NOTE: For developers – jump to the technical details »
AI Agents have barely begun to meet their potential. Despite continued and growing adoption by consumers and businesses for basic tasks and even multi-step workflows, the promise of a truly autonomous assistant – whether it be for shopping or other tasks – has yet to emerge.
Across Forter’s network of over 280,000 merchants, we’ve seen a 700% increase in the number of sites where agents are browsing — with some sites seeing upwards of 7,600% increases since the launch of ChatGPT Agent. But purchase conversions are still nascent.
This is far more complex than simply using ChatGPT Agent or Perplexity Pro. The vision we all have for how agents will support us as consumers requires a new approach to the entire ecosystem with buy-in and coordination from — and between — consumers, merchants, and agent developers.
While research points to strengthening consumer desire, we’re in a stand off between agent developers and merchants. The reason: data.
Merchants have collectively spent billions of dollars in time and tech to build an ecosystem around customer data and performance. Businesses are made by delivering incremental purchases from highest value customers, increasing rebuy rates (even by mere basis points), and being able to identify potential high value customers after just a few clicks. All of this data lives in sophisticated tech ecosystems – the data lakes, warehouses, and customer data platforms that power acquisition modeling and targeting, dynamic pricing and promotions, personalization, loyalty programs, and more.
While Agentic transactions might start as a fraction of total purchases, merchants don’t know who will be behind them. They won’t be using or augmenting their data sets. And if it’s a highly valuable customer behind the agent interaction, this disintermediation can lead to a rapid loss of control and revenue.
The volume of data loss for merchants is meaningful. Our teams have gone shopping using AI referrals, ChatGPT Agent, and Perplexity Pro to identify what data is obfuscated and the merchant processes this lack of data will impact.
One look will tell you why some merchants have gone so far as to completely block agent traffic.
The Next Frontier Requires The Next Foundation
While Forter is known for fraud prevention and payment optimization, the core of our solutions is the world’s most powerful identity network. This is not hyperbole – our data consortium comprises over two billion unique online identities, or 25% of the global population. We layer up to 6,000 behavioral and hard data attributes per identity. This is why our merchant customers trust us to analyze and process more than $400 billion in annual transaction value – more than $100 billion over what Shopify processes on an annual basis.
Our goal has always been to protect both consumers and merchants. And in this new agentic world, our goal is to continue to do the same. We see the opportunity in adopting agents – on both the consumer and the merchant side.
So, we’re proposing a solution. A new protocol we’re calling the Trusted Agentic Commerce Protocol. We’re inspired by the work that organizations like Cloudflare are doing in this area, but our belief is that identity needs to be the solution – not just of the agent, but also of the consumer behind the agent. Trust must exist at every step in the process.
This is possible, and able to work in a way where merchants are not disintermediated from their customers — and where OpenAI and Perplexity are not able to be the only agent developers used by consumers. Choice and trust can coexist.
We view this as an elegant solution to problems faced by merchants, agent developers, SaaS vendors, and consumers. But we also know that the world continues to change quickly; so we’re recruiting merchants, partners, consultants, developers, and the market at large to contribute to the continued evolution of this open standard.
Want to join us? Contact us at [email protected].
Introducing the Trusted Agentic Commerce Protocol
Forter’s Trusted Agentic Commerce Protocol is an open standard for authenticating AI agents in digital commerce. This will allow merchants and agent developers to:
- Authenticate each other: verify the agent’s identity and its relationship to the consumer behind it
- Maintain rich customer data: fully reduces the data losses currently experienced by merchants when agents are engaging with digital commerce
- Prevent fraud: differentiates between legitimate agentic activity and fraud attempts
- Puts the consumer first: allows the consumer to engage however they desire in a secure, personalized, and frictionless experience
Ultimately, our view is that this creates a win-win-win for merchants, agent developers, and consumers.
The Trusted Agentic Commerce Protocol heavily discounts identity signals that have been fundamentally broken for decades, such as spoofable User-Agent strings or shared IP addresses. It uses cryptographic certainty required for high-stakes activity like transactions, and is based on web-native standards.
Forter’s Trusted Agentic Commerce Protocol uses JSON Web Encryption (RFC 7516), which enables agents to securely transmit data on behalf of user, ensuring the data:
- Was generated by the agent
- Has not been altered in transit
- Is fresh and not a replay
- Is encrypted end-to-end to prevent interception or leakage
- Is decrypted only by the intended recipients
Encryption lets agents attest human intent and securely exchange data with every party involved in a transaction. When a user initiates a purchase through an agent, the request often passes through multiple paths and stakeholders before completion. These may include:
- Merchant vendors such as personalization engines, loyalty programs, fraud detection and analytic services
- Payment providers processing and settling the transaction
- Support systems handling cancellations, refunds, or post-purchase changes
- Chargeback and dispute resolution services
Encryption ensures that each interaction will include the required-minimum data, visible only to its intended recipient. We’ve made the protocol bi-directional so each party can both send and receive encrypted data, enabling diverse use cases:
- Agents can request reverse auctions for best pricing pre-purchase
- Merchants can push order and dispute updates post-purchase
- Merchants can even send shipping statuses directly to users via email, SMS or WhatsApp
Senders define notifications, callback URLs or webhooks and become receivers. This not only creates a connected commerce experience, but a very efficient one – eliminating long polling.
