Tag Archives: AP2

UCP Enables a New Economy

Posted on by
1

Yesterday, Google’s CEO unveiled Universal Commerce Protocol (UCP) at NRF.  UCP represents a defining moment in the architecture of digital commerce; the strategic imperative is no longer merely about organizing the world’s information but about organizing the world’s commercial intent and empowering merchants to leverage their own data to construct superior customer experiences.  This shift is not incremental; it is a fundamental re-platforming of the digital economy, where Google is uniquely positioned to serve as the orchestrator within a “virtuous cycle” of interaction among retailers, consumers, and intelligent agents. 

“For many people, discovery is the fun part of shopping. Making a decision is where things get harder. As an indecisive shopper myself, I’m looking forward to the day when agents can help me get from discovery to purchase.

At Google, we’re busy laying the groundwork for this agentic ecosystem to work well. That includes building a common language for these systems and services to talk to each other.

As a next step we are introducing the Universal Commerce Protocol (UCP), designed for the era of agentic commerce. It was built to meet the needs of retailers AND customers, keeping the full customer relationship front and center — from the moments of discovery to decision and beyond”. – Sundar Pichai NRF – Jan 11 2026

Continue reading

AP2 as Merchant Signals – 4 Scenarios 

Posted on by
2

Today I’m outlining three near-term scenarios (24 months) for how AP2 signals will work in agentic commerce. Per my blog last week, AP2 is the agentic payment scheme with the most momentum (160+ partners), but in the immediate term (2026–2027), it will operate primarily in a “signals” metaphor for 3 main reasons:

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

Blog – AP2 Operations: Near Term – Long Term

Posted on by
Reply

© Starpoint LLP, 2025. No part of this site, blog.starpointllp.com, may be reproduced or retransmitted, in whole or in part, in any manner without the permission of the copyright owner. Also, see our Legal/Disclaimer(this is a highly opinionated and partially informed blog). Enterprise readers, please consider Enterprise Subscription (not required for Starpoint Clients).

As most of you know, AP2 is an open spec with over 160 partners. Today I’ll discuss 2 scenarios for how AP2 will integrate with card payments (with consumer Authorization). While most understand the technology behind these scenarios, the politics and strategies may provide the best insights. Identity needs a network, but network effects create stasis or equilibrium as existing participants make investments based upon current operation. Cards are the incumbent, and networks have a great plan, the biggest hurdle isn’t tech, it’s getting everyone in the boat with the right controls, governance and economics.

  1. Scenario 1 – Near Term – AP2 credentials are one of many “signals” that work with merchant owned fraud. Signals will be consumed by Merchants and MSPs as they maintain responsibility for fraud risk, and by networks/Issuers for authorization (and tokenization). 3DS has been around since 2008, I wouldn’t expect us to move at lightspeed to scenario 2 until consumers (and new fraud vectors) drive us there.

  2. Scenario 2 – Long Term – Bank issued credentials inside the device bound secure Storage (Apple Enclave, Goog Titan M2, Samsung Knox) with Issuers (thru networks operating) as the governing authority. This will involve a liability shift, a new role for mobile in managing credentials, and a new governance regime. 

  3. Scenario 3 (not covered) is walled gardens that control all standards, operations and own the risk (ex Amazon).

A nice chart covering these scenarios is in this link, courtesy of Notebook LM and Julie Fergeson.

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

Discount “On Chain”. Value Exchange and Commercial Frameworks Will Define Success

Posted on by
Reply

Case studies in Agentic and JPM Kinexys

Key Themes

  1. Value exchange requires a commercial construct such as a contract, marketplace agreement or commercial network.

  2. Tech is enabling fragmentation both within an organization and across domains with finer-grained access to services (ex APIs), faster settlement (ex blockchain), immutable digital representations of physical world goods (ex NFT), digital trust and assertions (ex W3C Verifiable Credentials), …etc.

  3. While the tech is progressing at light speed, the real battle surrounds the structures, incentives and politics for how value is exchanged, and risk is assumed. 

  4. This atomization of products, services and organizations has created new opportunities for value orchestrators. For example, what if the battle for AI and Agentic Commerce is not about LLMs efficacy, but about enabling consumers to choose the best agent and permission it from their phone (ex Apple). 

  5. Free and Open are great tech models, but terrible business ones (ex Open Banking). Fragmented voluntary Agreements in Web3 and Agentic Commerce spaces struggle to scale due to high transaction costs associated with establishing bilateral trust.

  6. We are in a flux period where incumbent marketplaces and networks will dominate.  For example, there is little prospect for OpenAI to disrupt Google across 7B+ Devices, 3B+ consumer accounts, GC, Advertising, Analytics, Consumer/Enterprise Services. While the buzz of “on chain” finance is loud, application of DLT in closed private blockchains is driving the majority of growth by bringing new efficiencies to established businesses (JPM Kinexys). 

