Money20/20 Europe: Five Payments Shifts That Will Define the Next Few Years

Money20/20 Europe brought thousands of payments professionals to Amsterdam this June. Our team was there, sitting in on sessions, participating in demos, and talking to peers across the industry. Several themes kept surfacing – most were expected, but one went further into the future than we expected, giving us an intriguing window into what’s coming. Here is what we heard, and what we make of it. 

The fintechs furthest along weren’t talking about where to try AI. They are working on how they embed it across their entire organization.

The shift is significant. Running a pilot in one team is a low-stakes experiment. Rolling it across multiple departments and teams is a different kind of commitment. The process requires understanding where AI is the right choice and making the required adjustments to the processes to make the most of the technology. The most forward-thinking companies are moving into AI-native environments.

The path is harder for regulated financial institutions. A payments business cannot simply give AI tools broad access to internal systems and iterate. The rules it works under – on AI governance, data protection, and operational resilience, the EU AI Act, GDPR, and DORA among them – are real constraints, and the temptation is to wait for the picture to get clearer before committing. That could be a fatal mistake. The institutions that start integrating AI into their operations now, within the limits they already operate under, will pull ahead of those still waiting for a moment in time that may never arrive.

Across a payments business, AI can land in a hundred places. For us, what matters is not which model wins, but where you put it to work. In payments, that means AI moving into the decision itself: models deployed and executed inside the decisioning workflow. This puts AI at the core of a business, which is why governance is the real test, not raw capability. Can you see why a model decided what it did, stop it where it should not act, and keep a person accountable for the calls that matter? Get that right, and you can put AI where the value is. Get it wrong, and you cannot let it near the decision at all.

For companies earlier in their AI journey, still assessing where to start, the clearest path forward is to begin with the tasks that consume the most time and carry the lowest risk. That is the call we made at Zoot Solutions with our clients – document extraction, case summarisation, and fraud review first. High-volume work that AI handles well, that frees up underwriters and operations teams for decisions that require human judgement, and where the efficiency gains show up fast enough to build confidence for the next step.

Agentic commerce generated more conversation at Money20/20 than almost any other topic. This is not a concept being discussed for future consideration. The infrastructure is being built now.

Several major networks and fintechs are actively investing in systems that let AI agents initiate and complete payments on behalf of users. Visa demonstrated its Intelligent Commerce initiative at the conference with a live World Cup ticket purchase: a user provides a brief, the agent identifies suitable options and completes the transaction. In B2B, Ramp is already using Visa Intelligent Commerce for corporate bill payments – automating procurement decisions while retaining card cashback for clients.

The infrastructure challenge is real. Payment authorisation has always assumed a human in the loop – someone who authenticates, disputes charges, and carries legal liability. Agentic payments break that assumption. Tokenised agent credentials and account-holder-defined spending controls provide a framework, but the industry needs to move faster on liability, fraud recovery, and regulatory treatment of agent-initiated transactions.

The agents work, the demos settled that much. What they do is not the question that matters now. The controls around them are. Agents can now make payments on your behalf, so everything hinges on the boundaries: what it is allowed to do, how you confirm it stayed inside them, who carries the liability when it does not, and how quickly a bad call can be stopped or unwound. Get that right and agentic commerce earns its place. Skip it and you have handed real money to something no one is accountable for. The agents the market comes to trust will be the ones wrapped in checks, not the ones that are simply fast.

Tokenisation was everywhere at Money20/20 – and Visa’s own numbers explain why.

According to Visa’s 2025 annual report, manual card entry now accounts for just 16% of ecommerce transactions on its network, down from 44% in 2019 and more than half of ecommerce transactions are already tokenised.

Tokens replace static card credentials with dynamic, cryptographically bound identifiers – specific to a device, a merchant, or a transaction. They cannot be reused outside their intended context. The fraud reduction case is strong, but the more important point is that tokenisation is fast becoming the baseline expectation of the ecosystem, not a competitive differentiator.

