Key Takeaways
- Agentic AI in India's financial services and commerce sectors is moving from proof-of-concept to production, and industry interviews reveal that the biggest barrier is no longer AI performance but the existing payments and financial infrastructure
- Even India, home to UPI — one of the world's largest real-time payment networks — needs a new infrastructure layer for agent permissions, authentication, auditability, and liability
- The challenge is fundamentally the same one Visa and Mastercard are tackling, and payment providers and e-commerce businesses should start designing infrastructure with agents in mind now
The Barrier Has Shifted from AI Performance to Infrastructure
Use cases raise questions around permissions and security, as deployments progress beyond proof-of-concept
www.business-standard.comOn July 5, 2026, Indian business daily Business Standard reported on the state of agentic AI adoption across the country's financial services and digital commerce sectors. An industry where "almost everything was still a proof of concept" a year ago is now steadily approaching production. Yet the industry figures interviewed were unanimous in their assessment: the biggest obstacle to widespread deployment is no longer AI itself, but financial and commerce infrastructure built decades ago for deterministic software and human interactions.
According to the report, agentic commerce is expected to evolve in three phases — from assistive to guided and eventually autonomous flows. Before AI agents can routinely shop, transact, or negotiate on behalf of users, banks, payment processors, and merchants must build a new layer governing permissions, authentication, authorization, auditability, and liability. Constructing this "invisible plumbing" is emerging as the industry's next major challenge.
What makes this striking is where the observation comes from: a country whose UPI (Unified Payments Interface) processes more than 20 billion transactions a month. If even the nation with the world's most advanced real-time payment network needs to rebuild its infrastructure for the agent economy, the implications for markets with far more fragmented payment rails are sobering.
Permissions, Authentication, and Liability: Designing the Invisible Plumbing
What does it actually mean to design for delegated purchasing? The Business Standard piece captures the questions practitioners are wrestling with in vivid detail.
On payments, agents acting on a consumer's behalf will need clear consent and spending controls before adoption can move beyond pilots, and that requires regulatory clarity, not just better technology.Source: Keshav Kumar (CPTO, BigBasket)
Kumar, whose company BigBasket is part of the Tata group, also points out that discoverability changes character. Platforms must become as legible to machines (agents) as they are to humans, or they risk losing transactions they would otherwise win.
The edge cases are even more pressing. If an agent instructed to spend no more than 5,000 rupees on a pair of shoes ends up spending more than twice that amount, who bears the responsibility? Who created the agent, how is it identified and authenticated, and what exactly did the user authorize? Answering these questions, the article notes, requires capturing agent interactions in a central registry that enables accountability and verification across use cases. Today's payments and commerce infrastructure was never designed for a world where consumers deploy multiple agents for different tasks and it is agents, not humans, initiating multi-cart transactions in parallel.
Ishan Sharma, head of sales and business development at payment gateway Juspay, argues that "payments have to be deterministic," stressing the need for users to whitelist their own agents and for proactive controls that prevent agents from doing things they were never meant to do. The e-commerce industry widely expects early use cases to center on price intelligence, which makes such safeguards all the more critical. Marketplace Snapdeal disclosed that it has already built unified data connectors spanning its catalogue, customer behavior, and transaction systems, along with an orchestration layer based on the Model Context Protocol (MCP) and guardrails to minimize hallucinations.
Inside banks, the problem runs deeper. Existing core systems were built for software that executes predefined instructions, and granting reasoning AI agents direct access to them would immediately surface risks around privacy, permissions, and accountability. Banking infrastructure provider Zeta is taking the approach of building an intermediary software layer between agents and core banking systems. Rather than letting an agent or LLM query databases directly, this layer authenticates the agent, verifies what it is authorized to access, enforces data access policies, and maintains audit trails before any information is retrieved.
Fraud defenses need a redesign as well. New fraud vectors, including evolving patterns of deepfakes and tampered documents, are already permeating the ecosystem. Shailesh Paul, CEO of authentication provider Wibmo, says banks are focused on risk-based authentication: intercepting transactions that are almost certainly fraudulent, then stepping up to higher or additional forms of authentication for transactions that are risky but potentially legitimate. Fraud patterns in the AI era are still evolving, and for now the industry's priority is rethinking the supporting infrastructure while resolving foundational questions around permissions, security, and control.
UPI Is Ahead: What Reserve Pay Solves — and What It Doesn't
India is hardly standing still. In production pilots, it is arguably leading the world.
In February 2026, Razorpay and NPCI (National Payments Corporation of India) announced agentic UPI payments on Claude, launching a pilot that completes orders and payments from Zomato, Swiggy, and Zepto entirely within a conversation. The technical key is UPI Reserve Pay: users perform a one-time, consent-based authentication and set per-merchant spending limits, after which agents can execute transactions within those limits without entering a PIN or OTP each time. Consent can be revoked at any moment. In June, Pine Labs announced P3P, a protocol that lets AI agents complete UPI payments after a single upfront authorization, and NPCI itself is exploring an agentic AI layer to shorten compliance cycles for UPI's operating circulars — the pace is accelerating.
The regulatory scaffolding is taking shape too. In August 2025, the Reserve Bank of India published FREE-AI, its framework for the responsible and ethical enablement of AI in finance, setting out 26 recommendations under seven principles and six pillars. It calls for board-approved AI policies and institutional AI inventories by the end of FY2026, providing a potential foundation for the "regulatory clarity" that BigBasket's Kumar demanded.
Still, these mechanisms operate within the bounds of human pre-authorization. Spending caps provide a fence, but the questions of agent identity, liability boundaries across multiple agents, and full auditability of agent behavior remain unanswered. What the Business Standard report interrogates is precisely the infrastructure vacuum outside that fence.
Global Standards Are Converging on the Same Questions
India's debate maps precisely onto the standardization work underway at the card networks. Mastercard announced Agent Pay in April 2025, introducing Agentic Tokens that bind tokenized card credentials to a specific agent, merchant, and consent policy. Visa followed in October of that year with its Trusted Agent Protocol, which gives merchants a way to identify legitimate agents. The core idea — never hand agents raw card numbers; let them transact with verifiable credentials and tokens — is essentially the same design philosophy behind UPI Reserve Pay.
At the India AI Impact Summit held in New Delhi in February 2026, that convergence was articulated explicitly. Citibank's Prag Sharma argued that agentic commerce requires three things: "an Aadhaar equivalent as a foundational identity layer for AI agents, a UPI equivalent to address how money flows between two agents, and an ONDC equivalent, an interoperable platform for how this will all work." His requirements — cryptographically provable agent identity, granular purpose-driven authorization, and a chain of custody for agent behavior — read as a direct abstraction of the on-the-ground concerns Business Standard reported.
In short, what comes after "Know Your Customer" is "Know Your Agent." That recognition is already shared across India's payments industry, the US card networks, and the AI platforms. The remaining question is competitive: who implements the trust layer, and which standard becomes the axis of interoperability.
Conclusion
Even India, with the world's most advanced real-time payment network, needs new infrastructure for permissions, authentication, auditability, and liability before the agent economy can scale. That is the fact the Business Standard report lays bare, and it confirms that the bottleneck in agentic commerce is not model performance but infrastructure design. Pre-authorization schemes like UPI Reserve Pay are an effective first step, but agent identity, registries, and liability boundaries remain unfinished homework worldwide. For companies whose business is executing transactions on behalf of users, the ability to design this invisible plumbing will be a source of competitive advantage. As the RBI's FREE-AI implementation deadlines arrive at the end of FY2026, India's moves will continue to serve as a leading indicator for agentic commerce.





