Wallet Wars Pt 2 - When Identity meets AI Agents

For AI Agents to work you need a secure place to store them, control them and give them an identity. Wallets will help us KYA. Know Your Agent.

Welcome to Fintech Brainfood, the weekly deep dive into Fintech news, events, and analysis. You can subscribe by hitting the button below, and you can get in touch by hitting reply to the email (or subscribing then replying)

Hey Fintech Nerds πŸ‘‹

Fintech is on fire. Klarna announced it will IPO in the US, Bitcoin smashed its all-time high at $93,000, and Stripe launched its SDK for AI agents. For my UK readers, we finally got a National Payments Vision outline (my take here).

Klarna’s IPO is fascinating because the IPO dam has broken for Fintech; they’re listing in the US, not Europe, and this has to be the biggest comeback story of the year (from massive down round to blockbuster IPO in the making). πŸ‘€

Here's this week's Brainfood in summary

πŸ“£ Rant:

πŸ’Έ 4 Fintech Companies:

  1. Zeed - Robinhood for Gen Z + AI Chat with market data

  2. Tumoni - Free remittances USA to Central America

  3. Bastion - Stablecoin wallet as a service.

  4. Valid8 - Forensic accounting AI

πŸ‘€ Things to Know:

Gmail clients cut half of the content. You can see the whole thing by clicking below πŸ‘‡

Weekly Rant πŸ“£

Wallet Wars Pt 2 - When Identity meets AI Agents

Remember how Apple just opened their NFC and sparked the wallet wars?

That was just the beginning.

The opportunity isn't just owning your identity - it's becoming the home for AI agents that can act on your behalf.

But for AI agents to work, they need three things:

  1. A secure place to live (your device)

  2. A strong identity credential (to prove they're acting for you)

  3. The ability to securely authenticate and transact

In other words?

They need a wallet.

The race to own your digital identity just got more interesting.

Quick Recap: The Core of Every Wallet

In Part 1, we explored how wallets combine identity, payments, and authentication.

Wallets are the Everything app.

A wallet aims to combine multiple payment methods, ticketing, and identity into a single application. It can then be used for a variety of use cases. This idea isn't new. It has been common in Asia for a little over a decade. Apps like WeChat and Ali manage everything from a doctor's visit to your mortgage, payments, banking, travel, and work with national identity systems.

There are three core components to a wallet.

1. Authentication and Authorization: Airline tickets, concert tickets, stadium entry, bar entry, proof of age, tap-to-pay. The more tickets, payment terminals and access points a wallet can accept and authenticate to the better.

2. Payment methods: Credit cards, debit cards, Pay by Bank, International, and countless payment rails. The more rails in a single wallet, the better. This creates a "super rail" that operates as a branded checkout (like Apple Pay), but can use any payment type (e.g. BNPL, cards)

3. Identity: A standardized, tamper-proof government-issued identity (like a passport or driver's license). Real ID will come with an application that can manage identity; it can easily do anything else.

Wallet Wars Pt 1

You can read the whole piece here

But two critical pieces were missing from that story:

  1. The standards that make digital identity actually work

  2. How this enables AI agents to act on your behalf

Digital Identity Standards Go Global

If we had strong digital identities, we could instantly KYC for products, prove our age, sign documents, and dramatically reduce fraud. This isn't theoretical - it's happening across the world.

  • Estonia: launched digital identity in 2001, it has near 100% of the population coverage is available in mobile only (Mobile-ID)

  • India: 1.22bn people use Aadhaar (digital identity) after launching in 2009

  • In the US: Real-ID is now rolling out in the US, and NIST has built a roadmap to eventually follow the Estonian lead in 2023.

  • In the EU: eIDAS 2.0 published in April 2024 creates a framework for EU wide digital identity and wallet standards and proposes a European Digital Identity Wallet (EDIW)

Indeed once you have digital identity, you unlock a whole bunch of use cases.

  • In India, Aadhar can be used as proof of identity and address to open a bank account, apply for a passport, fill out tax returns, and receive social welfare.

  • In Estonia, the ID Card or Mobile ID can be used for travel in the EU, online voting, digital signatures, filing taxes, managing medical records, opening a bank account, opening a business, and as a health insurance card.

