the reddit thread asks the right question: when an AI agent triggers a real payment and something goes wrong — fraud, error, or hallucination — who's liable?
traditional card networks have clear rules:
- merchant liability for fraudulent card-present transactions without chip/PIN
- issuer liability for unauthorized online transactions (with chargeback rights)
- cardholder liability capped at $50 (US) or £0 (UK) for reported fraud
but when an agent makes the purchase:
- did the human authorize it? (delegation scope)
- did the agent follow its policy? (compliance check)
- did the merchant verify agent identity? (new primitive)
mnemopay's transaction log captures:
- the original natural-language instruction ("buy the cheapest 2TB SSD under $120")
- the agent's decision tree (compared 14 vendors, picked NewEgg)
- the policy check result (within budget, vendor score 780/850)
when a dispute happens, you've got an audit trail that splits liability cleanly. if the agent acted within scope and followed policy, the merchant or issuer eats the fraud. if the agent went rogue, the developer or platform is on the hook.
the law hasn't caught up yet — but the technical primitives to assign liability exist today.
Top comments (0)