© Starpoint LLP, 2025. No part of this site, blog.starpointllp.com, may be reproduced or retransmitted, in whole or in part, in any manner without the permission of the copyright owner. Also, see our Legal/Disclaimer(this is a highly opinionated and partially informed blog). Enterprise readers, please consider Enterprise Subscription (not required for Starpoint Clients).

As most of you know, AP2 is an open spec with over 160 partners. Today I’ll discuss 2 scenarios for how AP2 will integrate with card payments (with consumer Authorization). While most understand the technology behind these scenarios, the politics and strategies may provide the best insights. Identity needs a network, but network effects create stasis or equilibrium as existing participants make investments based upon current operation. Cards are the incumbent, and networks have a great plan, the biggest hurdle isn’t tech, it’s getting everyone in the boat with the right controls, governance and economics.

1. Scenario 1 – Near Term – AP2 credentials are one of many “signals” that work with merchant owned fraud. Signals will be consumed by Merchants and MSPs as they maintain responsibility for fraud risk, and by networks/Issuers for authorization (and tokenization). 3DS has been around since 2008, I wouldn’t expect us to move at lightspeed to scenario 2 until consumers (and new fraud vectors) drive us there.
2. Scenario 2 – Long Term – Bank issued credentials inside the device bound secure Storage (Apple Enclave, Goog Titan M2, Samsung Knox) with Issuers (thru networks operating) as the governing authority. This will involve a liability shift, a new role for mobile in managing credentials, and a new governance regime. 
3. Scenario 3 (not covered) is walled gardens that control all standards, operations and own the risk (ex Amazon).

A nice chart covering these scenarios is in this link, courtesy of Notebook LM and Julie Fergeson.