Agentic commerce was one of the loudest e-commerce trends of 2025, but is it real demand or mostly hype + incentives?
In this episode of Payments FM, I sit down with Colin Luce, Founder & CEO of Basis Theory to unpack what is actually happening in agentic commerce and agentic payments right now, what merchants should do today, and why trust and tokenization might decide how this all plays out. 
Join Payments Slack Group
But first, join the Payments Community Slack Group: https://payments.fm/p/slack
Follow the show
We covered
The real blocker: messy merchant data and product availability
Embedded checkout vs “true agents transacting on your behalf”
Why virtual cards would be a bad end-state for the ecosystem
ACP (Agentic Commerce Protocol), platform incentives, and “who owns the customer?”
Where agentic payments may show real near-term value (hint: not the sexy B2C stuff)
Chapters
01:36 Welcome Colin Luce (Basis Theory)
02:23 FOMO, hype, and incentives driving adoption
06:04 What merchants should do first (traffic, data, readiness)
12:36 Payments realities: embedded checkout vs true agent payments
19:37 Are today’s demos “magic”? (disappointing discovery, data quality)
23:50 Best use cases + where agentic commerce really helps
34:26 Protocols, ACP momentum, and merchant voice
41:31 Who should store the payment credential? (trust + tokenization)
44:59 Chargebacks & liability in an agent-driven world
46:23 Cybersecurity risks in the rush to ship
49:49 Biggest blocker in payments: behavior change
54:01 One elevator tip to improve payment performance
Full transcription
Nikita
Agentic commerce was one of the loudest trends in 2025. I was very interested in this topic and today we talk with Colin Luce, who is the founder and the CEO of Basis Theory. Basis Theory is one of the leading platforms in the payments tokenization space and they are not a stranger to agentic commerce. Basis Theory founded a consortium for agentic commerce with some of the big players.
In this conversation, I asked Colin about: is agentic commerce a real thing, or is it just a form of what merchants and businesses should do today to enable this channel? What’s the future of agentic commerce?
But before we start, first of all, please subscribe to the show on the platform you’re listening to. If you are on YouTube, Spotify, or Apple Podcasts, please subscribe on the platform — or best, just go to the payments.fm website and subscribe to future episodes right there. And the second announcement: we started our payments community Slack group.
The goal is to have the largest payments community where we have very pragmatic conversations about payments without any influencers or sales pitches. If you’re interested, go to payments.fm/slack and you can join the community from there.
And with this, please welcome Colin.
Nikita (01:36):
Hi Colin, and thank you so much for joining Payments FM.
Colin Luce (01:40):
Yeah, thanks for having me on this cold Monday morning.
Nikita (01:44):
Yeah, absolutely. Super excited. So let’s maybe start with that. Agentic commerce today — I would imagine a lot of merchants, they’re reading blogs, listening to podcasts, and they have some very severe FOMO, right? That something’s going on, something’s happening, and maybe they’re not part of the trend.
So how do you feel about this today, right at this moment? Should they already start implementing something — researching, discovering, talking to vendors — or where are we today, and what should merchants start doing today?
Colin Luce (02:23):
Yeah. So I think it’s a mix of FOMO and the associated hype around it, but also incentives candidly, right? I think on the FOMO and hype side, there’s this inherent kind of EV (enterprise value) or multiple bump that we’re seeing publicly traded companies receive from the market. And I think we’re seeing the same thing on the private side.
And so there’s just this inherent low-hanging fruit, so to speak, opportunity to talk about all of the things you’re doing with agentic commerce and seeing the market reward that. So I think that’s one side of it.
I think the other side of it is just incentives, right? I think those of us in the payments ecosystem have seen this play out time and time again as the networks and various different constituents bring new products and services to market. They often incentivize folks for adopting those things, and we’re seeing that as well.
And so it’s this mix of FOMO and hype and incentives that are driving folks to do things. And so I think the inherent risk there is: are they adopting agentic commerce strategies for the right reasons or not?
Now, I don’t think they would do it if they didn’t believe there was at least some sort of positive benefit to their business — or at a minimum, no downside in doing so. But I don’t think people are rushing out to do stuff because they’re seeing the traffic and volume explode. I don’t think that’s what we’re seeing.
