PaymentsJournal

Hosted by PaymentsJournal

Business NewsInterviews guests

Website RSS feed

Episodes

300

Latest episode

Jun 2026

Language

EN-US

About the show

Payments Content, Expert Insights and Timely News

Listen to episodes

60 recent

June 11, 202615 min

Serving a Segment of One: The Race to Stay Top of Wallet

Artificial intelligence has raised consumer expectations. Today, people can create a personalized event invitation, social media post, or digital experience in seconds, so why does the payment card they use every day still feel generic? That question is driving renewed interest in payment card innovation, including personalization, premium materials, digital integration, and stronger security features which continue to influence what consumers want from the cards in their wallets. In a recent PaymentsJournal podcast, Brent Bowen, Senior Vice President and Head of Sales for Financial Services Solutions at Giesecke+Devrient, and Brian Riley, Director of Credit and Co-Head of Payments at Javelin Strategy & Research, discussed the evolution of card design, the impact of the digital landscape, and the role technology is playing in the future of card innovation. The overarching message: cards remain the cornerstone of financial services product lineups, but staying top of wallet is increasingly challenging. Pushing the Unboxing Envelope This workhorse role of payment cards has long offered a branding opportunity for banks and credit unions, as well as digital-first firms and fintechs whose card offerings may be one of their few tangible links to customers. This opportunity is only likely to increase, as data from Nilson found that purchase volume on the leading card brands rose 6.4% last year, despite continued inflation and economic pressures. “The card will never go away, no matter how things expand in the digital space,” Riley said. “It becomes the way that a financial institution—whether it’s a fintech, a Wall Street bank, or a Main Street bank—can present themselves to their customer. It goes in their wallet every day and it’s an important part of the relationship. When you start building the value proposition for a credit card, the card itself comes into play.” A focus on individual lifestyles has fueled demand for special cards, although premium in cards doesn’t always mean gold-plated. A strong consumer segment is drawn to eco-conscious cards made from wood or recycled plastics. Others may prefer ceramic or similarly distinctive materials t while opening the door to more innovative designs. The popularity of premium cards has even turned receiving them into a social media moment, with many consumers sharing the unboxing experience online. “Many fintechs have pushed the envelope, no pun intended, with that unboxing experience, and that has created some unique opportunities to differentiate themselves from a branding perspective,” Bowen said. “These products and services reflect the consumers’ personalities and values. They want that cardholder experience to be delivered the way they want it and in the shape that they expect it to be.” “Whether it’s maximizing reward points or travel points, whether it’s lowering fees and interest, or even security and convenience and speed—those are all things that consumers are looking for in their payment products today,” he said. “Card products help differentiate that in the marketplace.” Digital and Physical Convergence Although physical cards retain strong tactile appeal, delivering a robust digital experience is equally important. This is no small feat, as e-commerce, AI, and social media have raised expectations for communication and product delivery. The convergence of physical and digital products is another key trend transforming payment cards. For example, a consumer attracted to a metal card as a status symbol also expects the convenience of loading the card into a digital wallet for e-commerce transactions. This digital optionality is critical not only for convenience, but also for driving customer engagement. As a result, speed to market has become critical for issuers seeking a return on investment. It also aligns with another growing consumer preference: constant innovation and access to the “next big thing.” AI is helping drive these expectations by giving users immediate feedback and personalized experiences in seconds. At the same time, the technology could prove to be a gamechanger for issuers. “One of the big things that is coming into our market is this AI world,” Bowen said. “G+D has a AI card design tool, so you as a consumer can use this AI generation and say, ‘I want a puppy dog sitting on a beach drinking a cool drink’, or apply images that have special value for you, and it will show you your card right there. The Influence of Security Alongside these expectations for speed and customization comes an equally strong expectation of security. As the digital economy has expanded, so too have vulnerabilities to fraud. These threats are accelerating the integration of advanced security standards into payment card technology. For example, the Fast IDentity Online (FIDO) standards are passkeys bound to a device to help mitigate password vulnerabilities and resist phishing attempts. When paired with EMV (Europay, Mastercard, and Visa) standards and near-field communication (NFC) contactless payment technology, authentication can be significantly enhanced. “That security is going to drive not necessarily the design of cards, but the way the cards are used in the marketplace,” Bowen said. “If I am a consumer of a bank or a fintech and want to make a transaction, one best way to make sure that I am talking to who I’m talking to is to verify the phone credentials.” “If it’s a high-dollar transaction, I might want to verify the person using that phone and ask them to tap their payment device against the phone to authenticate or verify that they are who they say they are,” he said. Biometric authentication is another major security trend. The widespread use of fingerprint and facial recognition on smartphones has prompted pilots in additional use cases, most notably payments, where the security benefits are clear. While a growing segment of consumers is security-conscious and would welcome this added layer of protection, mass adoption of biometric cards is likely still years away. Still, for certain segments and use cases, biometric cards could hold substantial appeal. After all, security is one of the main reasons card payments have become a dominant payment method. “That’s what is core to the card business, the irrefutability of transactions,” Riley said. “Without that level of confidence, there would be no card business. We’ve got to be able to ascertain not only is there value associated with the open credit line, but is it the customer making the transaction or the authorized user?” The Fight to Stay Top of Wallet All these trends—stronger security, hyper-personalization, and the convergence of digital and physical experiences—will continue to keep payment cards in consumers’ wallets for years to come. Even so, differentiating in a highly competitive market and staying top of wallet remains a challenge for issuers. For organizations looking to acquire customers more efficiently and drive card usage, the answers may not come easily. One place to start is with the customer. “It’s this granular marketing mentality of being able to hyper-personalize that card product into the consumer’s hands, so that it feels like it’s coming specifically to me, Brent Bowen, and I’m not just one of the masses,” Bowen said. “These advanced personalization strategies, in my estimation, can increase revenues 15% to 20%.” “There’s also the ability to reduce the acquisition costs for these card programs,” He adds: “Personalization can drive that cardholder experience.” This evolution underscores how cards have become critical ambassadors for financial services brands. More than ever, organizations now have the tools to maximize the value of these offerings. “It’s personalization and customization of individual packaging and a marketing-to-a-segment-of-one mentality,” Bowen said. “We’re moving to a world where the consumer wants their card to be unique, instantly issued, and personalized, almost in real time.” “AI can help drive all of those things, either in the back office or on the front end from a design perspective,” he said. “It can help provide an experience that a consumer is expecting of today’s world. Where is my card, when am I going to get it, and what’s it going to look like?”

