Nydia Remolina (Singapore Management U Yong Pung How Law) has posted “Agentic Payments: When is a Payment (Un)Authorised?” on SSRN. Here is the abstract:
What if your wallet could decide how to spend your money? Payments are no longer made by people alone, they are increasingly executed by software acting on their behalf. These AI agents operate within user-defined parameters, but they also optimise, adapt, and, at times, act in ways the user did not specifically anticipate. This shift challenges the core assumptions of payment law, which remains anchored in binary distinctions between authorised and unauthorised transactions and in models of human intent. Current regulations like PSD2, and the proposed PSR and PSD3, struggle to define when a broad user instruction constitutes valid permission for a specific payment. To bridge this gap, the paper proposes a “bounded delegated authorisation” test, which requires that an agent’s actions stay within strictly defined, provable constraints. The paper also suggests creating a new regulatory category for Digital Assistant Payment Services (DAPS) to ensure accountability and user control. Ultimately, the article argues for a framework where payment service providers must reimburse users if an AI agent initiates a transaction that exceeds its bounded delegated authorisation.