Payment Security Protocols

Agentic payments has at least 10 different protocols. Here's what each one does. They're not all solving the same problem. That's why there are so many. T hree different jobs get lumped together: - Agents buying from merchants for consumers - Agents paying invoices for businesses and - Agents paying each other for compute and data at machine speed. The map sorts them by what layer of the stack they sit on. --- Agent communication (how agents talk to each other) - MCP: Anthropic's standard for agents to connect to tools and data - A2A: Google's standard for agents to communicate with other agents --- Agent trust (should I believe this agent?) - Visa TAP: lets merchants verify an agent is trusted and carrying real payment credentials - ERC-8004: on-chain registry for agent identity, reputation, and validation --- Mandate collection (what is this agent authorized to do?) - AP2: Google's framework for humans to delegate payment authority to agents --- Transaction coordination (what are we paying for?) - ACP: OpenAI and Stripe's standard for carts and payment tokens. Live in ChatGPT with Etsy, Instacart - UCP: Google and Shopify's framework, where merchants publish manifests agents can discover and negotiate with - MPP: Tempo and Stripe's protocol for agent-to-agent or HTTP payments over cards, stablecoins, and Lightning - x402: Coinbase and Cloudflare's. Agent hits a gated resource, gets a stablecoin payment prompt - AXTP: early-stage protocol for agents to pay for MCP servers --- Transaction authentication (is this payment legitimate?) - VIC: Visa Intelligent Commerce. Secure card-like tokens for agents on the Visa network - MAP: Mastercard Agent Pay. Same idea, Mastercard network - Stablecoins: card-like guarantees plus programmability, no universal standard yet --- Two patterns stand out. A Google stack is quietly emerging. A2A then AP2 then UCP is a coherent end-to-end flow for both commerce and non-commerce payments. Google has shipped internet standards before. Agent-native payments are the sleeper. HTTP 402 was reserved in 1997 for "Payment Required" and never implemented. Agents are finally forcing the issue. MPP and x402 are small today. In a decade they could be the majority of all payments. Standards will compete. Some will die. But software that can discover, negotiate, and pay for resources on its own is coming regardless of which protocol wins. At least now you have a map.

The  #SEPA Verification Of Payee (VOP) is out. And it’s fundamental in advancing Europe’s payment ecosystem in two main directions: 1) combat fraud and 2) instant payments. Let’s take a look. What is it? It’s a set of rules, practices, and standards to achieve interoperability for the provision and operation of verifying Payment Account Numbers and Names within SEPA. Why is it needed? Fraud is payments’ number one problem. As instant  #payments become the new norm, being able to confirm a payee’s identity before making a transaction is crucial. Why now? It’s part of the EU’s Instant Payments Regulation, adopted by the European Parliament in March 2024.  Hence a prerequisite for the roll-out of  #instantpayments. What was announced exactly? The European Payments Council (EPC) has published – after a 3-month consultation - on October 10th the VOP rulebook and on October 31st the VoP specifications. Types of transactions: —    SEPA Credit Transfer (SCT) —    SEPA Instant Credit Transfer (SCT Inst) Use Cases: 1.     Payee IBAN and name verification 2.     Additional verification of a payee unambiguous identification code (e.g. VAT number, Legal Entity Identifier, social security code) Roles: 1.     The Requester – a natural or a legal person that initiates a Payment Account-based Payment. The payer. 2.     The Payment Counterparty – a natural or a legal person that holds a payment account at a PSP based in SEPA. It is the party that receives the payment (the payee). 3.     The Requesting PSP – the PSP of the Requester. The Requesting PSP may also be the Requester. 4.     The Responding PSP – the PSP of the Payment Counterparty. The Responding PSP may also be the Payment Counterparty. 5.     Routing and/or Verification Mechanisms (RVMs) – mechanism to route VOP Requests and related VOP Responses, to Responding PSPs and Requesting PSPs respectively. 6.     The EPC Directory Service (EDS) – a central directory that stores and maintains all required operational data about Participants. Clarifications: —    The VOP scheme is neither a payment means nor a payment instrument but essentially a messaging functionality that allows the payer to verify certain data about a payee (though it cannot be relied upon to identify a private or a legal person). —    The service should be provided instantly. —    PSPs are not liable for the execution of a transaction to an unintended payee provided they correctly perform VOP. Consequences if they don’t: 1) refund obligation 2) penalties. Opinions: my own, Source: European Payments Council

