Back to Insights
Agentic Commerce

Authorized Delegation, Flawed Execution — Agentic Commerce (2 of 4)

The agent had permission and still got it wrong — a failure mode our rails have no category for.

FDP
Franco Di PietroThe Payments Corner
Audio Briefing
0:00/1:29

Second in my four-post series from the agentic commerce research. This is the part I found most interesting.

Fraud has a familiar shape: someone makes a charge you never approved. Decades of card infrastructure — detection models, chargeback rights, liability rules — exist to catch and unwind exactly that.

Agentic commerce introduces a whole category that doesn't fit the shape. I've been calling it authorized delegation, flawed execution: the agent had permission, and still got the purchase wrong. It bought the wrong item. It paid a worse price than it should have. It ordered ten when you meant one. It renewed a subscription you'd have cancelled. Nothing was stolen. No credential was compromised. No spending limit was breached. The delegation was completely real — the execution just wasn't what the human actually intended.

That's the problem. It's not fraud, and it's not a clean merchant dispute either. Our existing categories assume one of two things: an unauthorized actor, or a legitimate transaction that went bad on the merchant's side. An authorized agent making an honest error against a genuine instruction is neither of those. The permission was valid. The outcome was wrong. And there's no established rail to resolve that gap — no clear code for "the agent did what I told it, badly."

It matters because it won't be rare. Agents operate at machine speed and machine scale, and a small error rate across millions of delegated purchases isn't a rounding error — it's a support queue, a wave of dispute volume, and, underneath both, a trust problem. If people can't rely on delegation, they won't delegate.

The first real sign the industry sees this coming is already visible: American Express has committed to Agent Purchase Protection, a forward commitment aimed squarely at this failure mode. The full terms are still to come, but the direction is the tell — the category is real enough that someone is already building protection around it, before the volume has even arrived.

The question I keep landing on is who owns the resolution. When an authorized agent executes badly, whose problem is it — the cardholder's, the issuer's, the network's, or the agent developer's? Today there's no settled answer. And in payments, the settled answer tends to belong to whoever builds it first: the evidence trail, the consent record, the remedy. Whoever defines how this gets resolved defines the standard everyone else ends up adopting.

The full taxonomy — the other error types, and how they map to existing rails — is in the research, on The Payments Corner.

FDP

Franco Di Pietro

The Payments Corner

30+ years across payments, fintech, banking, and financial infrastructure. Operator-level perspectives on the systems that move money.

Share:

Related Insights