Visa TAP (Trusted Agent Protocol) — How Agent Authentication and Payments Work

What Is Visa TAP (Trusted Agent Protocol)?

The age of AI agents purchasing products on e-commerce sites is becoming reality. Yet from a merchant's perspective, there has been no reliable way to distinguish a legitimate AI agent from a malicious scraper. To bridge this "trust gap," Visa announced the Trusted Agent Protocol (TAP) in October 2025 — an open framework designed to establish trust between AI agents and merchants.

At its core, TAP gives AI agents a "digital ID card." Every time an agent sends an HTTP request, it attaches a cryptographic signature that the merchant verifies using Visa's public keys. Each signature is bound to a specific merchant site and page, and is time-limited, preventing replay or relay attacks.

As agentic commerce expands, building this trust layer has become urgent. Visa designed the protocol in collaboration with Cloudflare, choosing to build on existing web infrastructure rather than creating an entirely new payment network. The approach adds an agent authentication layer on top of the HTTP mechanisms merchants already use.

Technical Architecture — Combining RFC 9421 and Web Bot Auth

Understanding TAP requires familiarity with its two foundational standards.

The first is RFC 9421 (HTTP Message Signatures), an IETF standard for attaching cryptographic signatures to HTTP messages, allowing recipients to verify sender identity and message integrity. TAP uses Ed25519 key pairs — agents sign requests with their private key, and merchants verify signatures using public keys retrieved from Visa's public key directory.

The second is Web Bot Auth, a mechanism proposed by Cloudflare for bots and AI agents to attach cryptographic signatures to HTTP requests using Signature-Input and Signature headers. According to the Visa Developer Center specifications, the signature base string is canonicalized in the exact order received, meaning any alteration in ordering, spacing, or values causes verification to fail immediately.

How does the actual data flow work? When an agent accesses a merchant's site, three pieces of information are embedded in the HTTP request as cryptographic signatures: Agent Intent (confirming it is a trusted agent with commerce intent), Consumer Recognition (data indicating whether the consumer has an existing account or prior transaction history with the merchant), and Payment Information (payment data formatted for the merchant's checkout flow).

The merchant's processing is straightforward: verify the signature on the received HTTP request and confirm the agent's approval status against Visa's public key directory. This can be implemented by adding middleware to existing web servers — there is no need to rebuild the entire checkout flow.

The GitHub repository provides specifications and reference implementations, allowing developers to work through integration with actual code. Where Mastercard's Verifiable Intent emphasizes "proof of intent," TAP starts from "proof of identity" — an interesting difference in design philosophy.

From Agent Registration to Transaction Completion

To make the end-to-end process concrete, let us walk through the flow from an agent developer's perspective.

First, agent onboarding. To participate in TAP, an AI agent must pass the Visa Intelligent Commerce vetting program, which verifies whether the agent meets Visa's trust standards. Approved agents receive an Ed25519 key pair, with the public key stored in Visa's registry directory.

Next, merchant transactions. When an approved agent accesses a merchant's e-commerce site, it sends an RFC 9421-compliant signed HTTP request. The merchant retrieves the agent's public key from Visa's directory and verifies the signature. Successful verification confirms that the agent is a Visa-approved shopping bot, not a malicious script.

Finally, anomaly detection. Beyond signature verification, Visa Intelligent Commerce includes a machine learning-based anomaly detection layer that monitors agent-driven transactions in real time to detect suspicious patterns. By combining TAP's static identity proof with dynamic behavioral analysis, the system achieves multi-layered security.

Ecosystem Growth and Proven Results

In December 2025, Visa announced that hundreds of agent-initiated transactions had been completed in collaboration with partners. These were the first large-scale demonstrations where AI agents completed real purchases at actual merchants on behalf of consumers, without a human pressing a checkout button.

The partner roster is expanding rapidly. According to Oscilar's analysis, over 100 companies have joined Visa Intelligent Commerce globally, more than 30 are developing in the sandbox environment, and over 20 agent platforms are pursuing direct integration. Early payment processor adopters include Nuvei, Adyen, and Stripe.

Regional rollout is also accelerating. In Asia Pacific, Visa Intelligent Commerce is expanding with pilot programs expected to launch in early 2026. In Europe, the Visa Agentic Ready program has officially launched, providing issuers with testing environments for agent-initiated payments. Latin America and the Caribbean are also preparing AI payment readiness at major merchants.

Positioning Among Competing Protocols

Agentic payment standardization does not end with Visa TAP alone. Mastercard's Verifiable Intent, Google's AP2 (Agent Payments Protocol), and Stripe's Shared Payment Token all coexist in this space.

Crucially, these protocols are not mutually exclusive — they cover different layers. TAP handles agent "identity proof," Verifiable Intent covers consumer "intent proof," and AP2 manages "payment execution." As PYMNTS.com reported, Visa is being called a "payments hyperscaler," and TAP is one component of the broader Visa Intelligent Commerce strategy, designed to be used in combination with other protocols.

As outlined in the agentic AI protocol landscape overview, a division of labor is emerging: MCP for tool integration, A2A for agent-to-agent communication, and TAP + Verifiable Intent + AP2 for the commerce domain. For e-commerce merchants, working through payment providers like Stripe and Adyen for indirect protocol support is the most practical approach, rather than implementing each protocol directly.

What E-Commerce Merchants Should Prepare Now

TAP adoption can proceed in stages.

Start by checking your payment provider's readiness. Major processors like Stripe, Adyen, and Nuvei are early TAP adoption partners, and merchants using these providers may gain TAP support automatically through provider-side updates. Monitoring Stripe's progress on agentic payment support is important.

For direct TAP integration, follow the Getting Started guide on Visa Developer Center to add signature verification middleware to your web server. Multiple open-source RFC 9421-compliant signature verification libraries are available, keeping the technical barrier relatively low.

Visa predicts that millions of consumers will use AI agents for purchases by the 2026 holiday season. Whether this prediction materializes remains to be seen, but given that TAP specifications are openly available and major payment providers are moving forward with support, it is worth beginning preparations for agent authentication alongside the KYA (Know Your Agent) framework.

Summary

Visa TAP's defining characteristic is its clever use of existing web and payment infrastructure to serve as the "digital ID" layer for the AI agent era. Built on the established RFC 9421 standard, it keeps the adoption barrier relatively low for merchants. How far the ecosystem's expansion through the second half of 2026 accelerates the practical deployment of agentic commerce — that answer should become clear by this year's holiday season.