The next frontier of Agentic Commerce will not only be about trusting AI agents. It will be about executing authenticated payments inside the conversation.
Over the past few months, Agentic Commerce has become one of the most relevant concepts in the future of payments. The idea that AI agents may act on behalf of consumers, users or companies is no longer a distant hypothesis. It is a logical evolution of a world in which artificial intelligence is not only answering questions, but also interpreting needs, comparing options, making decisions within defined limits and participating in real commercial processes.
However, this evolution raises a critical question for the payments industry:
How do we build trust when the actor initiating or supporting the transaction is not directly a human being, but an AI agent acting on that human’s behalf?
Visa and Mastercard are already moving in this direction through complementary approaches. Concepts such as Trusted Agents focus on whether an AI agent can be trusted within the payment ecosystem. The idea of Verifiable Intent goes one step further by reframing the question from “Who are you?” to a more sophisticated one: “Was this action truly authorized, bounded and consistent with the user’s intention?”
Both dimensions are essential.
In a world where AI agents may search, compare, recommend, negotiate or initiate purchases on behalf of users, it will be necessary to prove that the action was authorized, that the agent operated within a defined scope, and that there is a clear trace between the user’s will and the commercial action being executed.
But this is only one part of the problem.
Even if the AI agent is trusted, even if the user’s intent is verifiable, and even if delegation is properly bounded, there comes a point where the commercial action must become a real payment transaction.
And at that point, a much more operational question appears:
How can the payment be executed securely, compliantly and with strong authentication?
This question becomes especially important when the commercial journey does not happen on a website, inside an app or through a visual checkout, but inside a voice conversation.
That is where Pay by Call introduces the concept of Secure Agentic Voice Commerce.
Agentic Commerce will not be purely visual
For more than two decades, the dominant architecture of digital payments has been shaped by the screen.
The user browses a website, opens an app, adds a product to a cart, enters payment credentials, confirms the purchase and, when required, completes an authentication challenge through 3D Secure, a banking app, a push notification or another visual interface.
The entire security model of e-commerce has been built around that pattern: a user present in front of a screen, interacting with a visible interface and completing a structured digital journey.
Agentic Commerce changes this model.
In an agentic scenario, the user may not be directly present at the exact moment of the commercial decision. The user may have delegated certain actions to an AI agent. That agent may compare options, select an alternative, initiate a booking or prepare a transaction. The relationship between user, merchant, AI agent, issuer, acquirer and payment network becomes more complex.
However, it would be a mistake to assume that the future of commerce will unfold only inside visual digital environments.
A very significant part of real economic activity still happens through conversations.
A customer calls an airline to change a booking. A citizen contacts a public administration to pay a tax, a fine or a municipal fee. A policyholder speaks with an insurance company to renew or modify a policy. A patient confirms a healthcare service. A customer negotiates a debt repayment plan. A utility client resolves an issue and ends up making a payment. A traveller modifies a complex itinerary. A contact center helps complete a process that does not fit easily into a standard automated checkout.
In all these cases, the conversation is not a secondary channel.
It is the environment where payment intent is formed.
The user speaks because they need context, clarification, reassurance, guidance or resolution. The decision to pay does not appear in isolation. It usually emerges at the end of an interaction in which doubts have been resolved, trust has been established and the need to complete the transaction has been confirmed.
This is why, in the age of Conversational AI, the voice channel should not be seen as a legacy interface.
It should be seen as a transactional interface with significant potential.
If AI is going to transform customer service, it will also transform the way transactions are completed inside conversations.
But for that to happen, the payment must be executable within the same conversational flow.
The critical difference between verifiable intent and authenticated execution
One of the most common mistakes when analyzing the future of Agentic Commerce is confusing authorization to act with authentication of the transaction.
They are related, but they are not the same problem.
Verifiable Intent helps answer a first question:
Was the action initiated by the AI agent truly aligned with the user’s authorized intention?
Trusted Agent frameworks help answer another question:
Can we trust the AI agent participating in the commercial process?
But even if both answers are positive, a third question remains open:
Can the payment itself be executed with the same level of security, compliance and authentication expected in modern digital commerce?
In e-commerce, this function has historically been supported by 3D Secure.
