Syndicate Links
June 15, 2026

Mastercard credentialed the buyer. Nobody credentialed the publisher.

Picture a travel agency that has handed its booking work to an AI agent. The agent finds a flight, compares prices across three sites, books the cheapest one, and charges the company card. The whole thing takes eleven...

← Back to blog
Mastercard credentialed the buyer. Nobody credentialed the publisher.

Mastercard credentialed the buyer. Nobody credentialed the publisher.

Picture a travel agency that has handed its booking work to an AI agent. The agent finds a flight, compares prices across three sites, books the cheapest one, and charges the company card. The whole thing takes eleven seconds. No human in the loop.

Mastercard built the infrastructure that makes that work. Agent Pay for Machines (AP4M), launched June 10, handles the credentialing, authorization, and settlement across cards, bank accounts, and stablecoins. The agent is verified. The spending limit is enforced. The transaction clears. Everything the payment system needs to know, it knows.

Here is the question AP4M does not answer: which travel review site sent the agent to that booking page?

What AP4M actually does

The press release is worth reading straight through. Mastercard's framing is specific: payments are shifting from "user-initiated" to "continuous, embedded, permissioned, machine-speed." Their architecture handles four things: credentialing (every agent gets a verified identity), permissioning (organizations set authorization rules), transacting (agents connect and settle across providers), and settling (multi-rail: cards, accounts, stablecoins).

The launch came with 30+ named partners: Adyen, Stripe, Cloudflare, Coinbase, Ripple, Solana Foundation, OKX, Checkout.com, Anchorage Digital. These are not pilot partners. Adyen named a Head of Agentic Commerce. Cloudflare's chief strategy officer quoted the launch directly. The partners are naming Mastercard directly.

The specific mechanism for agent identity is something they call Verifiable Intent. The idea: an agent carries credentials that say what it is allowed to do, what it is allowed to spend, and on whose behalf it is acting. Payment processors can check those credentials in real time. A transaction from an uncredentialed agent gets rejected.

This is genuinely good infrastructure. It solves the trust problem on the payment side.

The side it does not solve

Verifiable Intent tells a payment processor whether an agent is authorized to spend. It does not tell the merchant which recommendation led the agent to spend.

That distinction matters in the same way it matters in any two-sided market. Mastercard's system knows the agent. It does not know the publisher who sent the agent. Those are different questions with different stakes.

The flower shop scenario in Mastercard's own press release is useful here. An entrepreneur gives their AI agent a budget and instructs it to build a web presence (domain name, hosting, images, checkout pages). The agent goes out and transacts across providers. Every transaction is authorized through AP4M. Every payment clears.

But some of those providers (the domain registrar, the hosting service, the image library) were recommended somewhere. A blog post. A comparison page. A product guide. An AI assistant that synthesized content from a dozen sources. AP4M verifies the agent can pay. It does not record that a specific publisher's content influenced which domain registrar got the business.

The publisher gets nothing. The merchant has no signal about what drove the decision. The agent's entire decision path is invisible to everyone except the agent.

Why this moment is different from six months ago

When Visa entered the space with its Intelligent Commerce announcement in April, the argument for attribution infrastructure was still partly hypothetical. Card networks were experimenting. Partners were cautious. The question "who gets the commission?" was real, but the scale of the commerce layer was small enough that it was easy to defer.

AP4M is not an experiment. Thirty-plus partners across payments, crypto, developer infrastructure, and stablecoin rails. Mastercard's Chief Product Officer describing "a superbloom of AI business models." Adyen's head of agentic commerce saying the infrastructure decisions made now will determine how this space develops.

When the payment infrastructure is this mature, the attribution infrastructure question stops being forward-looking. It becomes operational.

Merchants building on AP4M will start seeing agent-initiated transactions in their Stripe dashboards. They will want to know where those agents came from. Publishers whose content influences agent behavior will want to know whether they are getting credit for the sales they are driving. Neither side has an answer today, because AP4M does not build one.

What the gap looks like from here

AP4M introduced one important concept: the idea that an agent's identity, permissions, and spending context should be readable in real time by the parties involved in a transaction.

The attribution layer needs the same thing for the commerce trail. Not "can this agent spend?" but "where did this agent's decision come from?" A token that travels with the agent's session (identifying the publisher, the content, the referral chain) and that settles when the transaction settles. Not a cookie. Not a browser session. A signed credential that lives in the same infrastructure layer as the payment credential.

The payment layer just got a credentialing system. The commission layer still needs one.

Source: Mastercard press release, June 10, 2026: https://www.mastercard.com/us/en/news-and-trends/press/2026/june/mastercard-launches-agent-pay-for-machines.html

The travel agent books the flight in eleven seconds. The publisher who built the travel comparison site that the agent consulted will never see a commission for that booking. AP4M did not change that. The next round of infrastructure might.

For merchants and publishers building on the new payment rails: syndicatelinks.co.