In the first half of 2024, £571 million was lost to card payment fraud in the UK alone, much of it driven by scams on social media. Fraud has clearly evolved, adopting more modern and sophisticated tactics. In payment, one standard governing how card data is protected, namely how it is stored, processed, and transmitted, is the PCI DSS directives. The Payment Card Industry Data Security Standard was created in 2004 and has been the backbone of payment security for nearly 20 years. This year marks a big shift. Its latest version, PCI DSS v4.0, will become mandatory in March 2025. This is the first major update in over a decade, so worth taking a closer look at the key changes. Overall, PCI DSS v4.0 focuses on critical aspects such as encryption, authentication, network segmentation, and vulnerability testing, ensuring businesses are better equipped to handle the 'modern' security threats that are increasingly sophisticated too. ◾As such one of the key changes is the introduction of a flexible compliance approach. This means merchants can choose security measures that best fit their specific needs and risks. This approach is well-aligned with how businesses today manage their security challenges. In the same way that authentication frameworks are becoming more adaptive to varying levels of risk, other security measures are also evolving to be more context-specific and scalable. ◾Another key update focuses on the Stronger Authentication framework. Multi-factor authentication (MFA) is now mandatory for all accounts accessing sensitive payment systems, including remote administrative access. Specifically, MFA is required for all accounts that interact with the Cardholder Data Environment (CDE). ◾Stronger encryption and better key management are now essential. Businesses must use modern encryption methods instead of outdated ones. They also need to improve how encryption keys are created, shared, and stored to reduce the risk of data breaches and unauthorised access. ◾Given the industry’s shift towards real-time data processing, the latest guidelines also encourage automated monitoring and the use of tools that enable businesses to detect and flag non-compliance in real time. 👉🏽#Paymentexperts any perspectives to share on #pcidss🎙️? --- 𝑾𝒐𝒏𝒅𝒆𝒓 𝒘𝒉𝒐 𝒘𝒆 𝒂𝒓𝒆? 𝑊𝑒 𝑎𝑟𝑒 𝑎 𝑡𝑒𝑎𝑚 𝑜𝑓 𝑃𝑎𝑦𝑚𝑒𝑛𝑡𝑠 𝑆𝑡𝑟𝑎𝑡𝑒𝑔𝑖𝑠𝑡𝑠, 𝑏𝑙𝑒𝑛𝑑𝑖𝑛𝑔 𝑐𝑜𝑟𝑒 𝑡𝑒𝑐ℎ𝑛𝑖𝑐𝑎𝑙, 𝑜𝑝𝑒𝑟𝑎𝑡𝑖𝑜𝑛𝑎𝑙, 𝑎𝑛𝑑 𝑐𝑜𝑚𝑚𝑒𝑟𝑐𝑖𝑎𝑙 𝑒𝑥𝑝𝑒𝑟𝑡𝑖𝑠𝑒 𝑤𝑖𝑡ℎ 𝑎 𝑐𝑟𝑒𝑎𝑡𝑖𝑣𝑒 𝑎𝑝𝑝𝑟𝑜𝑎𝑐ℎ. 𝑊𝑒 𝑎𝑠𝑠𝑖𝑠𝑡 𝑐𝑙𝑖𝑒𝑛𝑡𝑠 𝑡ℎ𝑟𝑜𝑢𝑔ℎ 𝐶𝑜𝑛𝑠𝑢𝑙𝑡𝑖𝑛𝑔, 𝑆𝑡𝑟𝑎𝑡𝑒𝑔𝑦, 𝑅𝑒𝑠𝑒𝑎𝑟𝑐ℎ, 𝑎𝑛𝑑 𝑇ℎ𝑜𝑢𝑔ℎ𝑡 𝐿𝑒𝑎𝑑𝑒𝑟𝑠ℎ𝑖𝑝 𝑝𝑟𝑜𝑗𝑒𝑐𝑡𝑠. 𝑳𝒐𝒐𝒌𝒊𝒏𝒈 𝒇𝒐𝒓 𝒑𝒂𝒚𝒎𝒆𝒏𝒕 𝒍𝒆𝒂𝒓𝒏𝒊𝒏𝒈 𝒓𝒆𝒔𝒐𝒖𝒓𝒄𝒆? ◼️ Sign up to our unique Payment Assets Library here: https://lnkd.in/dVXjGkzB ◼️Follow Paypr.work [ˈpeɪpəwəːk] for more #paymentinfographics #paymentstrategy #payprwork #paymentinsights

Your AI agent can book your flight, order your groceries, and snag those concert tickets ... but how does it pay for it all securely? This has been the critical, unanswered question for AI-driven commerce. Traditional payment systems are built for humans to click "buy," creating a massive gap in trust, authorisation, and accountability for agents. That's why I believe that Google Cloud's Agent Payments Protocol (AP2) is such a big deal. Developed in collaboration with over 60 industry leaders (like Mastercard, PayPal, Adyen, and Salesforce), AP2 is an open protocol that acts as the new "trust layer" for agent transactions. Here's the core idea: It uses Mandates which are tamper-proof, cryptographically-signed contracts that provide verifiable proof of your instructions. This creates a secure audit trail from your initial request (the "Intent") to the final, approved cart (the "Cart Mandate") and the payment itself. This is the foundational plumbing we need to unlock secure, autonomous commerce. It's a huge step forward in building a future where we can confidently delegate tasks to AI. The protocol is open for collaboration on GitHub. What do you think? Is this the missing link for mainstream agent-led commerce?

