The Protocol Wars Are Over. The Trust Layer War Just Started.
Everyone is still arguing about x402 vs AP2 vs MPP. But Fime's FACT launch and two new arXiv SoK papers signal the real battle has already moved one level up: whoever owns trust attestation owns agentic commerce.
The One Thing That Matters Today
The payments industry spent most of Q1 2026 arguing about protocols — x402, AP2, MPP, UCP, ACP. That debate is not over, but it is no longer the most important one. This week, Fime launched FACT (Framework for Agentic Commerce Trust), billing it as "the industry's first trust layer" for agentic commerce. Simultaneously, two new arXiv papers — a Systematization of Knowledge on blockchain A2A payments and a security survey of autonomous LLM agents in commerce — map the same blind spot independently: the protocols we've built are competent at moving money, and almost entirely incompetent at proving the intent, authority, and outcome-binding behind the movement. The protocol layer is becoming commoditized. The trust attestation layer is still wide open. That is where the next infrastructure company worth a billion dollars will be built.
What Happened (and Why It Matters)
Fime launches FACT — the Framework for Agentic Commerce Trust — a neutral, real-time, lifecycle-based trust verification service covering intent validation, policy and compliance monitoring, transaction-level trust attestation, and in-session authority checks. Fime is positioning this as independent infrastructure: not owned by the very actors it is supposed to hold accountable. The "neutral" framing is deliberate and smart — Visa, Mastercard, and Stripe each have a conflict of interest in being the trust arbiter for their own rails. (Fime · Biometric Update)
arXiv SoK: Blockchain Agent-to-Agent Payments (2604.03733) identifies four structural failures in current protocol design — weak intent binding, misuse under valid authorization, payment-service decoupling, and limited accountability. The paper proposes a four-stage lifecycle model (discovery → authorization → execution → accounting) and argues that without a shared append-only execution record anchoring all stages, cross-stage consistency is fundamentally unenforceable. This is the first rigorous taxonomy of what the current stack cannot do. (arXiv)
arXiv SoK: Security of Autonomous LLM Agents in Agentic Commerce (2604.15367) maps the full threat surface across AP2, MPP, and x402, noting that Stripe's Machine Payments Protocol on the Tempo blockchain supports both charge intents (one-time) and session intents, but that intent verification is still a deployment-specific concern — not a protocol-guaranteed one. The gap between "we have a protocol" and "the protocol enforces what the user actually wanted" is documented, peer-reviewed, and now impossible to hand-wave. (arXiv)
eMarketer frames the macro shift: "AI is collapsing discovery and checkout into one flow, shifting control of payments upstream. New protocols, agent logic, and data control will decide which payment providers capture value." The report recommends payment providers "build the trust layer that enables agentic commerce to scale" — using almost identical language to Fime's announcement, independently. When a testing/certification body and a market research firm converge on the same prescription in the same week, that is a signal. (eMarketer)
Visa's Intelligent Commerce Connect (launched April 8) is protocol-agnostic by design — supporting Visa's own Trusted Agent Protocol alongside Stripe's MPP, OpenAI's ACP, and Google's UCP through a single integration. AWS, Expedia, and Intuit are pilot partners. The decision to support all four competing protocols simultaneously is not a hedge. It is Visa explicitly betting that the protocol layer will commoditize and that value accrues to whoever sits above it — i.e., the credential, identity, and trust verification layer. (ByteIota)
Mastercard's Pablo Fourez (Chief Digital Officer) states the company's intent plainly: "Effortless must also mean trusted... backed by strong authentication, consent and security frameworks, so that human agency is at the core of how agentic commerce unfolds." Mastercard is framing trust infrastructure as a brand commitment, not just a compliance checkbox. That is a tell about where they expect margin to concentrate. (eMarketer)
The protocol fragmentation problem remains unresolved: As of April 2026, ten protocols are live or in active pilot — ACP, UCP, Shopify Agents, Amazon Buy for Me, Mastercard Verifiable Intent, Stripe MPP, x402, Google UCP, Visa Ready, and AP2. They are grouped across three functional layers (discovery/catalog, payment/checkout, and transport). Zero interoperability standards exist between them. (PAZ.ai)
The Bet
[Editor's take]
Here is the structural argument: in every prior payments infrastructure cycle, the layer that controlled risk adjudication ended up capturing disproportionate margin. Visa and Mastercard are not valuable because they move bits — ACH moves bits cheaper. They are valuable because they adjudicate disputes, certify merchants, and provide the liability backstop that makes cardholders willing to spend. In agentic commerce, the equivalent function is trust attestation: verifying that an agent had real authority from a real human to make a specific purchase at a specific moment, and providing an auditable, contestable record of that chain.