Nikita (04:06):
Hmm, yeah, it’s very interesting. And by incentives — if I try to explain it to myself like a five-year-old — so there are vendors approaching big players in the market and they offer some sort of discounts, right? Like in the processing fees or maybe other forms of what you mentioned — incentives — for them to adopt this new technology. So maybe the market is a little bit skeptical, but there are additional programs that can motivate them to start adopting.
Colin Luce (04:37):
Yeah.
Yeah, and look, I don’t think it’s necessarily a nefarious thing or a bad thing either. I think it’s just the reality that sometimes you have to incentivize people to move.
I hate to name names, but I’m pretty confident PayPal is notorious for having done a lot of different incentive-laden strategies throughout their time, right? I think in the very early days, they gave every PayPal user five bucks in their wallet to start using it, right? And that’s how they drove the consumer side of the equation.
And I think they’ve done the same thing on the merchant side over time. I think there were monetary benefits being given to merchants to adopt accepting PayPal. And so again, I don’t think it’s a bad thing. I think it’s just important that we acknowledge it and that it’s transparent.
Nikita (05:38):
Yeah, that’s very interesting. So if I’m a big merchant — like a big marketplace, e-commerce store — and I’m thinking that agentic commerce, that something will work for me, what are the next steps for me? Like, who should I talk to? Talk to my payment service provider? I’m not sure that’s the right path. Talk to ChatGPT? Who is the single-window approach here?
Colin Luce (06:04):
Yeah, I mean, look, I think it depends on how you think about building the internal business case to do this. And so that’s some of what we just talked about around the FOMO and hype and incentives.
I think once you get comfortable with that and decide you want to do something, to your point, step one is probably understanding where the potential volume or traffic of users are going to come from and ensure that you are set up to receive that traffic in a very seamless way.
And that’s where there seems to be this bifurcation in the market as it relates to these different agentic commerce protocols and the associated distribution channels of those protocols, right?
To your point, OpenAI and ChatGPT are positioning themselves as a driver of traffic to merchant sites. I remember it was probably a month or two ago now when OpenAI released this report around how users were interacting with the service in ChatGPT. And there was something in there about, I want to say, 2% to 3% of those interactions were commerce related, right?
And so you can extrapolate: of all the activity happening in ChatGPT, some percentage of that is commerce related — and how can I interact with that traffic? And that might lead you down this path of, okay, well then do I have to go interact with ACP or how do I want to receive this traffic?
So that is one side of the equation: just understanding or ensuring that you are set up technologically or otherwise to receive that traffic.
There’s probably some associated strategies there for your marketing team to ensure not only are you set up to receive that traffic, but that you are optimizing your placement within those queries and stuff, so you’re maximizing the amount of potential volume and traffic you can get.
But I think the other side of this is the internal abilities or capabilities to surface the right data externally to enable those optimized flows, right? And that’s where it’s things like exposing product catalogs, exposing SKU-level details, exposing your ability to tie an existing rewards program together with a user who’s purchasing through one of these agentic channels, and all these different things.
And I think one of the biggest questions that I and the broader industry get asked when we sit down with all these different analysts and journalists who are tracking this is this question of: should merchants expose this data outwards? Like what sort of risk are they introducing to their business by opening up their kimono, so to speak?
And the pushback they always give is like: okay, well, now your competitors have access to somewhat of a real-time feed of your availability of a product catalog and things like that.
And I think that’s the right question in a lot of ways. But I also think they’re missing a big piece of it, which is: it’s less about should they expose that data externally, and it’s more about can they expose that data externally?
A lot of the merchants we talk to behind closed doors will admit that their data is a mess, right? It is just not set up in a structured, updated, easily accessible way where you could expose this as some sort of API or MCP server. They just don’t have that.
I also think it’s why Shopify continues to be kind of the initial test case for a lot of this stuff, because it’s the rare case where inventory fulfillment, payments, hosting, security — all of that happens in one platform. And so it’s almost like by default, the data is structured and organized in a way where it can easily be exposed.
I think the minute you leave the Shopify ecosystem, that changes a lot.
And look, I think there are some merchants who, whether intentionally or fortuitously over the past several years, have built internal systems and services to set themselves up for this moment. But I think a lot of them haven’t necessarily.
Nikita (11:10):
Yeah, that’s very interesting. One thing I want to double click a bit: I think you’re referring to like catalog feed, right? Fulfillment information, maybe marketing things like promo codes, discounts, and this kind of secret sauce that businesses may have.