The Estonian identity system is a model many are now trying to copy. You can even use it for 2-factor authentication for card not present or pay-by-bank transactions in e-commerce.

For the US, what today is an upgrade to a driver's license will eventually become a set of standards for adding this to a mobile wallet and unlocking a variety of use cases.

For Europe, eIDAS will have reference criteria by the 21st of November 2024 to facilitate "secure transactions" (payments), cross-border transactions, and how to store driver's licenses, medical records, and bank accounts.

If the future is wallets, then Governments around the world have standards for implementing those wallets. Generally, I believe the Government isn't great at consumer tech, but having a set of standards is helpful.

(Notably absent from this list is the UK, which has been grandfathered into eIDAS but seems to be doing nothing about it.)

Your AI Agents Needs a Home

Here's where it gets interesting.

Your AI agent needs three things to be useful:

  1. Access to your identity credentials (your wallet). Apple has announced that developers will have access to APIs, which will allow them to store and retrieve data from the secure enclave.

  2. A secure place to run (secure computing). Apple has an entirely separate processor and operating system for secure data on the device and end-to-end encryption to the cloud for Apple Intelligence.

  3. The ability to authenticate and make decisions (NFC + credentials). Apple has also stated it will publish APIs to access the on-device NFC chip to authenticate against cards or places.

Your identity lives in your wallet. Your AI has a secure way to retrieve data and a secure place to run, and with NFC or biometrics access, you could approve it to do anything you can.

With these pieces, theoretically, your AI agent could:

  • Instantly KYC you for a new financial product with your data and approval

  • Book travel and handle all the identity verification

  • Make purchases using the optimal payment method

  • Authorize transactions based on your preferences

The AI Agent that books your flight

I want that future. You want that future.

But there's a catch.

The New Attack Surface

AI is fantastic at beating the traditional security model.

This week, FinCEN issued a notice about Deepfakes targeting banks to beat KYC. This chimes with what I hear in the industry, where the volume and sophistication of deepfakes at onboarding have rocketed over the past 12 months. We see this, especially in Brazil and APAC countries, but the trend is now appearing globally.

This is why a secure enclave is crucial. It gives strong cryptographic proof that you, the human, used your device to biometrically authorize onboarding or a payment.

This is why governments, regulators, and banks are focusing so much on delivering digital identity solutions. We need to be confident that the right person is making the transaction and that wallets can unlock that. Putting all of your strong identity and payment credentials into a secure device will give you much stronger proof of your identity.

There's just one tiny hiccup.

The weak link in any security model is you. In the new world, a scam could take your entire identity. When everything relies on simple biometric authentication, and your credentials are easily accessible with a tap of your phone or biometric approval, the impact of being socially engineered in a scam skyrockets.

The Global Anti-Scam Alliance reported that

  • An estimated $1.03 trillion was lost to scams in 2023. (Yes, trillion with a T).

  • 70% of scams go unreported

  • Only 4% of users are compensated

If I can trick a bank today by pretending to be you, imagine what I could do if I tricked you into installing a malicious AI Agent.

The winning AI-agent / wallet combo must manage the security risks on behalf of and with users.

How do we control your agent?

We need to create Agents with controls and limits on what they can do with our money and identity.

Infrastructure players (like Stripe) are already building "agent toolkits" that can:

  1. Generate single-use payment credentials

  2. Set strict spending limits

  3. Restrict transactions to specific merchants

  4. Require human approval above thresholds

But there’s a key role for wallets to play here too.

I like this way of thinking about it from Dave Birch.

Jelena Hoffart, Director of Identity Value Chain Expansion at Mastercard, told me that she thinks it may turn out to be a pretty good business for the financial institutions to move beyond know-your-customer (KYC) to provide know-your-agent (KYA) identification and authorization services.

Dave Birch

If you believe like I do, that the future is wallets. It's more likely that wallets will need to Know Your Agent so they can host your agent. Agents will need identities, signatures and certificate regimes (likely borrowing heavily from the internet and blockchain infrastructure).

Which wallet will host your AI Agent?

The players are positioning themselves:

Device OEMs have an edge in authentication and device security.

