J.P. Morgan Payments’ Michael Lozanoff on why agentic commerce can’t scale without governance

J.P. Morgan anticipates that success in agentic commerce will not come from the smartest AI agents, but from the institutions building the governance, permissioning, and trust infrastructure that supports them.

When capability is no longer the bottleneck

Michael Lozanoff, Global Head of Merchant Services at J.P. Morgan Payments, believes the capability question is largely being solved. “Capability without governance is the next challenge,” he notes.

Agents today can already perform end-to-end commerce tasks: discover products, evaluate options, and complete checkout flows. What is still uncertain is whether those actions can be trusted at scale.

A prompt like “reorder office supplies” can produce very different outcomes depending on how “usual” is interpreted, whether cost or availability is prioritized, or how incomplete instructions are resolved.

“The agent may be perfectly capable of executing that,” Lozanoff says. “But what happens when the item is out of stock, and the agent prioritizes availability over cost? Or when it interprets ‘usual’ differently than the consumer intended? The intelligence was there. The governance wasn’t.”

When the human disappears from the transaction

Traditional payment systems were built on a simple premise: a human decides, a human authorizes, a human pays. Agent-driven transactions don’t behave that way. When an AI agent acts on behalf of a user, it disrupts fraud models, authentication logic, and the way risk is interpreted. 

“The shift we’re building toward is moving risk signals away from consumer browsing toward authenticated agent identity and authorization context,” Lozanoff explains. “Is the agent known? Is it permitted to act? Is it operating within the policy it was given?”

That means having a more continuous approach to risk that spans discovery, checkout, and post-transaction monitoring -– following the agent throughout the entire interaction.

Merchants lose visibility

On the merchant side, the challenge is different but equally fundamental: visibility.

Retailers are used to understanding how customers arrive, their search patterns, browsing behavior, and checkout flows. Agentic commerce obscures much of that. Merchants are already raising concerns around fraud, liability, and intent verification. “They also want a clear way to verify that intent if something goes wrong,” Lozanoff notes.

J.P. Morgan’s guidance is to start with the basics of data structure. If product data is not machine-readable, agents cannot reliably discover or compare it. Poor cataloging removes products from the decision surface.

“Clean, rich product data is the foundation,” Lozanoff says. “Without it, agentic commerce doesn’t work for the merchant, regardless of how good the agent is.”

The unresolved liability question

The hardest problem sits at the intersection of intent and responsibility. If an agent follows instructions but produces an unwanted outcome, who is responsible?

Merchant, bank, consumer, or agent provider? “There aren’t clean answers quite yet,” Lozanoff notes.

J.P. Morgan’s view is that a stronger authorization context can reduce ambiguity with the support of granular customer consent, explicit limits, and merchant-defined constraints that make intent clearer before execution. 

From intelligence to governance

As AI becomes more accessible, intelligence stops being the key differentiator. What matters instead is governance: who the agents are, what they can access, and what they are permitted to do under enforceable rules.

“A conversation the broader ecosystem needs to have is around the consistent set of industry standards that will shepherd responsible growth, such as clear ways for agents to identify themselves and transact safely, and common approaches to risk, data sharing, and liability,” Lozanoff says.