The PaymentsJournal Podcast

Last year, the treasurer’s office in Warren County, New York sent $3.3 million to what it believed was the county’s roadwork and maintenance contractor. It was not—the payments were instead routed to a fraudulent account. Because the county had recently switched from paper checks to ACH, the treasurer’s office had no account verification policies in place to prevent what turned out to be a textbook case of fraud. While the damage in Warren County represents the upper end of the spectrum, this incident is far from an outlier. It underscores the importance of implementing ACH protections, which many organizations already have in place. Too often, however, these measures are treated as a set-it-and-forget-it solution or merely a compliance checkbox. In a recent PaymentsJournal podcast, John Gordon, CEO of ValidiFI, and Suzanne Sando, Lead Fraud Management Analyst at Javelin Strategy & Research, discussed how robust ACH fraud monitoring controls can do more than satisfy regulatory obligations—they can act as a proactive risk prevention mechanism. This is essential to combat the growing prevalence and complexity of fraud. The Importance of Trust The compliance aspect of ACH fraud monitoring is partly driven by the latest version of the WEB debit rule, instituted by Nacha—the organization that governs the ACH network. Nacha’s enhanced fraud monitoring requirements raise expectations for all participants in the ACH ecosystem. “It increases the bar to say that we’re not just checking the validity of the account, but we’re also doing fraud checks,” Gordon said. “It creates an opportunity for financial service providers to identify fraud and to look at the potential risk associated with a consumer.” “It moves beyond compliance for compliance’s sake, which creates a lot of opportunities for financial service providers to not only identify and reduce fraud, but to put consumers in the right products that create mutually beneficial paths for them,” he said. Finding the right fit with customers has become more challenging in the digital era, where consumers have more options than ever and increasingly expect efficiency in every interaction. As a result, consumers often choose the path of least resistance when selecting a financial institution. These factors place institutions in a precarious position: they must balance security with customer expectations, both of which significantly impact retention. “The importance of consumer trust cannot be overstated,” Sando said. “We’re finding that when consumers have experiences with fraud or scams on a particular account—whether it’s a traditional financial account like your checking or savings or a merchant account—if they’ve experienced any sort of suspicious activity or fraud and scams, they’re much more likely these days to close an account where the fraud occurred and move somewhere else.” Stepping Up Authentication Given the risk of attrition, account onboarding and authentication have become critical stages in the customer experience. One key challenge arises from misapplied friction, where every user is forced to undergo the same verification process regardless of risk profile. “Our belief is there’s enough value in customer data that it can be managed through step-up authentication, that you are injecting friction where friction is warranted based on the risk signals that consumers have in concert with their profiles—whether that be their bank account, their payment transactions, or their credit scores,” Gordon said. “There are a number of different ways to end up at the right answer so that you’re facilitating a flow where the consumers stay in the process and you are fast tracking your low-risk consumers and putting obstacles in place where they should be,” he said. This process can be optimized by leveraging the richer data available in a validated account. Institutions can go further by authenticating the account, confirming that the applicant’s name matches the account owner’s—allowing for a more targeted, efficient approach. Implementing these measures early in the process is critical for fraud prevention and enables a customized experience, reducing the verification burden on the institution. For example, if a consumer opts out during onboarding due to friction triggered by their financial profile, the institution avoids a potentially difficult credit decision. Conversely, highly qualified consumers can be fast-tracked, improving both the experience and conversion rates. Scouring Alternative Data Although authentication is vital, it is increasingly challenging under the current credit scoring system. Last year, traditional scoring methodologies eliminated medical debt—a significant portion of consumer credit—from scores. While this change reshapes scoring, it does not remove the underlying debt burden. Additionally, consumers now maintain more financial relationships than ever, including accounts at traditional banks, digital-first banks, and fintechs. Many of these relationships are undisclosed, complicating accurate assessments of creditworthiness. “It becomes incumbent upon financial service providers to look at alternative data in a way that they can derive value out of it,” Gordon said. “We believe