  • Apple with its secure enclave, compute, operating system and 51%+ US market smartphone share can give an agent everything it needs. The question is whether it will go beyond Apple Intelligence for agents or do a sort of "Agent Store" where it manages the security of agents running on the device like it does with the App Store. Apple in 2008 would make this move; Apple in 2024 may lack the imagination (although it would give them a huge right to win).

  • Samsung is second with ~ a 25% market share. It offers an SDK for its secure enclave but doesn't own the operating system like Apple does. It does have a wallet, but I found it hard to get data about usage (which suggests the usage isn't that high). Samsung is probably a better enabler of others than it is a true Apple walled garden.

  • Google: Android has a 71% global market share, but it doesn't control the device; it does have search and Gemini. Google Pay and Google Wallet seem to be lagging behind Apple. Google has the best assets, including Gemini Nano, search, and Android. It could become the ultimate maker of SDKs and APIs for every other wallet maker, but it just isn't.

Identity Specialists have more ways to manage scams

  • CLEAR has more use cases and more biometric markers to use but they're not trying to be a wallet (yet). CLEAR has around 30m users registered for airport travel, using strong biometric markers (face, eyes, and fingers). It's also in major sports arenas like Madison Square Garden and the Chase Center.

  • Banks have more data about their users than device makers so are secure, but they'll be last in line to host AI agents. Paze is still very much unproven, but the banks are about the best regarding pure KYC security. Can they make that available in a Paze wallet (or something similar) that works for more use cases? I'm doubtful they'll lead.

  • I doubt a government wallet will host your AI agent. Governments define legal persons and record property ownership (like land). There is an opportunity to build these technologies for pure government document storage and tax filing, but they likely work better as standards.

The Fintech Players have an opportunity but less access to devices or identity.

  • PayPal, with 400m users and some serious R&D velocity, could do more with NFCs and wallets, but they haven't started. Venmo and Fastlane are playing catch up, but I expect PayPal to be an early adopter of Visa's Flexible Credential. Still, I wouldn't bet against them getting momentum. By building the super wallet, they have the most to gain and the least to lose, and now NFC is more open. I wouldn't bet against them to experiment with AI.

  • Cash App's 57m active users compare well with Venmo (at 65m+), but they haven't started down the wallet path. Cash App had tried to be the everything app rather than the partners with everything wallet. I think that tone is shifting across the industry. Cash App has an insanely talented team who could do immense things with AI, I just don't know if they have the mandate under new leadership.

But winning isn't just about technology or user numbers. It comes down to three factors:

  1. Brand: Who do users trust with their identity?

  2. Context: Where does it make sense to use which wallet?

  3. Relationship: Who owns the customer relationship?

I don't think there will be one winner.

Identity isn't a winner-take-all market.

There will be many wallets, credential providers and security providers. The best wallets will play nice with others with adjacent capabilities and layer over security.

The Core Tension:

  • More walled garden = More secure (Apple). Apple is already doing Affirm and Klarna in its wallet but with its promise of security and experience.

  • More open = More use cases (PayPal). The more you integrate other payment methods and identity credentials, the more use cases you swallow in that wallet

The winner needs both. But how?

If I grab the crystal ball, I can imagine several hypothetical scenarios. (Note these are completely made up)

  • Stripe Link + Real-ID + Agent workflows: Agent commerce meets government identity

  • CLEAR + PayPal + AI: Honey's shopping intelligence goes autonomous with biometric security for agents

  • Google pulls its finger out and actually does something. (This is the wildest of all).

There's an upside for everyone here, but imagine being the wallet that held not only YOUR identity but also managed the identity of YOUR AGENT?

Huge.

What Happens Next?

In the next 12-24 months, watch for:

  1. Major moves in identity standards adoption by wallet makers

  2. AI assistants becoming device-native then wallet-native

  3. New security standards for agent authentication

I'd love to see a step-function change in the velocity of standard creation by US and European governments. We have the FIDO alliance, passkeys, wallets, devices, and NFC.

We can unlock incredible progress if we just put those pieces together.

The wallet wars aren't just about payments anymore.

They're about who gets to host your AI agent.

And that's a much bigger prize.

ST.

