Understanding eIDAS Impact on Banking and Payments

What is eIDAS?

eIDAS stands for Electronic Identification, Authentication and Trust Services. It is European Union law — originally enacted in 2014 (eIDAS 1.0) and substantially revised in 2024 (eIDAS 2.0, formally Regulation 2024/1183) — that creates a legal framework for digital identity across all 27 EU member states.

The core ambition is straightforward: a citizen in Portugal should be able to use their national digital identity credential to authenticate with a German bank, a French hospital, or a Dutch government portal — and that credential should carry legal standing equivalent to a physical ID card.

eIDAS 2.0 goes further. It mandates that every EU member state must offer at least one European Digital Identity (EUDI) Wallet — a mobile application in which citizens store and selectively disclose certified attributes: their national eID, driving license, professional qualifications, and eventually bank account credentials or KYC attestations.

Continue reading

ZelleUSD — A Private Coin

Builds on: Stablecoins: A New Model of Trust | JPMorgan, Citi and TCH: Tokenized Deposits ON Chain | Open Banking, Open Payments and Trust Networks

Early Warning announced this week that Zelle is going international, starting with India — the world’s largest remittance destination. Alongside this, they unveiled ZelleUSD (ZLUSD), which they’re calling a “proprietary U.S. dollar-backed stablecoin.” Cue the analyst notes about banks “finally getting into stablecoin.”

I’m already laughing… this is Banks BEATING Stableocin and Remittance Providers at their own game with a closed network. This Is Not a competitor to USDC, and you can’t buy it on Coinbase, so Don’t Get Confused.

Continue reading

Agentic Data Battle: Intent

Paid Content

Key Friction Point in Agent (M2M) Transactions. Example of why real agentic transactions are 2-3 yrs away. We have a new party in a transaction that everyone needs to trust: the agent. Mastercard/Google Verifiable Intent is a LONG WAY from satisfying the need. It’s a self-attestation (see the Technical Addendum at the end of the Blog).

My prior blogs have focused extensively on the trust challenge in agentic commerce: authenticating the consumer and the agent (the actor). As I discussed in EMVCo and DPCs, financial institutions must verify and authenticate the four pillars of a transaction: the User, the Instrument, the Actor (Agent), and the Action (Payment). Today, I want to dive deeper into the fourth pillar—the Action—and the emerging battle over intent data.

A New Party to the Transaction

For decades, payment transactions have involved a familiar cast: the consumer, the merchant, the issuer, and the network. Each party has well-defined roles, risk allocation, and data flows governed by established rule sets. Agentic commerce introduces a new party: the Agent.

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

WWDC 2026: Apple Wallet

Apple announced a suite of new Wallet and Apple Pay features this week at WWDC 2026. None of them will make the front page of TechCrunch. But taken together, they reflect something far more interesting: a payments team that has been quietly executing “the best” wallet vision for over a decade, among the most disciplined groups in consumer payments. Continue reading

AP2 Donation to FIDO 

Yesterday Google donated AP2 to the FIDO Alliance , let me share my thoughts on what this means.  

  1. Effort to drive cross-industry standardization and extend Google’s established success within the FIDO ecosystem (log in with Google) while addressing the structural limitations of FIDO.
  2. A “tipping point” transition from “Identity as a Service” to “Identity as an Infrastructure,” where the mobile handset functions as the primary root of trust for autonomous commerce. Google is telling FIDO that they must incorporate elements of W3C VCs to have a future.
  3. Google’s first big public move toward device bound credentials (Titan M2, Anroid Credential Manager, Android Ready Alliance, …etc).

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

Agentic – Intent and the New “Data Games’

While the industry recognizes that agentic commerce is reshaping payments, the more immediate technical friction lies in how it re-engineers data sharing. We are moving past the “top-of-funnel” coordination of inventory and pricing seen in protocols like UCP/MCP, entering the more contentious territory of AP2/ACP to coordinate trust and payment.

