Episode 297 – A New Era for Card Issuing, with Nikil Konduru, Lithic

Drew Edmond

July 8, 2026

POF Podcast

At Glenbrook, we admittedly spend a lot of time focusing on the acquiring side of the payments ecosystem, which means we work with a lot of merchants that accept payments, and the providers that enable and optimize that acceptance – payment service providers, fraud providers, chargeback management, recovery solutions for failed payments, and the card networks themselves.

We’ve released many episodes over the last 18 months talking with folks across the industry focused on merchant payment optimization. To round out our perspective, Drew Edmond and Chris Uriarte chat with Nikhil Konduru, Chief Commercial Officer at Lithic, to discuss modern card issuing infrastructure and where the market is headed.

They break down the issuing stack and discuss issuer-side tools to improve authorization outcomes, reduce fraud and servicing costs, and increase transparency. The conversation also covers cross-border approval and economics, and explores agentic commerce via Nikhil’s “Intent Toll Booth” thesis: liability drives control, issuers may demand intent data, and regulatory and network rules may need to evolve.

 

Watch the full episode on YouTube: 

 

 

 

Episode Transcript

Drew Edmond: Hello, everybody. I’m Drew Edmond, a partner at Glenbrook, and your co-host for this episode of Payments on Fire. I’m happily sharing my co-hosting duties with my colleague, Chris Uriarte. Hello, Chris.

Chris Uriarte: Hi, Drew. How you doing today?

Drew Edmond: Just great. How are you?

Chris Uriarte: I’m good. I’m getting over a little bit of a sore throat, so if my voice is a little raspy, it sounds like I just smoked a pack of cigarettes, I hope the readers will, our listeners will understand. But should probably also note that, again, we’re recording this on video, so if you’re a longtime listener used to listening to us through our audio channels, you could head over to glenbrook.com, or the Payments on Fire YouTube channel, or also through the Glenbrook YouTube channel, which links to this video.

So I’m excited about today’s episode, Drew.

Drew Edmond: I am as well. We are veering over into the world of the issuing ecosystem and we oftentimes spend a lot of our time thinking about and talking about acquiring, the acquiring value chain. So I’m excited to kind of expand our topic set here on the podcast.

So we’re excited to have Nikhil Konduru, the Chief Commercial Officer at Lithic joining us today. Nikhil, welcome to Payments on Fire.

Nikil Konduru: Thanks, crew, excited to be here. I’ve told Chris this previously, but every new hire at Lithic gets a welcome kit, and one of the items in the welcome kit is a copy of Payment Systems in the US, and so very, very excited to be chatting with the OGs at Glenbrook.

Chris Uriarte: I remember you did tell me that some time ago, and thanks for the shameless plug, by the way. We didn’t put this into the script, but we should note that we’ve got version four, edition four of Payment Systems in the US coming out later this year.

So Nikhil, you’ll absolutely get an advance copy or two from us. But thanks for the plug on that.

Drew Edmond: So Nikhil, we like to get started learning about you as a person and understanding what your journey was to Lithic, and maybe if you can also tell us your role and responsibilities as a company as well.

So kind of the origin story of Nikhil and your path into to where you are at Lithic today.

Nikil Konduru: Yeah, absolutely. So I kind of started my career on the investment side of things. I worked at some growth equity firms and VC firms where I spent a lot of my time covering fintech broadly, but always found that I had an affinity towards payments and kind of payments infrastructure.

And I’m preaching to the choir here, but one of the things that was always fascinating to me was that it just felt like there were these incredibly durable businesses that you can build and just really intricate business models as well. And every stone you turn over, you find there’s a brand-new universe of things you can dig into and go and learn. And if you’re curious, there’s plenty of rewards for you.

So yeah, I love payments and about five years ago, I had this interesting opportunity to join Lithic, which at the time was still Privacy.com. And I knew that we were building out the issuing stack in the API business, and that was really exciting to me. Always had a bit of a bug to roll up my sleeves and actually build a startup instead of just investing in them. So when I had the opportunity, I instantly jumped over.

It’s been a journey since then for sure. I’m now the Chief Commercial Officer, and so I oversee the go-to-market function, which is sales, marketing, solutions, implementations, and customer success as well.

And so more recently, I’ve been spending a lot of my time on market expansion as we’re expanding globally as a card issuing platform, as well as new product commercialization as we’re shipping left, right, and center. And we’ve been spending a lot of time thinking about what the best kind of opportunities are for these new products and capabilities that we have been shipping.

