From Advisor to Actor: AI Presses "Pay" on Its Own Behalf

For over a decade, artificial intelligence in the financial sector has had one role: to recommend. Now, that role is about to shift dramatically. On February 16, 2026, DBS Bank in Singapore announced that it was the first bank in the Asia-Pacific region to have completed real payment transactions using AI agents — without the customer manually confirming each individual payment.

The pilot is taking place in collaboration with Visa through the Visa Intelligent Commerce (VIC) platform, and the first transactions were carried out within the food and beverage segment using DBS and POSB cards. The plan is to expand to e-commerce and travel booking. According to Fintech News Singapore, the system uses tokenization, advanced authentication, and transaction limits defined by the card issuer — the bank itself — as security mechanisms.

"AI agents are unlocking a new phase in digital payments. The collaboration with Visa shows how agent-driven payments can be rolled out securely and at scale." — Ananya Sen, Group Head of Regional Consumer Products, DBS Bank

DBS is no stranger to large-scale AI initiatives. According to figures published by the company, the bank generates between $565 and $750 million in value from over 350 AI use cases — a figure that projections suggest could rise to 1,500 use cases. Fraud detection is already a core area: the bank's AI systems achieve 95 percent accuracy and reduce manual time spent by 80 percent, according to DBS's own reports.

95%
AI fraud detection accuracy (DBS)
750 million USD
Estimated AI value creation DBS

When AI Pays for You: Revolution or Regulatory Nightmare?

What Exactly Is an Autonomous Payment Agent?

An AI payment agent is a system that does not just analyze situations and suggest actions — it acts independently within predefined limits. In practice, this means the agent can identify a payment situation, assess whether it falls within the user's instructions, and complete the transaction without asking for manual approval.

The technology is built on concepts such as agentic AI and delegated authorization. Leading technology players have already begun establishing protocols for this: Google's Universal Commerce Protocol (UCP), launched in January 2026, and OpenAI's Agentic Commerce Protocol both require cryptographic proof that the user has pre-approved the agent's actions — specifically to reduce disputes and liability shifts.

When AI Pays for You: Revolution or Regulatory Nightmare?

The Big Unanswered Question: Who Is Liable When Something Goes Wrong?

Here, the regulatory picture for 2026 is worryingly unclear — and this is where Norwegian banks should listen extra closely.

An analysis from the Consumer Bankers Association (CBA), published in January 2026, states that existing legislation — primarily designed for human-initiated transactions — creates dangerous gray areas for agent-controlled payments. In the US, the customer could end up as the liable party if the AI agent is treated as an "access tool" the customer has given to a third party (the AI provider), and the agent then acts outside of instructions.

The bank itself sits in a difficult middle position: they are not the direct cause of the error, but are still the first point of contact for customer complaints, refund claims, and chargebacks. According to the CBA report, banks have "limited visibility into third-party AI behavior via APIs," which increases fraud exposure without necessarily being accompanied by corresponding legal liability.

The law firm JD Supra summarizes the situation as follows: no federal guidelines for agent-based payments exist as of early 2026. The same void applies in Europe.

The customer may be left with the bill when the AI agent makes a mistake — not the bank, not the AI provider.

Norwegian Context: BankID, PSD2, and a Regulatory Vacuum

BankID: Built for Humans, Not Agents

For Norwegian banks, BankID is the absolute core of digital identity and payment approval. The system is architecturally built around one principle: the customer themselves authenticates each individual transaction with a unique code or biometrics. An AI agent acting autonomously directly challenges this principle.

There is currently no published framework from the BankID consortium (operated by Vipps MobilePay) on how third-party AI agents can be integrated. The Financial Supervisory Authority of Norway (Finanstilsynet) supervises Norwegian financial actors and ensures that open banking solutions operate within the PSD2 framework, but has not published specific guidelines for autonomous AI agents in payment systems.

Open banking platforms exist in Norway — the company Neonomics, for example, operates the AI platform Nello AI as a licensed AISP (Account Information Service Provider) under the Financial Supervisory Authority and EU regulations — but without explicit BankID integration for agent-controlled payments.

