Category Archives: Identity

AP2 Donation to FIDO 

Posted on by
Reply

Yesterday Google donated AP2 to the FIDO Alliance , let me share my thoughts on what this means.  

  1. Effort to drive cross-industry standardization and extend Google’s established success within the FIDO ecosystem (log in with Google) while addressing the structural limitations of FIDO.

  2. A “tipping point” transition from “Identity as a Service” to “Identity as an Infrastructure,” where the mobile handset functions as the primary root of trust for autonomous commerce. Google is telling FIDO that they must incorporate elements of W3C VCs to have a future.

  3. Google’s first big public move toward device bound credentials (Titan M2, Anroid Credential Manager, Android Ready Alliance, …etc).

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

Agentic – Intent and the New “Data Games’

Posted on by
Reply

While the industry recognizes that agentic commerce is reshaping payments, the more immediate technical friction lies in how it re-engineers data sharing. We are moving past the “top-of-funnel” coordination of inventory and pricing seen in protocols like UCP/MCP, entering the more contentious territory of AP2/ACP to coordinate trust and payment.

The Collaboration Paradox

As I’ve noted in Strategic Innovation Era, we are seeing a “Retailer First” surge. Successes like Walmart’s Sparky and Amazon’s Rufus prove that retailers are intent on controlling their own data and checkout environments.

However, external collaboration is mandatory for scale. I remain a proponent of Google’s approach: rather than a monolithic LLM, they are building a world of specialist model partnerships. But collaboration requires data exchange—the primary point of friction in this stage of strategic innovation.

Continue reading

Owning Your Bot’s Actions: Target Part 2

Posted on by
Reply

In my previous post, covering Target’s “Your Bot is Your Responsibility”  was the only move they could make. When you let an AI bot loose with your credit card, you are effectively handing your car keys to a teenager; you can’t act surprised when there’s a dent in the bumper. But Target’s stance isn’t just a legal shield; it is a flare gun fired over a massive Governance Gap. Today’s agentic commerce is high on technology and standards, but dangerously low on the commercial terms that actually make markets function. To be clear, it’s not for lack of effort from V/MA, nor is it technology; it is resistance to change.

Continue reading

BankID Norway – Evolution and Success

Posted on by
1

If you follow my 80+ blogs on identity, you should like this success story today.  The Norwegian digital identity scheme, BankID, serves as the #2 best financial identity case study (behind India’s UIDAI) with a penetration rate of 97% across 4.7 million citizens. What could US banks learn? What are their challenges in replicating this model? 

Today I’m giving the background on what BankID is.. In part 2 I’m going to interview my good friend Eric Woodward, former president of Early Warning and the creator of Zelle_ID (see youtube), at least until it was killed as the new CEO asked “what on earth does identity have to do with payments”. OMG

The FIDO Alliance is hosting a Webinar on Bank ID Norway tomorrow at 7am pacific.

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

AP2 as Merchant Signals – 4 Scenarios 

Posted on by
2

Today I’m outlining three near-term scenarios (24 months) for how AP2 signals will work in agentic commerce. Per my blog last week, AP2 is the agentic payment scheme with the most momentum (160+ partners), but in the immediate term (2026–2027), it will operate primarily in a “signals” metaphor for 3 main reasons:

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

Blog – AP2 Operations: Near Term – Long Term

Posted on by
Reply

© Starpoint LLP, 2025. No part of this site, blog.starpointllp.com, may be reproduced or retransmitted, in whole or in part, in any manner without the permission of the copyright owner. Also, see our Legal/Disclaimer(this is a highly opinionated and partially informed blog). Enterprise readers, please consider Enterprise Subscription (not required for Starpoint Clients).

As most of you know, AP2 is an open spec with over 160 partners. Today I’ll discuss 2 scenarios for how AP2 will integrate with card payments (with consumer Authorization). While most understand the technology behind these scenarios, the politics and strategies may provide the best insights. Identity needs a network, but network effects create stasis or equilibrium as existing participants make investments based upon current operation. Cards are the incumbent, and networks have a great plan, the biggest hurdle isn’t tech, it’s getting everyone in the boat with the right controls, governance and economics.

  1. Scenario 1 – Near Term – AP2 credentials are one of many “signals” that work with merchant owned fraud. Signals will be consumed by Merchants and MSPs as they maintain responsibility for fraud risk, and by networks/Issuers for authorization (and tokenization). 3DS has been around since 2008, I wouldn’t expect us to move at lightspeed to scenario 2 until consumers (and new fraud vectors) drive us there.