June 9, 202613 min

The Future of KYC Is Layered—and Data-Driven

Know Your Customer rules were designed to stop financial crime, but in practice, they are increasingly being bypassed by both human error and machine-generated deception. Last year, Barclays was fined £42 million (roughly $56.9 million) for failing to properly vet clients for money laundering risks. In this case, the UK lender had access to all the information required to flag the offending clients but failed to follow through. More broadly, similar issues persist across the banking sector. In many instances, institutions conduct perfunctory KYC checks during onboarding but fail to maintain ongoing monitoring. It is often only after the fact that they discover their “verified” customers had been bribed or coerced into becoming money mules. Meanwhile, the threat landscape itself is also evolving. In a growing number of recent cases, cybercriminals have used technologies such as artificial intelligence to generate convincing fake documents and synthetic identities capable of bypassing financial institutions’ verification protocols. Taken together, these challenges are driving a broader assessment of the KYC model. In a recent PaymentsJournal podcast, Jon Jones, Chief Commercial Officer at Data Zoo, and Jennifer Pitt, Senior Fraud Analyst at Javelin Strategy & Research, discussed how these risks are accelerating the evolution of identity verification, and how trusted data within a layered approach has become essential to identifying and addressing modern fraud threats. Establishing Trusted Registries Although the pandemic is often credited with accelerating the shift toward digital identity proofing, the change had already been underway for years. One key driver has been the growthof the digital economy, which has helped organizations build substantial datasets on users’ biometric information, behavioral analytics, and device intelligence. While this data can be a powerful tool for identity verification, it is of limited value if it is inaccurate. “The role of data in KYC is becoming increasingly important and it comes down to one word: trust,” Jones said. “The advancement of AI has resulted in single-layered solutions becoming somewhat compromised and institutions increasingly need to leverage authoritative data. For example, checks through government or credit-based authorities have become table stakes going forward.” “If you look at fake images and documents, it’s very easy to have them created now,” he said. “Creating a synthetic identity from an image or a document is not that hard, but maintaining the presence and consistency across government records or credit bureaus is much harder. It requires the need for trusted registries in some form of the process.” Synthetic identities pose a particular challenge because they are created by blending real and fabricated data into a new entity. This means there is no direct victim to report fraudulent activity, and often no clear red flags for organizations at onboarding.   This is just one of the reasons why changes to the current KYC model have become paramount. “When I was in banking, I saw that KYC was treated as a onetime check and the KYC team would just look at static identity data,” Pitt said. “Once that matched, they would move on, and KYC wasn’t being done after that initial check. What we need is the idea of perpetual or continuous KYC, where we’re using automated tools to look at KYC or identity verification processes in the background.” The Three Levels In addition to ongoing customer checks, there must be protocols in place to continuously validate data. Data has become the lifeblood of an effective KYC process, and the potential for corruption through fraudulent or erroneous information makes stringent verification essential. “We typically look at trust from three levels,” Jones said. “The first one is the authoritative nature of the data, meaning does it come from a real-time primary source like a government record or an M&O with clear privacy policy guidance? This is essential. The second one is looking at transparency. Organizations need to see what data sources were checked, what attribute levels were matched, and what level they were matched.” “The third one is basic coverage,” he said. “From an identity verification perspective, we work in a global world. It’s not just a U.S.-based or UK-based solution, where data is prevalent. It’s looking to make sure that we are catering for all geographies and all demographics, and that isn’t easy.” One of the most challenging demographics to evaluate is the thin-file population, often composed of young adults or immigrants with limited or no credit history. Due to this reduced digital footprint, it can be difficult to verify their identities, yet this group now comprises roughly 76 million people in the U.S., or about a third of all adults. Another challenge in maintaining accurate data is that customer profiles are constantly changing as individuals open new accounts or update addresses. This fluidity makes it critical to implement mechanisms that can constantly check and cross-check information. “One of the things organizations often miss is there are two parts of identity verification,” Pitt said. “There’s the identity verification itself, is the information being presented that of a real person? That addresses things like synthetics, deepfakes, information that is not that of a real person.” “The other piece is identity proofing. Is that identity that’s being presented the actual identity of the person that’s presenting it?” she said. “We need to make sure we have both of those pieces and not just one.” Data Confirms Identity Evolving toward a more effective KYC model will require a layered identity verification approach. This model evaluates multiple factors, including known identity data, biometrics, behavioral and contextual signals, device interaction patterns, and shared threat intelligence. It is critical to take all these inputs so that no single data point is given undue weight. “Trusted data sits within the verification workflow as a foundational layer and asks the question, does this identity actually exist in the real world?” Jones said. “Capabilities such as document verification are extremely powerful. I’ve worked for some of the leading vendors in the world, and they asked the question as to whether the person presenting a document is real and matches the ID, whereas trusted data helps confirm that the identity itself exists and is consistent across multiple records.” “Biometrics confirms the person and data confirms the identity, and you need both,” he said. Alongside improved fraud detection, one of the biggest advantages of a layered verification approach is that it can strengthen security without increasing customer friction. For example, if an organization begins with document verification as the first step in the onboarding workflow, it can extract most of the data required for trusted validation from these documents. This includes information such as name, address, national ID, and date of birth—all of which can be captured using optical character recognition (OCR) technology. “When we talk about identity verification, we often talk about this from the fraud detection lens, but identity verification can help with other things,” Pitt said. “It does reduce customer friction for people that aren’t fraudsters, and it improves the customer experience because of that. It helps with compliance issues, and it also enables institutions to apply more risk-based verification to determine where and when additional data checks need to be invoked.” Defense in Depth The benefits of adopting a layered identity verification approach are spurring the metamorphosis of Know Your Customer, Know Your Business, and anti-money laundering processes. “I like to think of it as defense in depth, which is what cybersecurity professionals tend to call it,” Pitt said. “The idea that one fraud detection method might be thwarted by fraudsters and then there is another defense that might help. We’re going to start to see a shift more towards this perpetual or ongoing KYC. For any good-sized business, we need to be able to vet the customers and vet who is actually doing business with us.” As identity verification tools evolve, there will likely be a continued shift towards secure, portable digital identity schemes that enable online verification of consumers. For example, Australia’s ConnectID is a program which allows users to verify their identity with businesses or government agencies using information already verified by their financial institution. The objective is to simplify online verification and reduce unnecessary data sharing. Some of the primary use cases for such programs include age verification, which has become a pressing need in many online environments. This includes both safeguards to protect children and requirements to ensure adults meet age thresholds of 18 or 21, depending on jurisdiction. Alongside these developments, the overarching driver behind the need for stronger identity verification models is the rapid proliferation of sophisticated technologies. “We’re going to continue to see a shift to a data-first model, which from AI perspective is driving the element of trust to the forefront,” Jones said. “To do that, you need to be 100% reliant on direct real-time validation against trusted assets and you need to do that globally. Increased adoption is going to come by using data as a layer within orchestration workflows.”

