What I Ordered vs. Got: Implementing Consumer Protection for Agentic Commerce in Nigeria & South Africa

Imagine ordering a tailored suit and receiving a beach towel. That shock sums up the core problem of AI-driven commerce, promise vs delivery. What if autonomous agents negotiate, recommend, and buy for consumers in Nigeria and South Africa? Without guardrails these systems can cause financial loss, privacy leaks, and reputational damage. The "What I Ordered vs. Got" case study shows how automated decisions become real consumer harm and regulatory attention.

We map that case to Protection of Personal Information Act (POPIA, South Africa) and Nigeria's Data Protection Act (NDPA) to surface existing obligations: lawful processing, informed consent, purpose limitation, data minimisation, and accountability. POPIA stresses individual rights and breach notification in South Africa; the NDPA in Nigeria highlights consent and local governance. For senior marketers, CTOs, and founders, these requirements mean product controls, audit logs, and clearer user communications.

Three protocols, Agent Payments Protocol (AP2) / Agent 2 Agent Protocol (A2A) / Model Context Protocol (MCP), from our continued exploration of the framework introduced in Designing Fair Personalization offer practical controls. Think of AP2 as privacy-first personalization that asks "why" and "who benefits" before tailoring offers. A2A governs agent-to-agent interactions so buying bots disclose intent and exchange verifiable receipts. MCP enforces minimal consent paths and default opt-outs for sensitive actions. Together they act like road signs, seatbelts, and inspection checkpoints across the customer journey.

On the engineering side, ethical_purchase.py is a compact benchmark. It logs consent, validates match criteria, applies purpose-limited transforms, and flags low-confidence cases for human review. Implementations should include tamper-evident transaction records, policy-driven filters mapped to POPIA and NDPA, and explainability endpoints for customer queries. Treat these as contract clauses written in code — auditable, enforceable, and privacy-preserving.

For leaders, start pilots that pair legal mapping with AP2/A2A/MCP controls, pattern ethical_purchase.py into production, and track consumer trust alongside conversion. Validate agent decisions against stated intent, log consent with timestamps, and enable a fast human override. The result: fewer complaints, stronger POPIA/NDPA compliance, and a competitive edge built on predictable, fair AI commerce. Start now with ethical pilots.

Core findings

Combining AP2/A2A/MCP patterns with a conceptual logic model (ethical_purchase.py) and a mapped compliance checklist for NDPA and POPIA can guard against the “What I Ordered vs. What I Got” disputes. A Lagos mother borrows a neighbour’s phone, taps “yes” to a bundled airtime offer and later sees unexpected, recurring charges. This is exactly the failure mode Intent Mandates (a part of the VDCs - Verifiable Digital Credentials), server-side budget caps, and Human In The Loop (HITL) checkpoints are designed to prevent. The textbook script enforces cryptographic mandates, idempotent (non-alterable) checkout, and an auditable trail so agents can’t spend beyond explicit consent.

The Problem: Why "What I Ordered vs. Got" Meme Matters for Agentic Commerce

AI shopping agents can produce unauthorized or unexpected purchases fast and at scale — turning a single mistake into a public relations and financial crisis. The fix is technical and legal: mandate-first authorizations backed by VDCs, such as 'Intent', 'Payments', and 'Cart' Mandates, human-in-the-loop (HITL) checkpoints, and clear protocol boundaries (AP2/MCP) mapped to regulatory standards, including Payment Card Industry Data Security Standard (PCI DSS).

Short story: A Lagos user on TikTok shows a clip of “my agent bought me a ₦60,000 phone charger bundle instead of the ₦5,000 charger I asked for.” The agent had been given a standing permission to “handle purchases under ₦100,000.” It autocompleted a chained upsell and signed the checkout. The post goes viral; complaints and chargebacks flood the marketplace.

Traditional e‑commerce failure modes are familiar:

• Misrepresentation — product photos or specs that don’t match what arrives.
• Dropshipping surprises — long delays or different items sent from third parties.
• Damaged or low‑quality goods — consumers receive broken or counterfeit items.