Drew Edmond: So speaking of products and capabilities, I think it would help us to kind of ground ourselves in what Lithic actually does. How would you describe what Lithic solves for in the industry? Like, why does Lithic exist? You mentioned Privacy.com, so I think there’s probably a story there too of where Lithic started and kind of where you are today.

Nikil Konduru: Totally. So we build programmable card issuing and money movement infrastructure in a sentence. And so, our customers are fintechs, banks, technology companies that are looking to launch card products, whether that’s prepaid credit or debit card products across Visa, Mastercard, Amex, you name it.

And so, typically the use cases are things like, digital banking, of course, which is a big one, corporate expense cards, AP automation, as well as things you don’t instantly think of when you think of cards, but actually end up being really big applications. So, like, payroll and contractor payouts or insurance claims disbursement. All of these use cases that actually cards end up being really meaningful and a big piece of the monetization story for a lot of these customers of ours, actually.

And so some customers of ours that you might recognize across some of those use cases are, like, Mercury, which is a huge kind of SMB and startup-focused digital banking platform. AvidXchange, big in the AP automation space, of course. Fundbox, which does SMB lending. Atlas, which is big in the consumer credit building space. Those types of customers.

You kind of alluded to this already in the intro, but issuing for the most part has kind of almost been a bit of a black box in the industry.

I think acquiring is a little bit more well understood at least. And over the last decade you’ve had kind of these truly tech-forward platforms for the first time in a long time come to market, right? A lot of payfacs, a lot of – you see Stripe and Square and those almost household names at this point.

We’re doing that for issuing in a way, is an easy way of thinking about it. We’re truly making it programmable tech first, kind of condensing the time it takes to launch an innovative card product in a banking experience from several, several quarters, in some case years, down to just weeks or even days, depending on how quickly the customer can actually get their engineering teams to integrate and launch.

So let’s see. The origin story before that even, right? So I mentioned Privacy.com. We’ve actually been around for over a decade as a business. We started off as Privacy.com, which is a consumer card product with hundreds of thousands of active users. It was one of the first products in market really that had this idea of kind of allowing you to create virtual cards on the fly to go out and shop online, right?

And you yourself could pause cards and unpause them whenever you wanted to, lock cards to specific merchants, set your own spend limits on cards and change them over time, those types of use cases. And what we learned in that journey of building Privacy was that the state of kind of the legacy card issuing infrastructure was abysmal, right?

It just, like, you could not do anything innovative with it. It just was preventing us from creating the experiences we wanted to for our customers. And at that point we said, “Screw it.” We went out, raised a little over $100 million from great partners, Bessemer, Index, and some other firms as well, and spent a couple of years building out from scratch, right, a direct-to-metal card issuing and processing platform ourselves.

And so today we support these category defining companies, some of them that I named, right, so like Mercury and Avid Exchange and stuff across credit, prepaid, and debit use cases, because they all had the same pain point it turns out that we did, where they were being hamstrung from innovating because of the legacy infrastructure.

And so that’s why Lithic exists, is to make it easy to launch card products that do interesting things.

Chris Uriarte: Yeah, I think you’ve hit on something that I wanted to ask you some questions about, which is kind of still grounding us a little bit about this industry just in general. And if I rewind the clock back to probably not too long ago, maybe a decade ago or so, if you were not a bank and you wanted to, we’ll just say launch a card program, I’ll kind of use that generic term, you really didn’t have a lot of options, right?

You typically had to go work directly with a bank and strike some sort of co-branding type arrangement or something along those lines. There was not a lot of flexibility. Definitely, as you had said, not a lot of opportunity for innovation, how that program would work, how the technology worked behind the scenes. Most definitely not the types of controls and flexibilities that we have today that you would actually put in the consumer’s hands. That just didn’t exist. That has evolved over time, right?

And we see a number of different players in this space. I think, as we do work with our clients who are a little bit naive and inexperienced in this space, there’s a lot of confusion around the different players. So very often you hear the term program manager, for example, often used in the term of like a Marqeta, who’s been kind of a historical leader in that program management space. You look at what fintechs and PSPs are doing. You’ve got obviously the value proposition that you just described from Lithic, but then you also have players like Stripe or Adyen in the PSP space who have entered the market and enabling, I’ll just say programmable issuing programs themselves.

How do we make sense of the different players in this market? And what are the things that folks need to know and need to consider when we talk about what this looks like?

