Mastercard Unveils Open Standard to Verify AI Agent Transactions

Announced Thursday (March 5) the company is introducing Verifiable Intent, an open-source, standards-based framework designed for agentic commerce. The idea is to link a consumer’s identity, their specific instructions and the outcome of a transaction into a single, tamper-resistant record. It creates a cryptographic audit trail that all parties can consult if a dispute arises.

Mastercard says the framework is designed to be agnostic to existing agentic protocols, meaning it is intended to work alongside infrastructure already being built by Google, Stripe, OpenAI and others.

“As autonomy increases, trust cannot be implied,” said Pablo Fourez, chief digital officer at Mastercard. “It must be proven. And if something goes wrong, everyone needs facts, not guesswork.”

Verifiable Intent is the latest addition to Mastercard Agent Pay, the company’s agentic payments program launched in 2024, which established the infrastructure for registering and authenticating AI agents before they transact on Mastercard’s network. The new framework adds an explicit proof layer on top of that, one that travels with the transaction and is intended to make dispute resolution faster and cleaner.

The trust challenge Mastercard is trying to address is real. PYMNTS Intelligence, for example, has found that the highest-ranked use case for agentic AI is dynamic budget reallocation based on fresh cost data. Roughly 43% of CFOs expect a high impact from using agents in some form to handle this function, with another 47% expecting moderate impact.

That’s the enterprise angle. When a consumer taps a card, intent is clear. When an AI agent acts on instructions given hours or days earlier, such as booking travel or reordering groceries, that clarity disappears. Fourez has framed this as a defining challenge for the industry.

“In this new payments paradigm,” he said, “trust becomes the product.” Whether a single company’s framework can become the industry standard for proving it is another question entirely.

Privacy is built into the specification, Mastercard says. Verifiable Intent uses a technique called Selective Disclosure, which shares only the minimum information needed with each party in a transaction, enough to verify authorization or resolve a dispute, but not more. The framework is designed to interoperate with Google’s Agent Payments Protocol and the Agentic Commerce Protocol from Stripe and OpenAI, a sign that Mastercard is positioning this as complementary infrastructure rather than a rival standard.

What gives the announcement additional heft is the partner list. Mastercard is open-sourcing the Verifiable Intent specification on GitHub and has secured commitments from Google, Fiserv, IBM, Checkout.com, Basis Theory and Getnet. Google’s endorsement was pointed.

“Strong, interoperable trust infrastructure like Verifiable Intent that is compatible with Agent Payments Protocol is a natural accelerator for scaling agentic commerce,” said Stavan Parikh, VP and general manager, payments at Google.

Other partners emphasized the practical merchant problem Verifiable Intent is trying to solve. Fiserv’s Sanjay Saraf said the framework “enables merchants to proactively reduce fraud, strengthen dispute outcomes, and maintain customer trust.” IBM’s Kristin Kirtley Silva said it makes user authorization “simple and secure, so agents can act safely across platforms,” and plans to align it with IBM’s orchestration layer for enterprise deployments. Checkout.com’s Meron Colbeci called it “an important move to ensure the right parties can cryptographically validate intent without oversharing sensitive data.”

The specification is built on standards from the FIDO Alliance, EMVCo, the Internet Engineering Task Force and the World Wide Web Consortium. Mastercard says it will deepen the framework over time through integration with its Verifiable Credentials platform, and will continue working with industry bodies on complementary standards for conversational AI in commerce. Integration into Mastercard Agent Pay’s intent APIs is expected in the coming months.

The open-source approach is a deliberate move. By publishing the specification publicly and inviting developers, merchants and payment enablers to contribute, Mastercard is betting that broad participation is what will make a trust standard stick.

Whether the industry coalesces around it remains to be seen. “As commerce becomes more autonomous,” Fourez said, “consumer protection must keep pace.”