Agent-specific failure modes extend traditional e‑commerce harms in new ways:

• Autonomous decision drift — agents shift goals: “find the best value” becomes “buy the most profitable bundle.”
• Chained upsells — an agent accepts merchant prompts and adds costly extras without explicit human consent.
• Standing permissions abused — long‑lived mandates let agents charge repeatedly or broaden scope over time.
• Silent recurring charges — subscriptions or renewals get activated by agent workflows and go unnoticed.

These failure modes carry three concrete risks for platforms and merchants:

• Reputational: Viral social posts (one TikTok can reach millions overnight) amplify every error into a trust crisis.
• Financial: Chargebacks, refunds, escrow holds and higher customer support costs erode margins.
• Regulatory: NDPA/POPIA consent breaches, consumer protection fines, and PCI non‑compliance exposure.

Aside — continental harmonisation gap: the Malabo Convention on consumer protection has limited adoption, which amplifies risk across Africa for four reasons:

• Scope/complexity: The Convention covers many topics; countries pick parts, creating inconsistent protections.
• Enforcement gaps: Weak national enforcement means cross‑border harms go unpunished.
• Cost/capacity: Regulators often lack resources to audit fast‑moving AI commerce flows.
• Misalignment with global standards: Local rules may not map cleanly to PCI, GDPR‑style norms, or AP2/MCP technical patterns.

Technical‑external mapping (how to anchor solutions):

• AP2 / MCP: use mandate-first workflows to separate discovery, authorization, execution.
• VDCs & cryptographic mandates: create auditable, unforgeable consent records to meet NDPA/POPIA consent rules.
• HITL circuit breakers: require explicit human approval on high‑risk or low‑confidence actions to satisfy consumer protection tests.
• PCI DSS / escrow: prevent exposure of raw payment data and hold funds until delivery verification.

# Intent Mandate example (illustrative)
intent = create_intent(max_budget=15000)   # Naira ceiling, purpose‑bound
mandate = sign_mandate(intent)             # VDC signature for audit
checkout(cart_id, mandate_id=mandate.id)   # Server verifies mandate before charging

Problem statement: Without mandate‑first protocols, verifiable audit trails, and mapped regulatory controls, AI agent commerce will repeat and scale "What I Ordered vs. Got" failures, causing reputational, financial and legal harm. The next sections will show how to design mandate lifecycles, HITL rules, UX safeguards, and compliance checklists for Nigeria’s market to prevent these harms.

The Solution: AP2/A2A/MCP in Practice: Intent Mandates, VDCs and the Consent‑First Checkout

A consent‑first, mandate‑based checkout prevents most trust-related failures in retailing by moving authorization before execution, enforcing strict role boundaries, and producing auditable receipts. In practice this means an Intent Mandate is created and signed up‑front (scope, Time-To-Live, allowed_items, max_total), agents are limited by A2A role constraints, MCP metadata carries privacy and transactions history tags, and VDCs are issued as tamper‑evident receipts, all wired into escrow or conditional settlement to reduce financial harm in low‑trust markets like Nigeria.

How to imagine it

• Intent Mandate = a signed shopping list with a budget: it says “OK to buy these things, up to Naira X, before time T.”
• VDC = a tamper‑evident receipt: like a holographic paper receipt whose signature anyone (consumer, regulator, bank) can verify.
• A2A roles = job titles: the shopper‑agent can browse and add to cart, the payment‑agent can only submit a mandate ID to a gateway, the courier‑agent can only confirm delivery.
• MCP metadata = pocket‑sized privacy labels (purpose, sensitivity, traceable origin) attached to every message so systems redact or restrict fields automatically.