Collecting API keys, tokens, and credentials through MCP has presented significant security and UX challenges. Our customers aren’t strangers to these challenges. You have to either trust the client with sensitive credentials or build complex, custom authorization logic from scratch. The new MCP update includes URL mode elicitation. It’s a standardized, secure alternative that enables MCP servers to direct users to a dedicated browser-based authentication like OAuth. Users authenticate in a secure context, and the resulting credentials are handled directly by the server. The big deal? ◾ No need to authorize every service upfront. You'll be prompted the moment an action actually needs access. ◾ Authorize directly with each service. The MCP client never sees or stores your credentials. Authentication happens between you and the service itself. This change meaningfully expands the range of scenarios the protocol can support, including: ① Secure credential collection: API keys and passwords no longer pass through the client. ② External OAuth flows: Servers can directly obtain third-party authorization without token passthrough. ③ Payment processing: PCI-compliant financial interactions can occur securely in the browser and outside the client environment. Beyond these scenarios, URL Elicitation introduces several important operational and security guarantees: → URL-based elicitations follow an asynchronous pattern. After the user completes the out-of-band flow, servers send an elicitation/complete notification identifying the original request, while clients are expected to handle cases where the flow is abandoned. → The specification enforces strong security constraints. Only HTTPS URLs are permitted, clients must validate URLs to prevent SSRF risks, and clients are required to clearly display the target domain before redirecting users. → This mechanism does not replace MCP’s core authorization model. Instead, it provides a dedicated pathway for servers to acquire third-party credentials or perform sensitive authorization steps without exposing them to the client. The server simply provides a URL, the client surfaces it, and upon completion the server receives the necessary tokens directly. It's a secure, simple, and standardized solution to a tricky problem.

🔒 𝗧𝗼𝗱𝗮𝘆'𝘀 𝗧𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝗗𝗲𝗲𝗽-𝗗𝗶𝘃𝗲: 𝗧𝗵𝗲 𝗘𝘃𝗼𝗹𝘂𝘁𝗶𝗼𝗻 𝗼𝗳 𝟯𝗗 𝗦𝗲𝗰𝘂𝗿𝗲 𝗔𝘂𝘁𝗵𝗲𝗻𝘁𝗶𝗰𝗮𝘁𝗶𝗼𝗻 Let's look at how 3D Secure 2.0 (3DS 2.0) is revolutionizing payment authentication, with a focus on the technical implementation. 𝗧𝗵𝗲 𝗘𝘃𝗼𝗹𝘂𝘁𝗶𝗼𝗻 -- Originally developed in 1999, 3DS was built on a three-domain model: • Acquirer Domain (merchant/bank receiving payment) • Issuer Domain (cardholder's bank) • Interoperability Domain (supporting infrastructure) 🔧 𝗧𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝗔𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲 - 𝟯𝗗𝗦 𝟮.𝟬 𝗘𝗻𝗵𝗮𝗻𝗰𝗲𝗱 𝗙𝗹𝗼𝘄 1. Customer initiates checkout 2. Merchant sends transaction to fraud vendor including data like:   • Device fingerprinting   • Geolocation data   • Transaction history   • Behavioral biometrics 3. Real-time risk assessment from fraud vendor -- Is the transaction risky? 4.From here, the transaction takes one of two possible paths:   a) Frictionless: Background authentication for low-risk transactions   b) Challenge: Biometric or one-time code for high-risk cases 🛠️ 𝗧𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝗜𝗺𝗽𝗿𝗼𝘃𝗲𝗺𝗲𝗻𝘁𝘀 𝗼𝘃𝗲𝗿 𝟯𝗗𝗦 𝟭.𝟬 1. Authentication Methods: • SDK integration for native mobile apps • Browser fingerprinting • Device binding • Biometric authentication • One-time passcodes 2. Data Exchange: • Minimum 20 data points required • Up to 100 data points supported • Real-time risk scoring • Device-specific information • Transaction history analysis 3. Protocol Enhancements: • Native app support • Out-of-band authentication • Decoupled authentication flows • Exemption handling • Delegated authentication support 💡 𝗜𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗕𝗲𝗻𝗲𝗳𝗶𝘁𝘀: 1. Superior Risk Assessment • 10x more data compared to 3DS 1.0 • Real-time device data collection • Enhanced fraud prevention capabilities • Intelligent risk-based authentication 2. Modern Authentication Methods • Biometric integration • Auto-filling OTP capabilities • Mobile banking app authentication • Device-optimized challenges 3. Enhanced Liability Protection • Fraud chargeback liability shift to issuers • Protection even when issuers don't participate • Reduced merchant risk exposure 4. Seamless Integration • Native SDK support for iOS/Android • Optimized iFrame for browsers • Embedded checkout experience • Device-responsive design 5. Improved Acceptance Rates • Reduced acceptance gap between POS and CNP • Enhanced issuer confidence • Better transaction success rates What are your thoughts on 3DS? 💬 Sources: ACI Worldwide, inai (YC S21), Worldpay #Payments #FinTech #3DS2 #FraudPrevention #Authentication

