Agentic Payments technology is ready. Regulation, fraud, and trust are not

The technology for agentic payments works. Mastercard proved it with the first fully European end-to-end agentic transaction. The questions are who's liable when an agent buys the wrong thing, how regulators in Europe will respond, and whether consumers will trust a system they can't see.

We gathered the people closest to the problem to find out where things actually stand. On June 9, 2026, The Software House hosted a Business Breakfast on the Future of Payments with Fintech Poland in Warsaw.

The morning began with a presentation by Rafał Kucharski, Engineering Manager at TSH, who shared production-level lessons from building a conversational payment agent for a real fintech client delivered in five months.

Here's what The Software House-built agentic payment system actually looks like:

That was followed by a panel discussion moderated by yours truly, featuring four practitioners from across the payments stack.

• Małgorzata Domagała is Vice President, Products and Solutions, Mastercard Poland, Czechia, and Slovakia, Mastercard Europe. Her team is responsible for implementing Mastercard's solutions across cybersecurity, AI, stablecoins, and payment frameworks, including the agentic payments initiative.

• Matthias Horvath is a Solutions Business Analyst at Paymentology, a behind-the-scenes card processing technology provider that enables tokenization, fraud engines, and spend controls for banks and issuers. 

• Rafał Piotrowski is Product Owner for E-Commerce and Payment Gateway at BNP Paribas, overseeing payment gateway operations in Poland. He represented the bank's perspective throughout, enthusiastic about the shift, and clear-eyed about the risks.

• Cezary Kosiński is the Business Development Manager for Europe at EFT Lab, which provides high-performance payment switches capable of processing 4,000 transactions per second, or more than 100 million transactions per day. He has been working with machine learning since the 1990s.

How conversational AI reshapes the entire user journey

When ChatGPT launched in November 2022, it reached 1 million users in just 5 days, making it the fastest-growing consumer app in history. It was proof that people would rather ask than search.

Recently, Google announced at I/O 2026 the biggest changes to search in 25 years: AI Mode is now the global default, the search box has been rebuilt for conversational prompts, and agentic checkout is expanding into new markets.

When the world's dominant discovery interface completes that shift, everything downstream follows, including how purchases are initiated and how payments are routed.

Rafał Piotrowski described what's already visible in the data: AI agents intercept purchase journeys before a human sees a product page, diverting traffic away from original websites and stores.

"We have seen that Google and also different LLMs started gaining more and more traffic, and they use that traffic to point the customer to certain topics or products," he said. "There's a question on the horizon: will the agent choose which partner will process the payment?"

Rafał Piotrowski

Product Owner for E-Commerce and Payment Gateway @ BNP Paribas

Morgan Stanley puts the pace in numbers: by 2030, half of all US online buyers will use AI shopping agents. In Poland, 19% already say they'd ask an AI for shopping, and 57% of those would allow it to use their payment card if safety is assured.

The infrastructure is moving. The question is whether your systems are moving with it.

Behind every Agentic Payment, there are 60 system interactions in under 2 seconds

Here's what gets missed in most agentic payments coverage: the hard problem isn't the model, it's the transaction.

"A standard payment today involves 4-5 system interactions. A complex one involves up to 35. All of them happen within 1-2 seconds. When agentic payments add tokenization layers, additional risk management systems, and more participants to that chain, the average number of interactions climbs to 6-7. The peak pushes to 50-60".

Cezary Kosiński

Business Development Manager for Europe @ EFT Lab

The pipeline that needs to execute all of this reliably, at scale, under latency constraints, was never designed with AI agents in mind.

Kosiński described the interoperability challenge: "In the past, people used to go through foreign language courses. Now they use translators. The same happens when IT systems start speaking via API and protocols."

Matthias Horvath: "We're not reinventing the wheel, the rails and tools are already there.”

Tokenization is the clearest example. “The same mechanism that represents your card in Apple Pay, or authorizes a Netflix recurring charge, can represent an agent. The cardholder sets spending limits. Behavioral constraints. Approved contexts. And if trust breaks down: With token controls, I just delete the token," – Horvath explains.

The technology for control is there. The challenge is integrating it stably and at scale across a heterogeneous ecosystem of banks, processors, PSPs, merchants, and AI providers, each moving at different speeds and governed by different rules.

When the AI buys the wrong thing, who pays? Fraud & liability

Every new mechanism creates new fraud vectors, but at the same time, the new payment systems are equipped with new, even better security features. Agentic payments are no different, but the liability issue must be resolved.

The classic chargeback framework was built around a human who made a decision and later disputed it. When an agent initiates a transaction, that clarity dissolves.

The panelists raised the "princess castle problem."