And I think some of it was already exposed for Google feed or Amazon feed or other marketplace feeds, right? Maybe that’s not exactly 100% new and maybe they can build on top.
But here with agentic commerce, as I imagine it will be working, suddenly they also need to somehow start accepting payments from a new source.
So how should this be working? I think there was a big announcement with OpenAI and Stripe, right? So maybe when you’re Stripe, you already have your account, and maybe somehow you can marry this with OpenAI. So that’s where you’ll be receiving the payments.
What if you’re not on Stripe? Can you give me a kind of “what should be the merchant next steps to actually start accepting payments”? Because it’s not just the traffic, right? It’s new transactions. I don’t know — reconciliation, fraud — there are tons of questions. Who manages refunds? How does this all happen?
Colin Luce (12:36):
Yeah. No, look, you’re right — the payments aspect of this is interesting because it’s this binary component whereby if payment is not possible, then you just inherently don’t have a transaction, right?
But at the same time, it’s kind of the last piece in the puzzle. And so that’s why I naturally default to talking about all of these upstream problems around product availability, discoverability, comparison shopping — all of that stuff — because I think we have to solve all of those problems before we can focus on the payments piece.
But I also acknowledge that we’re all in the payments and fintech ecosystem. We live and breathe payments. And so that’s where we all want to talk about some of the interesting aspects. Totally get it.
I think this is where the definition of agentic commerce really starts to matter. The reality is there is no agreed-upon definition here. When people hear agentic commerce or agentic payments, there’s a lot of different potential contexts that people are coming at it from — or assumptions they’re making as to what it is.
A first-principles definition of agentic payments to me means this idea of empowering an agent with a payment credential to go and transact on your behalf. And the reality is that’s not what we’re contemplating today. I think we’re a ways away from that becoming a reality.
If you look at what Perplexity is doing, if you look at what OpenAI is doing with ChatGPT commerce, what we’re really talking about is an embedded checkout experience inside of this new agentic ecosystem, which is just a natural extension of all of the social shopping trends we’ve been seeing over the past five to seven to ten years, right?
It’s the natural extension from Instagram links and TikTok shopping to agentic shopping — because ChatGPT and Perplexity are just the new attention ecosystems, right? ChatGPT has what, 800 million active users? That’s where attention lives.
And the way they’re thinking about rolling out their commerce efforts, at least today — absent of whatever happens post this code red moment from last week — is about in-app buying experiences, which is just embedded checkout.
From that aspect, I think there’s a lot of stuff we don’t necessarily need to solve for yet, until we have this world where agents are truly out executing payments and transactions on our behalf.
I also think a lot of the FUD in the market around fraud and risk and chargebacks and returns and stuff are somewhat moot, because the reality is we’re still talking about human-in-the-loop transactions here, right?
It’s still: I confirm that yes, I want to buy this sweater or this pair of shoes. And I’m attesting to that.
Depending on the mechanism by which the payment’s getting executed — if I’m using one of these agentic credentials from Visa or Mastercard — I’m going through step-up authorization out to the issuer. I am doing a device binding passkey. There’s a lot of steps in the way that just enable existing fraud rules and infrastructure to take place. I think that’s critically important.
Now, if we want to talk about the future where agents are actually transacting on our behalf, we need to think about a lot of the stuff you mentioned. We also need to think about authority around delegating access to these agents and what that truly means.
I remember super early on this year when people first started to contemplate what agentic commerce could be or look like. There were people talking about giving their agents power of attorney to transact on their behalf. That just seems utterly ridiculous. So I hope we don’t go down that path.
Ultimately — and look, I’m biased in this — but I think the reality is it’s all going to come down to tokens. Tokenization has been this technology that the payments ecosystem has increasingly adopted as we move more online from the offline world, as we move more to distributed embedded agentic payment flows, as we move more from web-based e-commerce to mobile shopping.
If you think about the underlying infrastructure behind Google Pay and Apple Pay, that’s all tokens, right? So I think tokens are going to be the critical component in all of this on the agentic side.
And then outside of that, from a protocol layer and stuff, all of that’s going to be about trust. And you’re starting to see that play out with how Visa is talking about their stuff now, what ACP is doing. All of that is going to come down to trust, because the reality is, absent blockchain running all of this, we can’t replace trust with truth just yet. So we need that trusted intermediary to help facilitate a lot of this.