the consumers’ bank behavior, their payment success rates, and the velocity with which their PII elements change are all clues that will lead you to have a more accurate picture of that consumer—what they can afford and their creditworthiness.” “When we factor in the way that consumers acquire credit today versus the way they did in 1989 when the FICO score was created, they’re wildly different,” he said. “The traditional scoring methodologies haven’t kept pace with the way consumers are acquiring credit now. We see scenarios where consumers apply with a clean bank account only to subsequently change to a neobank account or some other bank account that they’re utilizing to enact what equates to first party fraud.” Palatable to All Parties These challenges have driven the emergence of data-driven treatment strategies, where financial service providers leverage shared industry data. This intelligence provides critical insights into connections between consumers, accounts, identities, and performance metrics. Such knowledge enhances underwriting, creating a scenario where a consumer’s application experience is guided by both their inputs and industry knowledge of past activity. However, these strategies must always be aligned with the institution’s broader objectives. “We have a client that we work with that does account-to-account payments tied to loyalty cards,” Gordon said. “Their exposure in that scenario is fairly limited, they want as much acceptance as they can possibly get. Conversely, we have some clients who are doing large dollar distributions, and it is not too much to ask for someone to credential into a bank account and we’re talking about the potential for five- and six-figure disbursements.” “It’s difficult to ensure that you’re keeping down the cost of doing business, the fraud losses, and ultimately the cost of credit,” he said. “When you marry the authentication process to the use case, you end up with a lot better solution that’s more palatable to all parties.” Confidently and Compliantly Developing strategies and implementing fraud management measures is imperative, as new and potent fraud variant emerge daily. The most effective defense is sharing information and leveraging a risk intelligence provider to help chart the way forward. “It’s finding a solutions provider that is flexible and can adjust and be agile in the same way that we find fraudsters are agile with technology and how they can use it against consumers,” Sando said. “It’s also about recognizing the fact that consumers are not all the same, it’s not one-size-fits-all. It’s about having that solution provider that can help you figure out how we navigate each individual case to make sure that it’s optimized for every single customer that comes through the system.” These solutions help organizations stay ahead of escalating fraud threats and maintain compliance with regulations like Nacha’s rule enhancements. But that’s just the beginning. “There is a lot of opportunity beyond compliance in account verification and authentication,” Gordon said. “What we see is that not only will more of your payments clear, but there are certain attributes and thresholds that , when crossed, significantly improve performance. Meaning, you’ve verified the account, the account has a certain history, and it doesn’t indicate any of the negative attribution that we often see compounded by a name match. You have the ability to operate confidently and compliantly in a way that you probably aren’t enjoying at present.” The post From a Checkbox to a Differentiator: Redefining ACH Fraud Monitoring appeared first on PaymentsJournal.

As financial fraud continues to accelerate, its impact on victims goes far beyond monetary loss. The emotional and behavioral effects are long-lasting, shaping future decisions and sometimes undermining trust in their financial institutions. Substantial progress has been made in strengthening fraud detection and prevention, but much work remains—especially in the age of AI. In a PaymentsJournal podcast, Dal Sahota, Global Director of Trusted Payments at LSEG Risk Intelligence, and Suzanne Sando, Lead Analyst of Fraud Management at Javelin Strategy & Research, discussed how fraud affects different generations and what banks can do to stay ahead of the problem. Fraud Comes from Everywhere It’s hard to go a single day without encountering a scam attempt or hearing about someone who has been targeted. This constant exposure underscores how sophisticated and pervasive fraudsters have become. LSEG’s latest global research shows that most consumers believe scams are on the rise. As more aspects of life move online—opening new avenues for fraud—it is clear that everyone is at risk. “This morning, I got an email from a car rental company about a supposed upcoming trip from Orland Park, Illinois,” said Sando. “As someone who lives in Milwaukee, about an hour and a half outside of Orland Park, I’m not picking up a rental car there. But you stop and think, ‘hey, I do find myself randomly researching trips. Could this have been something that I looked up and maybe I’m getting a prompt from their website?’ That’s how people end up clicking on phishing links or providing details they didn’t intend to reveal to a fraudster.” Across the Generations Because scammers have become highly skilled in targeting, each generation experiences fraud differently. Scams exploit areas where specific groups are more vulnerable. Older generations expressed the highest concern about fraud in the LSEG study, while younger groups reported greater exposure to emerging threats such as deepfakes and “quishing” attacks. Reactions also vary by age. Some 97% of victims reported changing their behavior after being scammed, becoming more cautious online, sharing fewer financial details, and avoiding certain channels. Some may feel so insecure about certain payment types that they abandon them  entirely. Older adults, however, tend to experience the greatest loss of trust compared with other groups. “There are deep levels of distrust in any and all communication, which can be really devastating when you’re trying to maintain a relationship with your financial institution,” said Sando. “If you don’t even know that you can believe what’s being sent to you from your bank, what can you believe? Once that security feels like it’s just an afterthought and that trust has been violated, it’s really hard to go back to business as usual.” The Information Gap The effects of scams extend beyond individual victims—they ripple throughout the financial services ecosystem. “That really comes out in the research, how that’s impacting consumers and the lack of trust when they’re interacting in digital channels,” said Sahota. “We found that 32% of respondents reference shame as an emotional impact. And this is very devastating in the market.” A significant information gap exists regarding accessibility and the warning signs of potential fraud. Less than a quarter of LSEG’s survey respondents described themselves as well-informed  in this area. Separate data from Javelin indicates that many consumers are unaware of the educational resources their financial institutions offers, even when these resources are available online or via mobile apps. These programs are only effective if consumers can locate and act on them. “We can think about this in terms of vulnerabilities that they’re under and how those are targeted,” said Sahota. “Don’t assume that the consumer’s first language is English, for example. Those are nuances to work within, but the fraudsters really take advantage of those exposed vulnerabilities.” Sando added: “A lot of financial institutions post really text-heavy articles. Frankly, you’re seeking out education when you need it the most. You’re not sitting around on your couch on the weekend reading education on your bank’s website. You’re going to it in that moment. So it has to be hitting the consumer right at the part where it’s most critical.” A More Personalized Experience Financial institutions could benefit from delivering a more personalized experience, tailoring education based on demographics and customer behavior. Understanding what resonates—by geographic location, generation, or product ownership—helps identify who is most vulnerable to specific scams and how to reach them. “You’re not going to hit older generations with a lot of pop-up notifications on their phone,” said Sando. “That’s not the typical way that they consume information.” Once someone has fallen victim to a scam, they often struggle to focus on available resources or their rights. This is when financial institutions must guide them through the recovery process. “A scam victim shouldn’t have to be the most well-informed person on the process of reimbursement and resolution for your scam,” said Sando. “You want to have a highly trained investigator or case worker from your financial institution that’s there to walk you through because you’re already having to bear the burden of the financial loss.” Playing on Offense With money moving faster than ever, applying the right level of friction to the right type of payment reassure consumers. A small verification step can provide certainty that the beneficiary is legitimate. Friction that ensures validation is not a barrier—it’s a protective measure. Too many institutions wait until validation occurs too late. In the era of real-time payments, once a transaction is submitted, the money is gone. Prevention must come before the payment, not after. “We are focusing earlier on in building a full picture of ‘Who is this person I’m paying? What’s their historical account information?’” said Sahota. “Building a full picture and using the data that we have access to as financial services can make the difference in detecting suspicious activity before it’s too late. There are a number of vulnerabilities that the fraudsters and the scammers are exploiting. They continuously evolve. The leveraging of AI in that regard has really scaled the scams up. We need continuous risk assessment of all the aspects across the value chain.” “We continue to play from behind,” he said. “We’re always on defense, we’re never on offense. We’re always being reactive when we should be proactive.” To explore the full breadth of consumer insights referenced in this discussion you can review the complete survey findings in LSEG’s After the Scam research. The post The Emotional Toll of Financial Fraud appeared first on PaymentsJournal.