A child talking to an Alexa speaker inadvertently bought multiple princess castles via an attached Amazon card. In an agentic world, that scenario becomes more frequent and harder to adjudicate.

• Was it fraud?

• Family fraud?

• An agent executing within its parameters but against the user's actual intent?

Each answer has different legal and financial implications.

"You're always one step behind the fraudsters, because the fraudsters, as it's a massive business, are very fast in using AI. A good example was COVID-19: the acceleration of e-commerce payments, and the fraudsters were the first ones to make a business out of it."

Matthias Horvath

Solutions Business Analyst @ Paymentology

The same sequence is now playing out with agentic commerce. Domagała pointed to the structural reason the good guys are at a disadvantage.

"The banks are under regulations. The fraudsters and the crime don't have rules. The only effective response is collective: if payment schemes, processors, and banks are working together against cybercrime, this is the way we can really win."

Małgorzata Domagała

VP Products and Solutions Lead for Poland, Czechia, and Slovakia @ Mastercard

Mastercard's answer to the chargeback problem is a verifiable intent standard, co-developed with Google, Microsoft, and major merchants, that captures, stores, and makes auditable the intent of every agentic purchase.

"If the bank receives the information that I would like to buy a bike of this size from this shop at this price, and then the transaction happens in a different way, I have a very simple and factual basis for a chargeback," Domagała said.

That scenario, where regulatory intervention forecloses experimentation before the ecosystem has time to mature, is a real risk. Particularly in Europe, where the regulatory pace tends to lag the technology and where the instinct is often to protect first and enable second.

Piotrowski's broader view put the stakes in perspective. "Whenever it comes to an operating system, a database, or an AI agent, first there's an invention, then the bugs and flaws are found by malicious actors."

You won't lose your customers to AI Agents. You'll lose your data

When open banking arrived in Europe, the dominant prediction was that banks would become irrelevant, mere "money donors," as Domagała put it, reduced to holding funds while fintechs captured the relationship.

It didn't happen. Polish banks, in particular, treated it as a product opportunity, cooperating with fintechs, building competitive digital experiences, and embedding themselves in the new infrastructure rather than resisting it.

Piotrowski was direct: "Based on the data we have from the transaction side, we build quite a lot of logic within the bank. If the customer comes in for credit, we review their history and can determine what kind of customer they are based on their transactional habits. If we lose that sight, it will be pretty painful."

An agent that transacts via opaque UIDs, without merchant-level data passing through bank systems, doesn't just create a customer experience problem; it also undermines the bank's ability to provide financial services and degrades the bank's core intelligence layer.

The agentic technology is ready; these 3 things are not

1. Regulations

Europe will likely move slower than Asia and the US, which may cost European players ground to competitors who move first.

The difference lies in whether regulators choose to consult and co-create, or observe and restrict.

Piotrowski was blunt: "I do hope we do not kill the whole idea with too many regulations."

2. Liability clarity

Until there is a clear answer to "who is responsible when an agent buys the wrong thing," every acquirer, PSP, and bank is making a risk assessment in the dark. Non-participation may look conservative.

Commercially, as Domagała pointed out, it just means the merchant routes to a competitor: "If one acquirer and PSP will not do it, they will just turn their backs elsewhere."

3. Psychology

Kosiński made a point that rarely surfaces in fintech discussions. "We expect machines to perform the task 100% without any fault. Maybe the accuracy will be 99%. And we must accept the fact that an algorithm decides about our money, and we are responsible for mistakes made by machines."

A 99% accurate payment agent is statistically better than most human processes, but one failure in a hundred will feel like a system failure, not an error rate. That perception gap is not a technical problem. It's a product and communication problem the whole ecosystem has to solve.

Whether agentic payments reach that threshold is an open question.

Building Agentic Payments now? Advice from the people closest to the infrastructure

The teams building agentic payment systems today are making decisions that will shape the infrastructure for the next decade. A few things are already clear from production experience and from the people closest to the industry.

1. Treat tokenization as your starting point, not your finish line.

   The control mechanisms exist. Building agent trust into them – spend limits, behavioral constraints, revocable access – is the immediate engineering priority.
   

2. Make protocol compatibility non-negotiable.

   MCP and UCP are becoming the lingua franca of agentic transaction flows. Banks and processors that can't speak that language will be sidelined from conversations they don't even know are happening.
   

3. Start with bounded, reversible use cases.

   Bill payments, recurring subscriptions, travel booking, dining, retail shopping; these are where readiness is highest because intent is legible and disputes are tractable.

   Open-ended instructions like "surprise me" are not yet something the ecosystem can reliably verify or adjudicate.
   

4. Build the internal case before the external one.

   Start with an agent your organization controls entirely. Learn what breaks in a contained environment before exposing it to customers and to regulators.