Google AI Introduces Agent Payments Protocol (AP2): An Open Protocol for Interoperable AI Agent Checkout Across Merchants and Wallets Your shopping agent auto-purchases a $499 Pro plan instead of the $49 Basic tier—who’s on the hook: the user, the agent’s developer, or the merchant? This trust gap is a primary blocker for agent-led checkout on today’s payment rails. Google’s Agent Payments Protocol (AP2) addresses it with an open, interoperable specification for agent-initiated payments, defining a cryptographically verifiable common language so any compliant agent can transact with any compliant merchant globally. Google’s Agent Payments Protocol (AP2) is an open, vendor-neutral specification for executing payments initiated by AI agents with cryptographic, auditable proof of user intent. AP2 extends existing open protocols—Agent2Agent (A2A) and Model Context Protocol (MCP)—to define how agents, merchants, and payment processors exchange verifiable evidence across the “intent → cart → payment” pipeline. The goal is to close the trust gap in agent-led commerce without fragmenting the payments ecosystem..... full story: https://lnkd.in/gbq8RNRx github page: https://lnkd.in/gDEhbBRt project page: https://lnkd.in/ggN-PdPS technical details: https://lnkd.in/gzCv8nRi Google Google AI Ivan 🥁 Nardini Google Cloud Heiko Hotz

I still remember the first time an OTP failed right when a client was trying to pay us. Panic, refresh, repeat. We got the money, but it shouldn’t feel that fragile. From April 1, 2026, the #RBI is moving the entire system forward: two-factor authentication will be mandatory for all digital payments, and it doesn’t have to be OTP alone. Biometrics, device tokens, passphrases, and risk-based checks are now part of the toolbox. Cross-border card-not-present payments also undergo tighter validation when the overseas merchant requests it. For those running payments operations, the time for preparation is now. You should not wait to pilot biometric or device-token authentication flows. Crucially, you must establish a risk-based step-up authentication map: low-risk transactions should be processed quickly for a better customer experience, while high-risk transactions must immediately trigger an extra security check. Get firm commitments from your PSPs and issuers, confirming their April 2026 readiness and locking in testing windows. Finally, be ready for customer impact. Train your support teams thoroughly, as new authentication methods will inevitably lead to new and specific customer inquiries. Safer payments, fewer OTP failures, and more flexibility. That’s a good trade. If you’re already testing alternatives to OTP, what’s working best: device tokens, biometrics, or passphrases?

🚨 Deep Dive: Google’s AP2 Explained: The Rulebook for Agent-Led Payments Imagine telling your AI assistant to “just buy it for me” and having it actually go through with the purchase – safely, securely, and without you clicking any “Buy Now” button. Google’s new Agent Payments Protocol (AP2) is betting on exactly that future. Announced in September 2025, AP2 is an open standard designed so AI agents can initiate payments on our behalf across different platforms. In other words, it’s a common rulebook that lets your autonomous digital sidekicks not only talk a big game, but also transact – whether that means paying a merchant, subscribing to a service, or even paying another agent. And it’s not just a Google pet project; over 60 organizations (from Mastercard and American Express to Coinbase and PayPal) are collaborating to shape this standard. Why? Because as AI assistants evolve from simple chatbots into full-fledged shopping and task-doing agents, the last missing piece is giving them a wallet – and making sure they don’t run off with it. But enabling AI-driven payments isn’t as simple as handing your credit card to a robot. It raises a million questions around trust: How do you prove an AI had permission to make a purchase? How can a merchant be sure the request isn’t some AI hallucination or fraud? And if something goes wrong, who’s liable – you, the agent’s creator, the bank? These are exactly the trust issues AP2 tackles head-on, with a blend of cryptography, digital “contracts,” and industry-wide guardrails. In this deep dive, we’ll break down why AP2 exists, how it works (in plain English, promise!), and what it means for banks, payment networks, stablecoins, and the whole fintech world. Grab your favorite fintech beverage (kombucha? coffee?) and let’s explore this new protocol that has AI agents doing more and more – and might just change how we think about payments. Would you let your chatbot pick up the tab? Let’s see if AP2 can make that a reality #fintech #payments #banking