  7. While alternative “federated” and decentralized models are possible, their core challenges surround economics and governance. Who owns the end-end risk?  Who manages bad actors or system flaws? Where is the commercial agreement that assigns risk? 

  8. The next 10 yrs will NOT be a uniform movement toward one single future, but a fragmentation of how value exchange happens. For example, how identity is handled in Agentic commerce will depend on WHO owns the risk for the transaction (merchant, bank, PSP, Platform, Consumer)?  

  9. At the consumer end, I see mobile platforms acting as the controller/orchestrator for trusted interaction across healthcare, retail, government, agentic … etc. I wouldn’t count Apple “out” of the AI race as they may assume the consumer interface role for “everything”.

  10. Kinexsys Case Study – Closed network, strong governance, massive scale. 

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

Machine to Machine Transactions: How to Resolve Trust and Governance Gaps. 

Posted on by
Reply

FIDO, VC, AP2, Tokenization, Credential Issuance, Biometrics, …etc

Executive Summary

The transition to agentic, machine-to-machine (M2M) commerce creates a profound governance gap that existing technology-first standards cannot fill. Today, human-in-the-loop (HIL) transactions, whether at a point-of-sale or in eCommerce, are secured not by technology alone, but by the robust, contract-based governance and risk-allocation models of networks like Visa and Mastercard. As stated previously, V/MA are the identity infrastructure for the internet and identity is the core “shaping force” for all new payment schemes.

Continue reading

Stripe Agentic Commerce Protocol (ACP)

Posted on by
2

The best, and perhaps only, operable protocol that can solve agent payment issues today.

Stripe’s Agentic Commerce Protocol (ACP), co-developed with OpenAI, is a functional leap forward in enabling agentic commerce. While its open-source nature invites broad adoption, Stripe is uniquely able to “make it work” by leveraging its existing fraud-fighting assets. Another less reported benefit of ACP is payment rail agnostic operation. ACP will work for paybybank, PIX, EFTPOS, Swish, Bizum or anything else. Anywhere that Stipe’s device graph and Radar (Risk/Fraud) are effective. Stripe’s secure payment token plus risk signals allow merchants to operate the way they do today (no operational change).

ACP may only have a limited 2-3 yr runway as more advanced authentication methods become mainstream, and network rule sets/services advance to serve all agent providers (leveling the playing field).

Continue reading

Google Rolls out Agentic Payments Protocol (AP2) – Techie Blog

Posted on by
Reply

Yesterday Google rolled out AP2. Key summary bullets

  • I applaud Google’s efforts to advance AP with first focus on enabling a “Trusted Agent Economy”. AP2 (V0.1) on establishing the core architecture and enabling the most common use cases (cards, data payloads to support VC, human in the loop scenarios with step up). 

  • Long list of supporting participants including MA and Amex. However, no other AI platforms, nor Visa, Paze, or US Banks. 

  • Good detailed documentation on initial flows (see Github)

  • Introduction of Verifiable Credentials (VC) as the core of AP2 with a recognition that merchants (who own risk) may also need transaction fraud data. 

  • A twist on the identity provider of VC to become the [Payment] Credential provider, with initial focus on cards, Google has stated goal of designing AP2 to support stablecoin, push payment and other payment types. This “sets up” Visa and Mastercard to retain their roles as the authentication infrastructure for the internet, while also allowing for other networks (India UPI) and seperate identity providers (eID) to operate with the role.

  • My read is that Google has given up hope of making AP2 work in US, as Visa’s intelligent commerce framework is further along.  How tokens, Issuers and networks work within AP2 is not a big technical effort, but there are several things missing from AP2, for example the rule sets (3DS, DAF, TAF, …etc) which the credential (and transaction) operates under. 

  • The framework is solid, authentication will be a huge part of the challenge here.  Payment networks must control how authentication is performed by with their credentials. Visa and mastercard are the authentication infrastructure for the internet for a reason. Its not the technology, it is the governance, standards, enforcement and the operating rules which govern WHO OWNS THE RISK when authentication has broken. See Identity Models and Governance https://blog.starpointllp.com/?p=6470 

  • Of course stablecoins could work here, but guess who owns the risk when something happened that wasn’t authorized? There is no bank to complain to.. Your automated agent made a mistake and you (the consumer) have the loss.

  • AP2 will be successful as the communication protocol for between agents and stakeholders, but it requires credential providers with strong governance and operating rule constructs. Visa, MA, Amex, UPI/UIDAS and PayPal all fit that bill.  The challenge with this dependency is that the control points for progress are complex, as any change in a network requires buy in from existing stakeholders.

  • Expect Google to demonstrate the technical efficacy of AP2 with Stablecoin or Crypto first, and then look to adapt AP2 needs to credential providers

  • While the EU is the best market for Google to begin with, regulators are not keen on doing anything to help US big tech. My recommendation to Google is work on a US focus plan B that will involve US credential providers (ie Visa and Visa banks). AP2 can be the protocol, but most of it will need to operate within the authentication and rules of the credential provider.

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us