As agentic commerce moves from experimentation to production, the question for payment ecosystems is no longer only how to identify autonomous agents, but how to continuously trust what they do once they are operating at scale.
Introducing FACT and the shift to runtime trust
FACT was recently unveiled by Fime’s CEO on stage at a major industry conference, as part of a call for a new, neutral trust layer to underpin agentic commerce and AI driven payments.
FACT is positioned as a neutral, real time trust infrastructure that sits above payment rails and below agents, continuously verifying agent initiated transactions across the full lifecycle rather than only at provisioning time.
It builds on Fime’s history in certification to extend the notion of “conformance” from static devices and apps to dynamic AI agents.
The FACT framework is described as a trust infrastructure layer for autonomous commerce, whose role is to provide continuous, real time assurance that every agent action is authorised, compliant and auditable.
For stakeholders across the ecosystem, the value is clear:
For merchants, greater confidence in accepting autonomous transactions and fewer disputes driven by opaque agent decisions.
For agent providers, a way to advertise machine readable trust policies and differentiate on observable behaviour.
For banks and payment networks, an additional trust signal in authorization and fraud decisioning.
FACT has been incubated as a proof of concept within Hyperlab, Fime’s innovation lab for payments, transit, digital identity and agentic AI, leveraging the lab’s track record of building prototypes and PoCs before they are considered for wider commercialization.
KYA and FACT as complementary trust layers
You can think of KYA and FACT as two distinct but complementary layers of trust.
The KYA layer enables payment networks and issuers to vet agent providers, issue or validate verifiable credentials, register agents, and bind tokens to specific, trusted agents. This is where HTTP Message Signatures, trusted agent protocols, agentic tokens, AP2 mandates and verifiable intent artefacts operate.
The FACT layer introduces independent auditor agents that observe the negotiation between shopping agents, merchants and payment systems, validating that the observed behaviour and transaction context align with declared policies, regulations and the user’s expressed intent.
What FACT enables in practice
In concrete terms, a FACT delivers three key functions.
It compares the shopping agent’s interpretation of user intent with the original, delegated intent, ensuring the checkout outcome is consistent with what the user actually asked for and helping reduce disputes, cart abandonment and chargebacks. It functions as a risk and decisioning asset.
It monitors the agent–merchant negotiation to ensure that SKUs, prices, merchants and terms align with the user’s authenticated intent artefact, detecting subtle deviations like unauthorized upsell patterns or merchant switching. It functions as a regulation asset.
It provides transaction level trust attestations that summarize, in real time, whether a given agent trajectory stayed within policy and initial user constraints, to be consumed by risk engines and issuer authorization systems alongside traditional fraud scores. It functions as a risk and dispute asset.
Privacy preserving and neutral by design
Importantly, the FACT auditor agent is designed to be neutral and privacy preserving. It does not know the cardholder’s identity, does not initiate or authorize any payment actions, and operates strictly as a read only observer of the agent–merchant dialogue. Any access to personal data flows through the shopping agent under explicit policy, and the auditor only retains cryptographic hashes and verifiable proofs rather than raw personal data, so it can provide independent trust signals for disputes and fraud without becoming a new data honeypot.
Why KYA alone is not sufficient
The takeaway for payment leaders is straightforward. KYA is mandatory, but it is not sufficient. Pre runtime identity, registration and key management must be complemented by runtime, neutral verification of what agents actually do if we want agentic commerce to scale without eroding the dispute and fraud guarantees that underpin today’s card ecosystem.
If agentic commerce stops at KYA, we end up with a world where only a handful of large platforms and networks can meaningfully attest to agent behaviour, and where disputes depend on each platform’s black box logs.
The value of combining KYA and FACT
By pairing KYA with a dedicated trust framework like FACT, the ecosystem gets stronger consumer protection through combining protocol level purchase protection and verifiable intent artefacts with independent runtime attestations makes it far easier to adjudicate “the agent went rogue” disputes without defaulting to blanket denials or goodwill refunds.
It also enables better risk controls, where transaction level trust signals reflecting observed behaviour, not just static credentials, can feed directly into authorization, fraud and chargeback models.
Finally, it supports more open innovation for agent providers by allowing smaller agents can plug into a shared trust infrastructure instead of individually negotiating bespoke audits with every network, reducing barriers to entry while still meeting rigorous oversight expectations.
Conclusion: knowing agents is not the same as trusting them
KYA provides a foundation to identify and qualify non-deterministic agents, while FACT enables continuous observation and verification of their behavior in real time. In an economy where autonomous agents increasingly make purchasing decisions and initiate payments on behalf of users, static identity and legacy trust signals are no longer sufficient. Trust must be re-established through reinforced, dynamic signals that evolve with the system.
Traditional mechanisms such as merchant due diligence must expand toward comprehensive merchant AND agent evaluation, while strong customer authentication and dynamic linking shift toward deterministic, verifiable surfaces enriched with independently sourced data rather than merchant-declared inputs. FACT ensures that these pillar trust signals are preserved, strengthened, and continuously assessed, enabling a resilient trust framework where agent actions remain aligned with user intent, policy constraints, and regulatory expectations at scale. Learn more on FACT.
Discover more in our agentic AI commerce blog series:
Chapter I: Agentic AI and payments: when AI gets a wallet and a will of its own.
Chapter II: Agentic commerce: when your wallet gets a brain.
Chapter III: Agentic commerce: issue on Llamas.
Chapter IV: Rethinking security in the age of agentic AI.
Chapter V: From emotion to algorithms: why Agentic Commerce needs a new trust layer.
Chapter VI: Closing the trust gap in agentic commerce.
Chapter VII: Trust framework: building verifiable trust for autonomous transactions.
Chapter VIII: From KYA to continuous trust: governing agentic commerce in production with FACT.
Jean Luc Di Manno, Innovation Lead
Jean Luc Di Manno has over a decade of experience in the payments and authentication industry, with a strong focus on consulting and solution architecture. His expertise spans testing‑tool design, secure payment technologies, and digital identity, with an increasingly strategic perspective on how AI agents reshape commerce, risk, and trust in the payment ecosystem.
At Fime, Jean Luc is a Consultant and Solution Architect who leads innovation initiatives through Hyperlab. He works at the intersection of payments, authentication, digital identity, and smart mobility, helping clients explore new technologies and turn ideas into practical solutions. He also actively participates in international standards bodies and industry working groups such as W3C and FIDO, contributing to the evolution of secure and interoperable payment and authentication frameworks that can support emerging agentic AI commerce models.
Prior to his current role, Jean Luc designed and delivered testing‑tool architectures and led technical consulting missions for a range of stakeholders in the payments and authentication ecosystem, supporting the deployment and evolution of secure payment and payment‑related services.
This background informs his current focus on understanding how AI agents interact with payment rails, authentication, and fraud controls, and how to design trustable ecoe most installed open-source business software worldwide.
