Visa launches protocol to verify AI shopping assistants amid fraud surge

TL;DR:

  • Visa introduced the Trusted Agent Protocol on Tuesday to help merchants verify legitimate AI shopping assistants through cryptographic signatures
  • AI-driven traffic to US retail websites has exploded by 4,700% over the past year, creating acute security challenges
  • The protocol enables merchants to distinguish trusted agents from malicious bots without requiring major infrastructure changes

Visa has launched a new security framework designed to help retailers distinguish between legitimate AI shopping assistants and the malicious bots that increasingly plague e-commerce sites. The Trusted Agent Protocol, announced on Tuesday, provides merchants with cryptographic verification tools as AI-powered commerce traffic experiences dramatic growth.

Context and Background

The protocol addresses a pressing challenge in what Visa terms “agentic commerce”—consumers delegating shopping tasks to AI agents that autonomously search products, compare prices, and complete purchases. According to Adobe data cited by Visa, AI-driven traffic to US retail websites has surged by more than 4,700% over the past year.

This explosive growth has created significant difficulties for merchants whose existing bot detection systems now risk blocking legitimate AI shoppers alongside malicious actors. Visa prevented $40 billion in fraudulent activity between October 2022 and September 2023, nearly double the previous year, with much involving AI-powered attacks where bots systematically test card credentials.

The system operates through a three-step cryptographic handshake. AI agents must first gain approval through Visa’s Intelligent Commerce programme, receiving unique digital signature keys. When visiting merchant websites, approved agents transmit their intent, consumer recognition data, and optional payment information. Merchants or their infrastructure providers then validate these signatures against Visa’s registry.

Looking Forward

Built on the HTTP Message Signature standard and aligned with Web Bot Auth, the protocol requires minimal changes to existing merchant infrastructure. Visa developed it in partnership with Cloudflare, with input from Microsoft, Shopify, Adyen, and other major payment processors.

The launch positions Visa in competition with Google’s Agent Protocol for Payments (AP2), OpenAI, and Stripe, all developing their own approaches to AI commerce verification. Rubail Birwadker, Visa’s Global Head of Growth, emphasised collaboration: “We are engaged with Google, OpenAI, and Stripe and are looking to create compatibility across the ecosystem.”

The protocol is available immediately through Visa’s Developer Center and GitHub, though merchant adoption will likely depend on how quickly AI agents begin accounting for significant shares of completed transactions rather than just browsing activity.

Source Attribution:

Share this article