Payments look like a solved problem. QR codes, cards, NFC — the experience is already seamless. But that seamlessness rests on a single assumption: the one making the payment is a human being.

When that assumption starts to crack, the entire payment system needs to be rebuilt from its foundations.

From “Humans Pay” to “Agents Pay”

Imagine this: you tell your AI assistant “arrange my trip to Shanghai next week,” and it automatically checks train tickets, books a hotel, and calls a ride for your departure — all without you opening a single app or entering a single password. The receipt arrives afterward, you glance at it, it looks reasonable.

This isn’t science fiction. It’s the interaction pattern that will become mainstream within three to five years.

But buried inside this convenience is a question nobody is asking: who actually paid?

Not you — you just said a sentence. The AI assistant completed every transaction on your behalf. Yet the entire existing payment infrastructure, from identity verification to fraud models, was built assuming a human operator. Facial recognition, SMS verification, behavioral biometrics — these defenses are useless against AI, and equally incapable of distinguishing a compromised AI from a legitimate one.

The payments industry isn’t facing a feature upgrade. It’s facing an architectural rebuild.

Programmable Payments: Giving Money a Logic Layer

Traditional payment is an action: money moves from A to B. Programmable payment is a program: when condition X is met, money moves from A to B, and only for purpose Y.

That distinction sounds small. In practice, it redefines what money itself means.

Three Parallel Technical Paths

Smart contracts are the most mature implementation of programmable payments. Ethereum contracts can encode arbitrarily complex payment logic: escrow, installments, multi-signature, conditional triggers. Code is the contract; execution requires no trusted intermediary. But the challenges are real — the oracle problem (getting trustworthy off-chain data onto the chain), fiat bridging complexity, and high barriers for ordinary users keep it largely confined to crypto-native contexts for now.

Central bank digital currencies are the more strategically important direction, especially the digital yuan. The People’s Bank of China has already publicly tested “conditional payment” capabilities: earmarked funds (subsidies restricted to specific categories), expiration dates (automatic destruction after a deadline), and venue locking (valid only at designated merchants). This is programmable money being pushed by national infrastructure. No other country has anything comparable. The digital yuan’s programmability isn’t a peripheral feature — it’s central to why the system was designed this way.

Open banking is traditional finance’s path of self-evolution. Europe’s PSD2/PSD3 framework mandates that banks expose APIs, enabling third parties to operate accounts programmatically. The IETF has published the RAR (Rich Authorization Requests) standard, upgrading coarse-grained permissions like “access my account” to fine-grained logic like “pay merchant A no more than 150 yuan before 6 PM today.” Stripe’s Payment Intents API is moving in the same direction.

Where Programmable Payments Actually Create Value

Not convenience — the elimination of trust costs.

Payment terms in B2B trade (net-30, net-60, net-90) are externalized trust costs. The buyer isn’t sure about product quality, so payment is delayed; the seller accepts unfavorable terms to maintain the relationship. Programmable payments can encode contract terms directly as payment logic: goods received and quality verified → payment triggers automatically. Payment terms become economically unnecessary.

Insurance claims follow the same logic. The cumbersome claims process exists because “accident occurred” and “payment executed” require extensive human verification in between. If sensor data can be reliably fed into a programmable account, conditions met equals automatic payout, and the entire claims department’s purpose needs rethinking.

The deeper shift is the restructuring of business models: pay-for-results becomes the default. Ad spend paid on actual conversions, SaaS fees based on real output, outsourcing paid on delivery quality. AI verifies the outcome; programmable payments execute the transfer; human review and dispute arbitration become unnecessary.

Agent Authorization Architecture: Designing “Pre-Consent”

Programmable payments solve how money flows. They don’t solve who has the right to trigger it. When AI Agents initiate payments on behalf of humans, the authorization system needs to be designed from scratch.

The core tension is simple: users want convenience (autonomous Agent operation), but don’t want to lose control (money shouldn’t move without reason).

A Three-Layer Authorization Model

The identity layer answers “who is this Agent?” Existing authentication (face ID, passwords, SMS codes) was built for humans; Agents can’t use it and shouldn’t have to. A more coherent approach is delegated credentials: the user signs a limited-scope sub-credential with their master key and issues it to the Agent, specifying validity period, authorized scope, spending limits, and non-delegability (the Agent cannot re-delegate to other Agents). W3C’s DID (Decentralized Identifiers) and Verifiable Credentials standards are the most likely technical foundation for this layer.

The permission layer answers “what can the Agent do?” Five dimensions need precise control: amount (per-transaction cap, daily and monthly limits), category (food delivery and rides allowed; transfers and withdrawals blocked), time (weekdays only, or “only act autonomously when I’m offline”), frequency (same merchant daily cap), and confirmation rules (above a threshold, push a notification and wait for human approval). Designing the right permission granularity is the real product challenge — too coarse and it’s unsafe, too fine and convenience disappears.

The execution layer answers “what happens when things go wrong?” Two mechanisms are non-negotiable: a cooling window (Agent-initiated payments enter a 30-second-to-5-minute pending state during which the user can cancel) and circuit breakers (if behavior deviates from historical patterns beyond a threshold, Agent payment permissions are automatically frozen pending human review). Every AI-initiated transaction must maintain a complete audit trail: what triggered it, the decision logic, the execution timestamp.