3D Secure has become one of the core mechanisms for introducing strong customer authentication, issuer involvement, risk-based decisioning and transaction validation into digital payments. While it may sometimes introduce friction, its role has been essential in raising the level of trust in the e-commerce channel.
The problem is that 3D Secure was originally designed for visual digital environments: browsers, apps, redirects, authentication interfaces and screens where the user can complete a challenge or confirm an operation.
The telephone channel did not fit naturally into this model.
Voice payments, especially those classified as MOTO —Mail Order / Telephone Order— have historically existed in a separate category. These are transactions not initiated through a standard digital checkout, often performed through agents, IVR systems or contact centers. From a technical standpoint, bringing 3D Secure natively into that channel was extremely difficult.
This created a structural separation.
On one side, e-commerce evolved toward stronger authentication models.
On the other, telephone payments could become more secure through Secure IVR and PCI-DSS compliance, but they still lacked a native equivalent authentication layer within the call itself.
That separation is becoming increasingly unsustainable.
If voice is going to participate in the future of Agentic Commerce, it cannot remain an exception channel. It cannot be the environment where user intent is created, but not where the transaction is authenticated. It cannot be the place where trust is built, only to force the user to leave the conversation at the decisive moment of payment.
Secure Agentic Voice Commerce requires the opposite.
It requires the conversation itself to become a secure, compliant and authentically transactional environment.
The limit of Pay by Link as a workaround
In recent years, many organizations have tried to solve the difficulty of authenticating telephone payments through Pay by Link solutions.
The logic is simple: if the user is on the phone and the payment requires a digital experience, the organization sends a payment link by SMS, email or another channel so the customer can complete the payment outside the call.
This can be useful in many scenarios. Pay by Link has solved many remote payment use cases and will continue to have its place.
But from a conversational commerce perspective, Pay by Link is not a native voice solution.
It is a channel-switching solution.
And that distinction matters.
The user is speaking. The conversation has created context. Trust has been established inside the call. Payment intent is present. The customer is ready to complete the operation.
And exactly at that moment, the customer is asked to leave the channel.
They must receive a link. Open it. Trust that it is legitimate. Move to a browser. Complete a visual payment flow. In some cases, complete an additional authentication process. And then, if everything works, the transaction is closed.
From a purely technical perspective, this model can work.
From an experience perspective, it introduces friction.
And from a strategic Agentic Commerce perspective, it breaks the logic of the conversational journey.
If the commercial interaction is happening inside a conversation, if the user is being guided by a human agent, an AI assistant or a hybrid model, and if the payment intention is being formed within that same dialogue, then the payment should not become an external event.
It should be part of the same trusted flow.
This is not only about reducing clicks. It is about preserving the continuity of intent.
Every channel switch forces the user to reinterpret the experience. The conversation stops being the primary environment, and the payment becomes a separate action. In high-volume environments, that rupture can translate into abandonment, lower conversion, more operational incidents and a poorer customer experience.
This is why Pay by Call believes that the future of Voice Commerce should not be about pushing the user out of the call to complete the payment somewhere else.
It should be about making the call itself a secure transactional environment.
PBC 3DS: bringing 3D Secure logic into the voice channel
This is where PBC 3DS becomes strategically relevant.
PBC 3DS is Pay by Call’s patent-pending method designed to incorporate 3D Secure logic into the telephone payment flow without forcing the user to abandon the voice interaction.
This is not just an additional feature.
It is a layer that changes the nature of the channel.
Until now, Pay by Call could already be understood as a specialized secure telephone payment platform based on a PCIaaS model —Compliance as a Service. Through the PaybyCall platform, companies, public administrations, BPOs, contact centers and PSPs can process voice payments while reducing PCI-DSS exposure, preventing agents from seeing or hearing card data, protecting call recordings and isolating sensitive payment information from corporate systems.
This layer remains essential.
PCI-DSS answers a critical question:
Are card data being captured, processed or transmitted within a secure environment?
But PBC 3DS answers a different question:
Can a transaction initiated and completed through voice incorporate a strong authentication layer equivalent to the 3D Secure logic used in digital commerce?
That difference is key.
A Secure IVR can protect card data. It can prevent the agent from seeing the PAN. It can ensure that call recordings do not contain sensitive information. It can reduce the PCI scope of the contact center.
But a Secure IVR alone does not necessarily solve the question of strong transaction authentication.