June 4, 202622 min

Separating Hype from Reality in Emerging Payment Trends

Despite near-constant industry buzz, the days when artificial intelligence agents dominate e-commerce—and consumers widely complete in-store purchases with a palm swipe—have not yet arrived. This is not to say they will never arrive, but if the rollout of prior tech trends like biometric authentication and embedded finance is any indication, there is still substantial runway before this financial future becomes reality. In a recent PaymentsJournal podcast, Javelin Strategy & Research’s Don Apgar, Director of Merchant Payments, and Christopher Miller, Lead Emerging Payments Analyst, cut through the noise surrounding recent payment innovations to assess the true progress of financial trends this year. What they found is that all these still face challenges. Most notably, an increasingly sophisticated retail landscape only amplifies the questions merchants and financial services firms must answer as they adopt new innovations. A Road Test for Agentic Commerce No discussion of trends would be complete without artificial intelligence, and debate about AI’s role in financial services has intensified as models have become increasingly capable. This has led many experts to project the imminent rise of agentic commerce, where AI agents shop and make purchases with limited user direction. Last year saw a wave of announcements around agentic AI, including new commerce platforms from Visa and Mastercard, as well as a Google-developed agentic protocol intended to serve as a framework for this new shift. Despite these unveilings, very little true agentic commerce materialized in practice. “The prediction was that this year we were going to see things live for the first time,”Miller said. “These products—the ideas, the concepts, and the workflows—were all going to get road tested for the first time. My suggestion was that things might not go as smoothly as all the announcements suggested they would, and, frankly, that turned out to be the case.” These kinds of false starts are not unusual with new technologies, where it takes time to test edge cases and build the underlying infrastructure. In agentic commerce, that infrastructure would need to cover everything from how consumers input an initial prompt to which AI agent is ultimately authorized to complete a purchase. While many of these components are now being addressed, significant unanswered questions remain about what the finished system will ultimately look like. “We’re getting to questions of who will use this and what will they use it for?” Apgar said. “How will we resolve trust issues? How do we resolve authority issues? How do we know that the action mirrors the intent, and the result mirrors the instruction? From a prediction perspective, as much of the buzz that we’ve seen about agentic commerce, 2026 is still going to pan out to be a building year.” Agentic Search Versus Commerce While agentic commerce may still be a work in progress, AI has already become firmly rooted in the consumer experience this year, especially as a tool for product discovery and comparison. “One of the things that AI does well is digest large amounts of data efficiently,” Apgar said. “If you are searching for a bookcase that’s less than 26 inches tall and less than 38 inches wide, I’m sure you’ve gone through web searches where you’re muddling through product pages and you have to find the details of the specifications and you have to drill down to find the measurements—only to back out and do it again on another web page. And there are how many bookcases?” AI can rapidly narrow search results, often producing answers and recommendations that consumers would not easily find through conventional search methods. While these tools are a game changer for consumers, they are also changing merchant business models. Instead of relying on search engine optimization to surface in Google results, merchants are now competing to be visible within AI-generated recommendations. At the same time, as AI increasingly becomes the buffer between merchants and customers, many retailers worry about declining website traffic. This shift could weaken brand identity and, in some cases, reduce businesses to little more than fulfillment engines operating behind AI interfaces. On the other hand, merchants who do surface prominently in AI-driven discovery stand to reach new audiences and bolster their brand visibility. These complexities are already beginning to impact merchants, and the sophistication is likely to deepen as agentic commerce evolves. “If we had this vision that agentic commerce was a single-provider solution that a consumer might use from end-to-end and somehow it would just layer over the existing framework of e-commerce, that’s proven to be false,” Miller said. “Just layering OpenAI on top of the internet as it exists is not going to work for anybody.” “In a sense, the internet—and more precisely the e-commerce version of the internet—will have to be reengineered for everybody’s benefit, in enabling things like software agents to do any of this work,” he said. “That’s where the building is going to be, it’s in that infrastructure layer.” The Path to Biometric Authentication A trend that appeared closer to mainstream adoption this year was biometric authentication at the point of sale. The benefits are well established, including stronger security and reduced friction at checkout. Unlike agentic commerce, biometric technologies have existed for years and have been piloted globally across a range of use cases. Given this, it might have been expected that this year would mark a clear inflection point in adoption. So far, however, progress has been limited to continued trials, including the launch of additional Biometric-Authentication-as-a-Service platforms that integrate biometrics into existing payments stacks. There has also been movement toward cross-experience, unified identity solutions. In many cases, when customers create a biometric profile with a company, their in-store purchase and loyalty data remain disconnected from their online profiles. Cross-experience identity solutions can connect these dots. Still, these platforms are far from widespread adoption, which appears to reflect the current state of the biometric authentication market this year. “I suggested that new products would come to market and we’d start to see some more launches, but I will say that it’s been a little bit light in terms of news on that front,” Miller said. “There is a path to market, but that doesn’t mean that any merchants have said, ‘We’re going to turn that on,’ and it doesn’t mean that the capability is ready to light up today.” “We might be a little slower than what I thought, but we continue to see development in the marketplace, the creating of the business plans and of the go-to markets so that these products and capabilities are going to be available to be chosen,” he said. “That wasn’t true two years ago in a widespread way, so that’s a significant advance, even as we continue to wait on its arrival.” The Boiling Embedded Finance Pot There are notable parallels between the gradual rollout of biometric authentication and the evolution of embedded payments and finance. One of key challenges in embedded finance, however, is that banks and fintechs are often operating at cross-purposes. Many fintechs have developed strong vertical Software-as-a-Service (SaaS) platforms that address a wide range of merchant needs, but these systems don’t always balance ease of use with financial services expertise. For example, some fintechs may present a seasonal merchant with an interest-bearing deposit offer during the offseason, when cash flow is tight. Conversely, they may extend credit during peak season, when liquidity is already strong. Financial institutions with deep experience in these products often struggle to integrate with newer merchant platforms. They may offer a SaaS-based point-of-sale system but lack the capability to fully leverage the data these platforms generate. “The pot is still boiling, with the fintechs struggling to figure out banking and the banks struggling to figure out data,” Apgar said. “Everybody thought based on how fast the market was moving and the many partnership announcements that this would be a lot further along, and that one or two companies would have come out on top and stick the flag in the top of the mountain that says, ‘We’re the embedded finance leader.’ But we’re not there yet.” The Difficulties of Implementation Although this year’s trends continue to face adoption challenges, the overall trajectory of these innovations is still largely on track, albeit at a slower pace than many anticipated. For financial services firms, this slower rollout may even be beneficial, providing additional time to build the infrastructure needed to adapt. However, it should not become a reason to delay initiatives in areas like biometrics and agentic commerce. Instead, merchants and financial institutions should continue experimenting with how these innovations can be integrated into their offerings, because—if this year is any indication—the path to adoption may be longer and more complex than expected. “Implementation is hard,” Miller said. “If I could write one prediction for 2027, it would be that implementation will continue to be hard no matter what new tool comes out.”