PSD2 and PSD3: No AI Exemptions in Sight

The EU directive PSD2 allows third-party actors to initiate payments through payment initiation services and provides a legal foundation. However, Strong Customer Authentication (SCA) is still the rule, not the exception.

SCA exemptions exist for low-value transactions under 30 euros, recurring subscription payments after initial approval, and transactions to trusted beneficiaries — but none of these are designed specifically for AI agents, and there are no AI-specific exemptions, according to analyses from Taylor Wessing and PwC Legal.

The upcoming PSD3 and the associated Payment Services Regulation (PSR) refine the SCA framework but do not introduce AI-specific exemptions either. On the contrary: according to PwC Legal, the regulatory focus in 2026 is directed toward the hardening of controls against AI-driven fraud — deepfakes, impersonation, and automated phishing attacks — not liberalization for AI agents.

The EBA (European Banking Authority) published a statement in June 2025 classifying certain crypto activities under PSD2, but without touching on the AI agent issue.

The Opportunities Are Real — Especially in the Corporate Market

Despite the regulatory uncertainties, there are substantial business opportunities in the technology, especially where payment flows are predictable and risk exposure is low:

  • Automated supplier payments for corporate customers, where AI agents handle routine invoices within pre-approved frameworks and amount limits
  • Subscription and expense management for private customers, where the agent optimizes payment timing and alerts about deviations from normal behavior
  • Active fraud detection combined with action, where the agent not only identifies suspicious patterns but can actively stop or flag transactions — an area where DBS has already demonstrated commercial value

DNB has invested significantly in AI expertise in recent years and has a technological starting point that makes pilot projects realistic. The SpareBank 1 alliance has explored automation in several stages of the customer journey. However, both actors have a way to go before they can match what DBS has demonstrated in Asia.

Globally, the picture is mixed: according to analyses from FutureIoT and Kane Bridge News, only a small minority of banks are currently translating AI investments into measurable revenue growth. The technology is available; business models and regulations are lagging behind.

Trust: The Human Factor No One Can Automate Away

Even though the technology is mature, customers' willingness to relinquish control is a decisive variable. European surveys from the banking sector show that trust in AI in financial decisions is growing but is contingent on two things: that customers understand exactly what the agent can and cannot do, and that there are simple mechanisms to revoke authorizations immediately.

Transparency and user experience will therefore be just as critical as the underlying AI technology. The banks that succeed will not necessarily be those with the most advanced models — but those that make autonomous payments understandable and reversible for ordinary customers.

"Through Visa Intelligent Commerce, we are building the foundation that will make agent commerce safe, secure, and scalable." — T.R. Ramachandran, Head of Products & Solutions Asia Pacific, Visa

The Way Forward: Shape the Development, or Be Shaped by It

The DBS pilot from February 2026 is an early data point in a development that will accelerate. The question for Norwegian banks is not if autonomous payment agents will become a reality — but when they arrive in the Norwegian market, and whether Norwegian actors will have been involved in shaping the framework conditions.

January 2026
Google launches Universal Commerce Protocol (UCP) with requirements for cryptographic consent for AI agent payments
February 2026
DBS Bank becomes the first bank in Asia-Pacific to conduct live agent-controlled payment transactions via Visa Intelligent Commerce
2026 (ongoing)
EBA and European supervisory authorities intensify focus on AI-driven fraud — but no AI-specific SCA exemptions are introduced
PSD3/PSR (expected 2026–2027)
New EU payment regulations take effect without AI agent-specific provisions — but with tightened requirements for transparency and traceability
TBD
The Financial Supervisory Authority of Norway and the BankID consortium must take a position on delegated authorization for AI agents in the Norwegian market

A natural first step for Norwegian actors would be to start a structured dialogue with the BankID consortium (Vipps MobilePay) and the Financial Supervisory Authority about framework conditions for delegated authorization — in parallel with internal pilot projects in controlled environments, preferably in the corporate market where transaction volumes are predictable and risk exposure is manageable.

Those who wait for the regulations to be finalized before they start thinking will find themselves in a position where others' standards have already been set.