Embedded Finance 2.0

Embedded Finance 1.0 put a "Pay" button inside Uber, Shopify, and every SaaS app. The financial service disappeared into the product. But the interface was still a human-facing screen — a checkout page, a card form, a loading spinner.

Embedded Finance 2.0 removes the screen entirely. The interface is now an AI agent. Fintech becomes a callable sub-system — a function the agent invokes, not a page the user sees. Razorpay, Stripe, and Cashfree aren't "payment gateways" anymore. They're API endpoints an agent calls when it's time to pay.

Exhibit A — The Three Eras of Financial Services Distribution

Era 1

Standalone

2010–2018

User → Bank App / Fintech App
Separate apps for payments, lending, insurance. User navigates to each. PayTM, PhonePe, standalone bank apps. Interface: the fintech app itself.

SILOED

↓

Era 2

Embedded

2018–2024

User → Product App → Fintech SDK
Financial services embedded inside Uber, Shopify, SaaS. Stripe, Razorpay as SDKs. Interface: a checkout page inside someone else's app.

EMBEDDED

↓

Era 3

Callable

2025 →

User → Agent → Fintech API (no UI)
Agent invokes pay() as a function. No checkout page. No card form. The agent calls the fintech microservice, handles the response, reports back. Interface: none. The agent IS the interface.

CALLABLE

The key shift: SDKs need a human-facing UI. Microservices don't. When the "user" is an agent, you don't need a checkout page — you need a clean API contract.

For an agent to browse a catalog, build a cart, and complete a payment, four distinct protocol layers need to work together. Each solves a different problem. No single protocol covers the full flow.

Exhibit B — The Agentic Commerce Protocol Stack

Agent

ChatGPT Claude Gemini Custom Agent ← the "user"

↕ calls via

MCP

Browse catalog Compare prices Build cart Initiate order Agent ↔ Merchant

↕ triggers

UCP

Standardized checkout states Provider-agnostic responses One language for all PAs Agent ↔ Payment Provider

↕ authenticates via

Trust Layer

AP2 mandates ACP delegated tokens AgentPay agentic tokens TAP credentials Verifies agent authority

↕ moves money via

Rails

UPI / IMPS Card Networks NEFT / RTGS Wallets Existing infra

MCP = Model Context Protocol (Anthropic, open standard). UCP = Universal Commerce Protocol (Google). AP2 = Agent Payments Protocol (Google). ACP = Agent Commerce Protocol (Stripe × OpenAI). AgentPay = Mastercard. TAP = Trusted Agent Protocol (Visa).

What MCP Solves

Standardizes agent-to-merchant communication. The agent can browse products, check prices, and build a cart using one protocol, regardless of the merchant's backend. The shopping layer.

What UCP Solves

Standardizes payment states across providers. Without UCP, agents must learn Razorpay's "authorized" vs Stripe's "requires_action" vs Adyen's own states. With UCP: one language. The checkout layer.

What AP2 / ACP / AgentPay Solve

Verifies the agent's authority to spend money on the user's behalf. Mandates, delegated tokens, or contextual single-use tokens. The trust layer.

What Google's Play Is

Google owns two layers: AP2 (trust) + UCP (standardization). They don't move money. They don't compete with Stripe. They're building the translation layer. Whoever owns the standard, owns the ecosystem.

The trust layer — how an agent proves it has permission to spend your money — has split into two fundamentally different approaches. Each reflects a different philosophy about autonomy, risk, and user control.

Exhibit C — Mandate-First vs. Token-Based Approaches

Pre-authorized rules

User sets spending rules in advance: "Buy coffee under ₹500" or "Approve groceries from BigBasket up to ₹2,000/week." Agent executes within boundaries without per-transaction auth.

Per-transaction tokens

Each transaction gets a unique, contextual token created on-the-fly. The token encodes merchant, amount, basket — and self-destructs after use. Agent must request a new token each time.

Who's building this

Google AP2 — mandates stored and validated against pre-set rules.
Razorpay × OpenAI — UPI Reserve Pay, pre-authorized payment blocks.
Alipay AI Pay — ACT protocol, 120M txns/week. Closed-loop advantage.

Who's building this

Stripe × OpenAI ACP — delegated payment tokens per transaction.
Visa TAP — stored tokenized credentials, pre-authorized agent access.
Mastercard AgentPay — agentic tokens with embedded agent identity.