June 3, 202625 min

Searching for Trust in Agentic Commerce

When an AI agent buys the wrong product—or makes a purchase no one explicitly approved—the fallout isn’t just a customer service issue. It’s a liability problem the payments ecosystem isn’t fully prepared to handle. In a PaymentsJournal Podcast, Jill Willard, CTO at IXOPAY, Rory Herriman, CTO and COO at Zip Co, and Christopher Miller, Lead Analyst of Emerging Payments at Javelin Strategy & Research, explored how liability may evolve as AI agents take on more responsibility in transactions. A Multidimensional Problem That question of liability quickly becomes a technical one: how do you even evaluate trust in an agent that isn’t human? The first challenge is determining how to calculate a trust score for an AI agent that lacks a traditional human behavioral footprint. Any viable framework must extend beyond identity to include intent—and how that intent translates into behavior. This isn’t just an engineering challenge; it’s also a cognitive one. Professionals in this space must rethink how they evaluate risk, developing new instincts that help them focus on the right signals. “We have certain models, frameworks, and even language that professionals use to describe the vectors of risk,” Miller said. “As we think about the replacement of human actors with agentic actors, we lack instinct. The mere notion blocking bot traffic as a way of defending against fraudulent behavior stops being useful. It becomes anticommercial.” Herriman added: “We have to approach it as a multidimensional problem. “It’s not just ‘Is this actor good?’ Even if the actor is good, there are other dimensions on top of the binary switches, a complexity that never disappears.” Assigning Liability in a New Context In the world of AI, merchants are steadily losing control over the checkout experience. Decision-making has shifted upstream. A consumer can now instruct agent not only to buy “blue shoes,” but to purchase them from a specific merchant. This shift brings a corresponding liability. If an agent buys light blue shoes instead of dark blue, who is at fault? Today, that burden often falls on the merchant. “We’ve seen some card brands, such as Amex, say that they’re going to accept liability for agentic transactions, which is an awesome development,” said Herriman. “But even if the liability fully shifts and the card brands take on more of that liability, there’s still a cost to shipping the wrong goods out. That can be the hard cost of the shipping fees or the operational cost to get the goods out the door, but it can also be at the cost of customer relationships.” Liability will become a central issue for issuers, providers, and merchants in the coming years. Existing frameworks address stolen cards or unauthorized use of payment credentials. But when a consumer is dissatisfied with what an agent selected on their behalf, responsibility becomes far less clear. A similar cycle emerged in early e-commerce. Merchants drove growth by offering generous return policies and absorbing the associated risk. Over time, return rates skyrocketed, leaving businesses with inventory that couldn’t be resold at full value. Eventually, that broad assumption of liability narrowed. Companies began analyzing customer behavior and limiting privileges for high return users—an early example of risk-based personalization. Responding to Complexity Payments have never had a single, unified approach, and agentic commerce is no exception. Agents will operate across multiple protocols and may express preferences for how transactions are executed—for example, specifying which rewards card to use. Orchestrators are working to simplify this complexity for merchants, who are primarily focused on selling products—not managing payments infrastructure. Meanwhile, agent developers are not necessarily optimizing for merchant interests. “Merchants have to figure out how to participate in an ecosystem where they aren’t necessarily the reason why the products have been developed in the first place,” said Miller. “It’s a common position for merchants to be in. It was the same thing with adding features like Apple Pay.” Enter the Unified Trust Layer Merchants will need partners to help them adapt to this shifting landscape. IXOPAY is working to involve merchants early in the Unified Trust Layer initiative, fostering a mindset that balances both merchant and consumer priorities. This approach helped drive Zip’s partnership with IXOPAY. “When we began talking about how agentic commerce and agentic payments were going to affect both of our businesses, it was fairly clear that those intersections were common,” said Herriman. “Throughout our network of 25,000-plus merchant partners, our focus is ensuring that in this new era of consumer payments, we’re able to show up with them with the same intentionality of protecting them and protecting fraud against them in the way that we do in the traditional shopping channels.” At its core is the concept of a pre-transaction authorization query, allowing merchants to evaluate the trust score of an agent before completing a sale. This moves decision-making beyond a simple binary of approve or decline. “With the trust score, you’ll be able to kind of get some insight into that agent within that particular transaction, and decide maybe to accept agentic transactions from this protocol, but not for this particular transaction,” said Willard. “It’s adding to that multidimensional layering that agentic commerce brings.” Ongoing Evolution The criteria for evaluating agents will evolve over time as new behavioral patterns—and new forms of fraud—emerge. Merchants and their technology partners will need to collaborate closely to build capabilities tailored to agentic commerce. With improved risk models, new technological tools, and the integration of agent trust scores into existing workflows, merchants can shift from a default “no” to more nuanced, conditional approvals. “It’s going to be a rocky road as the innovation continues to unfold and as a lot of these protocols come to life,” said Herriman. “But when we’re past those challenges, what does it really look for the merchant? A channel that opens up greater access to more customers through things like orchestrated shopping, which most merchants can’t participate in today.” These opportunities will require new safeguards, including frameworks like the Unified Trust Layer. One thing is clear: merchants that want to remain competitive won’t be able to ignore what’s coming. “They will end up needing to participate because it’s going to be such a big channel,” said Willard. “Regardless of if you open up to full agent bot shopping, you’re going to have to rethink your consumer experience on how they interact with you and your brand. It’s not a question of if they’re going to participate in agentic commerce. It’s by how much and when.”

May 26, 202612 min

The Instant Payments Shift Is Testing the Limits of Legacy Banking

For decades, banks could afford to move slowly. Now, speed is table stakes. In a world of instant payments and real-time expectations, institutions built on legacy systems are being forced to confront a hard reality: modernizing is no longer optional. In a PaymentsJournal Podcast, George Malesky, Director of Partnership Development at Qualpay, and Brian Riley, Co-Head of Payments at Javelin Strategy & Research, discussed what legacy banks are up against as instant payments become the norm. For institutions whose technology stacks need an overhaul, the options may not be ideal, but at least they exist. Focusing on the Big Picture When a bank tries to do everything at once, it typically ends up doing very little well. The first step toward modernization is defining a clear focus. Banks need to identify operational efficiencies and determine which upgrades will create the most leverage and opportunity. This isn’t just about driving growth. Strengthening compliance and risk management systems is equally critical. While improvements in sales and customer experience can attract new business, foundational operational enhancements are what makes that growth sustainable. “You’re not going to totally disrupt your core, or completely overhaul your system,” said Malesky. “But you can make things like onboarding and payments and servicing better by making sure they have updated technology.” Getting Ready for Instant Payments On top of existing challenges, banks must now prepare for a world of faster payments. Neither regulators nor customers are willing to accept institutions that can’t keep pace. Speed alone isn’t the solution. Banks need the right technology and the underlying architecture to support it. Just as important is adopting a forward-looking mindset—one that anticipates future demands, especially when competing with more agile fintechs. “You have to make sure everything works together, that the APIs and the middleware all talk together well,” said Malesky. “Sometimes it’s more about thinking of a way to work around your core rather than replacing it or going through it.” Too often, banks overestimate the strategic value of owning their payment infrastructure while underestimating its cost. The burden extends beyond upfront investment to include complexity, ongoing maintenance, regulatory requirements, scheme updates, fraud management, and continuous innovation. What’s critical here is treating payments as a strategic capability—not necessarily a fully owned asset. In-house solutions can offer control and customization, but they come with significant trade-offs in cost and operational burden. Looking for a Partner Some banks, with sufficient capital and internal resources, may choose to modernize their payment systems independently. However, many are finding success by partnering with providers that bring both experience and modern platforms. These partnerships can accelerate transformation timelines. “Everyone knows the old adage that every journey begins with a single step,” said Malesky. “But when it comes to siloed systems and fragmented tools, maybe it’s a handful of steps to get there at the forefront. There’s not necessarily a single bullet or a single provider that can do absolutely anything and everything that a bank will need, but you want to reduce vendor clutter and some of the complexities by having single source solutions.” Breaking Down Silos Partnering can speed up modernization, but it doesn’t eliminate one of the industry’s most persistent challenges—siloed systems. Embedded solutions can reduce distractions and minimize errors, but they don’t always integrate smoothly with adjacent systems. Both legacy and modern platforms must communicate effectively to deliver real value. Siloed systems create friction across the organization. Customers may struggle to navigate disconnected services, while banks face inefficiencies such as duplicated data and redundant processes. The impact is far-reaching. “When a bank is not operating as one holistic system, it loses opportunities to cross sell,” said Riley. “You’re losing a line of sight on the true risk of a customer, whether there’s loans or deposits involved. They don’t necessarily have to work together, but when they do, it’s a much better experience for everyone, especially the operational people and of course the customer.” One clear example is onboarding. Fintechs can onboard customers in minutes, while traditional banks may take up to seven days—and at two to three times the cost for  merchant accounts. “It’s really a challenge if you’re going to be that slow,” said Malesky. “When we used to text in the early stages of flip phones, we had to open up our phone and press the number 2 three times to get the letter C. It was a slow, monotonous process. But in those days, we didn’t know any different. We didn’t know what was coming with iPhones.” Fintechs are effectively delivering the “smartphone experience” of financial services. Once customers become accustomed to that level of speed and convenience, it’s difficult to revert. If banks can’t meet those expectations, customers will look elsewhere. Where Are Banks Heading? Modernizing a legacy banking system involves many moving parts. It’s not enough to address current needs, banks must also align their upgrades with long-term strategic goals. “Unless you’re ready for the future, you will not get through it,” said Riley. “It’s not just ‘Let’s get to it on a 10-year plan.’ It’s where you’re looking to go, and how quickly will you get there.” Malesky added: “Think ahead to how you can make the customer experience that much better because that translates into more customers, and more usage for existing customers. And that’s the goal for most banks.”

