Sign up
Subscribe
Home / news / Peach Payments’ CISO says agentic commerce needs controls to match a $5 trillion payment shift
news

Peach Payments’ CISO says agentic commerce needs controls to match a $5 trillion payment shift

Peach Payments’ CISO says agentic commerce needs controls to match a $5 trillion payment shift

Payment security was built to treat automation as the problem. Agentic commerce flips that logic: the valuable traffic may now be automated, and the question becomes whether an AI agent is authorized to spend on a customer’s behalf. Judy Winn, CISO at Peach Payments, says that creates a new attack surface PSPs and acquirers cannot keep handling with bot-era controls.

  1. McKinsey estimates AI agents could handle between $3 trillion and $5 trillion in global agentic retail commerce by 2030. That is the backdrop for a stack that is already moving: Visa has enrolled local banks in its Agentic Ready programme, Mastercard has launched Agent Pay, OpenAI has integrated Instant Checkout with Stripe, and in March 2026 Mastercard and Google open-sourced a protocol called Verifiable Intent.
  2. Winn’s core point is that the old security question — “is this user human?” — stops being the right one once an AI agent is allowed to transact. The relevant test becomes whether the agent is authorized and still operating inside the scope the customer intended. In other words, payment risk moves from blocking automation to distinguishing legitimate automation from hostile automation.
  3. That creates two regimes running at once. Card-testing and scraping still exist, so systems still need to stop malicious bots. At the same time, they need to let legitimate agents through in milliseconds. Winn also flags a less obvious failure mode: AI agents reason and adapt, which means they can be manipulated. If an agent is compromised through prompt injection, fraud systems may not see a “bad bot”; they may see a trusted actor following instructions planted by an attacker.
  4. Winn highlights three unresolved questions. First is agent identity: Google’s Agent Payments Protocol (AP2) Mandates and Mastercard’s Verifiable Intent are steps toward proving who or what is acting, but the standards are still converging inside the FIDO Alliance’s 2026 working groups. Second is what happens after compromise: prompt injection can hide malicious text in a product listing and change an agent’s behavior, for example by inflating order quantity or redirecting shipment. OWASP has guidance on defending against this, but Winn says few of those defenses have been tested inside live payment flows.
  5. The third issue is speed. Human-driven fraud is limited by human speed, but agents can run thousands of attempts in the time it takes a person to react. That puts pressure on PSPs, acquirers, and banks to make authorization, fraud detection, and policy enforcement operate at machine pace, not human pace.

For high-risk merchants, the practical takeaway is simple: agentic commerce is not just another checkout feature. If the payment stack cannot verify intent, constrain scope, and respond at machine speed, it will be doing the old job — filtering bots — while the new threat walks straight through wearing a customer’s credentials.

Weekly high-risk digest

Regulation, sanctions and payment news across your verticals — once a week, free.

Please check your inbox and click the link to confirm your subscription.

Please enter a valid email address!