The protocol doesn’t enforce a schema for this data, but we’ve compiled a list of frequently requested fields (full schema is here) based on Forter’s decade of e-commerce experience:
| Namespace | Sample fields | Description | Example | Intended parties |
| session | id | Unique identifier for the particular chat or interaction | dd1c582b-b6ab-4eb4-9bc1-3722bfc3d99f | Merchants, Fraud Detection Vendors |
| intent | Underlying goal and desired outcome, used for personalization | “Find me reliable running shoes” | Merchants | |
| consent | Explicit or implicit permission granted to take specific actions, used for authorization and evidence collection | “Buy Nike Air Jordan Retro shoes under $200” | Merchants, Fraud Detection Vendors, Payment Providers, Dispute Vendors | |
| signals | Device attributes and vendor-specific assessments that link between human and agent | {“ipAddress”: “192.168.1.1”, “userAgent”: “MyAgent/1.0”, “forterToken”: “ftr_xyz”} | Fraud Detection Vendors | |
| user | email
phone |
Including when and how it was last verified. Can be used to login and unlock previously saved cards/addresses. Alternatively, if the user doesn’t have an account with the merchant, they can be automatically signed up | {“address”: “[email protected]”, “verifications”: [{“method”: “MAGIC_LINK”, “at”: “2025-08-10T12:34:56Z”}]}
{“number”: “+14155550123”, “type”: “MOBILE”, “verifications”: [{“method”: “SMS_OTP”, “at”: “2025-07-30T18:20:00Z”}]} |
Merchants, Fraud Detection Vendors |
| preferences | User-level settings for personalization | {“brands”: [“Nike”,”On”,”Asics”], “sizes”: {“shoe”: {“value”: 42, “unit”: “EU”, “method”: “HISTORICAL_PURCHASE”, “at”: “2025-06-10T10:00:00Z”}}} | Merchants, Personalization Vendors | |
| order | cart | Items in cart | [{“sku”: “AJ1-RETRO-HIGH-BRD-10.5”, “name”: “Nike Air Jordan 1 Retro High”, “quantity”: 1, “price”: 170.00}, {“sku”: “AJ-LACES-RED-54”, “name”: “Air Jordan Premium Replacement Laces – Red”, “quantity”: 1, “price”: 15.00}] | Merchants |
| billingAddress
shippingAddress |
Normalized shipping address | {“name”:”Jane Doe”, “line1″:”456 Main St”, “city”:”Springfield”, “region”:”IL”, “postal”:”62704″, “country”:”US”, “type”:”RESIDENTIAL”} | Merchants, Fraud Detection Vendors | |
| paymentMethod | Tokenized payment credential | {“type”:”CREDIT”, “brand”:”VISA”, “provider”:”Stripe”, “token”:”tok_xyz”, “last4”:4242, “holderName”:”Jane Doe”}} | Payment Providers | |
| currency | ISO-4217 transaction currency | USD | Merchants, Payment Providers | |
| notifications | Requested event updates, with each entry declaring event types and targets | [{“id”:”notify_xyz”, “events”:[“ORDER_STATUS”,”PAYMENT_STATUS”], “targets”:[{“type”:”URL”,”value”:”https://agent.example.com/webhook”}]}, {“events”:[“SHIPPING_STATUS”], “targets”:[{“type”:”SMS”,”value”:”+14155550123″}]}] | Agents, End-users | |
| custom | Any other key-value attributes not present in the published schema are also accepted. | |||
Integrating the Trusted Agentic Commerce Protocol
The Trusted Agentic Commerce Protocol is designed to be straightforward and easy to integrate.
Agents
- Generate RSA or EC key pair: The private key will be used to encrypt your requests. The public key will be used to verify your requests by others
- Publish your public key: Host a JSON Web Key Set file at https://<domain>/.well-known/jwks.json. This allows merchants and merchant vendors to retrieve, cache and use your public keys
- Encrypt recipients data: Encrypt data using your recipients public key (you can test against “forter.com” and https://forter.com/.well-known/jwks.json)
- Apply to the program: After you tested the integration, the final step is to register with our Trusted Agent program by emailing us at [email protected], where you’ll be asked to provide your agent’s name, domain name, a description of the services your agent provides, and the IP address ranges your service will likely operate from
Merchants & Merchant Vendors
- Generate RSA or EC key pair: This lets agents encrypt sensitive data that only you can decrypt
- Publish your public key: Host a JSON Web Key Set file at https://<domain>/.well-known/jwks.json. This allows agents to retrieve, cache and use your public keys
- Verify agent payload and decrypt your data: Which will appear under TAC-Protocol header or tacProtocol body
Agentic commerce holds the promise of a more efficient, personalized, and seamless world. But this promise can only be realized on a foundation of verifiable trust. We’re calling on all agent developers, merchants, payment providers, and merchant vendors to collaborate with us in shaping this future. Embrace the standard, join our community, and let’s build a trusted commerce ecosystem together.
More data, code samples, and discussions are available on our GitHub repository. We welcome all developers to comment here and for all others who want to collaborate with us – and some of the world’s largest merchants – in further refining this new open standard, please contact us at [email protected].