May 20, 202613 min

Embedded Payments Are Becoming Core to Vertical SaaS

Not long ago, a concrete company and a takeout restaurant could end up running their business on the exact same software. Systems built for everyone, in practice, worked perfectly for no-one—and bending them to fit the realities of a small business was often frustrating or simply impossible. Vertical software-as-a-service (SaaS) solutions emerged to solve this problem, quickly evolving from the exception to the norm. The reasons for this growth are largely self-evident: vertical SaaS enables rapid implementation with minimal customization. In many cases, merchants feel these platforms are built for their business rather than retrofitted to it. However, the operational benefits of SaaS are diminished if payments aren’t integrated into the solution. In a recent PaymentsJournal podcast, Brad Pinneke, Head of Enterprise Development at Worldpay, now Global Payments, and Don Apgar, Director of Merchant Payments at Javelin Strategy and Research, discussed how embedded payments have become a critical driver of vertical SaaS—a synergy that will only strengthen as new trends and technologies reshape the landscape. The Case for Embedded Payments One of the most notable aspects of the rise of vertical SaaS is that it has largely been market-driven. Adoption has accelerated as industries not typically known as early adopters—such as healthcare, construction, and financial services—have come on board, despite heavy compliance and consumer protection requirements. With the advantages of vertical SaaS now well established, these platforms will continue gaining traction and carving out new niches. “POS systems were so generic that everybody had to customize it, and most merchants were finding that that customization wasn’t possible because the platform didn’t support the features that they needed for their business,” Apgar said. “Now that these features are being identified, it’s created these micro-markets for POS platforms to be focused on the needs of specific business types, and payments are part and parcel with that.” Payments are a logical addition, given that vertical SaaS solutions increasingly encompass nearly every aspect of a small business. A pizzeria’s platform, for example, may manage everything from payroll to inventory. Yet few functions are as mission-critical as payments. This is why embedded payments and vertical software are increasingly in lockstep. By embedding payments directly into workflows, businesses can complete transactions at the exact moment a customer is ready to pay—whether when a service is completed or a product is purchased. “I’ll give you a great example from the last couple of years: field services,” Pinneke said. “In the past, the tech used to complete the job and then the office staff would send an invoice and the payment would arrive weeks later. Then, they have to reconcile that payment, take it to the bank, and cash flow was unpredictable.” “Fast forward to today, where embedded technology comes into play,” he said. “The job is marked complete, the payment is scheduled instantly, the receipt is automatically sent out, and the funds are settled predictably. You’re limiting the back-office intervention, which has huge impact to smaller businesses.” Automatic, Not Forensic One of the benefits of vertical SaaS solutions is the ability to deliver holistic business insights through a unified dashboard. Embedded payments extend this value far beyond checkout. “The embedded impact is that things like payouts and fees and balances are visible alongside operational metrics,” Pinneke said. “In the past, you had the system of record showing one thing and then you had a payments portal showing something else and the reconciliation between those was tough.” “That’s a big part of it today—it’s automatic, not forensic,” he said. “Forensic was such a big part of small business challenges; they just didn’t have time. Now, the reporting reflects reality, not just an estimate, and that’s critical for businesses today.” When implemented correctly, this seamless integration can improve cash flow while streamlining the customer experience. However, these gains depend on thoughtful placement within the platform. Payments should not exist as a separate or disjointed process; instead, sales, onboarding, and customer experience should reinforce a single, cohesive journey. Equally important is timing. Successful platforms introduce payments early in the customer lifecycle. Too often, organizations treat payments as an afterthought—only addressing them once users are trained and ready to deploy the solution. In short, platforms that succeed with embedded payments don’t position them as a value-add—they treat them as critical infrastructure that completes the workflow. “When POS evolved into vertical SaaS, it wasn’t uncommon for the merchant to say, ‘I’m going to shop for my software and now I’m going to shop for my payment solution,’” Apgar said. “Successful SaaS providers have figured out that it’s not a check-the-box optional feature. A lot of what’s driving the move toward embedded finance is that the vertical SaaS software is enabling a single source of truth database—starting with payments and eventually evolving into supplier payments and other functions that work off that same data set.” “It’s critical to the functionality of the system to drive off that single data set to have payments embedded in the SaaS solution,” he said. “The SaaS company has to embrace that and make that part of the go-to market strategy. It’s not a bolt-on or an add-on, it’s core to the function of the platform.” The Time Resource Merchants and platforms that embrace embedded payments as a core component of vertical SaaS will be better equipped not only for today’s challenges but also for a future shaped by artificial intelligence. “For the SMB that is the typical vertical SaaS user, AI is going to be a game changer,” Apgar said. “The most critical resource in the life of the business owner is time. With the centralized dataset within the vertical SaaS platform, the common option has been to create dashboards. So, we create marketing dashboards and payment dashboards and cash flow dashboards and say, ‘Here’s all the information that the business owner needs.’” “The bottom line is the business owner doesn’t have time to sit there and sift through all this,” he said. “That’s what AI does best, it manages large volumes of data to impute trends and make recommendations.” AI-driven decisioning is especially valuable at key points in financial workflows where human intervention can be slow and costly—such as determining whether funds should be released. Rather than relying on manual review, AI can sift and analyze vast datasets to flag suspicious or high-risk transactions, then approve, deny, or delay them accordingly. This helps financial institutions meet growing demands for real-time transactions while maintaining strong fraud protections. AI also plays a crucial role in payments orchestration, selecting the optimal payment rail based on factors like cost or efficiency. As new payment methods emerge, AI will become increasingly central in determining the best route for each transaction. From Reactive to Proactive Ultimately, AI is shifting organizations from reactive reporting to proactive insights. Historically, businesses often accessed key data weeks or months after the fact. Today, AI can process information in real-time, transforming areas such as predictive risk assessment and exception handling. These efficiency gains also create opportunities for cost reduction, including areas that directly impact merchants’ bottom lines. “AI feels like back when reliable internet became available, it’s such a driving force today,” Pinneke said. “The number one thing I get asked is ‘How do we handle chargebacks?’ If you look at AI, there is probably the greatest opportunity to let AI engines figure out the chargebacks in real time and deal with them.” “If you think about the entire process, it’s essentially broken,” he said. “People dispute something, it comes back, and the merchant and retailer has to go and collect data and show proof and all of that,” he said. “Imagine if AI tools did more of the upfront work. We would probably see a lot less chargebacks, and that turns into real dollars. That’s probably the number one place where AI is making a difference for everybody up and down the food chain.”