No existing protocol fully solves this. The SoK papers make that plain. x402 is excellent at micropayment execution but has no binding between payment and service outcome. AP2 has cryptographic mandates but leaves intent verification to deployers. MPP handles the HTTP 402 flow cleanly but session intents are enforcement-optional. All three are solving for throughput and interoperability. None has solved for accountability.
That is why Fime's FACT is the most interesting launch this week — not because Fime will necessarily win, but because the category they are entering is the one that matters. A neutral, independent trust attestation layer that can verify intent-to-outcome consistency across any underlying protocol is the EMVCo of agentic commerce. Whoever builds that durably, with enough financial institution and merchant adoption, becomes mandatory infrastructure. The candidates to watch are not just Fime: Worldpay/Trulioo's Digital Agent Passport is playing in the same space, and Mastercard's Verifiable Intent standard is a direct in-network bid for the same function. My read is that the independent/neutral players have an 18-month window before the networks consolidate this capability in-house and make it a condition of network participation — at which point it stops being an independent company opportunity and becomes a Visa/Mastercard feature.
What will not survive: any startup building purely at the protocol routing layer with no trust/attestation differentiation. The Forbes framing of "Stripe, Visa, and Mastercard racing to build AI agent payment rails" is already stale — the rails are largely built. The race is now for the inspection layer sitting on top of the rails.
Counter-Consensus
The consensus view is that the central problem in agentic payments is protocol fragmentation — ten protocols, zero interop, pick your standard and pray it wins. But the fragmentation problem is actually being solved, awkwardly and slowly, by Visa's protocol-agnostic aggregation strategy and by converging developer adoption patterns. The deeper problem — which the two new SoK papers document rigorously — is that even if you collapse to one protocol, you still have no guarantee that the agent executing a payment had unambiguous, scoped, contestable authorization from the user it claimed to represent. Interoperability solves the "can these systems talk to each other" problem. It does not solve the "should I trust what this agent is telling me about its mandate" problem. The entire industry is shipping infrastructure for a threat model that is one layer too shallow.
Research & Papers
SoK: Blockchain Agent-to-Agent Payments (arXiv:2604.03733) — First rigorous systematization of blockchain-based A2A payments. Four-stage lifecycle model; identifies weak intent binding, payment-service decoupling, and limited accountability as the core unsolved problems across x402 and comparable designs.
SoK: Security of Autonomous LLM Agents in Agentic Commerce (arXiv:2604.15367) — Maps the full threat surface across AP2, MPP, and x402. Key finding: protocol specifications describe the happy path well; adversarial, misuse, and edge-case authorization scenarios are consistently delegated to deployment-specific enforcement, which is the same as saying they are not enforced.
Sources
- Fime FACT launch announcement
- Biometric Update: Fime launches agentic commerce trust layer service
- arXiv 2604.03733 — SoK: Blockchain Agent-to-Agent Payments
- arXiv 2604.15367 — SoK: Security of Autonomous LLM Agents in Agentic Commerce
- eMarketer: Agentic Commerce and Payments 2026
- eMarketer: How industry leaders say AI will change the way consumers shop in 2026
- ByteIota: Visa Launches AI Agent Payment Platform
- PAZ.ai: 10 Agentic Commerce Protocols, Zero Interop
- Forbes: Stripe, Visa and Mastercard Race To Build AI Agent Payment Rails
Agentic Payment · April 20, 2026 · agenticpayment.forum Sources linked inline. Facts are sourced; opinions are labeled. Not financial advice.