As AI agents begin spending money on our behalf, payments rules built for human decision making are leaving consumers exposed to an accountability gap.
I’m not sure if it’s just the time of year, when everyone starts reflecting on what the past 12 months have brought, but I feel like I’ve sleepwalked into a world where AI agents can compare products, make bookings, complete checkout forms and move real money.
Honestly, how did we get here?
We are suddenly in an era where every payments company is entering “agentic commerce,” which is essentially a way of saying your digital sidekick will soon be hitting the buy now button on your behalf.
Yes, it sounds convenient. But maybe it’s because I feel like I went to bed one night without hearing much about it, and woke up the next morning to every firm launching an AI agent, that I can’t help but ask whether we are actually ready.
Because right now, the rules were not built for this.
The UK’s new reimbursement scheme for scam victims, the US’s Regulation E and Europe’s PSD2 all assume a human is making the decision. The law imagines a person sitting there, card in hand, consciously choosing to send £800 to someone claiming to be from the “Royal Mail Refunds Department”. It does not imagine a bot doing it because a phishing email slipped past its filters.
I’m not saying rules aren’t being made for this new AI world as there has been some progress. Visa, for example, is rolling out its Trusted Agent programme, which gives AI agents a form of verification so they can operate inside the payments ecosystem. I won’t deny this helps from a security perspective.
However, a badge does not solve the awkward moment when the bot gets it wrong. I mean do we really think they will never make a mistake?
Right now, everyone pretends the person culpable for the mistake is the customer. If you authorised the AI to act on your behalf, then its mistake becomes your mistake. That is broadly how UK law sees it and banks are more than comfortable with that arrangement. It is the digital equivalent of lending your cousin the car keys. If he crashes, insurers tend to shrug and say you did give him the keys.
The problem is this isn’t your cousin. It is a system most consumers do not fully understand, making decisions they did not explicitly approve. And unlike your cousin, it will not apologise.
The truth is the liability gap here is a consumer protection crisis waiting to happen. As AI becomes embedded in commerce, millions of people will be exposed to risks they do not even know exist.
Unless regulators get ahead of this, we will see the same pattern play out again. Innovation races ahead. Consumers are told to be vigilant. And when something goes wrong, it is suddenly their fault for trusting the very tools they were encouraged to use.
So what should happen instead?
We need a shared responsibility model, one which recognises AI developers, banks, merchants and regulators all have skin in the game. If an AI system is trusted enough to move my money, then the people who built it, approved it and profit from it should share accountability when it goes wrong.
Let’s be honest. No one wants another blame game between payment providers and big tech like the one we already have around authorised push payment fraud. This is the chance to get the rules right from the beginning.