May 14, 202623 min

Inside Banking’s $10 Billion Inflection Point

Crossing $10 billion in assets isn’t just a milestone for financial institutions—it’s a turning point. What looks like a measure of growth quickly becomes a fundamental shift in how a bank operates, earns revenue, and manages risk. However, this landmark also brings substantial regulatory and compliance obligations, including changes to debit card revenue streams, mandatory participation in annual stress tests, and enhanced infrastructure requirements. It’s no surprise, then, that banks approaching the $10 billion inflection point often face a new level of uncertainty as their business model begins to evolve. In a recent PaymentsJournal podcast, Ellen Davitt-Lalwani, Senior Director of Portfolio Advisory Services at Fiserv, and Brian Riley, Director of Credit and Co-Head of Payments at Javelin Strategy & Research, addressed commonly asked questions about this transition and outlined the leadership, compliance, risk management, and card program strategies that can help ensure a smooth crossover. The Regulatory Uptick One of the most impactful aspects of the transition is the requirement to comply with debit interchange regulations under Regulation II, introduced through the Durbin Amendment to the Dodd-Frank Wall Street Reform and Consumer Protection Act. While these rules were passed to strengthen the U.S. financial services system following the 2008 financial crisis, the card-driven payments landscape means they also carry revenue implications for banks crossing the $10 billion threshold. “Cards are your customers’ primary physical contact with your brand,” Davitt-Lalwani said. “We need to remember that as Regulation II is put into place—as an institution moves from unregulated to regulated—their interchange can be cut by 40% or more and every transaction matters, for both debit and for credit. Interchange cuts also affect consumer and business debit transactions. For some clients, their interchange ranges from 30% to 50% of non-interest income today.” Indeed, the impact stems from the Regulation interchange cap: $0.21 per transaction, plus five basis points of the transaction amount, and an additional $0.01 for fraud prevention. This is significantly lower than what many midsized institutions currently earn, making it essential to accurately estimate the resulting interchange revenue gap, particularly on debit transactions. While this is one of the most consequential changes, it is far from the only compliance consideration. “One of the things that comes into play is Dodd-Frank stress testing, which puts a highlight on bank liquidity and, since you have become a large institution, ensures that you have the wherewithal to survive changes in the economy,” Riley said. “There are other regulations that also come into play that affect revenue, and there are higher compliance costs that come through the Volcker rule, which has to do with investments in private equity and financials in the background.” Preparing for What’s Ahead Given these new obligations, banks often have several key questions as they prepare to cross the $10 billion milestone. For example, institutions frequently ask whether they should proactively communicate with regulators and third-party providers about their trajectory. “That is certainly a ‘yes,’” Davitt-Lalwani said. “In terms of working with prudential regulators as well as third parties, having at least six months advance notice is a good idea. In terms of regulators, feel free to reach out to the Ombudsman’s office. It’s a good opportunity for your financial institution to establish a relationship with your regulator and it gets you off on the right foot.” “In terms of reaching out to third parties such as Fiserv, Visa, and Mastercard, there is typically an orchestration of operations and technology that needs to take place,” she said. “That six months advance notice gives everyone an opportunity to circle the wagons and put all of the right components in so that when you’re truly ready to step across that threshold, you’re doing it with all parties fully knowledgeable.” Another common question is whether additional asset thresholds trigger further regulatory requirements. The answer is yes. The $25 billion threshold introduces another layer of complexity, often compounded by the fact that it’s frequently reached through mergers or acquisitions. As banks near $10 billion in assets, some consider temporarily slowing growth until the necessary infrastructure is in place. This can be supported through deposit management partners such as StoneCastle, which can help move deposits off balance sheet until the institution is ready for the crossover. However, these partnerships must be established well in advance. Beyond balance sheet management, they also provide a buffer against “flights to safety,” when volatile market conditions drive sudden surges in deposits. “I’ve been through that $10 billion inflection point and one of the financial institutions that I was employed by experienced that flight to safety just as we were approaching the $10 billion mark, and it pushed us right up over the threshold,” Davitt-Lalwani said. “We are a nation that has a very dynamic socioeconomic market, so preparation is the better part of valor in this. I strongly recommend that financial institutions consider putting those types of tools into place.” A Regulator in Residence Preparation also requires a clear understanding of more complex reporting expectations, including enhanced audit, compliance, and risk reporting that often demands new data capabilities. In some cases, banks should also be prepared for the possibility of an on-site regulatory presence. “There could potentially be a regulator on-site all day every day with your associates—whether it’s in the cafeteria, walking through the parking lot, or in the elevator,” Davitt-Lalwani said. “They’re going to be able to pick up on conversations and to see and hear things that may not have occurred in prior situations. They’re important components as to how financial institutions need to be prepared and how they can work for success in the future.” These expanding obligations frequently require investment in both staff and technology. As teams grow—often in unanticipated ways—strong organizational alignment and clear communication becomes critical. Just as important is maintaining a customer-centric focus. As institutions scale, they can lose the personal touch that differentiates them. Structured feedback mechanisms, such as customer surveys, can help preserve that connection during the transition. “One of the best customer surveys I’ve ever had was to ask our customers if there was one thing they could change in the near term that would improve their relationship with us, what would that be?” Davitt-Lalwani said. “Your customers and members will tell you where you need to improve so they can willingly work with you and deepen their relationship.” “On the back end of it, make sure to communicate to your customers or your members that we’re listening to you; we’re hearing what you have to say, and this is how we’re responding to meet your needs,” she said. Balancing Growth and Risk Amid these changes, banks must continuously balance revenue generation with enterprise risk management. While the transition can feel complex, the ultimate goal is to position a successful institution for sustained growth. “You don’t end up at this threshold by accident,” Riley said. “You either got here through organic growth or through a merger. The focus is on the prep work, having everything in place because this is not a casual move and it needs planning that goes in front of it. Life will change when you crossover that barrier. The opportunities are certainly there and the risk is also there.” Given these considerations, establishing a comprehensive communication strategy ahead of the $10 billion threshold is essential—not just to explain new processes, but also to prevent internal silos or unintended organizational friction. “You want to make sure that everyone understands that higher water raises all boats,” Davitt-Lalwani said. “It’s important that we fortify the organization in all of the appropriate places Regulators, talk to your associates at the front-line level, at the back-office level, as well as executive and mid-management. (You want to make sure they) have an understanding as to how and why the organization is changing and what the anticipated needs will be.” “Communication is key, but it can be elusive, so having the board and the executive team devise a plan and putting in listening posts to make sure that the message is getting out there is a great thing to do and should not be overlooked as you embark upon this journey,” she said.

