Trusted Agent Protocol

Establishing a universal standard of trust between AI agents and merchants for the next phase of agentic commerce.

Merchant securing their digital storefront

How do you distinguish a trusted AI agent acting on a customer's behalf from a malicious bot?

As agentic commerce becomes a reality, this critical question emerges for every merchant.The Trusted Agent Protocol provides a universal standard that allows approved agents to securely identify themselves to a merchant website or server. This enables merchants to confidently welcome this new wave of commerce, knowing they can differentiate trusted agents from malicious bots and potentially use the new information provided by these trusted agents to identify fraud and the consumer on whose behalf the agent is shopping.

The Challenge

AI agents are becoming part of everyday commerce, capable of executing complex tasks like booking travel or managing subscriptions. As agent capabilities evolve, merchants need visibility into their identities and actions more than ever.

 

For an agent to make a purchase, the merchant must be able to answer critical questions:

  • Is this a legitimate, trusted, and recognized AI agent?
  • Is it acting on behalf of a specific, authenticated user?
  • Does the agent carry valid instructions from the user to make a purchase?

Without a standard for recognition and communication, merchants are left with a difficult choice: block potentially valuable, agent-driven traffic, or blindly accept the significant operational and security risks that could come alongside agentic interactions of today.

The Solution

Visa's Trusted Agent Protocol provides a standardized, cryptographic method for an AI agent to prove its identity and associated authorization directly to merchants. By presenting a secure digital signature with every interaction, a merchant can verify that an agent is legitimate and has the user's permission to act.

 

For merchants, the Trusted Agent Protocol describes a standardized set of mechanisms enabling merchants to:

  • Cryptographically Verify Agent Intent: Instantly distinguish a legitimate, credentialed agent from an anonymous bot. The agent presents a secure signature that includes timestamps, a unique session identifier, key identifier, and algorithm identifier, allowing you to verify that the signature is current and prevent relays or replays. 
  • Confirm Transaction-Specific Authorization: Ensure the agent is authorized for the specific action it is taking  (browsing or payment) as the signature is bound to your domain and the specific operation being performed.
  • Receive Trusted User & Payment Identifiers: Securely receive key information needed for checkout via query parameters. This can include, as consented by the consumer, verifiable consumer identifiers, Payment Account References (PARs) for cards on file, or other identifiers like loyalty numbers, emails and phone numbers, allowing you to streamline or pre-fill the customer experience.
  • Reduce Fraud: By trusting the agent's identity and intentions, merchants can create a more seamless path to purchase for customers using agents. This cryptographic proof of identity and intent provides a powerful new tool to reduce fraud and minimize chargebacks from unauthorized transactions.

This product is in the process of development and deployment.  Depictions are representations of potential features and sequences. 

" "

Differentiate from Malicious Actors
The Trusted Agent Protocol provides a way for you to distinguish legitimate, authorized AI agents from other automated traffic. This allows you to confidently welcome agent-driven commerce while protecting your site from harmful bots.

" "

Protection Against Replay Attacks

The protocol is designed to prevent bad actors from capturing and reusing old requests. Each signature includes unique, time-sensitive elements that ensure every request is fresh and valid only for a single use.

" "

Context-Bound Security

Every request from a trusted agent is cryptographically locked to a merchant's specific website and the exact page with which the agent is interacting . This ensures that an agent's authorization cannot be misused elsewhere.

" "

Securely Receive Customer & Payment Identifiers

The protocol defines a standardized way for a verified agent to pass essential customer information directly to merchants. This allows merchants to streamline the checkout process by receiving trusted data to pre-fill forms or identify the customer.

" "

Limit Agent Interaction

A merchant can limit an agent's interaction to just the agentic commerce purpose the agent has indicated. For example, if the agent is indicating that they are "browsing" to retrieve more details about a specific product or to determine whether the product is actually available in a specific color or size the merchant can prevent the agent from performing any other action beyond that. Similarly, if the agent is indicating that they intend to make a purchase, the merchant can limit the interaction to that single purpose.

" "

Check for Existing Account

A merchant can use the information provided in the Agentic Consumer Recognition Object to determine whether the consumer, that the agent is shopping on behalf of, has an existing account with the merchant. Depending on the merchant's ability to verify the identitiers provided, the merchant could provide a logged in experience to the agent and assigning those same consumer benefits to the current transaction or simply associate a loyalty number to the transaction.

" "

Determine Consumer Location

A merchant can use the information provided in the Agentic Consumer Recognition Object to determine the location of the consumer when they gave an instruction to the agent and based on that location customize the content or inventory provided to the agent. For example, if the merchant does not ship specific products to the consumer's location, they could indicate that these products are not available.

" "

Identify Fraudulent Credentials

A merchant can use the hash, provided in the Agentic Payment Container, to compare the payment credentials key entered in a payment web form and, if these hashes do not match, the merchant can decline the transaction as this mismatch indicates that some malicious entity is attempting to use fraudulent credentials (without the prerequisite agentic controls) to make a payment.

" "

Enhance Consumer Experience

A merchant can use the card metadata, provided in the Agentic Payment Container, to enhance their communication with the consumer. The metadata provides card art and the underlying card's last 4 digits and product description, all that can be included in order confirmations giving the consumer a clear indication of the card used to make the purchase.