Core primitives:

• Intent Mandate fields: scope (merchant or product scope), ttl (time to live), allowed_items (IDs or classes), max_total (currency cap). Mandates are signed and immutable.
• VDC: signed credential containing mandate (intent/payment/cart) hash, transaction outcome, timestamps, and participant signatures. Acts as the canonical, auditable receipt.
• A2A role constraints: capability tokens that bind actions to role—e.g., agent.payment cannot alter allowed_items; only agent.user may revoke.
• MCP metadata: privacy tags (PII, sensitive, fulfillment_only), purpose (discovery, checkout), provenance (origin agent id), and selective disclosure rules.

Example: a minimal mandate JSON (illustrative)

{
  "mandate_id":"mandate_abc123",
  "scope":"merchant_konga:nigeria",
  "ttl":"2026-02-05T12:00:00Z",
  "allowed_items":["prod_tv_42","prod_remote"],
  "max_total":45000,
  "signed_by":"user_pubkey",
  "vds_signature":"sig_base64..."
}

Critical system states and transitions — model and surface these in both UX and logs:

• mandate_created — user created and signed the mandate (show summary + mandate hash to user, SMS/USSD/voice confirmation possible for low‑literacy users)
• pending_approval — human‑in‑the‑loop (HITL) trigger when ambiguity or policy checks fail (show reason, expected hold duration)
• approved — mandate validated and escrow initiated; VDC issuance queued
• completed — payment settled or escrow released; VDC final receipt recorded
• failed/rejected — validation or merchant rejection (detail reason codes for disputes)
• revoked — user or system revoked mandate (show revocation cause and timestamp)
• expired — TTL passed; mandate becomes unusable

These states must be logged as append‑only events (timestamped, signed), and the UX must surface clear human‑readable status and next steps — especially in Nigeria where shared devices, intermittent connectivity and low digital literacy are common. SMS/USSD and audio confirmations tied to mandate hashes close the comprehension gap.

Design choices that reduce risk in low‑trust contexts

• Mandate‑first workflow: require signed intent before any cart mutation or payment token issuance. No backdoor auto‑approve.
• Escrow / conditional settlement: hold funds until delivery proof or time‑boxed acceptance window elapses. This reduces chargebacks and consumer harm.
• Time‑boxed single‑use tokens: mandates and payment tokens are single‑use and short TTL to prevent replay or long‑lived abuse.
• Human‑in‑the‑loop escalation: surface ambiguous or high‑risk cases to agents/operators with clear resolution Service-Level Agreements (SLAs) — a feature not a bug in markets with high fraud or limited recourse.

Technical‑external mapping: How this links to regulation and standards

• NDPA (Nigeria): The mandate creation is the explicit consent event; retain signed consent records for compliance.
• POPIA (South Africa): MCP privacy tags map to POPIA’s data minimization and purpose limits; selective disclosure enforces legal obligations.
• PCI‑DSS / local payment rules: Tokenization + gateway VDCs mean platforms avoid storing Permanent Account Numbers (PANs); map responsibility in processor contracts (Flutterwave, Paystack).
• Consumer protection law (local CPC frameworks): Escrow + signed VDC receipts provide evidence for dispute resolution and liability allocation.

Practical benchmark: The AP2 Logic Model

The companion script ethical_purchase.py implements the above pattern, an async flow that creates a mandate (mandate signature), enforces budget and scope, calls a payment gateway which issues a VDC, and writes an append‑only audit trail. It demonstrates key behaviors: mandate‑first logic, server‑side validation (agent cannot forge authorization), HITL pending_approval path, and VDC issuance for downstream dispute resolution. Use it as a technical benchmark when integrating Paystack/Flutterwave, HSM key storage, and escrow adapters.

Next subsection will walk line‑by‑line through the code and show exactly where each of these protections appears in ethical_purchase.py.