  2. Scenario 2 – Long Term – Bank issued credentials inside the device bound secure Storage (Apple Enclave, Goog Titan M2, Samsung Knox) with Issuers (thru networks operating) as the governing authority. This will involve a liability shift, a new role for mobile in managing credentials, and a new governance regime. 

  3. Scenario 3 (not covered) is walled gardens that control all standards, operations and own the risk (ex Amazon).

A nice chart covering these scenarios is in this link, courtesy of Notebook LM and Julie Fergeson.

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

2025: The Great Decoupling

Posted on by
Reply

Year-End Payments Recap

Summary: B2B Stablecoin and The End of the Interface Era

As we close the books on 2025, the payments industry finds itself at  a moment that future historians will likely designate as the end of the “Interface Era” and the dawn of the “Agentic Era.” For the past three decades, the digitization of payments has been defined by the migration of human intent from POS to digital screens. From the first e-commerce transaction to the ubiquity of mobile wallets, the fundamental atomic unit of the economy remained the same: a human being, interacting with a graphical user interface (GUI), making a conscious decision to exchange value for goods or services.

Continue reading

Europe’s Siege – Digital Sovereignty Strategy

Posted on by
Reply

Summary

EU’s  payment and identity landscape is currently the theater of a high-stakes conflict between regulatory ambition and commercial reality. For the past decade, European legislators have pursued a strategy of “regulatory innovation,” attempting to break the dominance of US-based technology platforms (Apple, Google) and payment networks (Visa, Mastercard) through legislative mandates. From the failed efforts of 2015 IFR (regulating excess profits), PSD2, PSD3 and eIDAS 2.0, the pattern is consistent: enforce technical openness in the hope that competitive markets will spontaneously emerge.

This strategy is fundamentally flawed because it conflates technical connectivity with commercial viability. While the EU has successfully legislated open APIs and is now forcing open the phone SE architecture, it has consistently failed to address the “commercial constructs” (governance, liability, and economic incentives) that make these systems work. Without a radical shift acknowledging the necessity of commercial constructs over regulation, the EU’s initiatives will result in compliant but commercially irrelevant infrastructure, that no one will monetize (or invest in), further relegating the EU to a second tier market and leaving US platforms to dominate.

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

Governance in Payments

Posted on by
1

© Starpoint LLP, 2024. No part of this site, blog.starpointllp.com, may be reproduced or retransmitted, in whole or in part, in any manner without the permission of the copyright owner. Also, see our Legal/Disclaimer (this is a highly opinionated and partially informed blog). Enterprise readers, please consider Enterprise Subscription (not required for Starpoint Clients). 

Long blog – Paid Content

Executive Summary

I’ve been writing about governance, trust, transaction costs and payments for a long time. In my view THE KEY to understanding how stablecoins, agentic, DeFi, Open Banking, tokenization and other payment innovations is governance. I seem to be the only one writing about it, so I don’t see a reason to stop now. Governance is the BIGGEST competitive moat for Visa and Mastercard, and its also the heart of their biggest break out growth opportunity. If you thought AI was transformational, radically reducing transaction costs (TCE per Nobel work of Ronald Coase) will dwarf it. In fact the monetization of AI is a Gordian knot of governance issues (see Agentic Commerce and Governance). 

Today I’m expanding on “value exchange” governance with 5 core themes.

You need to be logged in to view the rest of the content. Please . Not a Member? Join Us

ApplePay’s 11th birthday in iOS 26 – What’s New?

Posted on by
Reply

ApplePay turns 11 yrs old this month, a wallet that has gone from 0 to 84 countries and 11,000 banks. Hard to believe, my blog was the first to break the news of ApplePay in iPhone 6 back in 2014.  Back then I was on the advisory board of Money2020, and asked M2020 co-founder Johnathan Weiner to hold a place in the agenda for Apple Pay. September rolled around and we still had an “empty” slot, I told him to trust me. It worked out well, as Apple finally rolled it out on September 9th 2014.  There was so much innovation in the initial wallet from tokenization, provisioning, credentials in the secure enclave, … and of course the game of chicken Apple played with Issuers on their 15bs (in US, 7bps in EU see story). 

I just installed iOS 26 this morning, so what’s new in iOS 26 w/ ApplePay

Continue reading