Nikita (18:47):
Maybe I would really love to talk about protocols and tokens and what you mentioned. I think as payments geeks, right, we’re probably all fascinated about this.
But before that, maybe on some demos that are available today. I heard that Etsy is already available, right? In ChatGPT, probably with Stripe. And there are some other examples where you’re able to test.
Have you taken a look at any of them? What’s your experience? How do you feel about what we have today? Is it working as expected — is it magic — or the opposite, like it takes five minutes to complete the checkout and didn’t do what I wanted to do?
Colin Luce (19:37):
Yeah, I mean, far from magic from my perspective. I think it’s the opposite. I’ve been pretty disappointed in what’s been out there.
And not to knock the payment side of it — although we can talk about that — I’m not sure the Etsy example is actually fully leveraging the ACP protocol that OpenAI and Stripe put out there. I’m pretty sure those transactions are still just getting facilitated using virtual cards.
Which — look — I think we as a payments industry would be failing our duties if we ended up enabling all of this agentic infrastructure by using virtual cards. I think no one wants that to happen. We’ve seen the pitfalls with the virtual card approach. I think the issuers hate it. I don’t think the networks like it. The merchants don’t like it. No one wins if that’s how this all ends up playing out.
But I think the reality is that’s how a lot of this is getting done today while these protocols get ironed out and shipped off to market.
My experience both with Perplexity — who was probably the earliest to this game — and with some of the other examples out there: the dissatisfaction lies in some of those upstream problems I talked about earlier around the quality of product availability and the SKU-level stuff.
Like you go through this entire flow looking for that brown cashmere sweater, and right before you buy it, you realize it’s navy blue. That is not the experience we want or expect.
You touched on it earlier that Google Shopping does exist and they’re pulling some of these feeds in — but show me someone who’s in love with Google Shopping. Show me someone who’s like, “Wow, they really did a good job curating my search.”
I just think about how many times I’ve found something through a Google search and then I get ported over to the merchant’s website and it’s a different item. It’s out of stock. It’s not available. The quality of that data is just so poor.
So if we’re just going to be repurposing those existing data feeds, I think we’re going to lose all of the momentum that we’ve built talking about agentic commerce. And I think that would be a shame.
My experience hasn’t been great, but that’s mostly on the discovery side.
The other side of this is: two months ago, the industry would have anointed OpenAI king and said all of this is going to happen through this chat interface, which is ChatGPT. But since then, we’ve seen Perplexity launch their Comet browser. I think OpenAI is still rumored to — if they haven’t already — launch their own browser. Obviously, The Browser Company has their agentic…
I will say those experiences for me have actually been pretty awesome. The ability to have five different tabs open in a single browser session and ask the agent to help me compare across those five different tabs is actually pretty awesome. It’s almost like the New York Times Wirecutter getting agentified in a much more comprehensive and broader way. And I’ve been pleasantly surprised with that experience.
So I think there’s a question here of how much of our agentic interactions are going to be through chat versus search versus standalone apps versus browsers. There’s a lot of platform considerations still being contemplated here.
Nikita (23:50):
That’s very interesting. You’re giving me answers I did not expect to hear this morning.
If we zoom out a little bit: you mentioned New York Times Wirecutter when you’re comparing multiple items. If we look at agentic commerce, what problem does it solve actually?
Because I don’t know — from my own experience, sometimes I’m really picky and I’m not sure I’m picking something I really want. I’m reading descriptions carefully and I’m in this shopping experience and I’m not sure I see anything to change it.
But maybe in some cases — when you’re buying a TV, you already chose the model and you just want the cheapest or with better shipping. Or maybe travel can be a good experience.
So how do you think about it? What are good verticals and use cases for agentic commerce? Who should jump into this first, and where can you see the good application of this?
Colin Luce (25:00):
Totally.
The industry has defaulted to this binary view of commodity purchases versus impulse buys and the trade-offs associated with those, as it relates to where the most likely adoption is. And I can buy that.
But I think you can uplevel it a little bit and think: are we talking about B2C e-commerce? Are we talking about back office B2B transactions and associated settlements? Are we talking about agents paying agents for B2B services — API consumption stuff? Are we talking about treasury management?