Annotated Code Walkthrough (ethical_purchase.py)

Our benchmark implementation enforces consent-first commerce via Intent Mandates (VDC-signed), server-side verification, and an append-only audit trail — preventing budget overrun and providing dispute evidence for NDPA (Secs. 25, 44, 65) and POPIA (Secs. 11, 69, 107). Key hooks: Key Management Service (KMS) / Hardware Security Module (HSM) for signing, idempotency keys for safe retries, and escrow adapters (Flutterwave/Paystack) for funds-in-hold.

create_intent_mandate

• Purpose: issue a purpose-bound, TTLed mandate with vds_signature (proof of consent).
• Regulatory mapping: NDPA §25 (consent), POPIA §11 (voluntary, informed).
• Inputs/Outputs: input {user_id, max_budget, ttl, merchant_id} → output {mandate_id, vds_signature, expires_at}.
• Failures & remediation: key-unavailable → retry with backoff; signature mismatch → reject and prompt reconsent. Plug KMS/HSM for signing.

verify_and_execute_purchase

• Purpose: validate mandate (signature, TTL, budget, agent role) then call gateway_execute_payment.
• Regulatory mapping: NDPA §44 (breach notification), NDPA §65 (consumer rights), POPIA §§69/107 (accountability, recordkeeping).
• IO: input {mandate_id, cart, idempotency_key, agent_id} → output {status, tx_id/error}.
• Failures & remediation: expired/over-limit → surface HITL; agent mismatch → revoke mandate and alert.

gateway_execute_payment

• Purpose: adapter to payment gateways with escrow support.
• Implementation note: include adapter interface for Flutterwave/Paystack and return escrow_id.
• Failure: network/gateway errors → idempotent retries; store attempts in audit log.

export_audit_for_dispute

• Purpose: produce signed, tamper-evident transcript (mandate hash, signature, events) for regulators or courts.
• Map: satisfies POPIA §107 retention and NDPA auditability obligations.

# pseudo-upgrade: mandate revoke & idempotent checkout
try:
    resp = verify_and_execute_purchase(..., idempotency_key=key)
except MandateExpiredError:
    revoke_mandate(mandate_id); notify_user()

Tests required: expired, over-limit, agent-mismatch, tampered-signature, replay (idempotency). Use simple voice/SMS receipts in NG context for low-literacy remediation and escrow-first default for first-time merchants.

Regulatory Compliance Mapping: NDPA (Nigeria) & POPIA (South Africa)

Instrument Intent Mandates and VDCs from ethical_purchase.py as blueprint compliance artifacts. Map NDPA and POPIA obligations to specific, implementable controls so the mandate (mandate.vds_signature) is the signed "what I ordered" receipt, audit logs detect breaches, and escrow+VDCs enable refunds and consumer rights.

• NDPA Section 25 (consent) → Intent Mandate capture and signed artefact:
  • Create an explicit create_intent call that captures human-readable intent, purpose, TTL and max_budget; bind to a cryptographic signature (VDC).
  • Store a signed artefact (user-facing summary + mandate.vds_signature) that the user can retrieve.
• NDPA Section 44 (breach notification) → tamper‑evident audit logs + breach playbook:
  • Append-only, signed audit logs (server and participant signatures) with alerts and a documented breach playbook that automates NDPA timelines and user notices.
• NDPA Section 65 (consumer rights) → escrow/refund flows + evidence‑linked VDCs:
  • Hold funds in escrow for new merchants, support immediate refunds linked to VDC receipts and photo/hash evidence (delivery photo tied to mandate hash) for disputes.
• POPIA Section 11 (consent) → human-readable mandate summaries and storage:
  • Store consent summaries in plain language and audio/SMS formats; consent records must be queryable and exportable for audits.
• POPIA Section 69 (direct marketing) → ban pre‑checked bundles and require active opt‑ins:
  • UI/UX rule: no pre-checked upsell bundles; mandate explicit opt-in for any marketing or bundled purchase.
• POPIA Section 107 (enforcement) → retention of VDC‑backed receipts for dispute resolution:
  • Retain signed VDC receipts and transaction transcripts to support regulator actions and consumer disputes.

Make logs and VDCs regulator‑usable: provide signed exports (portable JSON/CBOR with participant signatures), store in WORM or object-lock buckets, and keep retention aligned with local law—recommend a practical baseline of 3+ years or the longest statutory period applicable. Include idempotent export endpoints and human-readable summaries for non‑technical regulators.