Strengths

Zero friction for repeat purchases. High throughput for high-frequency, low-value transactions. Great for groceries, food delivery, subscriptions. Alipay proves it scales.

Strengths

More secure per-transaction. No standing authority to exploit. Better for occasional, higher-value purchases. Contextual constraints limit blast radius of bugs.

Weaknesses

Setting up mandates per merchant is cumbersome. Category-based mandates require infra that doesn't exist yet. If the mandate rules are too broad, security risk increases.

Weaknesses

More friction per transaction. Token creation adds latency. Doesn't work well for autonomous background purchases. Each transaction needs human-in-the-loop or pre-auth.

The "make everything frictionless" crowd misses the core insight: in payments, friction is a feature, not a flaw. Users want to know their money isn't moving invisibly. The winning design isn't zero friction — it's the right friction for the right context.

Exhibit D — The Friction-Transaction Matrix

Transaction Type	Value	Frequency	Approach	Friction
Groceries, food delivery, subscriptions	Low (₹200–₹2K)	Daily / weekly	Mandate-based (AP2, UPI Reserve Pay)	ZERO
Fashion, electronics, occasional shopping	Medium (₹2K–₹25K)	Monthly	Autonomous + 2FA (ACP, AgentPay)	LOW
Travel bookings	High (₹10K–₹1L)	Quarterly	Agent-assisted + embedded auth	MEDIUM
Investments, insurance, big-ticket purchases	Very high (₹1L+)	Rare	Human confirmation required	HIGH

In India and SEA, 2FA is centrally mandated by RBI/regulators. Even "zero friction" transactions may require biometric/PIN. OpenAI's App SDK allows embedding auth flows natively in the LLM interface — friction becomes invisible to the agent while remaining visible to the user.

The moat isn't which protocol you use — it's whether your state transition logic is category-aware and context-aware. A ₹2,000 bus ticket for a frequent user should be zero friction. A ₹25,000 first-time international flight should trigger 2FA. The magic is in the dynamic friction engine, not the payment rail.

Exhibit E — The N×M Complexity Problem

Without UCP

Merchant A (Razorpay): status = "authorized" → capture
Merchant B (Stripe): status = "requires_action" → 3DS flow
Merchant C (Adyen): status = "RedirectShopper" → redirect
Merchant D (Cashfree): status = "PENDING" → poll

4 providers × different states × different error codes × different retry logic = agent breaks

With UCP

Merchant A: {status: "incomplete", action: "requires_auth"}
Merchant B: {status: "incomplete", action: "requires_auth"}
Merchant C: {status: "processing", action: null}
Merchant D: {status: "complete", action: null}

1 language. Agent learns once, works everywhere. Complexity = O(1), not O(N×M).

Google's UCP doesn't move money. It doesn't authenticate users. It doesn't compete with Stripe or Adyen. It's a translation layer — standardizing how agents read payment states. Whoever owns the standard, owns the ecosystem.

The agent design patterns identified by Lance Martin (LangChain) aren't just about coding agents — they directly explain how agentic commerce infrastructure is being built. Each protocol layer maps to a pattern.

Exhibit F — Agent Design Patterns → Agentic Commerce Mapping

Agent Pattern	Commerce Application	Protocol Layer
Give Agents a Computer	Agent gets access to browser, APIs, payment endpoints — not just text generation. Can browse catalogs, fill carts, invoke checkout.	MCP
Multi-Layer Action Space	Agent doesn't have 50 payment tools loaded. It has one `pay()` function that routes through UCP to whatever provider is underneath.	UCP
Progressive Disclosure	Agent doesn't load all merchant catalogs upfront. MCP lets it discover products on-demand. UCP reveals payment methods only at checkout.	MCP UCP
Offload Context	Pre-authorized mandates stored in AP2 — the agent doesn't carry auth state in its context window. It calls the trust layer to check authority.	AP2
Cache Context	Tokenized credentials (Visa TAP, AgentPay) are cached representations of payment authority. Token = compressed auth state.	TAP / AgentPay
Isolate Context	Each transaction gets an isolated token/mandate with narrow scope. A grocery mandate can't be used for electronics. Blast radius contained.	ACP tokens
Evolve Context	Agent learns user preferences over time — preferred merchants, typical basket sizes, spending patterns — and updates its mandate suggestions.	Frontier

The same principles that make coding agents effective (manage context as a scarce resource, use the filesystem as memory, disclose tools on demand) are the principles being used to build agentic commerce infrastructure.