All of those things are vastly different as it relates to behaviors, payment methods, timing, speed, efficiency, et cetera.
I don’t have a perfect view other than to say: B2C e-commerce is the sexiest thing to talk about. That’s why everyone’s defaulting to ChatGPT e-commerce and Perplexity.
I actually think the treasury management side of all of this makes the most sense to me, at least today — although it’s the least likely to get adopted. If you’re running a large treasury department inside a Fortune 100 company, imagine being able to build an agent where you feed it context associated with your treasury goals, provide it with all the different tools and payment rails, and say, “Go execute this strategy for me.”
That’s super interesting: “I’m trying to maximize float,” or “maximize cash on balance sheet for X days,” and here’s my AP data, here’s my AR data, and you have access to FedNow and RTP and push-to-card and all these different tools — go execute that.
I think that makes the most sense, but those organizations are the least likely to outsource that treasury strategy to some AI agent.
Nikita (27:50):
Yeah, and it sounds a little bit scary to give OpenAI access to like a FedNow account…
Colin Luce (27:53):
Totally.
If we take it from the B2C lens: discretionary versus non-discretionary commodity purchases is a reasonable lens.
That said, I’m going to default to: context is king. Why has Instagram shopping proliferated as much as it has? It’s because Meta has so much context on us.
We all have those experiences where we joke about our phones listening, and then the next day you get an ad. I don’t want to go conspiracy theory corner here, but the reality is: these companies get a lot of context and data on us. Context is king.
So whoever is able to acquire the most data and context is going to enable the most interesting agentic commerce and buying experiences.
This is where chat is potentially a super interesting medium: it’s the first time you can propose a comparison shopping endeavor to your agent with context like, “I’m looking for the cheapest, good, highest quality. I want the merchant to accept this specific payment credential that I’m optimizing for points. All else equal, do they have a rewards program?”
You can give it all these filters. And that’s super interesting.
So the real value of agentic commerce, at least today, resides in discovery, comparison, and efficiency more so than the payment — at least today. Payment is the final execution layer.
Nikita (30:24):
Right. Small thing: I still remember this product from Amazon — I don’t remember the name — but there were buttons with brands that you could put around your house. Like a button with dishwasher detergent under your sink, you press it and it’s a one-click purchase on Amazon.
It didn’t work out for some reason, but I thought it was really good: a contextual one-click purchase button.
And I was thinking maybe for things like this, ChatGPT can be great. Like if you have ChatGPT as a voice assistant, you can be like, “I’m out of detergent, can you please buy one?” and it will go and find and buy something for me.
Colin Luce (31:18):
But to your point, that exists today with Alexa, right?
A lot of people come up with these examples — toilet paper, toothpaste, dish… Yeah, but you can set those rules in Amazon today and sign up for subscriptions. You can talk to your Alexa. A lot of that exists today.
The question goes back to: most of these experiences are siloed within individual ecosystems — Shopify, Stripe, Amazon.
The opportunity here is to drive cross-platform experiences or bring these siloed ecosystems together in a more comprehensive way. That’s the real opportunity.
If behavior today is: I go to Amazon and look for product X, I don’t know how much I care about brand. I might use brand as a lazy proxy for quality, but I don’t really care.
The opportunity is: can AI either improve that within Amazon — exposing products that aren’t surfaced because they’re sponsored or have bots providing reviews — or can it bring me outside the platform and show me something I never would have found, but is as good or better? That’s super interesting.
Nikita (33:22):
Sounds like discovery is the main problem we’re solving.
Outside of discovery, that’s a good segue to talk about how it’s all going to work. With Perplexity, I assume it’s automation inside the browser that goes to your website and clicks buttons for you.
But also there was a wave where multiple companies introduced different protocols, and Basis Theory is one of them.
So I’m super interested: how do you think it should work? How do you think it will work in the future? What are the differences between these protocols, and why is it important to own the protocol? Why did you prioritize it, and what’s going on there?
Colin Luce (34:26):
When we launched our protocol and our agentic commerce consortium, it was driven by the fact that we felt one of the most important players was getting the least attention — merchants.
This was coming off the heels of Stripe and OpenAI launching ACP, right on the heels of Google launching… whatever it is. This was right off the heels of Visa’s announcement, Mastercard, et cetera.
The intent from our perspective was to give merchants a voice.