External anchors: map these controls to AP2/MCP/A2A primitives (intent tokens, VDC signatures, nonce/timestamp replay protection) and to PCI‑DSS for payment handling. Watch cross‑border rules (GDPR, data‑localisation laws, ECOWAS guidelines). Safe default: adhere to the strictest local standard where you operate.

# export signed receipt (concept)
export = {
  "mandate_id": mandate.mandate_id,
  "summary": mandate.human_summary,
  "vdc_sig": mandate.vds_signature,
  "timestamp": mandate.issued_at
}
signed_export = hsm.sign(json.dumps(export))

Implementation Guide: Step‑by‑Step to Production (Integration, Keys, Escrow, Testing)

Implement a mandate‑first, auditable checkout that ties a plain‑language consent artifact (image/audio + short hash) to a cryptographically signed mandate (VDC), stored with delivery evidence and escrowed funds. This prevents surprise charges and satisfies NDPA (consent, breach notification) and POPIA (informed processing, data minimisation). Think of a mandate as a signed shopping list you keep in a safe until delivery.

1) Schema & UX for mandates

• Notes: plain‑language summary + product photo + 3s audio readout in local language (Yorùbá/Hausa/Igbo). Bind image hash to mandate token for low‑literacy verification.
• Acceptance: user can replay audio, see image + hash, and press explicit confirm; comprehension ≥80% in pilots (Lagos test groups).

2) Key management & signing

• Notes: use HSM-backed KMS (AWS CloudHSM, Azure Key Vault HSM, or Vault + HSM). Support user wallets (custodial or non‑custodial) with social-recovery and backup codes for wallet recovery.
• Acceptance: private keys non-exportable, signed mandates verify with public key; recovery flow tested end‑to‑end.

3) Gateway/GMC adapter responsibilities

• Notes: verify mandate signature + TTL, enforce merchant allowlist, attach escrow account reference, reject mismatch merchant IDs.
• Acceptance: adapter rejects any checkout where mandate.merchant_id ≠ merchant; logs reject reason for audit.

4) VDC generation & storage

• Notes: store immutable VDC with mandate_id, order_id, delivery evidence pointer (photo hash, GPS). Use append‑only storage (WORM) with access controls per NDPA/POPIA.
• Acceptance: VDC + delivery evidence reproducible and signed; tamper check fails if modified.

5) Escrow/refund orchestration

• Notes: time‑boxed release (e.g., 48 hrs post-delivery photo). Auto‑refund triggers: no delivery evidence, mismatch hash, buyer revoke within window.
• Acceptance: escrow releases only after signed delivery proof or auto‑refund executed with audit trail within SLA.
• 6) Testing matrix
  • Notes: unit tests for mandate validation, integration tests with Flutterwave/Paystack; E2E simulations for “ordered vs got” (wrong item photo, different hash, fake merchant).
  • Acceptance: simulated disputes resolve per policy; idempotent retry does not double‑charge.

7) Monitoring & metrics

• Notes: track mandate acceptance rate, blocked txns, disputes per 1k, MTR (mean time to resolution). Use feature flags and pilot thresholds (start at 1% traffic, scale to 25%).
• Acceptance: dashboards live, SLA alerts for dispute spikes, rollback via feature flag possible in < 15 mins.

Operational tips: deploy backwards‑compatible behind feature flags; use idempotency keys and safe retry with exponential backoff. Example idempotency pattern:

idempotency_key = f"{mandate.mandate_id}_{cart.id}"
# include idempotency_key in gateway checkout call to prevent duplicates

Compliance Checklist & UX Mandates for Low‑Literacy, Low‑Bandwidth Markets

Enforce cryptographically signed mandates (intent/cart mandates) at the payment gateway, use HSM/KMS for keys, escrow for first‑time merchants, tamper‑evident audit logs and idempotency keys; this prevents surprise charges and creates an auditable trail. Map these controls to NDPA (consent rules), POPIA (data protection), AP2/MCP (mandate + intent patterns) and PCI‑DSS (payment handling). In Nigeria, integrate with Paystack/Flutterwave and use SMS/USSD/WhatsApp + audio in Hausa/Yoruba/Igbo for shared‑phone users.