Nikil Konduru: Yeah, it’s a great question. You’re absolutely right about terminology, by the way. This is a broader problem with payments, but within issuing specifically, there’s a lot of lingo that gets thrown around or like confused in some ways, which is unfortunate. So I’ll try my best to kind of at a high level talk about what the stack is.

In the US, which obviously is the largest issuing market by far, right, over $12 trillion plus happens over, in card spend annually. You cannot issue a card on Visa, Mastercard, Amex network rails unless you’re a principal member of the network. And for all intents and purposes, in the US, that basically means you have to be a chartered bank, right?

And so what you often find is this idea of a partner bank, sometimes called a sponsor bank, sometimes more technically called a BIN sponsor for issuing. And so in every single fintech that you’ve ever heard of, right, you look at Chime, which is actually partnering with like a Stride or a Bancorp as the partner bank. You look at even Cash App, they’re partnering with a Sutton Bank. Mercury partnering with a Choice Bank and a Column Bank and others as well.

So there always has to be a bank somewhere in the mix that is actually the one on the back of the card, if you look, it says, “Issued by XYZ bank.” Right? That bank has to be in the mix. So the fintechs that they’re working with are kind of really the kind of distribution and they’re building the product and kind of packaging the value proposition, oftentimes embedding or bundling it into their broader platform that they already have.

The bank is really there in some ways to, for lack of a better term, kind of rent out their charter. They’re charging some fees, the fintech’s actually building. There’s an in-between layer, which is what folks at Lithic do, which is we’re acting as the actual issuer processor, right?

So the bank is a bank, the bank is not really a technology company, and the fintech has their business and they don’t quite know how to actually integrate with Visa and Mastercard, and Amex of course, and then use the network for the licensing. So that’s where we fit in as the issuer.

So there’s three parties now. The three core parties to actually get a card product to market. The bank, processor, and then the fintech on top of that. Of course, there’s a network which is even one layer below, but that’s kind of taken for granted for a second.

Chris Uriarte: Yeah. I think you raise a really important point here is the consumer-facing end of this, sometimes there’s even confusion there because you mentioned Chime, for example, who has a ton of consumers out there, a lot of customers. And I think very often people think that these entities that they’re dealing with are actually banks, right? Seems like they’re offering banking services. They’ll take deposits. They’ve got cards.

And of course, the likes of Chime are doing their very best to be compliant with laws, and you’ll never hear Chime refer to themselves as Chime Bank, for example, because they are not a chartered bank. But I think the consumer side of things has changed significantly, right? Where providers like yourselves have essentially enabled this sort of alternative, I’ll use the term banking, services economy to exist above and beyond the traditional banks, right?

Nikil Konduru: That’s exactly right. Yeah. Totally. And yes, they’re all very careful because they’re not allowed to say bank. They have to say, they have to play around it a little bit. That’s totally right. So a lot of these fintechs, the reason they’re even able to exist is because of some of the innovations that some of these partner banks, some of the technology providers like us on the issue of processing side have kind of packaged together.

There is a lot of complexity behind the scenes, right? There are network mandates you have to follow. You have to think about physical card manufacturing and fulfillment. You have to think about digital wallets and tokenization. You have to think about fraud prevention, transaction monitoring, chargebacks, disputes, authorization infrastructure that needs to be incredibly available, manage high throughput, all of these things.

Effectively, these days, folks like us have made that more easy by kind of allowing these fintechs to off-board that complexity to us to take care of behind the scenes. And all you have to interface with on the front end is the APIs and webhooks that we provide for you to go out, bundle into your product, and go to market.

And then you mentioned program management, so I do want to touch on that. So again, there’s three kind of key players. The bank, which is the actual issuing, BIN sponsoring entity that is a part of the network. You have the issuer processor. And then you have the actual fintech, which has their branding on the card and things like that.

Traditionally, the reason it’s been so complicated to launch these programs is that the fintech has had to take on all these operational tasks of being a program manager, right? Having to deal with reporting, compliance, reconciliation, network settlement, all of these things. These days, issuer processors like Lithic, and you mentioned some others as well, you can basically just have them serve as the program manager.

So beyond just the technology, you can also buy from them these operational services directly because they’ve done this, right? We’ve done this over 100-plus programs at this point. And so it’s more just peace of mind, allowing you to scale without having to staff up your own risk and compliance and operations teams to think about actually managing the card program at scale.