The Hard Problem: Multi-Agent Nesting

Reality will be far more complex than single-layer authorization:

Your AI assistant calls a travel platform’s AI, which calls a hotel’s AI, which triggers the payment. You only authorized the first layer. If any intermediate Agent is compromised, who’s responsible?

A reasonable design principle is permissions can only narrow, never expand: you give Claude a daily limit of 500 yuan, Claude passes a maximum of 200 yuan to Trip.com’s AI, which passes a maximum of 100 yuan to the hotel’s AI. Every delegation can only constrict the scope. Even if one link in the chain fails, the damage is bounded.

The Identity Layer War: Next Decade’s Payment Entry Point

Once you understand this architecture, you understand what platforms are really competing for.

On the surface it looks like market share. At the core, it’s control of the Agent identity layer.

Wherever users create their AI assistants, that platform issues the delegated credentials. Whichever credentials payment processors recognize, that platform collects the toll. This logic is identical to the mobile payment entry-point wars of a decade ago — the battlefield shifted from “binding a card” to “binding an Agent identity.”

Apple is currently best positioned. Secure Enclave + Apple Pay + Apple Intelligence form a natural identity-payment closed loop: the user’s Agent key lives in the iPhone, Apple manages it, and all payment actions must pass through Apple’s identity layer. Google has the same logic on Android, but Android fragmentation is a genuine weakness.

The Chinese market will be more concentrated. WeChat and Alipay, as super-apps, will almost certainly remain the entry points for users’ AI assistants, and both have strong incentives to bind AI identity with payment accounts into an inseparable whole.

OpenAI and Anthropic are the biggest wildcards.

OpenAI Entering Payments: Not “If” but “How”

OpenAI’s motivation to enter payments is stronger than most people realize.

When Agents become ubiquitous and users let AI handle their purchases, OpenAI is deeply involved in every transaction — it understood the user’s intent, orchestrated the execution, called the merchant’s interface — but under the current system, it gets nothing. This tension will become increasingly acute as Agent adoption scales.

Sam Altman has long had serious interest in financial infrastructure. World ID (iris scanning to prove you’re human) and Worldcoin together are laying the groundwork for a larger ambition: a complete identity + AI + payment closed loop. World ID looks strange in isolation; it makes perfect sense in this context.

The likely paths: acquisition (Stripe’s history with OpenAI is well documented, and Stripe’s API design is uniquely suited to Agent scenarios); an AI wallet (users deposit funds, the Agent spends within limits — starting with prepaid to avoid banking license requirements); or deep partnership with Visa/Mastercard for a dedicated Agent payment channel through the Operator protocol.

Whatever path is taken, the biggest obstacle isn’t technical — it’s regulatory trust. “A company that trains AI models also managing my money” — said aloud today, most users would hesitate. Trust is built slowly, which is why payment product timelines will likely lag technical readiness by two to three years.

Anthropic’s strategy is smarter and more indirect: define the standard through MCP (Model Context Protocol). MCP currently specifies how Agents call tools; payment tool authorization extensions are inevitable. If MCP becomes the industry standard, Anthropic controls the protocol layer — it doesn’t need to run payments itself, just collect the standard fee from the ecosystem. This is Android’s playbook, not Apple’s, and the long-term leverage may be greater.

How Regulation Will Unfold

The trajectories for three regions are fairly predictable.

China will lead with strong control. The PBOC, through the digital yuan, directly controls programmable currency infrastructure. AI payments will almost certainly require whitelisting; Agents with payment capabilities will need to be registered. The control is strong, but it also means the digital yuan can become the natural substrate for AI payments, and rollout speed may actually be faster.

The US will see markets run ahead of regulation. Stripe and Visa will ship products first; the CFPB and SEC will gradually establish rules under pressure from litigation and public opinion. Standardization will be slow, but the innovation space will be large.

The EU will legislate before deploying. The intersection of the AI Act and PSD3 will create the world’s strictest user consent and right-of-revocation frameworks, with the highest compliance costs — but also likely the most rigorous Agent payment standards, which other regions may ultimately adopt as reference.

Every regulatory framework will face the same core question: when AI pays on behalf of a human, who is responsible? The user (who set the rules)? The platform (whose systems the Agent runs on)? The developer (who designed the Agent’s decision logic)? There’s no ready legal answer, and that answer will determine how the entire industry allocates risk.

Closing

Payments are superficially a financial problem, structurally a trust problem, and fundamentally an identity problem. AI has restructured the concept of identity — when the “person” making a payment might be an Agent, when an Agent can be any program designed by anyone, the foundation of the entire trust system needs to be repoured.

Programmable payments, Agent authorization architecture, the AI identity layer — these three directions converge on the same endpoint:

Money will carry intent. It won’t just be a number — it will know what it can be used for, who can trigger it, under what conditions it flows.

This is a massive efficiency gain, and an unprecedented concentration of control. Whoever designs these rules controls the financial infrastructure of the next era. The competition has already started. Most people just haven’t noticed yet.