• Technical Controls
  • Signed intent mandates (VDC) — purpose‑bound, TTL, single‑use.
  • Gateway enforcement — reject checkout if mandate invalid/expired.
  • VDC issuance service — expose mandate_id & short hash to client.
  • Tamper‑evident, append‑only audit logs with signatures.
  • Escrow capability for first‑time merchants / high‑risk txns.
  • KMS/HSM key management with rotation and attestation.
  • Idempotency keys for checkout to prevent double charges.
• Operational Controls
  • Consent records retention and searchable logs (NDPA/POPIA-ready).
  • Breach & incident playbook with NDPA/NDPR notification timelines.
  • Dispute SLA (e.g., initial response 48 hrs, resolution 14 days).
  • Third‑party merchant due diligence and onboarding checks.
  • Independent audits and published remediation timelines.
• UX Mandates
  • Plain‑language consent, no pre‑checked upsells.
  • Show image + short hash bound into mandate for delivery matching.
  • Audio confirmation in local languages before payment.
  • SMS/USSD/WhatsApp fallback for mandate & dispute flows.
  • One‑tap revoke available for 24–48 hours post‑purchase.
  • Escrow badge for first‑time merchants until delivery proof.

Public metrics to publish: complaint rate (per 1,000 txns), refund rate, mandate revocation rate, composite Trust Score. Governance triggers: Trust ≥80 = full visibility; 60–79 = limited visibility + quarterly audit; <60 = suspend merchant pending remediation.

{"action":"revoke_mandate","mandate_id":"mandate_123","user_id":"user_abc"}

Consent screen template (paste): "This mandate lets the agent buy only the pictured item (Image ID: 4f2a9), spend up to ₦X, and act for 48 hours. You can revoke instantly via the Revoke button, or by SMS/USSD. We hold funds in escrow for first‑time sellers and keep a signed receipt for disputes."

Conclusion, Operational Playbook & Call to Action

Mandate‑first flows (VDC‑signed intents), human‑in‑the‑loop escalation and server‑side enforcement close the "What I Ordered vs. Got" gap and map directly to NDPA (Nigeria), POPIA (South Africa) and AP2/MCP anchors — delivering documented consent, auditable receipts and purpose‑bound authorizations.

• Start a consent‑first pilot (low‑threshold mandates).
• Instrument key metrics: mandate_acceptance, blocked_attempts, disputes.
• Assign cross‑functional owners: product — mandate UX; security — keys & gateway; legal — consent text & retention; ops — dispute resolution.
• Publish a short customer explainer with sample VDC receipts.
• Offers: production‑ready mandate schema; security architecture review; one‑page compliance checklist.

metrics = ["mandate_acceptance","blocked_attempts","disputes"]

‘In markets where trust is scarce, consent-first agent commerce is not a friction — it’s insurance for reputation and growth.’

Final Reflection

AI agents are changing how customers shop and how businesses fulfil orders, but without clear protections users can get misled and brands can face reputational and legal risk. Implementing consumer protection for agentic commerce in Nigeria and South Africa will build trust, reduce fraud, and unlock adoption across markets. For marketers, that means clearer promises, reliable fulfilment metrics and higher conversion from confident buyers. For CTOs, it means putting transparency, audit logs and dispute workflows into system design so agents can be inspected and corrected. For founders, it means designing products and policies that balance speed with accountability to avoid costly recalls and regulatory action. Practical steps—standards, rights to explanations, complaint channels and cross-border cooperation—deliver measurable impact: fewer disputes, stronger brands and wider consumer uptake. Prioritising consumer protection is not a brake on innovation; it is the foundation that lets AI-driven commerce scale sustainably and earn the trust it needs to succeed.