Worldline, ING and Mastercard Run Europe's First End-to-End Agentic Payment in Production

Key Takeaways

An AI Bought Concert Tickets and Settled the Payment

ING completes live end-to-end European agentic payment transaction

ING, Worldline and Mastercard have carried out what they claims is Europe's first end-to-end agentic payment transaction.

www.finextra.com

The transaction began with a customer of the Dutch bank ING telling an AI assistant they wanted to find a wedding anniversary gift. The customer described the experience, dates and budget in plain language, and the assistant proposed several tickets for the Royal Concertgebouw Orchestra. Once the customer picked one and approved the purchase, the AI handled everything from confirming the tickets to completing the payment.

According to Worldline's official announcement, the entire flow ran on production infrastructure located within Europe. This was not a demo or a sandbox: a real card was charged and real funds moved. That is the heart of the news. Worldline, ING and Mastercard position it as Europe's first end-to-end agentic payment.

The transaction took place between an ING cardholder in the Netherlands and a Dutch merchant, with the same setup operating across Belgium. In other words, it was confirmed to work not within a single country but across multiple European markets.

What Does "Agentic Payment" Actually Mean

An agentic payment is a transaction in which an AI agent, acting on instructions from the consumer rather than the consumer directly, carries out everything from product selection to settlement. Where traditional online payments assume a human clicks a button, here the AI performs the mechanics of the purchase.

What matters in this transaction, though, is that the final approval stays with the human. The AI does not buy beyond budget on its own; it presents options, and payment only runs within the scope the consumer selects and approves. ING describes the current interaction as "assisted" rather than fully autonomous, while sketching a future in which "AI acts within clear boundaries set by the customer."

This raises one fundamental question. When no human is present at the moment of payment, how do the network and the issuing bank decide that this is a legitimate transaction? The answer to that question is exactly what the underlying technology is built to provide.

Who Does What — The Four Roles of Payment Infrastructure

Making an agentic payment work requires several players to coordinate behind the scenes. Worldline says it handled all four layers on a pan-European scale: acceptance, acquiring, authentication and issuer processing. Here is what each one means.

The first, acceptance, is the merchant-side entry point. The order the AI agent assembles is received by the merchant's systems as a payment request. Acquiring then processes that payment on behalf of the merchant and routes the transaction to the card network. Up to here, this is the merchant's world.

The reliability of the transaction hinges on the third layer, authentication. This is where it is verified whether the customer genuinely authorized the transaction and whether it came from a registered, legitimate agent. Finally, in issuer processing, ING (the card issuer) makes the final decision to authorize or decline. In this case ING, as the issuing bank, retained authority over both customer authentication and authorization.

Madalena Cascais Tomé, a member of Worldline's executive committee, put it this way.

"

Agentic commerce is no longer theoretical, it is production-ready today.

Source: Madalena Cascais Tomé (member of executive committee, Worldline)

Tokenization and Authentication — The Core of Letting AI Pay

A problem you cannot avoid when entrusting payments to an AI agent is how to handle card data. Hand a raw card number to an AI model and the leakage risk soars. This is where tokenization comes in.

In the framework Mastercard promotes, instead of the real card number, a network token called an Agentic Token is issued. It extends the company's tokenization platform, MDES (Mastercard Digital Enablement Service), so that on top of a normal network token it carries information about which AI agent may use it, within which merchant scope, and under which consent policy.

The flow looks roughly like this. The consumer enrolls a card and grants the agent a consent policy such as a spend ceiling, eligible categories and an expiration. A token cryptographically bound to that policy is then minted. At checkout the agent presents the token, and the network verifies it does not violate the policy before issuing approval. The transaction completes without the AI model ever holding the raw card number.

In this transaction too, an identifier was attached signaling to ING that "this is an agent-initiated transaction." The issuing bank understood the nature of the transaction transparently and decided whether to approve it through established authentication mechanisms. Mastercard has codified this approach as Agent Pay, under which agents are onboarded against defined standards and verified, and merchants are connected through a consistent integration framework.

PSD2 and SCA — Europe's Distinctive Regulatory Hurdle

Why is "Europe's first" newsworthy? Behind it lies a regulatory regime specific to Europe. The EU's PSD2 (the revised Payment Services Directive) mandates SCA (Strong Customer Authentication) for remote card payments. SCA requires authentication using at least two of three independent factors: something you know, something you have, and something you are.

SCA implicitly assumes that "a human is present at the moment of payment." That assumption breaks down when an AI agent pays on the consumer's behalf. According to analysis by the law firm Osborne Clarke, there is currently no special "regulatory carve-out" for agentic payments, and SCA requirements apply in principle even when an AI agent initiates the payment.

That is precisely why completing an end-to-end transaction in a European production environment carries weight. The point is not that the rules were bypassed, but that an agent-initiated transaction was fitted inside the existing authentication and tokenization machinery, in a form where the issuing bank can confirm the customer's consent and the scope of authority. At the same time, the question of liability when an AI misreads an instruction and over-orders remains a legally undefined issue.

What It Means for Ecommerce Operators

From an ecommerce operator's perspective, this case shows that a world where "AI agents pay as legitimate, authenticated buyers" is moving past the proof-of-concept stage into production. The assumption that a human accesses the cart directly will gradually stop holding.

What deserves attention is that the network side is building mechanisms to register and verify agents and preparing a consistent integration framework for merchants. Is your own payment flow ready to accept these agent-initiated transactions? Can it process a tokenized, authenticated order the same way it handles a human order? Such preparation is becoming a competitive condition in the near future. Now that production has gone live in Europe, similar moves spreading to other regions is only a matter of time.

Conclusion

An AI chose concert tickets and, with the customer's approval, completed the payment — and that whole sequence ran for real on European production infrastructure. Proving that every layer from acceptance through acquiring, authentication and issuer processing can handle agent-initiated transactions is no small thing. What to watch next is the institutional design around an agent's scope of responsibility, and how this machinery extends beyond Europe.