AI agents can now access merchant accounts and complete transactions without requiring password handoffs, thanks to emerging authentication frameworks that separate credential management from task execution. The breakthrough removes a critical bottleneck that previously forced users to either share sensitive login details or manually intervene every time an agent hit a sign-in wall.
For direct-acquiring PSPs and card-not-present merchants, this shift carries both promise and risk. Autonomous agents executing payment workflows—comparing checkout flows, testing alternative payment methods, or optimising conversion paths—could accelerate testing cycles and reduce friction. But passwordless access also expands the attack surface: if an agent is compromised or misconfigured, it may initiate fraudulent transactions, modify settlement instructions, or expose sensitive merchant data. Velocity merchants operating in high-risk verticals already face elevated chargeback scrutiny; adding AI-driven automation without robust guardrails could amplify liability. The key will be layering agent authentication with real-time fraud orchestration, behavioural analytics, and tokenised credentials—exactly the kind of infrastructure that pairs well with modern payment stacks offering virtual IBANs, USDT settlement, and intelligent routing.
Read the full report at PYMNTS.