Merchants and payment platforms are beginning to encounter a new kind of buyer: AI agents completing checkout flows autonomously on behalf of users. These agents browse inventory, add items to carts, initiate payment, and complete transactions without the account holder present at the moment of purchase. For merchants who have built their fraud and authorization logic around human-initiated transactions, this creates a verification challenge with no established playbook: how do you confirm that the agent completing a checkout is authorized, is acting within the bounds its principal has set, and has not been compromised or hijacked between the point of authorization and the point of purchase?
Verifying AI agent identity during checkout requires answers to three questions: who is the agent? Who authorized it? And is this specific transaction within that authorization? Standard checkout fraud tools answer none of these questions well. Verifiable credentials answer all three, cryptographically, at the point of transaction.
This article explains the risks of unverified agent checkouts, what a verified agent payment flow looks like, and how merchants can build the verification capability into existing checkout infrastructure.
The Risk of Unverified Agent Transactions at Checkout
Agents That Assert Authorization Without Proving It
An AI agent completing a checkout typically presents a request that looks, to the merchant's systems, like an API call with an access token. The token proves that the calling application has credentials. It does not prove that the underlying user authorized this specific transaction, that the agent is operating within the user's defined scope, or that the agent's identity hasn't been compromised.
The result is that merchants accepting agent-initiated transactions on the basis of access tokens are accepting assertions. The agent asserts it is authorized. The merchant has no independent means of confirming the claim. For human-initiated transactions, behavioral signals and device fingerprinting provide some fraud signal. For agent-initiated transactions, these signals are absent or misleading, the agent's behavior is by design programmatic and consistent.
5 identity gaps that put AI agents at risk identifies this as a foundational exposure: agents acting without verifiable identity and authorization credentials create a fraud surface that existing checkout controls are not designed to address.
Unauthorized Agents and Hijacked Workflows
An agent that completes a checkout is executing a workflow that was initiated at some earlier point by a human user. If that workflow is compromised — through prompt injection, agent hijacking, or credential theft — the agent may complete a transaction that the user never intended. The merchant, having received a valid-looking API request, processes the payment. The user disputes it. The merchant bears the chargeback.
The absence of a verifiable authorization chain between the user's original intent and the agent's specific action is what makes this attack possible. If the agent's authorization for a specific transaction type and amount were encoded in a verifiable credential that the merchant could check, a hijacked agent operating outside those constraints would fail verification before the transaction reaches the payment step.
KYC and AML Exposure for Unverified Agent Counterparties
For merchants in regulated industries — marketplace platforms, financial services, age-restricted goods — knowing who is actually behind a transaction is not just a fraud concern. It is a regulatory requirement. An agent-initiated transaction where the merchant cannot verify the identity of the authorizing principal creates KYC and AML exposure. The agent is not the customer of record. The user it represents is. Verifying that the agent is authorized by a known, verified user is the merchant's compliance obligation when agents are the counterparty.
AI agent digital identity verification addresses exactly this: establishing the connection between an agent's actions and the verified identity of the human principal who authorized them.
What a Verified AI Agent Payment Flow Looks Like
Step One: The Agent Holds a Verified Identity Credential
Before any transaction, the agent's operating organization issues it a verifiable identity credential. This credential contains the agent's identity claims, the organization it belongs to, and its permitted capabilities. It is signed cryptographically by the issuing organization. AI agent identity at the platform level begins here: the agent is not anonymous, it has a verified identity that any counterparty can check.
Step Two: The User Issues a Delegation Credential
When the user authorizes the agent to make purchases on their behalf, a delegation credential is generated. This credential encodes the authorizing user's verified identity, the scope of the agent's authorization (merchant categories, per-transaction limits, cumulative spend limits, time window), and the agent's identity. It is signed by the issuing platform and held in the agent's wallet alongside its identity credential.
Step Three: The Merchant Verifies Both Credentials at Checkout
When the agent initiates checkout, it presents its identity credential and delegation credential to the merchant's verification endpoint. The merchant verifies both credentials cryptographically: was each issued by a trusted authority, has either been tampered with, have they been revoked, and does this specific transaction — its amount, merchant category, and timing — fall within the delegation scope?
If all checks pass, the transaction proceeds with the same confidence the merchant would have for a verified human-initiated transaction. If the agent is attempting a transaction outside its delegation scope, the credential check fails and the transaction is declined before reaching the payment processor.
Step Four: The Transaction Is Cryptographically Attributed
Every transaction that completes through the verified flow is cryptographically attributed to the agent's credential and the delegation credential, which in turn references the authorizing user's verifiable identity. The audit chain is permanent and independently verifiable. For dispute resolution, regulatory reporting, or fraud investigation, the record of who authorized what is unambiguous.
How Dock Labs Enables Merchant-Side Agent Verification
Truvera, Dock Labs' digital ID infrastructure platform, provides both the credential issuance infrastructure that agents use to obtain verified identities and the verification API that merchants use to check those credentials at checkout.
