signal for practitioners is that static KYC, knowledge-based authentication, and device fingerprinting are no longer sufficient to underwrite agent-initiated transactions. What is needed is a trust score refreshed at every interaction.
Three concrete extension points exist for most merchants today. First, call external trust signals (Prove, Fime, HUMAN, or equivalents) from the risk engine at every sensitive event, not only at onboarding. Second, teach the application layer to parse delegation tokens flowing through ACP, AP2, or x402, so agent identity becomes a first-class input to risk decisions. Third, replace the "one-time terms of service" consent UX with a per-agent, per-scope consent ledger that supports revocation.
For payment providers, the differentiator will be whether issuer and acquirer risk engines can ingest "agent-originated" signals cleanly. The question Visa raised about unauthorized agent-initiated transactions is one that the networks cannot answer alone, and this week's announcements outline the collaborative shape of the answer.
Conclusion
Agentic commerce is not only a payment protocol story. Underneath the protocols, a distinct trust layer has started to crystallize: who do we believe, and on what continuously updated basis. The 48-hour cluster of Prove, Fime, and HUMAN Security makes that layer visible as its own category.
The next thing to watch is standardization: how identity tokens interoperate with ACP, AP2, and x402, and how issuer banks, card networks, and merchant risk engines start consuming them. Merchants should begin rewriting checkout assumptions from "humans only" to "humans and agents, mixed," starting with authentication, consent, and logging.