Many credit unions are grappling with the differences between cryptocurrency, stablecoins and tokenized deposits—and whether these innovations fit into their business model. It’s important to take a step back and allow strategic evaluation, rather than urgency, to drive decisions around digital assets. Velera and its Digital Asset Lab are helping credit unions overcome the “fear of missing out” that often accompanies emerging technologies like crypto. In a PaymentsJournal Podcast, Velera’s Vlad Jovanovic, Vice President of Innovation, and Nathan Meyer, Senior Innovation Strategist, as well as James Wester, Director of Cryptocurrency at Javelin Strategy & Research, discussed what credit unions are doing—and should be doing—in the digital assets space. Three Primary Categories of Crypto The concept of digital assets now encompasses stablecoins, tokenized deposits and a range of cryptocurrencies such as Bitcoin, Ethereum and Solana. Cryptocurrency itself has evolved into a speculative asset class that consumers can buy, sell, trade and hold. Its volatility makes it risky, but people are using it to grow wealth, diversify portfolios and explore the broader digital assets landscape. Regulatory guidance on crypto is still incomplete. The CLARITY Act, which aims to provide a clear regulatory framework for digital assets, is still progressing through Congress. For these reasons, most credit unions are approaching crypto cautiously. “Do you want to create a connection point that allows your members to be able to transact with Bitcoin or Ethereum or Solana?” said Meyer. “That creates more risk exposure for the member, as well as concerns around what type and level of trading you’re allowing them to do. Because there is volatility, it can have significant impacts on them—both positive and negative.” Stablecoins and Tokenized Deposits Stablecoins function primarily as a payment instrument, designed to provide liquidity and trading within the crypto market. They are typically backed by secure assets, most often U.S. dollar-backed assets, such as short-term Treasurys. Stablecoins can be thought of as a new payment rail—just as FedNow and RTP provide speed for real-time payments, stablecoins offer similar capabilities. The first step for a credit union considering stablecoins is to assess whether member demand exists. Without demand, creating additional infrastructure is unnecessary. But for organizations with members engaged in remittance, stablecoins can move money more efficiently and at lower cost than traditional wires. Another important type of digital asset is tokenized deposits. This infrastructure enables credit unions and banks to tokenize existing balance sheets and bring them into the digital realm. Tokenized deposits can remain internal to a credit union’s ecosystem, but some institutions are exploring them for intraday settlement or liquidity pools. “We’ve seen a lot of VC dollars enter the space and a lot of start-ups are creating hype around their technology,” said Jovanovic. “That in itself is going to create a bit of a FOMO effect within the credit union industry. Am I doing enough? Should I be doing more?” The Coming Regulatory Impact Rules governing digital assets are still evolving. The GENIUS Act, passed in July 2025, provides a framework for exploring use cases and applications of this technology. NCUA has issued proposals outlining constraints related to crypto, which credit unions should review carefully before moving forward. Credit unions should also monitor the CLARITY Act as it moves through Congress to inform decisions around partnerships and exposure to digital assets. One immediate opportunity is engaging with regulators to help them understand credit unions’ needs—shaping regulations in a way that benefits both institutions and their members. “Stablecoins and crypto to some extent have been wrapped up politically in ways I haven’t seen with other technology,” said Meyer. “I never had to worry about thinking through cloud migrations and worrying that as soon as an administration changed, the dynamic around that technology was going to deflate or inflate. There is a lot related to crypto that has tie-ins politically, and that is feeding some of this movement versus the actual problem it solves or demand.” “It’s important for credit unions to understand both the CLARITY and GENIUS Act, but also understand if you get out over your skis in this space and a different administration comes in, regardless if it’s Republican or Democrat, you could see a very different perspective on privatization of stablecoins and money in general,” he said. What Should Credit Unions Do Now? For most credit unions, the first step is education—learning both the technology and the regulatory landscape of stablecoins. Bringing in digital assets experts, participating in industry consortiums, and collaborating with peers can accelerate this process. Ultimately, the most important questions revolve around members’ needs and the organization’s strategic objectives. “One of the best ways to cut through hype is to ask why,” said Wester. “How does that support the mission of my bank, my credit union, my product? That’s a really important question, because if you have somebody coming to you from either the vendor side or the crypto and digital asset space, it feels like hype.” Meyer added: “If you truly know who you are and what role you play in the community for your members, it allows you to avoid false signals. You can point to that strategic structure of who you are and very clearly articulate where this fits within that umbrella.” The post What Should Credit Unions Be Doing with Crypto? appeared first on PaymentsJournal.