The verification integration is via REST API and sits alongside existing fraud and payment authorization infrastructure. Merchants do not replace their existing checkout stack. They add a credential verification step that provides the authorization-chain confirmation that existing fraud tools cannot supply for agent-initiated transactions.
Dock Labs has also launched an MCP (Model Context Protocol) server that brings credential verification directly into AI agent workflows. The MCP server allows agents to present credentials and receive verification results within natural language workflows, making the integration of credential-based verification practical for teams building agentic commerce systems. To explore access to the MCP server for your organization, get in touch with Dock Labs. You can read the full details in the MCP integration announcement.
For merchants accepting high-value or high-risk agent-initiated transactions, Truvera's biometric-bound credentialsprovide additional assurance: the delegation credential is bound to the authorizing user's biometric at issuance, confirming that the person who set up the agent authorization was the genuine account holder. For a detailed explanation of the binding mechanism, see how biometric-bound credentials work.
What Merchants Need to Build This Capability
A Credential Verification Endpoint
The core technical requirement is a verification endpoint that accepts credential presentations from agents and returns a structured result: identity verified, delegation scope confirmed, transaction within bounds. This endpoint integrates with the checkout flow at the authorization step, before the payment processor call.
Truvera's verification API provides this as a REST endpoint. The integration is additive: it runs alongside existing fraud scoring and payment authorization without replacing them.
A Trust Registry for Agent Issuers
Credential verification requires knowing which issuers to trust. Merchants who want to accept credentials from agents issued by specific platforms, financial institutions, or identity providers configure a trust registry that lists accepted issuers. Credentials from listed issuers are verified. Credentials from unlisted issuers are declined.
This is the merchant-side analogue of the issuer trust model that underpins reusable identity at scale: the merchant does not need a direct integration with every agent platform. It trusts the issuers whose credentials it has registered, and those credentials carry the authorization context it needs.
Consistent Verification Across Channels
Agent-initiated transactions may arrive through web checkout, mobile API, marketplace integrations, or partner channels. Credential verification provides consistent authorization confirmation across all of them, because the credential is channel-independent. The same verification check works regardless of how the agent initiates the transaction, raising the authorization floor consistently rather than leaving weaker channels exposed.
Conclusion: Merchant-Side Agent Verification Is the Foundation of Trusted Agentic Commerce
Agentic commerce works for merchants when they can accept agent-initiated transactions with the same confidence they apply to verified human transactions. That confidence requires cryptographic proof of agent identity and user-delegated authorization — not assertions that the agent is authorized, but verifiable credentials that prove it.
Dock Labs provides the infrastructure for merchants to verify AI agent identity during checkout: the issuance layer that gives agents verified credentials, the delegation layer that encodes user authorization, and the verification API that confirms both at the point of transaction.
Request a free consultation with Dock Labs to explore how Truvera fits your checkout and payment authorization architecture.
Frequently Asked Questions
How do merchants verify AI agent identity during checkout?
Merchants verify AI agent identity by requesting a credential presentation from the agent at checkout. The agent presents its identity credential and a delegation credential encoding the user's authorization. The merchant's verification endpoint checks both cryptographically, confirming the issuer, integrity, revocation status, and whether the transaction is within the delegation scope.
What is a delegation credential and why does it matter for checkout?
A delegation credential is a verifiable document encoding the authorizing user's identity, the scope of the agent's permitted actions, and the constraints on those actions. At checkout, it allows the merchant to confirm that the specific transaction — its amount, merchant category, and timing — is within what the user actually authorized. Without it, the merchant has only the agent's assertion of authorization.
What happens if an agent attempts a transaction outside its delegation scope?
The credential verification check confirms whether the transaction falls within the delegation scope. If it does not, verification fails and the transaction is declined before reaching the payment processor. The enforcement is cryptographic, not behavioral.
Does this require replacing existing fraud and payment infrastructure?
No. Truvera's verification API integrates as an additive step in the checkout authorization flow, alongside existing fraud scoring and payment processing. Merchants do not replace their existing infrastructure; they add a credential verification check that provides the authorization-chain confirmation that existing tools cannot supply for agent-initiated transactions.
What is the Dock Labs MCP server and how does it help merchants?
The Dock Labs MCP server brings credential issuance and verification directly into AI agent workflows, enabling agents to present credentials within natural language workflows without custom API integration. Merchants building agentic checkout capabilities can use the MCP server to integrate credential verification into agent-driven systems. Get in touch with Dock Labs to explore access.
What open standards does Truvera use for agent credential verification?
Truvera is built on W3C Verifiable Credentials, Decentralized Identifiers (DIDs), and OpenID for Verifiable Credentials. These are open, widely adopted standards that ensure agent credentials are interoperable across systems that implement the same specifications.