India's payment infrastructure creates a unique environment for agentic commerce — both as an enabler (UPI's real-time rails) and a constraint (mandatory 2FA). The key players are positioning accordingly.

Exhibit G — India's Agentic Commerce Landscape

Player	Layer	Play	Moat
Razorpay × OpenAI	Trust	UPI Reserve Pay — pre-authorized payment blocks at merchant level	First India-specific agentic mandate integration
Cashfree	Checkout	Native UPI + card payments within LLM chat interface	Embedded auth without redirect — friction invisible to agent
Juspay	Orchestration	Payment orchestration + TPAP-as-a-service stack	Sits between merchants and multiple PAs — natural UCP-like role
PayU / Mindgate	Switch	43.5% acquisition of Mindgate (UPI switch powering HDFC, SBI, Yes Bank)	Controls the pipe — if agents call functions, the switch executes them
NPCI	Rails	UPI infrastructure — 16B+ transactions/month	The underlying rail everything rides on

India's 2FA mandate (RBI) means fully invisible payments are impossible. The sweet spot: embedded authentication within the LLM interface — friction visible to user, invisible to agent. Cashfree's approach at the AI Summit Delhi (Feb 2025) points this direction.

Exhibit H — Open Questions in Agentic Commerce

Question	Why It Matters	Status
Liability	If an agent makes a wrong payment on a mandate, who pays? The user who set it? The platform? The LLM provider? No legal framework exists.	UNRESOLVED
Regulatory fragmentation	RBI mandates 2FA. EU has PSD3. US has no equivalent. How does UCP handle jurisdictional divergence in auth requirements?	UNRESOLVED
Data privacy	Agents executing payments have access to behavioral data — spending patterns, merchant preferences, basket contents. Who owns this data? Who encrypts it?	UNRESOLVED
Banking system adoption	Core banking systems need to recognize AP2 mandates, AgentPay tokens, and delegated credentials as valid. This is a multi-year infrastructure effort.	IN PROGRESS
Consumer trust	Alipay's 120M figure is China — fundamentally different trust dynamics. Will Indian / Western consumers actually let agents spend autonomously?	TBD

The Verdict

Winning Strategy

Own the
Standard

Google's play: don't move money, standardize how agents talk to money. Whoever owns the protocol layer owns the ecosystem.

India Moat

Embedded
Auth

2FA mandate means fully invisible payments are impossible. The winner embeds auth in the LLM interface — friction visible to user, invisible to agent.

Timeline

2–3yr

Before agentic commerce is mainstream. Protocol standardization, banking adoption, and consumer trust all need 2–3 years minimum.

What's Certain

Agent-initiated payments are inevitable. Shopping inside LLMs provides exponential personalization value. Infrastructure standardization (UCP-like layers) will emerge because the current N×M complexity is unsustainable. The companies that win will have the cleanest callable APIs, not the best checkout UIs.

What's Uncertain

How autonomous payments will actually be (less than the hype suggests). Whether mandate-based approaches scale beyond closed-loop systems like Alipay. Whether banking systems can adapt fast enough. And the biggest question: will consumers actually trust agents with their money?

Key Sources

Ambika Pande — The Painted Stork: UCP/AP2 analysis, Embedded Finance 2.0 thesis
Lance Martin — LangChain: Agent Design Patterns (Jan 2026)
Google — Universal Commerce Protocol + AP2 developer docs
Stripe × OpenAI — Agent Commerce Protocol (ACP)
Mastercard — AgentPay protocol announcement
Visa — Trusted Agent Protocol (TAP)
Alipay — AI Pay + Agentic Commerce Trust (ACT)

Related Deep Dives

Agent Design Patterns — The 7 context management patterns powering Claude Code, Manus, and Cursor

Seeing Like an Agent — Tool design, action spaces, and progressive disclosure from Claude Code

Indian E-Commerce × GenAI — How Flipkart, Swiggy, and Amazon India are deploying GenAI