In the past, banks and businesses could build rapport by delighting customers over several interactions. That window has largely disappeared amid the impersonal nature of today’s digital ecosystem—and the growing sophistication of fraud. The surge in fraud and money laundering has prompted many experts to advocate for a return to a zero-trust framework, where every party must be verified before a transaction proceeds. That mandate will only grow more complex as agentic commerce gains traction and AI agents—and their intentions—must also be validated. In a recent PaymentsJournal podcast, FinScan’s Chris Ostrowski, Head of Product Management, and Kieran Holland, Global Head of Solutions Engineering, along with Christopher Miller, Lead Emerging Payments Analyst at Javelin Strategy & Research, discussed how these factors have placed a premium on trust. There are tangible ways organizations can build trust in a real-time, agentic environment. Increasingly, however, those efforts must take place long before a transaction is ever executed. Accelerating Social Change Many artificial intelligence enhancements have been implemented behind the scenes, from workflow optimization to cybersecurity. While customer-facing tools like chatbots have been successful, asking consumers to entrust shopping and payments to AI agents requires a far greater leap of faith. That leap comes at a time when many consumers are experiencing a crisis of confidence. Fraud attempts have become both relentless and highly convincing—and too many individuals have fallen victim. “I always give the example of what I would say to any member of my family who says, ‘I’ve received an e-mail offering me this deal or a massive bargain,’” Holland said. “If someone came up to you in the street and said, ‘I’m a Nigerian prince who wants to give you $5,000 if you could cash that for me,’ would you trust them?” “There’s still that social change needed, because when something is not face-to-face, I have to have certain controls and mechanisms to make me feel confident,” he said. “Maybe that change will eventually become ingrained; maybe it just won’t. Maybe us humans need a certain amount of confidence that we used to get from face-to-face interactions.” To rebuild confidence in a digital-first environment, organizations must establish effective risk controls around payments. That task has grown more complicated amid the rapid expansion of payment types, now spanning cards, crypto, and real-time payment rails. This proliferation has elevated payments orchestration platforms to the forefront. These platforms not only operate across multiple payments rails, but also enable businesses to intelligently route transactions to optimize authorization rates, timing, and cost. Such optimization is no longer just a matter of efficiency. It’s foundational to establishing trust before a transaction ever occurs. It’s also a prerequisite for agentic commerce to scale meaningfully. “With those true agentic payments, you’re trusting that individual to act on your behalf with that vendor, potentially for the first time, or even a network of vendors,” Ostrowski said. “You have to trust through interaction, but also within access and being able to facilitate enabling the right credentialing and set of controls within it. So you don’t have your agentic AI go out and buy you 10,000 rolls of toilet paper because it was more efficient to do it that way,” he said. “You’re having to put a lot of that trust up front.” Given the potential volume and velocity of agent-driven transactions, trust must rest on a firm foundation. Achieving that will require broad industry alignment—a necessary, though potentially challenging, step. “One of the interesting things here is that trust means something different for each participant in a transaction like this,” Miller said. “There is what a merchant needs to trust, there’s what an issuer needs to trust, there’s what a processor needs to trust, and there’s what consumers need to trust. There’s just a lot here to think about in terms of how we can get all the participants to agree to do the transaction.” Driving the Next Generation of E-Commerce This industry-wide agreement between merchants and financial services firms will be paramount because the roles and responsibilities within agentic transactions remain fluid. “You’re setting conditions around more of an event-driven architecture,” Holland said. “When something happens on this system, then do something else for me without me having to initiate it. But who defines what the criteria for that is? Who designs the guardrails around that and who—I suppose legally and philosophically—holds the responsibility for saying, ‘I want this?’ And now the AI has translated that into a set of conditions that it’s going to use.” “It’s the same concept in fraud prevention as in retail banking,” he said. “We don’t expect the end consumer to be the perfect guardian of their own financial health. We accept a certain level of responsibility across the injury to help them in that regard. I think the same is going to be true of agentic AI.” Like modern payments infrastructure, agentic commerce will likely include baseline controls. However, banks will still need to implement their own safeguards, policies, and compliance frameworks to protect customers and their institutions. Larger financial institutions may need to take the lead, gradually introducing customers to agentic commerce through limited, well-defined use cases that build familiarity and confidence over time. “You’ll probably see something similar to the use of Zelle in the U.S. where you have banks coming together and putting those safeguards around it at a common level,” Ostrowski said. “It can drive the growth of agentic AI usage within various financial services, within payments, and within retail itself.” “You’re also going to continue to see the growth of trust registries, where you go through verification processes to be placed on the registry to show that I have proven my ability to be trusted, and that information can follow along with the agents,” he said, “especially within the blockchain space of being able to cryptographically assign transactions and agents with certain rights. All of that can be facilitated at these larger institutions that are already learning it in other areas, to help drive this next generation of e-commerce.” The Messaging Standard A consortium-driven approach to agentic commerce will hinge on clear, standardized communication. Although the ISO 20022 messaging protocol was not developed specifically with agentic commerce in mind, its rich, structured data model is well suited to this paradigm. “ISO 20022 has been designed deliberately so that much clearer information is available about what this transaction is and who’s involved,” Holland said. “Whether you need to identify the name and location of the ultimate debtor, the ultimate creditor intermediaries and so on, that new standard was designed from the ground up to do that.” “It’s important because when you look at how AI within compliance is starting to take off, data is the foundation to that,” he said. “If you haven’t got good foundational, reliable data about who’s involved and who the counterparties are, making a good, accurate, and certainly more automated decision comes with significant risk.” A common messaging standard becomes even more critical as transactions accelerate towards real time. For example, stablecoins and agentic commerce share significant synergy: both are real-time, highly efficient, and capable of leveraging ISO 20022’s enhanced data capabilities. For stablecoins to integrate fully into mainstream financial systems, however, transactions must embed sufficient data to distinguish them from other cryptocurrency transfers. They must also incorporate compliance-related information, including support for travel rule requirements. “That whole sphere comes back to the standard ISO 20022 fields and that consistency we’re starting to get to be able to go forward in these various ways,” Ostrowski said. Making the Final Decision More advanced communication standards, efficient infrastructure, and stronger safeguards are all critical to fostering trust in an agentic commerce ecosystem. Yet none of these solutions can replace distinctly human qualities—creativity, empathy, curiosity, and judgment. “It’s a true saying that if you design a very fixed, very structured, automated system, us humans will always find a new scenario, a new circumstance that is all of a sudden going to break it,” Holland said. “Introducing humans into it is that creativity buffer where I can see that Chris has bought 10,000 rolls of toilet paper, I can see that it meets his preferences, but I as a human know that’s unlikely.” “That curiosity whereby humans can still intervene and say 99.9% of the time this might be right, but with my insightfulness, with my creativity, I can introduce that human factor back into this overall very tightly structured process,” he said. “I become that level of flexibility that’s not going to break the system.” The human element won’t disappear, because AI agents are ultimately designed to act on behalf of individuals. Preferences differ widely and evolve constantly. An AI agent may learn a consumer’s favorite restaurants, events, or airlines. But human priorities shift. Tastes change. Context matters. In the end, even in an agent-driven economy, trust will remain deeply human. “Maybe that day you feel like a window seat instead of an aisle seat, and your agent would say, ‘No, that’s not your typical pattern, you normally do this,’” Ostrowski said. “There’s still that level of independence that the human wants and over time the agent will try to mimic that, but you’re still never going to completely replace that.” “It’s similar to what we’re seeing within the regulatory environment, where regulators aren’t ready to hand off agentic decisions for risk evaluation or compliance approvals to agents entirely,” he said. “They still want to see a human reviewing the cases, making decisions on whether I should onboard or reject a type of transaction. I want to be the one approving it; I want to be making that final decision. It’s doing 90% of the work for me, but I want that last 10% to stay with me.” The post The Fate of Agentic Commerce Hinges on an Elusive Resource: Trust appeared first on PaymentsJournal.

