AI Agents shouldn’t have bank accounts.

I haven’t set up Openclaw, but I’m almost there: folks on Twitter have been very kind with advice, and my friend Kiran Jonnalagadda has been handholding me through the installation of Home Assistant on a Raspberry Pi, so hopefully today, we will add OpenClaw to it. My weekend went into setting up the Pi, a meh experience with droidclaw, and the failure to set up OpenClaw on an old Android phone.

I plan to give the agent its own mobile number and email address, and I’m still excited about a whole new phase of experimentation beginning, once I’ve figured security out.

What gives me the jitters is the idea of giving money to an agent: and I’m not talking about the tokens it burns through, but I want to allow it to buy and sell for me. Peoples “Molties” (are we still calling them that?) are sometimes going crazy and getting influenced by an influencers peddling courses, leading to billing in the thousands of dollars.

Yet there’s utility in enabling autonomy: A friend of mine has loaded money via crypto into Polymarket, and has built a trading agent that implements his trading strategies — something he has worked on for years now. In the few hours that we spoke, his agent had executed 15-20 trades and pushed that info to him via Telegram. What fascinated me was the ability of the agent to modify and update his trading strategies on the fly. I’m ages away from this level of sophistication, but it’s notable that he can execute by only risking $100 to begin with.

In When AI buys or Sells for you, I highlighted the benefits of agentic commerce:

“when human decision making can be reduced: humans have less time and energy than an agent for price discovery and optimisation.”

“An agent can crawl multiple websites and ferret and process information… It can look at ratings and website policies, and determine risk factors before making a purchase.”

“It can check historical price data, compute when the next price-drop is likely to be, and wait before it makes a purchase, unless a time constraint is specified by you.”

Importantly,

“You get multiple overlapping micro-markets because of differentiating constraints. Negotiation will not vanish: it will become opaque.”

“This is more game-theory than human choice. It’s just that at that speed and scale, we probably won’t know what’s going on without audits.”

While an entire ecosystem is coming up around agentic commerce, it will largely work based on two premises for people like me:

• We will experiment with agentic shopping and trading when the payment risk is capped

• We will deploy agents for shopping and trading when we’re comfortable with the mechanics of how agents work, and how comfortable we feel about being able to control the risk. Openclaw isn’t the Wordpress of agents (yet): it’s complicated to deploy, add skills, connect github and a payments rails. The UX needs to be changed

The real bottleneck in agentic commerce isn’t intelligence: it’s payments, in terms of both how they work, and how they are regulated.

Why agents hit a payments wall

For us to implement rules in payments, and ensure that they’re being followed, we need a different kind of rails and enablement frameworks for payments.

Coinbase recognises that for agents to be able to act autonomously for us, they need money:

“…today’s agents hit a wall when they need to actually do something that requires money. They can recommend a trade, but they can’t execute it. They can identify an API they need, but they can’t pay for it.”

It also recognises some of the issues with legacy payments:

• “Legacy payment systems are designed primarily for human interactions”…

• ”They remain burdened by manual user experience (UX) navigation, reliance on credit cards, account verification processes, and the overall human-oriented friction that impedes true automation for agentic interactions”…

• They are ”hindered by operational complexities such as delayed settlement times, high transaction fees, manual invoicing, and susceptibility to fraud and chargebacks.”

Digital payments come with significant security measures for fraud prevention, including two factor authentication, in some countries (India), the payments app being bound to a SIM Card.

While friction is necessary for reducing risk and fraud in payments, but agents need some of these issues addressed in order to behave autonomously.

They need the ability to execute microtransactions dynamically and autonomously, without the human-in-the-loop intervention or delays associated with legacy payment setups.

Coinbase’s machine-native payments protocol, called x402 (whitepaper), is an open payment standard that enables AI agents and web services to autonomously pay for API access, data, and digital services, and allows allowing real-time, machine-native transactions using stablecoins like USDC.

It is meant to enable what I would call an “Autonomous Economy” (I was going to add a ^TM here, but it seems I’m really late):

“x402 enables AI agents to autonomously discover and procure third-party cloud resources, contextual data, and API tools—making it easier for them to achieve their targeted optimization goals without human-in-the-loop intervention.”
“This enables fully autonomous, AI-driven commerce—allowing goal-oriented agents to operate independently in an on-demand, permissionless economy.”

The paper highlights potential use cases for micropayments by AI Agents:

- A video streaming service leverages x402 to charge per second of content watched, replacing traditional subscription-based monetization.
- A trading AI retrieves real-time stock market data for$0.02 per request, paying only when needed.