My sense here on December 8th is that of all these different protocols, ACP has bubbled up to be the dominant one most merchants are starting to think about.
That said, when this launched there was buzz around Etsy and other merchants coming. I haven’t seen other announcements, so I wonder how much adoption is really taking place and what roadblocks there are.
But the buzz from my perspective is there’s a rallying cry around ACP. No surprise — no one’s getting more airtime than OpenAI, and if it’s anyone, it’s Stripe. Bring those together, and of course they get airtime.
Nikita (36:47):
Maybe before it — for those not super familiar — can you cover a little bit: what problem do these protocols solve? Because if we’re talking about browser automation, maybe it’s already there and merchants don’t need to do anything. So what are we solving?
Colin Luce (37:02):
Yeah. And sorry — I was ranting — but it’s ACP, not APC. So there’s the Agentic Commerce Protocol from OpenAI and Stripe.
The idea was to put out a protocol that covers at a high level how to interact with agentic commerce. It touches on trust, discoverability, payments.
There’s a lot of devil in the details under the hood that isn’t exposed today, but it’s a high-level take.
The reality is it works pretty well today within the Stripe ecosystem. And as much as they talk about it being an open protocol and a shared payment token, there’s a lot of inherent distrust or questioning of incentives that merchants are rightfully asking.
Merchants question how “open” open-network approaches are. They question how “open” a protocol is when it’s owned by two companies, Stripe and OpenAI. So there are questions about how this plays out.
Nikita (38:44):
Just for broader understanding: from the payments perspective, the fundamental problem these protocols solve is to store payment information across different merchants — that wasn’t solved before. Is that the right problem?
Colin Luce (39:09):
I think it’s attempting to solve or address the reality that not every merchant uses Stripe and they still want them to participate. So it has to be PSP-agnostic.
Two: from a distribution perspective, both OpenAI and Stripe know the best way to get distribution is to go platform by platform and enable this layer, then bring merchants on board. But then there has to be an explicit conversation: Adyen isn’t going to do something that inherently benefits Stripe.
The last piece: OpenAI isn’t doing this out of kindness. They’re not doing it for free — this is a monetization effort. They want their pound of flesh too. So how does OpenAI receive their tax or commission in a world where the merchant uses a different PSP than Stripe?
Now you’re talking split payments, and OpenAI doesn’t want to be in the flow of funds because they don’t want to be a payment facilitator. So there’s a lot of “I want my cake and eat it too.” And a lot of friction is introduced.
Nikita (41:31):
From your perspective: I’m using ChatGPT, I want to buy the sweater. Two websites — one WooCommerce, one Shopify — different payment providers.
Who should store my card information to make the payment? Should I trust ChatGPT with my card info and they’ll tokenize it? What if I use another cloud tomorrow?
Is there a way for an open vault? Where should we start?
Colin Luce (42:17):
Another way to ask the question is: whose customer is it?
OpenAI would say: our customer. WooCommerce might say: our customer. The merchant might say: our customer.
If they each take that approach, they’ll each try to store that credential themselves.
In a perfect world, this is an open vault, a truly agnostic protocol, or a self-custody wallet storing it.
That’s not how it’s going to play out. If I had to bet: OpenAI stores a copy, the platform stores a copy, the PSP stores a copy, the merchant does.
And what’s interesting: that’s counter to the whole point of tokenization early on. Tokenization is a data security mechanism, but it’s been weaponized into a business lock-in mechanism.
Attempts at tokenizing at a higher level have gotten pushback. Network tokens are the prime example. These agentic credentials are really just network tokens with additional rules.
When networks pushed network tokenization, one requirement for interchange benefits was purging the underlying PAN. Merchants pushed back hard.
That comes down to trust: there’s distrust in letting networks be the single source of truth — despite what they say about 100% tokenization by 2030 and getting rid of PANs. They’ll get pushback.
Nikita (44:59):
We got a couple of questions from our Slack channel. Should we expect an increase in chargebacks as agents make purchases? Will there be a new category, and who will be responsible?
Colin Luce (45:15):
In the future, where we’re truly empowering agents to transact on our behalf — maybe.
But not today. It’s human-in-the-loop. I’m confirming that I want to make the purchase. So I don’t think more or less chargebacks than traditional e-commerce today.