High-profile data breaches at major retailers exposed thousands of consumers’ personal account numbers (PANs), spurring the adoption of tokenization—a solution that replaces sensitive account data with surrogate values, protecting both consumers and merchants. As tokenization scaled, its benefits proved to extend well beyond fraud prevention. Merchants often saw meaningful lifts in authorization rates. But the rise of competing token types, the emergence of agentic commerce, and evolving policies from industry leaders have made tokenization strategy more complex than ever. In a recent PaymentsJournal podcast, Kiel Cook, Principal Product Manager at IXOPAY, and Don Apgar, Director of Merchant Payments at Javelin Strategy & Research, explored tokenization’s performance advantages—and why the next phase of change represents an opportunity for merchants to take the reins of their payments destiny. Avenues to Authorization As demand for tokenization increased, card networks introduced network tokens, payment service providers (PSPs) issued proprietary tokens, and third parties developed universal tokens to bridge ecosystems. For a time, the industry speculated about which format would ultimately prevail. “The different forms of tokenization were pitted against each other as a this-or-that scenario in the beginning,” Cook said. “But over time, especially in 2025, what I realized was these are actually a better-together play. Ultimately, when we’re talking about payment credentials, we’re talking about authorization rates. Network tokens are a trusted source and typically increase the likelihood of avoiding soft declines.” “But there are still scenarios where the network token may fail or may not be the most apt payment credential to use,” he said. “Those who are positioned to pivot back to the PAN when needed are the ones that are going to win. The more avenues you have to obtain authorization rates, the better.” Beyond security and authorization benefits, tokens are persistent. They stay current even when underlying cards expire or are replaced. This reduces unnecessary declines in card-on-file and recurring payment scenarios. Tokens can also serve as a common denominator across P2Ps, acquirers, and regions. When paired with payments orchestration platforms, they unlock operational flexibility and significant efficiency gains. Together, these advantages make tokenization foundational to modern payments infrastructure. Yet rapid adoption has also surfaced new pain points for merchants. “As the merchant landscape and consumer shopping started to evolve into omnichannel and then mobile, merchants would go with best-of-breed providers and sometimes wind up with multiple tokenization stacks,” Apgar said. “When you now want to change PSPs or you want to make a change to a sales channel or bolt on another vendor, it becomes a real issue if you don’t have control over the token.” The Question of Ownership For small businesses just getting off the ground, token ownership is rarely top of mind. Payments services are often lumped into the broader cost of doing business. “It’s usually not until an issue arises with their PSP, such as downtime or some new technology gets launched into the market and their PSP doesn’t have that,” Cook said. “Then they’re looking to move and they realize they don’t have the authority to make those decisions; they need the permission of their provider in order to take their data and put it somewhere else.” “In that moment, the question is, ‘Do you own your data? Do you have control? Can you do what you need to do to drive efficiency, to increase your bottom line with your customers, to increase your brand recognition, to have a robust payment connectivity layer?’” He said. That calculus changes as merchants expand and integrate multiple PSPs. At that stage, token ownership directly impacts portability, routing flexibility, and negotiating leverage. In short, whoever controls the token controls critical aspects of the payment relationship.   “How much autonomy would you like to have in your payments decision?” Cook said. “That’s going to help you understand how important ownership of your own data is going to be for you. Those who own their payment credentials own their own destiny.” The Tokenization Mandate Payment credentials remain incredibly powerful and increasingly difficult to safeguard amid rising fraud sophistication. To strengthen protections, Mastercard has committed to tokenizing all e-commerce transactions by 2030. While many support the spirit of this mandate, merchants are struggling with its practical implications. Credit cards will still be widely used in 2030, and issuers will continue to provide PANs to consumers. However, PANs will likely play a diminished role in the transaction lifecycle. That shift makes universal, merchant-driven tokenization essential—not only for protecting customers, but also for maintaining