American Express recently launched the Agentic Commerce Experiences (ACE) Developer Kit, a technical framework that facilitates secure, intent-driven transactions performed by AI agents.
The initiative aims to integrate Amex-issued cards and membership value into the evolving landscape of AI-powered commerce, allowing agents to discover products, plan travel, and execute purchases on behalf of cardmembers. The kit features five integrated services – Agent Registration, Account Enablement, Intent Intelligence, Payment Credentials, and Cart Context – to ensure that both the human and the AI agent are authenticated and that the cardmember's intent is clearly captured.
Also, in what the company has described as an industry-first move, Amex has announced Agent Purchase Protection, a commitment to back cardmembers against charges resulting from errors by AI agents. Looking forward, Amex plans to embed its membership assets, such as Resy bookings and American Express Travel, directly into AI ecosystems, while also providing cardmembers with “granular” spend controls via the Amex app.
This Week in Fintech spoke with Luke Gebb, EVP and Global Head of Innovation at American Express, to learn more about these new initiatives and their implications for users.
The interview has been edited for clarity and brevity.
This Week in Fintech: American Express recently introduced the ACE (Agentic Commerce Experiences) developer kit. To start, how does the company view the rise of AI agents in the global marketplace?
Gebb: We are quite bullish on the trend of "agent-to-commerce" – defined as setting up the ability for agents to make purchases on behalf of humans. We view this as a massive paradigm shift on par with the advent of e-commerce and the web itself.
As we approach this space, we see that trust will be a major factor, as it has been in previous technological transitions. Trust is something we have always focused on with our customers and is an attribute our brand has held for over 175 years. This heritage, coupled with our "closed-loop" structure – where we act as the network, issuer, and acquirer – allows us to see transactions end-to-end. That visibility informed the tools we brought to market last week: the ACE developer kit and Agent Purchase Protection.
You mentioned two primary components of this launch. Can you walk us through the ACE kit and the new "Agent Purchase Protection"?
The ACE (Agentic Commerce Experiences) kit is our developer kit that defines how to make agentic transactions actually work. In conjunction with that, we launched Agent Purchase Protection.
Essentially, when agents use this kit to integrate with us, they register and share the "cardmember intent." For example, if a cardmember indicates they want to purchase a flight when the price drops below a certain threshold, the registered agent shares that intent with us. We log and store that data to help us approve the transaction. If those two elements – a Registered Agent and shared intent – are present, we will cover the transaction in the event of an agent error. If an agent overspends its budget by accident, we approve the transaction, and the cardmember can come to us to be made whole so they are not out of pocket.
That protection is a significant commitment. How do you distinguish between a genuine agent error and something like buyer’s remorse?
We use the shared intent to determine that. This is based on the words typed or spoken by a human to their agent. We believe these instructions will typically be summarized by the agent back to the human and then shared with us. This process will likely improve over time to remove loose language.
If you tell your agent to buy something and it does, but you simply don't like the item, that wouldn't qualify. However, if an agent buys an item that is not in adherence with your intent, and that item cannot be returned to the merchant, we credit the cardmember. If it costs $100, we credit $100. It’s similar to how we handle disputes today: if the merchant delivered what was expected, we typically rule that the merchant did what they needed to do. We believe cardmembers will get better at defining intent, agents will get better at summarizing it, and we will get better at handling the errors.
In traditional disputes, the bank sits between the merchant and the member. By adding a third entity – the agent – how does Amex handle the liability?
We're taking on that risk to catalyze the ecosystem, assuming the agent is registered and shares the intent. Just as banks today use science to evaluate whether a human is making a legitimate purchase by analyzing patterns and locations, we will need to track what agents do. Understanding the track record of different agent types will be common across the industry, and we are already gearing up for that.
There have been many protocol announcements recently. Is Amex building a "walled garden," or is this intended to be a universal standard?
We don't see this as a separate walled garden. We have supported protocols like AP2 and are part of X402. Our framework is largely compatible with the main protocols announced. However, what we are doing is different because many current announcements involve protocols that are not yet in use end-to-end to complete a transaction. We are showing up as both an issuer and an acquirer throughout the transaction, solving the problem of how a bank actually approves the transaction.
Q: How does the payment credential service use tokenization to ensure agents never see the underlying card data?
A: Tokenization is the fourth element of the ACE kit. It creates a "for-purpose," single-use token for a given intent that you have authorized. If an agent goes rogue or an account is taken over, we can pinpoint exactly where it originated. If they had your basic card number, you wouldn't know where the fraud started. With this tokenized model, we wouldn't authorize a transaction that didn't involve that specific agent. It gives us a perfect fraud vector for identifying and quickly stopping issues.
As commerce moves toward agents and away from traditional checkout UIs, how do you keep Amex membership value visible?
Our closed-loop structure gives us an advantage, and Agent Purchase Protection is a clear example of value that makes members want to use their Amex card. Beyond that, we want to embed our membership assets – like Resi, our travel assets, and Amex Offers – into the agent experience.
We are working to expose these assets via the Model Context Protocol (MCP) so that agents know which assets are Amex's. For example, if you are researching travel, the agent will recognize whether hotels are part of the Fine Hotels & Resorts program and understand the specific benefits. We want to ensure those perks are influential even when a human isn't clicking the button.
Does this extend to the B2B sector, such as supply chain restocking or SAS renewals?
Absolutely. We feel the same standards will apply to B2B. These specs work across commercial, small business, and consumer cards. We believe the early "hotspots" for agentic commerce will be repetitive or commodity-based transactions. Many companies already use our corporate cards for these types of purchases, and this framework will support them.
How much control does the cardmember have over these agents and their budgets?
In our mobile app, you can see which agents have your card on file and which accounts are enabled. You will also see outstanding intents. You could have one intent with a travel agent and another for a birthday party with a different agent. You can go into the app, look at those intents, and cancel them – essentially eliminating the permission to purchase. We also envision that a budget for outstanding intents will likely be a required field, giving the member full control over the spending.