The Collaboration Paradox

As I’ve noted in Strategic Innovation Era, we are seeing a “Retailer First” surge. Successes like Walmart’s Sparky and Amazon’s Rufus prove that retailers are intent on controlling their own data and checkout environments.

However, external collaboration is mandatory for scale. I remain a proponent of Google’s approach: rather than a monolithic LLM, they are building a world of specialist model partnerships. But collaboration requires data exchange—the primary point of friction in this stage of strategic innovation.

Continue reading

Owning Your Bot’s Actions: Target Part 2

In my previous post, covering Target’s “Your Bot is Your Responsibility”  was the only move they could make. When you let an AI bot loose with your credit card, you are effectively handing your car keys to a teenager; you can’t act surprised when there’s a dent in the bumper. But Target’s stance isn’t just a legal shield; it is a flare gun fired over a massive Governance Gap. Today’s agentic commerce is high on technology and standards, but dangerously low on the commercial terms that actually make markets function. To be clear, it’s not for lack of effort from V/MA, nor is it technology; it is resistance to change.

Continue reading

BankID Norway – Evolution and Success

If you follow my 80+ blogs on identity, you should like this success story today.  The Norwegian digital identity scheme, BankID, serves as the #2 best financial identity case study (behind India’s UIDAI) with a penetration rate of 97% across 4.7 million citizens. What could US banks learn? What are their challenges in replicating this model? 

Today I’m giving the background on what BankID is.. In part 2 I’m going to interview my good friend Eric Woodward, former president of Early Warning and the creator of Zelle_ID (see youtube), at least until it was killed as the new CEO asked “what on earth does identity have to do with payments”. OMG

The FIDO Alliance is hosting a Webinar on Bank ID Norway tomorrow at 7am pacific.

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

AP2 as Merchant Signals – 4 Scenarios 

Today I’m outlining three near-term scenarios (24 months) for how AP2 signals will work in agentic commerce. Per my blog last week, AP2 is the agentic payment scheme with the most momentum (160+ partners), but in the immediate term (2026–2027), it will operate primarily in a “signals” metaphor for 3 main reasons:

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

Blog – AP2 Operations: Near Term – Long Term

© Starpoint LLP, 2025. No part of this site, blog.starpointllp.com, may be reproduced or retransmitted, in whole or in part, in any manner without the permission of the copyright owner. Also, see our Legal/Disclaimer(this is a highly opinionated and partially informed blog). Enterprise readers, please consider Enterprise Subscription (not required for Starpoint Clients).

As most of you know, AP2 is an open spec with over 160 partners. Today I’ll discuss 2 scenarios for how AP2 will integrate with card payments (with consumer Authorization). While most understand the technology behind these scenarios, the politics and strategies may provide the best insights. Identity needs a network, but network effects create stasis or equilibrium as existing participants make investments based upon current operation. Cards are the incumbent, and networks have a great plan, the biggest hurdle isn’t tech, it’s getting everyone in the boat with the right controls, governance and economics.

  1. Scenario 1 – Near Term – AP2 credentials are one of many “signals” that work with merchant owned fraud. Signals will be consumed by Merchants and MSPs as they maintain responsibility for fraud risk, and by networks/Issuers for authorization (and tokenization). 3DS has been around since 2008, I wouldn’t expect us to move at lightspeed to scenario 2 until consumers (and new fraud vectors) drive us there.
  2. Scenario 2 – Long Term – Bank issued credentials inside the device bound secure Storage (Apple Enclave, Goog Titan M2, Samsung Knox) with Issuers (thru networks operating) as the governing authority. This will involve a liability shift, a new role for mobile in managing credentials, and a new governance regime. 
  3. Scenario 3 (not covered) is walled gardens that control all standards, operations and own the risk (ex Amazon).

A nice chart covering these scenarios is in this link, courtesy of Notebook LM and Julie Fergeson.

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us