PCI compliance. “The 2030 mandate is more of a requirement to convert a PAN to a network token because I don’t see PANs being completely removed from the ecosystem by then,” Cook said. “Digital wallets will continue to expand because merchants will start to receive more network tokens through avenues or rails that are out of their control.” “But there will still be times where someone who’s on the other side of the digital divide that hasn’t adopted a digital wallet and is still coming in trying to process with their PAN,” he said. “The onus will be on the merchant in those scenarios to have the avenues to convert PANs, when they do receive them, to network tokens.” Developing Agentic Trust A more proactive tokenization strategy is becoming critical as the payment ecosystem approaches another inflection point: the rise of agentic AI. These autonomous agents are poised to become a mainstream shopping interface. “We’re going from one payment credential—historically the PAN—to now a proliferation of payment credentials and line of sight to where these are coming from,” Cook said. “How do you know what to trust and what not to trust? How do you know the difference between an agentic agent that has permission versus a bot hitting your website?” “One of the big things is making sure that you as a merchant have your data stored in a way so that the agent can pick it up and share it with the consumer on the other side of that search,” he said. “Not having your data in the correct format or being able to be picked up in a certain way is going to be a big challenge for your company to maintain line of sight to your consumer, as they have a new middle layer managing the interaction.” This highlights a new core challenge—trust. Merchants must verify not only the consumer, but also the AI agent acting on their behalf, along with permissions and intent behind each transaction. Meeting this need will require new infrastructure capable of assessing and managing agentic risk. Tokens can play a pivotal role by creating guardrails around agent-driven activity. Merchants should begin preparing now to support agentic-ready token frameworks. “Keep in mind, it’s just a different version of a network token, which are just payment credentials,” Cook said. “Universal tokenization should be looked at as, ‘I’m about to get bombarded with payment credentials that are scheme-persisted. I don’t control the usage; I don’t control the relationship; these things weren’t built with me in mind. What was built with me in mind? What is my tool to anchor myself?’ That’s universal tokenization.” “That’s the playbook that I would put out there for merchants to leverage to protect themselves,” he said. “It’s making sure that they have line of sight to who is who and having something that they can drop directly into their ecosystem without having to re-architect their entire payment stack in order to be relevant in the agentic commerce world.” The Tactics Are Changing The rapid evolution of payments—especially the acceleration of generative and agentic AI—has created urgency for many merchants to modernize. While adopting new technologies is important, strategy must remain grounded. “If you go back 10 years ago, we were in the same place with tokenization and everybody rushed to tokenize as a stopgap security measure—only to find out down the road that I now need a more holistic strategy around how I use tokens and what benefits they give me beyond security,” Apgar said. “That’s where we are with AI, too,” he said. “My advice to merchants would be slow down the conversation and understand what AI means for your business, for your customers and your data security—and try to put a strategy around all of this.” At its core, any tokenization roadmap should be a natural extension of a company’s broader mission: protecting customers, optimizing performance, and maintaining control in a dynamic ecosystem. “We’re talking about consumers making a purchase and merchants receiving a payment credential and maintaining line-of-sight to their customer for loyalty plays, security plays and so on,” Cook said. “This is what we’ve always been doing; the tactics are just changing. This is change management. Are you paying attention to the things that are changing? Do you see the incremental adjustments that are occurring and are you adjusting as you go?” “If you have a rigid approach to your processing stack, that’s when things will become detrimental,” he said. “At the end of the day, no one can see what’s on the other side of the 2030 line. The best thing that you can do is put yourself in a flexible, future-proof payment stack so you’re prepared for whatever payment credential that comes on the other side.” Learn more about how agentic commerce shifts risk to merchants and breaks traditional fraud models The post Tokenization: From Security Tool to Future-Ready Payments appeared first on PaymentsJournal.