Five years from now, when I give an autonomous agent access to my payment credentials to transact on my behalf — it’s possible, but it should be addressed in advance.
We need guard rules. It will be a legal question, a compliance question, and then a technological question.
Nikita (46:23):
Another question: in the rush to stand up AI, firms seem not to be focused on cybersecurity. Do you see risks? Because we’re FOMO-driven right now, maybe we cut corners.
Colin Luce (46:48):
Totally. Yes.
I think we’re already seeing that — less in the agentic commerce side because not enough is happening there yet — but yes, cybersecurity has taken a backseat as everyone rushes to deliver on FOMO and hype.
For merchants that have never exposed product catalogs and SKU-level data externally before: could they rush out and do it in a not secure or less secure way? Absolutely. That has to be addressed. Huge risk.
I would also say: in the near term, some of the most interesting agentic commerce / agentic payments use cases will be the not obvious, not sexy B2C ones.
It’ll be more about managing spend as agents interact with third-party services — through vibe coding or increased agent adoption for building software.
Example: I’m building an app that needs SMS verification, I use Twilio. How do I put guardrails so my agent doesn’t rack up a $50,000 Twilio bill?
Those use cases are most practical near-term, even if not exciting.
Nikita (49:11):
Yeah, that’s interesting — an agent could go to the Twilio API and check usage today compared with rules you set up.
Colin Luce (49:26):
Yeah. The one place in this AI world where no one can argue product-market fit is coding. Extrapolate from there and those use cases make the most sense.
Nikita (49:49):
Final part — a couple of payments questions I ask everybody.
From your payments experience: what’s the big problem in payments today that blocks us from cheap, fast, secure payments for everybody? Is it technology, regulation, something else?
Colin Luce (50:24):
Behavior change is really hard to incentivize or enact.
People say the reason U.S. consumers aren’t shifting to pay-by-bank is because they love credit card rewards. That’s true for some, but for most it’s just habit — they’re used to paying with credit cards.
It’s a behavioral change question more than an incentive or technological one. Changing behavior requires a driving force, and we’re still waiting for that.
If the goal is to shift people to cheaper methods and off credit cards — same thing.
Younger demographics don’t like credit… maybe. I don’t know. I think it comes down to behavior.
And I’m not sure the onus is on us as an industry to convert those people unless it’s a byproduct of another offering.
Nikita (51:59):
I heard stories — and I’m guilty — of keeping a bank account open because one service still charges it and I’m too lazy to change the payment method. I know many people like that. It’s hard to prioritize.
Colin Luce (52:26):
Exactly.
The least-friction ways to do that are counter to incentives of the people who can pull it off.
There is an incentive challenge. Show me the incentives, I’ll show you the outcome.
For a recurring subscription business, moving users from credit card to pay-by-bank could be a big cost unlock.
But asking users to enroll in open banking flows is too much friction.
The ideal way would be if some lookup table existed — likely at the bank level — that associates a debit card PAN with a DDA and routing number.
Then you could say: “Colin, I see you’ve been paying with your Bank of America debit card. We matched it to your bank account. Click here to opt into ACH and save five bucks.” I’d probably do that.
But if it said: “Go link your bank account,” I probably wouldn’t.
The bank has no incentive to offer that lookup table because they monetize debit interchange.
Nikita (54:01):
Final question: you meet a merchant in an elevator and they say, “You’re a payments guy — how can I make payments better and improve performance?” What’s one piece of advice?
Colin Luce (54:21):
I’m biased — I have my Basis Theory sweatshirt on. But I’d tell them: don’t be beholden or reliant on a single payment service provider. Ensure you have redundancy and can work with multiple providers.
Each merchant and customer base is a snowflake, and no PSP is set up or incentivized to maximize performance for any single merchant.
Stripe, for example — I heard Will Gaybrick on a podcast recently talking about their internal neural net that powers Radar. They look at billions of signals across the ecosystem. That’s awesome and a great network effect.
But the output isn’t designed to optimize for a single merchant individually. It’s a broad offering for many merchants.
Nikita (55:54):
That makes a lot of sense. Colin, it was an absolute pleasure. Thank you for sharing your wisdom. Maybe we can sync in several months and see where we are with agentic commerce.
Colin Luce (56:12):
Yeah, this stuff’s changing very rapidly. I’d love to do that. Thanks for having me.