May 13, 202626 min

The Hidden Cost of Fraud Disputes Is Hitting Banks Hard

Fraud disputes are one of the fastest ways for banks to lose customers—and one of the least prioritized parts of the business. Despite the high costs, many institutions still treat them as a back-office function rather than a decisive point in the customer relationship. Beyond immediate losses—such as chargebacks, write-offs, and investigation expenses—banks also lose revenue when an engaged customer no longer keeps their account top of wallet. In a PaymentsJournal Podcast, Steve Durney, Vice President of Partnerships and Alliances at Quavo, and Suzanne Sando, Fraud Analyst at Javelin Strategy & Research, discussed the hidden costs of fraud disputes. It’s a problem that will only intensify as AI and agentic commerce evolve. Customers Are Willing to Move On Banking industry recovery rates for fraud average around 64%, leaving more than a third of disputed dollars unrecovered. For most banks, disputes are an expensive process, with operating costs eroding already thin margins. Research suggests that if a fraud issue or dispute isn’t handled effectively, 60% to 70% of customers will move to another bank. Notably, the outcome doesn’t always have to favor the customer, as long as the process is managed transparently and resolved efficiently. Once customers feel they aren’t being treated fairly, it’s difficult to restore trust. Accounts may be quietly abandoned, and products go unused. Even without formally closing an account, customers often disengage entirely. “We’re seeing growing numbers of consumers who are willing to close an account and walk away when they have a bad experience with their account,” said Sando. “Setting everything back up with a whole new financial institution—like bill pay or getting all your accounts linked to whatever other financial accounts you were linked to—it’s a tremendous hassle. If you’re willing to go through all of that, that says a lot for how important security and customer service is throughout a process like this.” Modernizing the Dispute Process Several aspects of the dispute process need modernization to improve efficiency and recover lost value. Because dispute teams rarely receive priority budget allocation, banks often underinvest in technologies that could significantly improve performance. Organizations that ignore these inefficiencies and continue to deprioritize back-office enhancements only prolong the problem. Five years from now, they are likely to be facing the same challenges. “The inefficiency really comes into what historically would have been categorized as judgement—something where a human being has to give opinion on in order to route it properly,” said Durney. “Second is the document interpretation, for documents that are incoming from either a consumer or a merchant, or being transmitted from the bank to the merchant. That’s the lion’s share of the inefficiency.” Banks without standardized documentation and clear rules force teams to spend valuable time interpreting procedures instead of executing them. When deeper, manual investigations are required, staff should be freed from repetitive administrative tasks so they can focus on higher-value work. Fighting Against Constant Turnover High turnover within fraud teams is another persistent challenge, especially given the long ramp-up time required for investigators to become effective. “I asked a bank not long ago, ‘What’s the turnover rate in your department and how long does it take you to onboard somebody?’” said Durney. “They said the onboarding was about six to seven months before they were effective, and they had a turnover rate of roughly 25%. “If you’re turning over your staff every four years and it takes you six to nine months to have somebody be a top performer, that’s a radical impact on all these day-to-day manual tasks,” he said. “There has to be a way to get people up to speed faster, handling the cases in such a way that you can actually hold on to staff and you don’t have that turnover.” Involving experienced compliance and regulatory professionals in designing dispute process technology can help reduce risk and ensure systems are better equipped to handle complex scenarios. The Risks of Agentic Commerce While banks are still working to modernize dispute processes and stabilize fraud teams, the next wave of change is already emerging. Agentic commerce promises new opportunities, but also introduces significant fraud risks. When AI agents act on behalf of consumers, traditional fraud signals—such as behavioral biometrics, device intelligence, and IP address—become less reliable, making it harder to distinguish legitimate activity. Fraudsters will increasingly leverage agentic AI in ways that are difficult to predict. “Once people really figure out how to use the tools to be able to make the agents go off and do things, you’re going to get the gray area of people abusing the system,” said Durney. “The use cases that we see so far are using AI to navigate the system. Say: ‘I bank with Bank X, tell me how to navigate the disputes process,’ and it will generally give you a pretty good recipe as to how to get through it.” Banks are already anticipating how AI could go wrong. Those looking to stay ahead in fraud dispute management must prepare now. “HBO’s Silicon Valley has a perfect example of this,” Durney said. “They told the AI to go buy them burgers for lunch, and then a pallet of frozen hamburgers showed up. Did the AI do what it was supposed to do? More importantly, what is a consumer going to do? A consumer is going to find the easiest path to go. I need somebody to be my advocate to fix this problem because I didn’t want a pallet of frozen hamburgers.”

May 12, 202624 min

Crypto Payments Are Ready for the Mainstream

Cross-border payments have long been defined by delays, fees, and a maze of intermediary banks. Stablecoins are changing that—offering a faster, simpler alternative that cuts out the middleman entirely. This use case is one of the key drivers behind the stablecoin market’s rapid growth in recent years. However, stablecoins—and digital assets more broadly—have the potential to reshape virtually every payment scenario, from enterprise transactions to retail purchases. In many cases, the infrastructure to support these applications is already in place, largely due to the rapid proliferation of crypto payment gateways. While early iterations did little more than add a ‘Pay with Crypto’ button at checkout, these crypto gateways have quickly evolved into full-scale payments orchestration platforms. In a recent PaymentsJournal podcast, Kate Lifshits, CEO of NOWPayments, and James Wester, Director of Cryptocurrency and Co-Head of Payments at Javelin Strategy & Research, discussed the dynamic powers of stablecoins, the remaining regulatory and infrastructure challenges, and how the final barriers to mainstream adoption are steadily falling. Solving Pain Points Although they aren’t issued by the U.S. Federal Reserve, leading stablecoins have effectively become a digital representation of the dollar. This makes them a powerful alternative to the existing rails. “There are some pain points that most merchants that use traditional rails face,” Lifshits said. “Those are speed, availability, costs, and the inability of the traditional rails to meet the rising demand for optimization and innovation. That’s exactly where stablecoins come in because if we’re talking about speed, we are talking about several seconds instead of several days. If we’re talking about costs, we’re talking about several cents or a dollar instead of a lot of dollars.” Beyond efficiency gains, the modern infrastructure supporting stablecoins can serve as a springboard for innovation. From a liquidity perspective, near-real-time settlement enhances the time value of money, enabling organizations and consumers to deploy funds more effectively. Together, these advantages make stablecoins a compelling option across a wide range of use cases. “In the way that business-to-business payments are being looked at, it is just having another option,” Wester said. “For the longest time there were no options in how you paid your bills, or the options you had were limited, expensive, and slow. It’s just having a new rail that has cheaper, faster, and better settlement time and removes some of the intermediaries who are taking a toll to move things along. And there are also friction points in having all of those intermediaries.” “We’re creating a whole new option that didn’t exist before, especially from a B2B standpoint,” he said. “Even remittances—when you’re talking about consumers paying each other across borders—what you’re seeing now is a new option that is cheaper, faster, better, and begins to drive down costs everywhere.” The Added Bonus of Crypto For all the progress in crypto payments, onboarding remains a sticking point. Many merchants are still wary of the perceived complexity of integration, while others lack a clear starting point. “It’s up to the crypto payment gateways to give them the easiest onboarding flow ever,” Lifshits said. “That would mean that when they start using the payment gateway, they see all the traditional tools they are used to, but with the added bonus of crypto.” The goal is to make crypto payment gateways as intuitive and seamless as the tools merchants already use, such as those offered by Stripe or PayPal. Gateways must also address longstanding concerns around crypto acceptance, namely, how digital assets are managed after receipt and the volatility of cryptocurrencies like bitcoin and Ethereum. This makes it critical for merchants to have the ability to convert crypto to fiat at any point, as well as the flexibility to choose how actively they manage digital assets. This optionality helps address another concern: crypto transactions can be unforgiving. For example, sending funds to the wrong wallet can have irreversible consequences. While the infrastructure to mitigate these risks has improved greatly, silos still exist. Many organizations continue to rely on separate payment stacks for traditional rails and digital assets. “We’re seeing development along both of those,” Wester said. “There are some nuances to payments the traditional way that we haven’t built into stablecoins yet. But what’s surprising to me is how quickly we are identifying those nuances, how quickly we are beginning to see the traditional rails and the legacy providers look at stablecoins and say, ‘We can do that, we can integrate that, let’s bring that into more traditional bank and financial institution payment rails.’” Advancing the Crypto Mission Rising institutional interest is driving new regulatory measures worldwide. These landmark frameworks represent a turning point for an industry rooted in decentralization and long viewed with skepticism by global financial leaders. “Regulation always lags innovation. You have an innovation, you don’t know what that innovation is going to entail, so regulators don’t exactly know what they’re supposed to be regulating,” Wester said. “Now that we’re seeing that it does provide cheaper rails, faster clearing, and all sorts of innovation, traditional financial services began to say to regulators: ‘We want to be able to do this,’ and regulators finally started coming around and saying, ‘Let’s see what we can do.’” Recent efforts include Europe’s Markets in Crypto-Assets (MiCA) framework and the GENIUS Act in the U.S.—developments that would have seemed implausible just a few years ago. Yet digital assets are proving they can be as compliant, safe, and secure as traditional financial instruments. They can also align with existing Know Your Customer (KYC), Know Your Business (KYC), and anti-money laundering standards. In some respects, blockchain-based transactions offer even greater transparency than traditional systems. As these long-awaited regulations take effect, it is critical for digital asset firms to embrace and adhere to them. “To further the mission of crypto, a payment gateway should be licensed, they should understand each country’s rules, and help businesses to operate with crypto on a regulated and licensed and compliant basis,” Lifshits said. “That would mean not just licenses, but also procedures as KYC and KYB. But here we see an interesting challenge—the KYC and KYB procedures should be out there without breaking the UX.” “That’s where the conversion usually starts to fail, when businesses are trying to be compliant and safe, but then the UX suffers for it,” she said. “It’s up to the payment gateway to comply with the rules, but to still to be able to provide a better experience than the traditional payment gateway that only works with fiat.” The Future Is Now Delivering a strong user experience while maintaining compliance is a difficult balance, but a crucial one. Many users remain hesitant to engage with crypto payments, making trust a decisive factor. “You can integrate this into consumer payments, remittances, commercial payments—whatever application it is,” Wester said. “It’s all a part of simplifying that user experience and then educating people on just how simple it is.” Ultimately, ongoing improvements in infrastructure, compliance, and education are all aimed at building that trust—the foundation for mainstream adoption of crypto payments. “If crypto itself is getting more trust, the same should go for crypto payment gateways,” Lifshits said. “And it’s not just education. There should also be a bit of marketing here because crypto is already here.” “It’s not just something in the future, it’s here. And you should do it now because while you’re waiting, others are already reaping the benefits,” she said.

