Adding a security layer to agentic commerce transactions that tethers a human to their AI agent is the trust component needed to give merchants the confidence they require to address challenges that include unauthorized transactions and misrepresentations in addition to fraud detection.

The payment card industry is moving steadily towards protocols that will provide AI agent developers with an open standard to identify themselves, the platform on which they operate and the user(s) they represent.

That effort supports the merchant community’s need for a scalable method to authenticate AI agents, verify who an agent represents and determine why the agent is taking an action.

The final step is to tie user intent to the delivery of tokenized identity and payment credentials.

Skyfire, which launched end-to-end interoperable network infrastructure capabilities for autonomous agentic commerce early in 2025, assembled a consortium of more than 15 security vendors, bot managers and identity and access management companies to create a trust protocol they call KYAPay to make the web just as useful to an AI agent as it is to a human when making a payment.

KYAPay is an open protocol that addresses user intent and tokenization for identity verification and payment credentials. Merchants can process a payment from an AI agent using their existing card-not-present (CNP) security systems. Consortium members contributed use cases from their respective expertise in the development of KYAPay.

Skyfire has submitted the KYAPay protocol to the Internet Engineering Task Force, which develops open standards to make the internet work smoothly and securely. It will also submit it to the Fido (Fast Identity Online) Alliance, a global organization whose members include card networks, card issuers and payment processors.

Fido Alliance working groups are expected to consider KYAPay and the needs of payment companies and ultimately produce a final standard. The protocol can be used today at ecommerce websites and will be available for agent-to-agent transactions in the future.

KYAPay JSON Web Tokens are being tested by ecommerce merchants. The buy-side tokens enable data transfer from a buyer’s agent to a merchant’s system.

Among the more than 15 companies in the consortium are Experian, Forter, Akamai, F5, Fastly, Ory and DataDome.

Experian, a top provider of digital identity management services, is building services that tie verified human identities to KYAPay tokens. Tests are in progress with bose.com. Visa is a collaborator on the test, which demonstrates verifiable end-to-end identity management.

The company is continuing to develop Experian Agent Trust, which incorporates KYAPay to validate identity, confirm intent and delegate authority to purchase in real time. It is discussing partnerships with the companies that provide the large language models consumers use to create AI agents.

Experian’s buy-side token integrates with existing commerce and payment systems and includes the risk and fraud fighting signals merchants expect in a CNP transaction.

The company is also creating an agent registry that will maintain a dynamic trust score for human-bonded AI agents based on the individual, their devices and their AI agents. Experian Ventures has made an investment in Skyfire.

Prior issues: 1284, 1270