Category Archives: Agentic Commerce

Is Know Your Agent (KYA) Really Necessary?

Posted on by
Reply

Is “Know Your Agent” (KYA) Really Necessary? The tale of an Orphan Signal

Short Blog | June 2026

A new category of startup has emerged around “Know Your Agent” (KYA) — the idea that merchants and payment platforms need a framework to verify the identity, authority, and auditability of AI agents acting on behalf of consumers. PYMNTS has covered the space extensively, and KnowYourAgent.xyz is already pitching merchants on “identity, policy controls, and evidence for every AI-agent transaction at checkout.” The framing is intuitive: if a bot is buying something, shouldn’t you know who sent it?

I want to push back — not on the problem, but on whether KYA, as a standalone service category, is the right solution.

Continue reading

Carts and Mandates: Decoupling Discovery, Authentication, and Liability 

Posted on by
Reply

Executive Summary

I just got back from 2 weeks of vacation and catching up on all that transpired. No one reads this blog for its technical depth, but a few browse it for the economic implications and power struggles going on behind the scenes (hence “inside baseball”).

I/O 2026 was last week (see product announcements). The Commerce team showed how Universal Cart, Universal Commerce Protocol (UCP) and Agent Payments Protocol (AP2) would drive a frictionless revolution in digital commerce.  By consolidating products from Search, Gemini, YouTube, and Gmail into a single persistent cart, Google is attempting to establish itself as the default transaction and orchestration layer of the internet. While consumers would love to engage across any platform and any retailer from any device…. A universal cart is also necessary for operating across any agentic platform and “specialist”.  Agentic commerce is certainly gaining traction, but Walmart’s Rufas and Amazon’s Alexa also want to play in the game at the front end (so does Open AI)

Wallet expansion to universal cart is great for Google; however, it’s not great for everyone else, as platforms make for poor custodians (i.e., they are not neutral). Particularly when it comes to controlling credentials and measuring their own effectiveness.  My concerns here are shared by retailers, banks, processors and networks as this architecture conceals a profound structural conflict over control and economic value.  Google’s “own-it-all” will create a great customer experience, and allow them to move agentic from the current “conversational commerce to merchant checkout” state, but who wants to invest in a platform where they become disintermediated, or a dumb fulfillment pipe? 

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

The Power to Price

Posted on by
Reply

The best lever of economic margin for investors to track is power to price. In classical economics, pricing power is not merely a reflection of market share, but rather the capacity of an economic actor to minimize transaction costs while maintaining strategic control over data, risk, and user experience. Historically, eCommerce has operated under a macroeconomic paradigm where merchants absorb the operational and financial frictions of the conversion funnel, while payment networks and processors leverage their scale to price security, identity, VAS and settlement infrastructure.

Continue reading

DPCs Great Idea with a Long Way To Go

Posted on by
4

© Starpoint LLP, 2026. No part of this site, blog.starpointllp.com, may be reproduced or retransmitted, in whole or in part, in any manner without the permission of the copyright owner. Also, see our Legal/Disclaimer (this is a highly opinionated and partially informed blog). Enterprise readers, please consider an Enterprise Subscription (not required for Starpoint Clients). 

Executive Summary

I’m fortunate to chat with a diversity of large payment network stakeholders. As most of you know, I view the challenge in payments more from a political/incentive viewpoint than a technical one. The alphabet soup of new standards is hard to keep up with, but be assured that each one has a proponent (who benefits) and a group of resistors. Innovation in a network is hard, as existing stakeholders have built assets and competitive positions based upon how things work today. Today’s blog covers DPCs. DPCs may not be the biggest threat, but they are the newest. I’m not going to attempt a deep tech dive into DPCs; my effort is focused more on the challenges faced by any new payment innovation to gain traction and scale. Network effects are hard to beat!

Why read this blog? My readers know I view identity and authentication as part of the core “bundle” of payments, and Visa/MA are the de facto identity infrastructure of the internet because they unlock the power of banks (ie KYC) within a commercial framework with active governance. Today we are breaking down the latest “threat”: Digital Payment Credentials (DPCs) within Agentic(ie Gemini, GPay). The quick summary is that DPCs are an amazing technical innovation without a commercial framework or active governance, and thus will be challenged to operate separately from established networks (just like Stablecoins). This 23 page monster blog is a breakdown of the politics and the tech.

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

EMVCo and DPCs

Posted on by
Reply

This should be a 20 page blog… but I don’t have time this week. Big picture thoughts

The April 28, 2026 announcement of Google’s donation of the Agent Payments Protocol (AP2) to the FIDO Alliance signals Google’s desire to move payments from the legacy Device Primary Account Number (DPAN) model to the Digital Payment Credential (DPC) mandate framework. For identity and payment experts, this shift represents more than a technical update; it is an effort to commoditize the proprietary trust moats built by card networks and Apple through a standardized, platform-agnostic infrastructure.

© Starpoint LLP, 2026. No part of this site, blog.starpointllp.com, may be reproduced or retransmitted, in whole or in part, in any manner without the permission of the copyright owner. Also, see our Legal/Disclaimer(this is a highly opinionated and partially informed blog). Enterprise readers, please consider an Enterprise Subscription(not required for Starpoint Clients).

