By Contributor David G.W. Birch
Technicians work on the bionic humanoid robots at a workshop of Ex-Robots factory on June 23, 2025 … More in Dalian, Liaoning Province of China (Photo by VCG/VCG via Getty Images).
VCG via Getty Images
At the Merchant Payments Ecosystem conference in Berlin earlier this year, I saw Simon Redfern from the Open Banking Project (the people behind the Berlin APIs for open banking in Europe) give an eye-opening presentation on Disrupting Payments with Autonomous Agents and APIs in which he explored the impact of the shift to agentic commerce on the retail payments sector. In summary: huge.
Agentic Commerce Within Reach?
Despite the limitations of current AI models, I think that full agentic commerce is not that far away, and to those industry observers who think that consumers might be reluctant to hand over purchasing power to, I would merely point out that swathes of the population already use agents as therapists, as life partners and as investment advisors. It is a very small step for them to use agents to make payments!
Given this impending shift, I am very curious about the fintech sectorās strategic response, and I found Simonās insights particularly helpful and I have been reflecting on them in the light of recent activity around payments in agentic commerce environments. Announcementās such as Mastercardās Agent Pay initiative, Visaās Intelligent Commerce, Coinbaseās x402 approach and Stripeās acquisitions have brought energy and focus to a payments sector that is on the cusp of radical change.
(Stripe, in particular, is embracing the scale of change. With the acquisitions of Bridge and Privy, Stripe is not simply chasing the future of payments, it is building it. By bringing to together Bridgeās stablecoin payment capabilities and Privyās embedded wallet infrastructure it is developing programmable, borderless finances delivered through APIs.)
Anyway, back to Berlin. Simon identified three broad categories of impact that agents will have on retail financial services. I have labelled these management, optimisation and execution, and I found them to be a useful way of organising discussions in a financial services context:
MORE FOR YOU
Management includes analysing data to provide insight, taking care of bills and subscriptions, looking after financial health issues such as savings plans and so on;
Optimisation takes care of finding the best deals, selecting payment methods based on fees & rates, obtaining rewards and scheduling payments;
Execution means making bookings, obtaining tickets, subscriptions payments, tracking prices and executing purchases at the best moment, applying promotional codes and loyalty points and so on.
Now, it is one thing to draw some clouds on a whiteboard, of course, and quite another to drop down a level to begin to understand how agents will achieve the variety of impacts described above. I wrote recently how the Model Context Protocol (MCP), an open standard that enables developers to connect their data sources and AI-powered tools, will accelerate the evolution of agentic commerce (a-commerce) so I thought it might be of interest to people to show how it is used in practice by returning to Simonās live demo (I know it was live because some of it didnāt work and I take my hat off to him, because I would always rather see a live demo than a canned demo) of Opey, their agent for open banking. Open is informed by open banking protocol documentation so it can understand natural language questions and respond with well-structured answers (ie, combinations of API calls that will satisfy the data and service requirements for various use cases) by following a three step process:
Parse: Opey ingests Swagger-deļ¬ned API endpoints, organising them into structured, retrievable documents.
Identify: Using vector similarity search, Opey interprets queries and identiļ¬es the most relevant API endpoints.
Execute: Opey uses tools to call the relevant APIs.
Given my obsession with identity, Simonās comments on access control caught my eye.
They all look like people to me.
Ā© Helen Holmes (2025).
Simon made the point that existing open banking access controls operate under broad consents, whereas agentic access controls need more dynamic and granular permissions. Some examples that he gave were āallow this agent to make travel-related payments but not other purchasesā and āthis agent can only approve transactions under ā¬500 unless I manually conļ¬rmā.
He is correct, and indeed this is where the Visa, Mastercard and Paypal announcements mentioned earlier have all focussed. If you look at Visaās approach, for example, they onboard agents to their Visa Intelligent Commerce platform and then when the agent wants to make a purchase of ātheirā consumers, the consumer uses a passkey to give permission and then the agent obtains a payment credential (ie, a network token) to give to the merchant. Importantly, and this is obviously one of the key roles that the networks can provide, the transaction outcome is shared with the platform in order to facilitate dispute resolution.
Agentic Commerce Needs Identity
The need to identify agents (whether to register them with a network or for a wide variety of other reasons) provides some amazing growth opportunities in the digital identity world and I strongly agree with the noted venture capitalists at Andreessen Horowitz who call for agents to be given a single, portable āpassportā. I might disagree with them about the need for agents to use a single passport (for privacy-related reasons I can see the agents might need multiple, non-correlatable identities) but they are right to say that there is no way to know how to pay the agent, know who the agent is working on behalf of, or trace its reputation. Agents need access to an identity infrastructure the works across all interfaces (eg, email, Slack, inter-agent and whatever). Without this infrastructure, every applications needs to rebuild the plumbing from scratch.
How should we build this infrastructure? Well, why reinvent the wheel when we already know that verifiable credentials (VCs) are a viable way forward? This means new businesses springing up and I saw an article saying that one of these businesses will be granting agents access to our VCs to get stuff done on our behalf, but actually I think thatās not quite right. We donāt want AIs to present our verifiable credentials we want AIs to present their own verifiable credentials that we have consented to authorise. In other words, my bot shouldnāt show up at a bank pretending to me: it should show up at a bank as a bot acting on my behalf. Now, this makes digital identity for bots more complicated, but also more flexible.
I can safely say that the ABCs of digital identity (that is, know-your-Agent, know-your-Business and know-your-Customer) should be front and centre in the strategies of financial services organisations looking to take advantage of the shift to agentic commerce.
Editorial StandardsReprints & Permissions