We watched P.J. Linarducci, VP of Consumer Payments at Google, take the stage at Money20/20 EU in Amsterdam last week and make several key announcements for the future of digital identity.
Here are our takeaways:
1. Digital identity at Google Wallet scale
Google is building out a global identity layer inside Google Wallet, one that goes well beyond government-issued IDs.
The country-by-country expansion is substantial. Aadhaar in India, enabling over a billion citizens to verify identity across services from SIM registration to bank accounts to tax payments. Mobile driver's licenses in the US. Japan's My Number Card. Google-issued digital ID passes derived from passport data in Brazil and the UK. EU expansion planned for later this year.
But the announcement we think will matter most in the long run is the Sparkasse integration in Germany.
Sparkasse is a major savings bank in Germany, serving 50 million customers. Google is launching age verification directly inside Google Wallet with them, but not using a government ID.
The credential is issued by the bank itself. Users can prove they are over 18 online using that bank-issued credential, cryptographically secured, without revealing their name, address, or exact date of birth.
This is the first publicly announced case of a privately issued institutional credential living inside Google Wallet. We don’t think it will be the last.
What this signals: identity wallets are no longer just a place to store your passport or driver's license. They will become infrastructure for any institution — bank, insurer, employer, telco — that wants to issue a verifiable, reusable credential to its customers.
2. Authentication becomes a background process
Strong Customer Authentication in Europe has been a compliance win and a user experience problem at the same time. Better fraud protection, yes. More cart abandonment, also yes. SMS codes, redirects, one-time passwords, these are friction points that users experience as interruptions.
Google's Secure Payment Authentication takes a different approach: replace the SMS code with the biometric unlock users already use dozens of times a day. The SCA requirement is satisfied. The user barely notices.
The numbers cited in Amsterdam: 50% reduction in authentication time. A 3% increase in end-to-end conversion compared to traditional methods. Rolling out with Visa, Checkout.com, Adyen, and Autopay, starting in the UK.
Linarducci's framing on this was precise: identity-based authentication should be a background process, not a login wall.
3. The agentic commerce layer
Linarducci used a simple example to make the point: being able to sign his child up for an after-school gym class the moment enrollment opens at 11am on a Tuesday, without stepping away from work. An AI agent handles it. The task gets done. He never sees it happen.
The trust problem that example creates is real and unsolved: how does the merchant know the agent is authorized? How does the user know the agent is actually doing what they want and nothing more?
Google's answer comes in two pieces.
The Universal Commerce Protocol (UCP) is a framework for how agents and payment rails communicate across the full shopping journey — discovery, checkout, post-purchase support — while keeping the retailer as the merchant of record. UCP-powered checkout is expanding to the UK this year.
The Agent Payment Protocol (AP2) is specifically designed to let AI agents make secure purchases and take actions on a user's behalf with strict authorization guardrails: a digital paper trail, strict buying limits, and private data shielding from the agent itself.
And then Google mentioned something that we think is the most important signal from the whole session: they donated AP2 to the FIDO Alliance as an open standard.
This is Google explicitly saying: we do not want to own the trust infrastructure for agentic commerce. We are contributing the protocol to an open standards body so that any agent, any platform, any payment network can implement it. The value we want to create is in the ecosystem, not in proprietary lock-in.
What this means for identity infrastructure builders
Google closed the session with a deliberate positioning statement. They are not on the front lines of every transaction. PSPs, banks, merchants, and identity providers are.
Google's self-described role is as a "quiet catalyst", the ecosystem infrastructure that enables others to build.
The invitation was explicit: build on these tools. Engage with the open standards. This infrastructure exists for the ecosystem to use.
For those of us building identity infrastructure, this session maps out where the ground is moving:
The credential wallet is becoming the universal container. Not just for government IDs but for any verified relationship: banking, employment, professional qualification, age, eligibility.
Authentication friction is being solved at the infrastructure layer. The SCA problem is a preview of a broader shift. The industry will move from "enter a code to prove it's you" to "your device already knows it's you." Institutions that build on top of that infrastructure will have a significant UX and conversion advantage over those that maintain legacy verification flows.
Agentic commerce needs a new trust model. AP2 and UCP are early implementations of that model. The open standard route Google has taken means any identity provider, any PSP, any wallet can build compatible agent authorization and delegation. The institutions that build verifiable, portable credentials for their customers now are the ones whose customers will be able to act confidently in an agentic world.
The era of trust through form-filling is ending. The infrastructure for what replaces it is being built right now. Money20/20 last week was one of the clearest public statements of what that infrastructure looks like.
