· agentic-commerce · payments · protocols
AP2’s Inheritance Problem: Subscription-Era Mandates Meet One-Shot Agentic Commerce
AP2’s mandate machinery grew up in the world of recurring subscriptions and merchant-initiated charges. Stretch it over autonomous one-shot purchases and the seams show — in the merchant’s chargeback column.
David Broderick Founder & Head of AgentsEvery payments protocol carries the DNA of the problem it was born to solve. AP2’s DNA is unmistakable: mandates. A cardholder grants a standing authorisation; the charge happens later, initiated by the other side, without the cardholder present. That is a fine and battle-tested shape — for the world it came from.
That world was recurring subscriptions and merchant-initiated transactions. The gym membership. The streaming service. The card-on-file utility bill. And it’s exactly the wrong inheritance for what agents actually do.
The world the mandate grew up in
Look at what the subscription/MIT model quietly assumes, because every assumption is load-bearing:
- A stable, known merchant. You subscribed to this service; the mandate names it. The relationship existed before the charge and continues after.
- A predictable amount. $9.99 a month, every month. The cardholder can recognise the charge on a statement at a glance.
- A long-lived grant. The mandate’s whole purpose is to persist — authorise once, charge indefinitely until cancelled.
- The merchant initiates. The cardholder is deliberately absent; the counterparty they already trust pulls the payment.
Under those assumptions, “authorise now, charge later” works beautifully. Disputes are rare because nothing about the charge is a surprise: same merchant, same amount, same day of the month.
The world the agent actually lives in
Now run an agentic purchase through those same assumptions and watch each one fail:
- The merchant is unknown at mandate time. You authorised an outcome — two tickets under €120 — not a named counterparty. The agent picks the seller later, and it may be one you’ve never heard of.
- The amount is variable. €118? €236 for the pair? Whatever the market says inside the cap. Nothing about the eventual statement line is recognisable in advance.
- The grant should be short-lived and single-shot. An agent hunt wants to expire in fourteen days and die after one purchase — the exact opposite of a mandate built to renew forever.
- Software initiates, on the cardholder’s behalf. Neither the cardholder-present model nor the merchant-initiated model actually describes what happened. It’s a third thing, wearing borrowed clothes.
Stretch a subscription-era mandate over that transaction and it technically processes — the rails accept it. But semantically, the paperwork says “recurring-style authorisation to charge later” while the reality is “one-shot purchase from a stranger at a price the cardholder never saw.” That gap between what the mandate says and what actually happened is precisely where disputes breed.
Where the gap surfaces: the merchant’s chargeback column
And here’s the ugly part: the gap doesn’t surface at the protocol layer, or at the agent platform, or at the network. It surfaces on the merchant’s statement.
The charge arrives at the issuer as a card-not-present, merchant-initiated-style transaction. The cardholder sees an unfamiliar merchant name and an unfamiliar amount, weeks after they primed an agent and forgot about it. “I don’t recognise this.” “That’s not what I meant the agent to buy.” The issuer, applying the dispute rules that CNP and MIT traffic has always lived under, does what those rules default to: sides with the cardholder. The merchant — who genuinely shipped the goods to a genuinely authorised agent — eats the chargeback.
Merchants piloting agent-initiated checkout are telling us exactly this: chargeback rates on agent traffic running at multiples of their baseline, driven not by fraud but by unrecognised-transaction and authorisation disputes — the signature failure of a mandate model that can’t prove what the human actually agreed to at the moment it matters. And chargeback ratios aren’t just a cost line. Cross the card networks’ monitoring thresholds — around one percent — and a merchant lands in a dispute-monitoring programme: fines, remediation plans, and ultimately the loss of card acceptance. For a mid-sized seller, agent traffic that doubles the chargeback ratio isn’t an experiment; it’s an existential risk. So they do the rational thing and switch it off.
A protocol whose adoption path requires merchants to absorb subscription-era dispute mechanics on non-subscription transactions is asking the one party with veto power to fund the transition.
Purpose-built beats retrofitted
We didn’t adapt Orchard28’s transaction architecture from recurring billing. We built it for the one-shot, delegated, autonomous purchase — and every design choice answers a failure mode above:
- Intent is committed per run, not per relationship. The cardholder PIN-commits each authorisation through CPoI (paywithCPoI.com) — this outcome, this cap, this window. The result is a fully authorised, card-present transaction, with liability shifting to the issuer. Not a standing mandate stretched to cover a stranger; a sealed envelope of intent, matched exactly to one purchase.
- The authorisation dies by design. Caps and expiry aren’t policy hints — the single-use virtual card is funded to the approved amount, scoped to the winning merchant, and dead after settlement. There is no long-lived grant lying around to be misapplied.
- The merchant never meets the ambiguity. As merchant of record, Orchard28 is the counterparty. The seller sees a clean, funded, card-present-backed payment from a platform that stands behind it — and the “I don’t recognise this charge” dispute goes to us, where the audit trail and the PIN commitment resolve it, instead of into the seller’s chargeback ratio.
- The statement line makes sense. One platform name, one receipt, one audit trail linking the charge to the brief the cardholder wrote and the PIN they entered. Recognition is the cheapest chargeback prevention there is.
The test, again
We ask one question of every agent-payments design, and it cuts through protocol politics faster than any whitepaper: when the cardholder doesn’t recognise the charge, who proves what was authorised — and who pays while it’s argued?
A mandate model inherited from subscriptions answers: the merchant pays, and the proof is a document written before anyone knew what would be bought. Orchard28 answers: the issuer carries card-present liability, the platform carries the dispute, and the proof is the cardholder’s own PIN on precisely the purchase in question.
Agentic commerce deserves payment machinery born for it. Merchants shouldn’t have to bet their chargeback ratio on hand-me-downs.