PBC 3DS completes that architecture.
The combination is strategically powerful:
PCIaaS protects the execution environment.
PBC 3DS adds the authentication layer.
Voice evolves from secure payment capture into authenticated payment execution.
This is the step that enables the move from secure telephone payments to Secure Agentic Voice Commerce.
What Secure Agentic Voice Commerce really means
Secure Agentic Voice Commerce does not simply mean using AI in a phone call.
It does not mean adding natural language capabilities to an IVR.
It does not mean sending a payment link during a conversation.
Secure Agentic Voice Commerce is a trust architecture for transactional voice environments.
In this architecture, several layers must converge.
First, there must be a conversational layer, because the user is not necessarily navigating a checkout page. They may be speaking with a human agent, an AI assistant or a hybrid experience where both participate.
Second, there must be an intent and trust layer, because the ecosystem must be able to determine whether the AI agent is authorized, whether the user’s intent is verifiable and whether the action remains within the boundaries of delegated authority.
Third, there must be a compliance layer, because card data cannot be exposed to agents, recordings, CRMs, telephony systems or contact center infrastructure that should not be inside the PCI-DSS perimeter.
Fourth, there must be an authentication layer, because protecting the data is not the same as authenticating the transaction.
And fifth, there must be an execution layer, because commerce does not end with intent. It ends when the transaction is authorized, validated and securely traceable.
The weakness of many current Agentic Commerce narratives is that they focus heavily on the intelligence of the agent, but not always on the complexity of execution.
A payment is not merely a decision.
A payment is a regulated act. It involves risk, fraud, liability, authentication, network rules, compliance, traceability and trust between multiple actors: user, merchant, PSP, acquirer, issuer, scheme and regulator.
This is why Agentic Commerce cannot be built with conversational AI alone.
It needs payment-grade infrastructure.
And in the voice channel, that infrastructure must be designed specifically for voice.
From trusted agents to trusted conversations
The payments industry has historically evolved by expanding the perimeter of trust.
In physical commerce, trust was initially built around the presence of the card and later around chip and PIN.
In e-commerce, trust shifted toward digital authentication, tokenization, risk scoring, device data and 3D Secure.
In Agentic Commerce, trust must expand again to include AI agents capable of acting on behalf of humans.
But when Agentic Commerce reaches the voice channel, trust must expand even further.
It is no longer enough to trust the user.
It is no longer enough to trust the AI agent.
It is no longer enough to verify delegated intent.
It must also be possible to trust the conversation as a transactional environment.
This raises very concrete questions:
Can the user speak naturally without exposing sensitive card data?
Can an AI assistant guide the process without unnecessarily entering the PCI-DSS perimeter?
Can a human agent remain in the service experience without seeing or hearing the PAN?
Can the customer complete strong authentication without leaving the call?
Can the merchant obtain sufficient evidence that the payment was executed securely?
Can the issuer receive a voice transaction that is not merely a weak MOTO exception, but an authenticated transaction supported by a native layer adapted to the channel?
These are not marginal questions.
They define whether voice can seriously participate in the future of Agentic Commerce.
If the answer is no, voice will remain peripheral.
If the answer is yes, voice can become one of the most powerful interfaces for AI-driven commerce.
Why PBC 3DS changes Pay by Call’s strategic position
Before PBC 3DS, Pay by Call’s proposition was already clear: to provide a PCIaaS platform for secure telephone payments, helping companies and public administrations reduce PCI-DSS scope, avoid exposure of sensitive data, protect recordings and enable secure voice payments in complex customer service environments.
With PBC 3DS, the proposition becomes broader.
Pay by Call is no longer only addressing the problem of capturing card data securely over the phone.
It is addressing a more ambitious challenge:
making the voice channel capable of supporting authenticated transactional execution.
This point is essential to connect Secure Agentic Voice Commerce with concepts such as Verifiable Intent and Trusted Agents.
Verifiable Intent may demonstrate that an action was authorized.
Trusted Agents may demonstrate that the AI agent is reliable.
But PBC 3DS helps solve what happens at the final moment: when intent becomes payment and the payment must be authenticated inside the same conversational environment.
That final moment is decisive.
