Agentic AI pushes financial sector toward continuous identity

Agentic AI is forcing a rethink of identity and authentication in payments, as systems designed for human approval struggle to handle transactions initiated by autonomous software.

A new paper from the International Monetary Fund warns that AI agents capable of executing payments expose gaps in Know Your Customer (KYC) and multifactor authentication, which rely on explicit human action. The shift is driving demand for new frameworks that can verify both the identity of an AI agent and the user’s delegated authority — effectively introducing “Know Your Agent” models and continuous identity verification.

AI agents capable of making transactions challenge traditional identity and authentication frameworks in payments: Common authorization mechanisms, such as Know Your Customer (KYC) and multifactor authentication (MFA), are designed for human users who explicitly approve transactions.

However, when AI agents are tasked with initiating payments, verifying the identity of the agent and the intent of the users becomes significantly more complex, says the report, authored by IMF’s digital technology experts Herve Tourpe and Sonja Davidovic.

“Traditional fraud models rely on human behavioral patterns, which become ineffective when transactions are initiated by autonomous agents,” the paper notes. “Hence, developing authentication frameworks that verify both the AI agent’s identity and the user’s delegated authority remains key.”

Payment networks and technology providers will need to move towards trusted identity frameworks and interoperable standards for Know-Your-Agent verification and delegated authority. Digital wallet providers should also introduce “agent-ready” capabilities and build agent-friendly authentication using passkeys and biometric verification. At the same time, regulators will need to find new ways to regulate and supervise the use of AI in the financial industry.

“Mitigating these risks will require coordinated action from both private and public stakeholders,” the report notes.

Identity industry proposes integrated approach for AI agents

The rethink of authentication within the industry from the arrival of AI agents and other AI technologies is also pushing the market towards continuous verification.

An April analysis from LexisNexis Risk Solutions revealed that agentic traffic rose a whopping 450 percent in 2025, driven mainly by credit card payments and logins to gaming and gambling sites. The trend has shed light on the challenges of detecting fraud in a world where transactions are conducted by bots.

“Cybercriminals are experimenting with the same technologies that are transforming digital commerce and organizations must prepare for a future where both legitimate users and malicious actors rely on automated agents to interact online,” says Stephen Topliss, vice president of fraud and identity at LexisNexis Risk Solutions. “Those that succeed must be able to confidently distinguish between humans, bots and agents as well as determining intent.”

Because a single login or credential check is no longer sufficient to prevent fraud, the financial industry is seeing a shift from a model in which a human user undergoes a single authentication process to gain access to a service to continuous, independent validation by autonomous AI.

Organizations will likely move towards integrated approaches that combine biometrics, document analysis, device intelligence and real-time behavioral signals, according to Henry Patishman, executive vice president of identity verification solutions at Regula. The goal is ensuring that the identity behind an action remains valid, current and uncompromised throughout the interaction.

“Authentication can no longer rely on a single login,” he told news site Pymnts. “In an agent-led environment, it also needs to focus on identity assurance throughout the whole journey.”

Identity will, in other words, become a gatekeeper, a layer that determines whether an AI system is reliable, according to B. Scott Swann, CEO at biometrics company ROC.

Both public and private organizations are prioritizing systems that offer transparency, control, and reliability at scale, driving the shift from isolated tools toward integrated identity platforms that can operate across environments. This makes identity a core layer of modern systems, with the industry potentially worth over $100 billion, he told financial news outlet Benziga.

“Cybersecurity protects systems, but biometric identity determines who is accessing them,” says Swann.

iProov also emphasizes the importance of continuous identity threat detection and alignment with standards. The company is also warning businesses about the “accountability vacuum,” in which high‑impact decisions are made without verifiable human authorization.

“Identity is becoming the new battleground in cybersecurity,” says Andrew Newell, the firm’s chief scientific officer. “Generative AI is allowing attackers to industrialize digital impersonation at scale. To defend against this, organizations must be able to establish genuine human presence in digital interactions to ensure trust and security.”

Article Topics

AI agents  |  biometrics  |  continuous authentication  |  continuous verification  |  digital identity  |  identity verification  |  iProov  |  multifactor authentication  |  Regula  |  ROC