- A computer vision API charges $0.005 per image classification instead of a fixed enterprise fee.
- A synthetic voice AI charges $0.10 per audio clip, enabling flexible monetization.

- An autonomous agent purchases GPU resources for$0.50 per GPU-minute, paying per compute
cycle.

- A financial AI assistant pays $0.25 per premium news article for research.

- A game charges a user per-play instead of requiring a large purchase or relying on advertising revenue.

As as aside, I’m glad they didn’t name the protocol x420.

Why linking agents with bank accounts and credit cards is risky

Something going wrong with my Raspberry Pi just means I reinstall the OS, or install it separately on a different SD card. Mistakes in agentic payments get made in milliseconds, and run the risk of rapid error propagation. Reversal comes coupled with large set of hurdles to jump over, with multiple stakeholders, each with their own compliance issues to navigate. The process itself is punishment.

AI agents directly linked to bank accounts or credit cards, or in India, linked to UPI could potentially also be susceptible to a significant amount of fraud, because the entire bank account or your credit limit stands exposed. Do you have plausable deniability of the intent to transact, if you gave the agent a PIN? That kind of systemic exposure comes at a cost.

Stripe importantly recognises that the need for trust goes both ways: businesses (also) need a way to confirm purchases, securely accept payment credentials, respond to new fraud signals, and update their risk models to differentiate good bots from bad bots.

The X402 paper highlights:

Beyond transaction fees, legacy payment systems expose businesses to risks of chargebacks, fraud, operational losses, and compliance overhead.

We’ll eventually see higher agentic transaction fees as the risk of fraud goes up for whoever underwrites the risk.

You also don’t want every user to set up a new bank account (some people I know have done this with UPI), or a separate credit card for their agents, to reduce risk.

Why crypto is ahead and fiat is behind

The other side of risk is the need for us to allow agents to act autonomously. This is something that Coinbase highlights

• “AI agents require instant, frictionless access to real-time contextual data, API services, and distributed computing resources to function independently.

• They need the ability to execute microtransactions dynamically and autonomously, without the human-in-the-loop intervention or delays associated with legacy payment setups.

One way to ring-fence risk is to implement wallets, because wallets inherently reduce the surface area of risk. At present, the only relatively safe and convenient way to experiment with wallets is to use crypto, because it has no subscriptions, no prepayment and no lock-in.

While Coinbase is obviously pitching stablecoins as agent money, and crypto is the laboratory for agentic commerce, the absence of a viable fiat option is what is limiting agentic commerce.

Fiat systems move at glacial pace, which is why Coinbase’s Brian Armstrong can safely say “I believe that stablecoins will be the default payment method for AI agents.”

Crypto is building what fiat money avoids: An autonomous economy needs payment containers to avoid systemic risk.

India shows what happens when you (almost) remove containers

While globally, wallets are not being treated as legacy consumer features, and are now being redesigned as programmable containers for autonomous systems, in India wallets are largely passe. While Paytm is planning to revive its wallet — it once had over 200 million users — it’s CFO Madhur Deora still takes a myopic view of it, saying on its recent earnings conference call:

“We don’t think the product is that big in the industry going forward. So we want to bring it for consumer completeness because the consumer should have an option. We are big believers that consumers should have options, as many options as we can come up with. So Postpaid is an option, wallet is an option, but one shouldn’t think of wallet as being as sticky, as relevant, as important today as it was three years ago.”

Deora probably doesn’t realise the importance and potential of wallets in the future because of the tightly controlled regulated domain he currently inhabits. Paytm probably also has PTSD from the trauma it went through, first with the advent of UPI, then the shutdown of its Payments Bank, which housed its wallet.

Until about 2016 to 2017, in fact, wallets used to dominate India’s payments landscape, before multiple regulatory and private actors actively worked to restrict the wallet ecosystem in favour of UPI, which is bank-led. When the National Payments Corporation of India launched UPI, they chose not to include wallets, or integrate with wallets at that point in time, because, as the then MD and CEO of NPCI, AP Hota, told MediaNama, banks wanted a competitive advantage against wallets, saying:

“So the banks asked give us time to catch up and leave the wallets out of it (UPI). It is just a competitive position.”

Since then, India’s payments policy has centered around UPI, including using regulation and forcing taxpayers to fund loss of MDR revenue for UPI companies. UPI co-opted innovations from wallets with QR codes, and using the mobile number as a unique identifier. Wallets eventually stopped innovating, and have gradually become redundant, except largely as a mechanism for storing cashbacks.

