Mastercard and Google Put Passkeys at the Heart of AI Payments

The rise of AI agents acting on behalf of consumers has created a trust gap: merchants need assurance that a purchase truly reflects the user’s intent. Verifiable Intent addresses this by anchoring each transaction to a biometric verification step, leveraging the same passkey technology championed by the FIDO Alliance. By embedding identity, instruction and transaction data into a single cryptographic payload, the framework creates an immutable audit trail that can be verified without exposing raw credentials, a crucial advancement for autonomous commerce.

Technically, Verifiable Intent is protocol‑agnostic, drawing on EMVCo, IETF and W3C specifications while aligning with Google’s Agent Payments Protocol and Universal Commerce Protocol. Its selective disclosure mechanism ensures that each participant—merchant, issuer, or dispute resolver—receives only the minimal data required, mirroring privacy‑by‑design principles already embedded in mobile wallet standards. The open‑source reference implementation hosted on GitHub invites rapid adoption and community scrutiny, accelerating the maturation of a secure AI‑payment ecosystem.

From a business perspective, the initiative signals a decisive move toward password‑less transactions by 2030, extending biometric authentication beyond the point‑of‑sale to AI‑mediated purchases. Early integration into Mastercard’s Agent Pay APIs, coupled with backing from industry heavyweights like Fiserv, IBM and Checkout.com, suggests swift uptake among merchants and issuers. As AI agents become commonplace, Verifiable Intent could become the de‑facto standard for proving consent, unlocking new revenue streams while mitigating fraud and regulatory risk.