An Agentic Commerce experience may be beautifully designed, but it remains incomplete if the payment must leave the conversation to become secure. An AI agent may be trusted, but it will remain operationally limited if the payment layer cannot support the channel where the user is actually interacting. A verifiable intent framework becomes weaker if there is no secure execution infrastructure at the exact point of conversion.
This is why Secure Agentic Voice Commerce is not a speculative category.
It is a practical answer to a structural problem:
What infrastructure does voice need to become a native, secure and authenticated commerce channel in the age of AI agents?
At Pay by Call, our answer is the convergence of three elements: trusted agentic intent, secure execution through PCIaaS and native 3D Secure authentication through PBC 3DS.
Sectors where this evolution will matter most
The implications of this architecture are particularly clear in sectors where conversation remains essential.
In travel, many transactions require assisted service because booking changes, incidents, upgrades or complex itineraries do not always fit into a standard checkout.
In insurance, the user may need explanation and reassurance before renewing, extending or modifying a policy.
In utilities, payments may arise after resolving an issue, confirming a balance or regularizing a service.
In public administrations, the telephone remains a critical channel for citizens who need guidance before completing a payment.
In healthcare, the sensitivity of the service requires trust and support.
In collections, the payment is often not the beginning of the interaction, but the result of a negotiation.
In BPOs and contact centers, the key challenge is to scale these processes securely, auditably and compliantly without rebuilding the entire infrastructure.
All these sectors share the same logic:
The payment is not the starting point. It is the consequence of a conversation.
That is why authenticating the payment inside the voice flow is so relevant.
It preserves continuity, reduces friction, increases the security level of the channel and turns the conversation not only into a service environment, but also into a secure transactional environment.
For years, the market has treated voice payments as necessary but secondary: useful, but less elegant than digital commerce; operationally important, but harder to secure; relevant for specific sectors, but not necessarily strategic.
Agentic Commerce may change that perception.
If AI makes conversations more scalable, more intelligent and more capable of resolving complex processes, then voice stops being a legacy channel and becomes a future interface.
But that future will only be possible if the payment layer evolves at the same speed as the conversational layer.
A voice AI that can speak but cannot complete a secure, authenticated payment is not yet a true commerce agent.
It is only a service assistant.
To become transactional, it needs a secure execution architecture.
That is the role Pay by Call intends to play.
The checkout of the future will not always be a page
The next generation of commerce will not be defined only by who controls the checkout page.
It will also be defined by who controls the secure moment of payment execution.
In a screen-based world, that moment was easy to locate: a website, an app, a wallet or a payment gateway.
In a conversational world, that moment becomes more fluid. It may happen during a call, in the middle of a customer service journey, after an AI-generated recommendation or as the outcome of a human-assisted interaction.
This makes the execution layer more important, not less.
The payment infrastructure must be able to enter the conversation without contaminating it with risk. It must enable authentication without making the experience unnatural. It must protect compliance without overburdening the enterprise. It must allow AI to participate in commercial processes without unnecessarily exposing sensitive card data to AI systems.
That balance is complex.
But it is exactly the type of balance the next phase of payment innovation will require.
Agentic Commerce will not succeed simply because AI agents become more intelligent.
It will succeed if the trust infrastructure around them becomes robust enough to let them participate safely in real transactions.
And in voice, that infrastructure must include authentication.
Conclusion: voice needs its own trust architecture
The future of AI-driven commerce will not be solved only at the decision layer.
It will also be solved at the execution layer.
A trusted agent without secure execution remains incomplete.
Verifiable intent without authenticated payment remains unfinished.
A conversation that creates trust but forces the user to leave the channel at the moment of payment introduces a structural rupture.
This is why Pay by Call defines Secure Agentic Voice Commerce as the convergence of conversational AI, verifiable agentic intent, PCIaaS, PCI-DSS compliance and native 3D Secure authentication inside the voice channel.
This is not about replacing e-commerce.
It is not about competing with wallets or digital checkouts.
It is about providing the conversational channel with a secure execution layer for all those cases where the transaction is born, developed and decided through a conversation.
The checkout of the future will not always be a page.
In many cases, it will be a conversation.
And for that conversation to become real commerce, it must be secure, compliant and strongly authenticated.
That is the promise of Secure Agentic Voice Commerce.
And that is the architecture Pay by Call is building with PaybyCall and PBC 3DS.
If you want to know more about this topic, visit the Pay by Call blog: