ScoutGet the App

FIDO, Google, Mastercard curb rogue agents

- The FIDO Alliance said April 28 it is creating standards for AI agents, using Google and Mastercard technology to govern authentication and payments. - Google donated its Agent Payments Protocol, while Mastercard contributed Verifiable Intent, a cryptographic framework tying a user, agent and payment credential together. - The push extends passkey-style identity checks into agentic commerce as AI shopping tools move from demos toward real transactions. (wired.com)

The FIDO Alliance said on April 28 that it is building standards for AI agents to authenticate and make purchases using technology contributed by Google and Mastercard. (fidoalliance.org) The group is forming an Agentic Authentication Technical Working Group and a parallel effort on agent-initiated commerce, with Google contributing its Agent Payments Protocol and Mastercard contributing Verifiable Intent. (fidoalliance.org) (blog.google) The problem is simple: a merchant can verify a card number today, but an AI bot buying on your behalf also has to prove who approved the purchase, which agent is acting, and what limits apply. Wired reported that FIDO, Google and Mastercard are trying to stop agents from “running wild” with stored payment credentials. (wired.com) (mastercard.com) Google said Agent Payments Protocol, or AP2, is meant to let agents pass structured payment instructions through merchants, wallets and issuers without each company inventing its own rules. The company said it donated AP2 to FIDO to turn that work into an open standard. (blog.google) Mastercard and Google have separately described Verifiable Intent as an open-source cryptographic framework that packages the user’s approval, the agent’s identity and payment details into a tamper-resistant record. Mastercard said the design puts passkeys and biometrics at the center of agent-authorized payments. (fidoalliance.org) FIDO is the industry group behind passkeys, the login system that replaces passwords with device-based cryptographic keys and often a fingerprint or face scan. The alliance said it wants to apply that same “who approved this” logic to AI agents acting across apps and merchants. (fidoalliance.org) Andrew Shikiar, FIDO’s chief executive, said AI agents are becoming part of routine online activity, from purchases to task management, and that users need proof those actions are authorized and reflect their intent. Google payments executive Stavan Parikh said agentic commerce will not scale unless the standards work across the industry. (helpnetsecurity.com) (blog.google) The standards effort is early, and FIDO has not published a final timetable for when merchants, banks or wallet providers could deploy the specifications. The immediate goal is to keep the first generation of shopping agents from turning card-on-file convenience into a new fraud and liability problem. (fidoalliance.org) (wired.com)

Get your own daily briefing

Scout delivers personalized news, insights, and conversations tailored to your role and industry.

Download on the App Store

Shared from Scout - Be the smartest in the room.