🧠 If Fintech Brainfood did a training course, what should it be about? I get asked to do this a lot, so I've put together a survey. I'd love your thoughts. Give this link a click. It will take 30 seconds and your answers will help me massively πŸ™

4 Fintech Companies πŸ’Έ

1. Zeed - Robinhood for Gen Z + AI Chat with market data

Zeed allows users to connect multiple global brokerage and stock, Crypto, and ETF trading accounts into a single interface. It then summarizes market data with voice clips and "chat with the CEO" to get direct answers from earnings calls or data. The app engages users with quizzes, viral video content (from vetted providers), and visual animations of earnings.

🧠 This is halfway to the AI-Agent future, and UI use is fascinating. I think I just found the thing I use to show bankers the future of consumer experiences. Ultimately, it's a clever abstraction over open finance + market data, but it's very well put together. I wonder how they'll monetize? Is this worth the subscription fee?

2. Tumoni - Free remittances USA to Central America

Tumoni allows non US residents to open an account held with a bank through a KYC process. Users and their family members get a local account in the US or Central America. They also receive a debit card. The app also supports local bank transfers, remote check deposits, and adding air time to phones.

🧠 It's "free" because its a closed loop. The idea is for you and your family members to open an account, like a Zelle or Venmo transfer. It's a clever way of describing what is really just a book transfer on existing customer accounts. I'm unsure if this service is live or in beta, but the website has zero disclosures. I assume this is still early and not in production (or at least, I hope so).

3. Bastion - Stablecoin wallet as a service.

Bastion is a registered Money Service Business with FinCEN that provides APIs for developers to build use cases like merchant payouts, payroll and treasury management.

🧠 These are the same use cases that Bridge and BVNK have traction with. Stablecoins as a global payouts, payroll and treasury management solution will soon be a default. They're leaning heavily on "regulated" in marketing, which often doesn't end well. Maybe dial that down a notch.

4. Valid8 - Forensic accounting AI

Valid8 helps accountants and law enforcement identify patterns and flow of funds. Users can load statements and documents, reconcile them against accounts and produce clean visualizations and summary exports. The solution can investigate complex fraud, money laundering and scam cases (e.g. Medicaid fraud).

🧠 This is a general investigative tool that the world of compliance and law enforcement needs. Take a bunch of unstructured data, process it to make sense of it, then visualize it. Every state and federal agency could use it, as could countless law firms and accounting firms. Very smart.

Things to know πŸ‘€

Klarna submitted its paperwork to the SEC on November 12th. There are reports of a $20bn valuation, but Klarna hasn't announced pricing or the number of shares on offer. Klarna claims 85 million customers and over 575,000 merchants. The company delivered its first adjusted profit in the first half of 2024.

🧠 This is a watershed moment.

Klarna has been foreshadowing this listing for a while, so it's not a shock to see them list. What is interesting is where and when they've listed.

🧠 The US is the logical place for a firm with large US presence to list.

  • The US stock market tends to be much kinder to tech companies than the UK or European stock exchanges.

  • Adyen and Wise are notable exceptions, but even UK companies like ARM listed on NASDAQ.

  • Europe HAS to get its act together to capture growth companies in the future.

🧠 Announcing now, as tech and finance stocks are up is great timing.

  • Klarna has got a lot of PR mileage out of its AI usage, but its timing on profitability and the market cycle is ideal.

  • Investors in 2023 were bearish on Fintech generally, we saw no IPOs. But as the index has improved so has investor sentiment, maximizing the chances of a strong launch.

🧠 What a comeback story.

  • Klarna once valued at over $45bn, dropped to $6.7bn during Fintech winter, only to be recently revalued by an investor closer to $14bn and potentially IPO at $20bn.

  • That's a massive number.

🧠 BNPL is one of the best and most true disruptive innovations in Fintech

  • I've written before that BNPL based on all available data I've seen is less bad than revolving credit lines (like credit cards) and WAY better than pay day loans.

  • Things can still go wrong of course, as they can with any product, but I think the BNPL = bad crowd have now firmly lost the debate.

🧠 Nobody is talking about BNPL and fraud.

  • Anything that allows more frictionless commerce is a fraud risk.

  • A common use case is wardrobing (buy, wear once, send back without ever risking cash). But there's also more sophisticated attacks.

  • The industry will react well to this, but merchants now need to figure out where BNPL and other non card methods (like pay by bank) fit in their payments and risk strategy.