UPI, with a PIN, exposes the users entire bank account, so much so that some users even have separate bank accounts just for UPI. The amount of fraud in the country has increased drastically, both because of leakage from personal data that makes users susceptible to fraud via social engineering, and because the risk to the bank account isn’t contained.

India sacrificed containment of risk for enabling bank integration for payments.

Semi-closed prepaid wallets were more powerful because they not only compartmentalised risk, but they also didn’t require the additional authentication for transactions once money had been loaded into the wallet.

What an agentic Wallet should look like

In its paper on Agentic Commerce (ironically, not easily machine readable), Stripe identifies stages of Agentic Commerce, as mechanics to get to an Autonomous Economy. Two worth noting:

Level 4, Delegation: Get the back-to-school shopping done. Keep it under $400.
You stop choosing altogether. The system handles the search, the evaluation process, and the purchases on your behalf. You trust it will weigh trade-offs as you would and choose things your son will like. All you do is determine the budget. (This is what most people mean today when they talk about agentic commerce.)

Stage 5, Anticipation: There is no prompt. The system already knows the school calendar, your son’s preferences , and your typical budget. All you do is receive a notification: here’s the back-to-school list of everything that’s been purchased. This is the most futuristic vision, where the things you need show up right before you need them, without you having to ask.

Today, the industry is operating at Level 1 (eliminating web forms) and 2 (descriptive search), the paper states. There’s a long way to go, but the rails need to come up alongside development of agents.

Here’s what is needed:

First, fiat needs to learn from crypto, because we need payment wallets that are enabled for AI agents that use fiat money for payments. Crypto is still a niche use case, and fiat lacks an equivalent sandbox.

Second, we need wallets to be intuitive, and for it to be easy for users to create rules for wallet payment.

We need to have programmable money, something that has:

• Delegation of financial authority

• Risk based containers that ring-fence financial risk.

• Automated execution and the ability to create rules, easily.

When announcing x402, Coinbase said that their version of programmable spending limits includes:

Session caps: Set maximum amounts agents can spend per session
Transaction limits: Control individual transaction sizes
Safety: Private keys remain in secure Coinbase infrastructure…
Settlement: “Payments settle instantly onchain, eliminating chargebacks and disputes.”

Basically, smaller, programmable, secure containers that allow you to optimise transactions without a catastrophic downside, because transactions are onchain.

Here’s what a Agentic Fiat Wallet would look like

1. Leverage Credit Card / UPI Penetration: Now while I’ve mentioned that UPI and cards are risky and limited, they also have higher market penetration than wallets. They need to be used as authenticated mechanisms for recharging wallets. Wallets (restricted money access) can also be built on top of cards and UPI.

2. Enable but limit automated wallet recharges without authorisation, both by number of recharges and amount recharged in order to reduce risk, while giving users flexibility.

3. Allocate a budget, not an account: Give my shopping agent Rs. 5000/month (not access to my bank balance).

4. Hard caps by default: The wallet should start with a per-transaction cap, and when the agent wants to pay more, it should seek user permission to (a) increase the cap by a set amount for one time, or (b) update the rule to allow higher value transactions, including the current transaction.

5. Authorise the agent to transact with a limited set of merchants (one click approval, and upon a new merchant surfacing, seek user authorisation. Allow merchant specific caps.

6. Set category specific authorisation and caps: alongside merchant specific caps.

7. Set time & intent constraints: “Only buy if price drops below X” / “Only renew domains in the last 10 days before expiry.”

8. Enable second factor authentication for high-risk (flagged by payment systems) or high value transactions.

9. Use delegation tokens, not PIN sharing, for payments: separate human payments completely from agentic payments.

10. Build audit trail for disputes: for each agent, what it bought, why (rule triggered), price comparisons, and when.

At present, at least in the UPI construct, the bank is the funding rail, and UPI is the permission layer. For agents, UPI becomes a funding rail for wallets, and the wallet becomes the permission layer.

Of course, we don’t need such a complicated construct, and you can allow programming of UPI as well, which is probably what’s going to happen in India, but when I say wallets, I’m not referring to only licensed semi-closed prepaid wallets, but also to ringfenced payment layers that you transfer money to.

This way, what we get is what we need: Instant, low-cost transactions, with no API keys, no subscriptions, no middlemen, that are auditable and can work with merchants enabling their systems for agentic commerce.

What I’ll be watching out for: how UPI becomes programmable.