Continue reading

AP2 Donation to FIDO 

Posted on by
Reply

Yesterday Google donated AP2 to the FIDO Alliance , let me share my thoughts on what this means.  

  1. Effort to drive cross-industry standardization and extend Google’s established success within the FIDO ecosystem (log in with Google) while addressing the structural limitations of FIDO.

  2. A “tipping point” transition from “Identity as a Service” to “Identity as an Infrastructure,” where the mobile handset functions as the primary root of trust for autonomous commerce. Google is telling FIDO that they must incorporate elements of W3C VCs to have a future.

  3. Google’s first big public move toward device bound credentials (Titan M2, Anroid Credential Manager, Android Ready Alliance, …etc).

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

Federated Models Need Measurement

Posted on by
Reply

A follow on blog to my Intent data post yesterday. Where intent is needed for authorization, measurement is needed by every “specialist” participating in an agentic interaction. As background I was founder/CEO of Commerce Signals, focused on measurement and card transaction data. Measurement is a powerful business. In fact, I would say Google started out as a measurement company with the PageRank algorithm. By keeping track of what users clicked on which link for which search word, they created the directory of the internet. Let’s dig a little deeper into why measurement is key in agentic, and for all federated models.

Google is not building a monolithic “central brain” to disintermediate the ecosystem. Instead, as discussed in my UCP Blog (also see Ask Macy’s Case Study), they are fostering a world of specialist collaborative models that interact across three specific technical layers:

Continue reading

Agentic – Intent and the New “Data Games’

Posted on by
Reply

While the industry recognizes that agentic commerce is reshaping payments, the more immediate technical friction lies in how it re-engineers data sharing. We are moving past the “top-of-funnel” coordination of inventory and pricing seen in protocols like UCP/MCP, entering the more contentious territory of AP2/ACP to coordinate trust and payment.

The Collaboration Paradox

As I’ve noted in Strategic Innovation Era, we are seeing a “Retailer First” surge. Successes like Walmart’s Sparky and Amazon’s Rufus prove that retailers are intent on controlling their own data and checkout environments.

However, external collaboration is mandatory for scale. I remain a proponent of Google’s approach: rather than a monolithic LLM, they are building a world of specialist model partnerships. But collaboration requires data exchange—the primary point of friction in this stage of strategic innovation.

Continue reading

American Express Breaks the Agentic Commerce Deadlock: Why Today Matters

Posted on by
Reply

Why is this big news? Once one network says “we cover agent errors,” the others can’t say no.

The Problem We’ve Been Waiting for a Network to Solve

For the past eighteen months, I’ve written extensively about agentic commerce as a test of *incentive alignment*, not technology. The tech works. What doesn’t work is getting all parties—networks, issuers, merchants, platforms, and payment processors—to align around who owns the agent, who owns the data, and who bears the risk.

Today, American Express did something important: it solved that problem for its own closed loop (and its customer base). What does this mean? I hope it means US Issuers will lean in on the V/MA solutions that can allow them to operate at near parity (V/MA have the rules, tech and governance). But changing a network is really hard.

Continue reading

FIncen/OFAC 303 Page Rule Squashes Stablecoin eCom Ambitions

Posted on by
Reply

Exec Summary

  • New 303 Page FINCEN/OFAC Rule, aligns to the clear language of the Genius act, but IMHO will create major friction for use of USD stablecoins in eCommerce

  • Rules for tracking parties and monitoring secondary activity create a compliance regime that burdens every party with the need to understand the provenance of a coin. Can you imagine accepting $2000 for a new TV, shipping it out, then having your stablecoins burned?

  • So not only do we have KYC but we have SAR reporting requirements as PPSIs must also comply with SAR and the “Travel Rule” (31 CFR 1010.410(f)), which involves collecting and transmitting information about the originators and beneficiaries of funds transmittal.

  • Banks and Stablecoin Issuers that jumpted into Solana’s Token-2022 model saw this coming and are well placed to move forward

  • This creates substantial advantages for banks in sweeping coins into covered accounts and freshly minting new coins when required. 

  • Great news for Big Banks and V/MA. card gain signficant advantage over stablecoins with the proposed rule

  • I see this as tailwind for stablecoins in settlement, but a big headwind for stablecoin in eCommerce (with a few exceptions). 

  • My views on Stablecoin winners and losers remain unchanged except for an update to winners for x402.

  • No wonder Jamie Dimon remains confident that the banks will win, it will take years for stablecoin startups to build the regulatory muscle required to manage 303 pages of FinCEN mandates. By the time they do, the banks will already be running their own stablecoin subsidiaries under the very same rules.

The Rule

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) and OFAC issued a 303-page proposed rule implementing the GENIUS Act, reclassifying permitted payment stablecoin issuers (PPSIs) as financial institutions under the Bank Secrecy Act. Requirements include bank-grade KYC, suspicious activity reporting, transaction blocking/freezing capabilities, and appointment of a U.S.-based compliance officer. Enforcement begins January 2027. A 60-day comment period opens now.

The NPRM (Notice of Proposed Rulemaking) introduces 31 CFR Part 1033, which specifically outlines the obligations of PPSIs. The density of this document reflects the complexity of applying traditional banking rules to a distributed ledger environment.

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us