Kudos to everyone at Klarna for making it here. Game on!

Crypto has ripped since the election result. With Republicans now likely to control Congress and the Presidency, the odds of more Crypto-friendly policy and legislation look good. On the campaign trail, Donald Trump promised to make the USA the world's crypto capital.

🧠 The USA is an outlier on the global stage in not having dedicated Crypto legislation. Senator Elizabeth Warren's anti-crypto army delayed the passing of rules that would help protect investors and ensure markets operate fairly. Unfortunately, this made technology a partisan issue and galvanized the crypto lobby, which is well funded and effective.

🧠 If you haven't looked since FTX and 2022, a lot has changed. Sam Bankman-Fried is in jail. Binance's CEO served a jail sentence. Solana and Ethereum (via L2s) have become much faster and cheaper. Stablecoins have become an emerging cross-border rail for the global south. Major institutions are offering ETFs and tokenizing money market funds.

🧠 Price momentum is bringing back the core "tech" and finance audience attention. This famous tweet from All-in-Pod bestie Jason in January 2023 says, "If you're in Crypto, pivot to AI." A lot of folks didn't. One example is Bridge,, which just exited to Stripe for $1.1bn.

🧠 I really hope this time it's a bit less silly. If we get another bull run, in a matter of months, we'll be talking about the new all-time-highs on the news and in Uber rides. That is your sign to sell, and a surefire sign that consumers are being harmed. Please never invest more than you can afford to lose.

🧠 It's becoming increasingly obvious to people that the future of finance will use Crypto rails. The lines between TradFi and DeFi have started to blur. European banks are now issuing Stablecoins. Expect this trend to continue. Central banks and commercial banks aren't good at building internet-native tech, but they're good at managing balance sheets. CBDCs, deposit tokens, and Stablecoins are the same tech with different credit risk properties.

Stripe aims to give AI Agent workflows access to payment capabilities. They define agent workflows as giving LLMs access to make function calls. Imagine booking a flight. By splitting a prompt into variables like destination, origin, departure time and budget, you could then search and run a workflow to present options and book the flight. Stripe's SDK natively supports agent tooling like Langchain and Vercel.

Stripe gives the example of generating a single-use virtual card available only for flights in that search and restricting the amount.

🧠 This is why Stripe always wins the generation of tech start-ups. They keep doing cool shit. Disrupting Stripe is gonna be legit hard. This is pitch perfect. It's the kind of thing you'd never see Adyen or PayPal do.

🧠 Immediately, I've had 15 ideas of things I want to build. That's the sign of something that's not just useful for Stripe, it's gonna inspire others to build new stuff too.

Good Reads πŸ“š

The killer line in this piece from Jason was when referring to candidates for financial services policy roles: "Most of his appointments were, in hindsight, remarkable for their, well, normalcy." We didn't get a Fintech charter, but we did get an OCC focused on financial inclusion and more open-mindedness about crypto. It was the FDIC that was the most pro-regulation. The Fed won't change, but the CFPB might.

🧠 I don't have a crystal ball, nor am I a fortune teller, but if we don't get a Fintech charter soon, I'd be shocked.

🧠 1033 will be fine, but it's sequel for more open finance data may get sh*t canned for a while.

🧠 We'll get FIT21 and SAB121 passed in congress in 2025. This cannot come soon enough, with the Crypto bull run coming, we need consumer protections and better accounting rules ASAP.

Tweets of the week πŸ•Š

That's all, folks. πŸ‘‹

Remember, if you're enjoying this content, please do tell all your fintech friends to check it out and hit the subscribe button :)

(1) All content and views expressed here are the authors' personal opinions and do not reflect the views of any of their employers or employees.

(2) All companies or assets mentioned by the author in which the author has a personal and/or financial interest are denoted with a *. None of the above constitutes investment advice, and you should seek independent advice before making any investment decisions.

(3) Any companies mentioned are top of mind and used for illustrative purposes only.

(4) A team of researchers has not rigorously fact-checked this. Please don't take it as gospelβ€”strong opinions weakly held

(5) Citations may be missing, and I've done my best to cite, but I will always aim to update and correct the live version where possible. If I cited you and got the referencing wrong, please reach out