May 7, 202618 min

The Passkey You Can’t Steal: Why Hardware Beats Software for High-Stakes Authentication

Today is World Passkey Day. And while the industry celebrates the shift away from passwords, the more important question is what kind of passkey replaces them. Many organizations recognize that passwords are on the way out, with passkeys emerging as a replacement. What’s less widely understood is that the two main types of passkeys—synced and hardware-bound—serve very different use cases and carry distinct risk profiles. While both improve security and usability compared to passwords, one offers much greater protection. In a Payments Journal Podcast, Adam Lowe, Chief Product and Innovation Officer at CompoSecure and Arculus, and Tracy Goldberg, Director of Cybersecurity at Javelin Strategy & Research, broke down how these approaches differ in practice. They explored how keys behave when stored in software versus hardware, and why those distinctions are especially important in payment authentication. What Is a Passkey?  A passkey is a cryptographic credential that allows a user to authenticate their identity with an application or service without a password. Many consumers encounter passkeys through mobile devices or platforms like Microsoft, often using biometrics such as fingerprints or facial recognition to log in. In most of these cases, the underlying credentials are software-based and synced through the cloud. This approach is very convenient: a single passkey can work seamlessly across multiple devices. However, that convenience introduces risk. If a user’s cloud account is breached, the bad actor may gain access to synced credentials, creating a significant security concern. Synced passkeys also face additional challenges. For example, while modern implementations are designed to resist replay attacks, improperly implemented systems or surrounding infrastructure can still be vulnerable if intercepted authentication data is reused to trick a system into granting access. “The more we have out there that’s living in the cloud, it’s just more readily accessible to cybercriminals,” said Goldberg. “The more that we can do in a physical environment—in addition to what we’re doing in a digital space—just enhances the security.” As Goldberg noted, hardware-bound passkeys are generated, stored, and managed on a local device, like a smart card or USB. These are widely used in high-security environments, including U.S. government and intelligence settings, and are generally considered best-in-class for strong authentication. “Software passkeys are great for that first layer, but we really need that depth of defense,” said Lowe. “Adding hardware local passkeys provides that next layer of defense for users.” A common misstep that organizations make is adopting hardware passkeys without fully modernizing their underlying systems. Often, this is done to avoid disrupting user workflows. While hardware passkeys can add a strong layer of protection, their benefits are limited if they are simply layered on top of legacy infrastructure rather than integrated into a modern authentication architecture. “When you sign, you’re getting a digital signature from the key, but you’re also attesting,” said Lowe. “There’s a certificate on hardware that proves it’s a valid hardware signer. While that food chain lives in the cloud, it can be manipulated. So another value to the hardware is not only am I signing, I am signing from a valid piece of hardware in a very straightforward way.” Non-Portability Is the Key  With hardware-bound passkeys, credentials are generated and stored within a secure element on the device. A secure element is a specialized chip designed to create and protect cryptographic keys—similar to those used in passports or payment cards. The defining characteristic here is non-portability. The private key never leaves the device. This is analogous to keeping a physical house key in your pocket: access requires possession. Because the key can’t be exported, duplicated, or remotely accessed, the attack surface is dramatically reduced. “We’re not saying that software passkeys go away,” said Goldberg. “It’s just an additional layer, a step-up authentication. It’s going to take a little bit more friction to authenticate and verify certain types of transactions or even certain types of individuals.” Read Privileges vs. Write Privileges  So when are software passkeys good enough, and when is hardware-backed authentication necessary? One useful way to frame the distinction is through read versus write privileges. Read privileges—access to view data—generally carry lower risk, since no changes can be made. In these scenarios, software-based passkeys may provide an acceptable balance of security and convenience. Write privileges, on the other hand, allow users to take actions that alter systems or move value, such as initiating payments. These higher-risk operations are where hardware-backed authentication becomes far more important. “That’s where we typically see that software to hardware migration, for stepping up an event,” Lowe said. “A very typical example would be sending a wire, sending any reasonable amount of money. Any time you get a risk flag, you can have the user tap into a step-up event.” The Tipping Point  The shift to hardware-bound passkeys could have occurred years ago, but widespread adoption likely depends on a tipping point—one that convinces organizations the added security justifies the change. “That tipping point is going to be a combination of increased cybersecurity risk, such as network infiltration that leads to data breaches,” said Goldberg. “It’s going to be upticks in fraud and increased risk to identity.” Many experts expect that payment flows, in particular, will increasingly require hardware-based authentication, given the high value and sensitivity involved. “If you do hardware-based authentication on a payment card, it shows possession of the physical card, which also answers so many fraud questions,” Lowe said. “We’ll get to the tipping point where consumers are concerned about their identities being compromised, and governments have more concern about verifying the authenticity of individuals, agents, and companies,” he said. “The whole notion of getting away from software-based authentication to having this additional layer of hardware will just become second nature.”