This applies to B2B as much as B2C. Virtual corporate cards, token-based fleet management, B2B invoice settlement through tokenised credentials – commercial payments are following the same trajectory as consumer payments. Financial institutions that treat tokenisation as optional infrastructure are already behind.

Tokenisation itself is now mature. The interesting part is downstream – specifically for the teams responsible for origination and onboarding. Every time credentials become more dynamic, the compliance checks, fraud screening, and identity verification built around the old format need to flex. The institutions that treat their decisioning layer as something that has to adapt will absorb each new standard without much drama. The ones that hard-wire to today’s formats will be re-engineering with every shift. Tokenisation is not the hard part. Keeping everything downstream of it current is.

This was not a headline topic at Money20/20. It came up in technical sessions and quieter conversations. But the people raising it were serious, and the implications for payments infrastructure are significant enough to pay attention to.

Current encryption standards protect every transaction, every authentication event, and every piece of data moving across the financial system. They rely on mathematical problems that classical computers cannot solve. Quantum computers, at sufficient scale, will solve them. When that happens, the cryptographic foundations of the payments system are exposed.

No quantum computer capable of doing this exists today. But one session cited major cloud providers targeting full post-quantum security defaults by 2029, and the risk of “harvest now, decrypt later” – where encrypted data captured today is stored and decrypted once quantum capability arrives – is already being taken seriously by security teams. The migration to post-quantum cryptographic standards is a significant engineering undertaking. Starting now is not premature. For payments infrastructure, it is the right call.

This is one we left Amsterdam still thinking about. It is years away from being a live problem, which makes it easy to file under “later”. We think that is the trap. “Harvest now, decrypt later” means the clock has already started, because the data captured today is the data at risk tomorrow. You do not need to be rebuilding your cryptography this year to take it seriously. You just have to stop assuming today’s encryption is permanent. The institutions that plan now will be the calm ones when the standards arrive.

Not everything at Money20/20 was about what is coming. McKinsey’s Global Payments Map was about what is already here, and the numbers gave the week’s themes some scale. Three things stood out.

First, real-time payments. Moving money along an instant rail is now cheap and close to commoditised, so the margin has shifted to the trust layer on top, the services that turn real-time from “risky to use” into “safe enough to default”. What McKinsey names but stops short of is the hard part: that trust layer is a real-time decisioning problem, and it is the piece most institutions have not solved. 

Second, instant payments scale differently depending on where a market starts. In cash-heavy economies like India and Brazil, instant payments scaled by skipping cards entirely – moving straight from cash to digital. In card-heavy economies like Sweden, they grew by filling the gaps cards don’t cover, like P2P transfers and real-time settlement. There is no single playbook, so anything built to assess risk and move money has to assume variation from the start: different rails, regulators, and data in every market.

Third, cross-border is vast and opening up. McKinsey sized it at $178 trillion in flows and $294 billion in revenue, with stablecoins the obvious wedge: remittance fees as low as 1% against more than 5% on traditional rails. The rails are being rebuilt under everyone’s feet.

For institutions operating across borders, this variation is the operational reality. Every market brings different rails, different regulators, and different data. The platforms that absorb this without requiring a separate implementation for every jurisdiction are the ones that let you move at the speed the market now demands. That is something we think about carefully at Zoot Solutions – our platform is built to handle that variation from a single environment, so our clients can enter new markets without rebuilding their risk and compliance layer from scratch each time.

AI, agentic commerce, tokenisation, post-quantum security, and the hard numbers behind them: these are not independent trends. They point the same way – towards payments infrastructure that is faster, more automated, more cross-border, and built on stronger cryptographic foundations than today. 

The institutions treating them as future considerations will spend the next few years catching up to those that are already moving. Money20/20 made that gap visible. If there is one thread running through all of it, it is this: as everything around the transaction gets faster and more automated, the decision at the heart of it – who you are dealing with, what they are allowed to do, whether to proceed – matters more, not less. That is the part we pay closest attention to, and the one we think the rest of the industry should too.