Chris Uriarte: That’s helpful, thanks.

Drew Edmond: And it’s so analogous, again, oftentimes thinking through kind of the acquiring lens, but a lot of what you’re saying is so analogous with the acquiring side, right? Like, we need to have, on the acquiring side, you need to have a sponsor bank to allow acquiring in the first place, right?

If you’re a payment service provider that’s not a bank, you’re partnering with a bank to allow you to do those things. Of course, there’s some developments in that space for some of those folks who do that directly, but even what you’re talking about just recently around, if you want to start offering these types of services, there’s a spectrum of effort or a spectrum of kind of outsourcing that you can consider to say, “Hey, I haven’t done this before. You all know this really well. Can you do this for me?”

And maybe over time in the future I can start to think about do I want to bring this in and handle more of the responsibilities internally. Maybe has implications for my commercials and economics, those types of things, my risk appetite and those types of things as well.

So I just find it interesting to kind of compare and contrast that. You talk about the complexity involved as well and just the multiple layers of the stack, again, coming at this from an angle of acquiring and kind of merchant acceptance, right? I mean, you’re issuing these payment instruments. Ultimately, those instruments are going to be used at payment acceptors of some sort.

We do a lot of work here at Glenbrook helping those payment acceptors optimize the acceptance of cards and other payment instruments. At the end of the day when you think about who can touch a transaction, who can influence a transaction, there’s a lot of work that merchants do to try to increase the success of their payments. There’s value-added services that payment service providers have implemented to increase that success rate. The networks are involved in touching that transaction.

But at the end of the day, the issuer has to make a decision on whether or not that transaction should be approved or declined. And there’s a lot of banks out there, there’s a lot of credit unions out there, there’s a lot of issuers, fintech issuers, there’s a lot of folks that have that influence over that transaction depending on where that transaction is going.

So with where you stand in that flow, in that transaction flow, I feel like Lithic and you have a lot of unique insight into a couple of areas that I’d like to kind of understand. One is kind of around, for your clients, the ones that ultimately want to issue that card to their cardholders, how do they think about managing the risk, managing the costs associated with card acceptance, thinking about things like chargebacks and maybe their cardholder experience and how that influences their authorization decision-making.

And then kind of the Lithic side, which is you’re building these tools and the business logic and the configuration dashboard for how those folks can make those decisions, like implement their policy through configuration to a certain extent.

So I’m kind of curious, like, your view on the issuer side of payment optimization. I think that’s a really interesting area to explore.

Nikil Konduru: Yeah. This is a really interesting question. I feel like, I mean, look, candidly, there are obviously sometimes countervailing incentives on either side of the card ecosystem. That’s a fact. But I think the one thing we’re kind of all universally aligned on is this idea that we’re all just trying to increase approval rates on good transactions, and then stamp out the fraudulent transactions. That we’re all aligned on, no doubt.

And so, in fact, I would say on the issuing side, it goes beyond just the fraud losses, like the immediate losses from fraud. It’s also just trying to avoid having to eat those servicing costs for when you do allow bad transactions to go through, right. Those are really expensive. On the issuing side, maintaining a cardholder support team, whether that’s email or chat or phone or IVR is expensive. Actually doing the chargeback processing is expensive.

And there’s also trust that gets eroded. If it’s a good cardholder trying to do a good transaction, for some reason your fraud systems are flagging it and blocking it, you’ve created friction for them. In some cases, you’ve embarrassed them, and that’s really unfortunate.

As the issuer, you have to be very careful not to let that happen, right? So yeah, something we think about deeply, and we have a full toolkit that we provide our issuers, right, to try to help them.

I’ll give you just two quick examples maybe. One of them is this idea that with legacy processors, sometimes when the declines happen, it’s a black box. The issuer themselves has no idea why the decline happened. Some fraud rule set 10 years ago in some module blocked the transaction, right? Which is such a shame, because when the cardholder rings up and the cardholder support person’s trying to explain what happened, they don’t know what happened, right?

And so one of the things we’ve been intentional about is everything has real time event-based webhooks that we fire off. No matter what happens across the program, programmatically this is being fired off. So if a card was shipped, webhook goes out. If a dispute was won, webhook goes out, give you information, like if a card was added to a mobile wallet, whatever.

Similarly for declines, we send these really detailed, kind of human-readable decline reason to the program so that their support teams always know why something was blocked, and they can explain that if they have to. Or they can send a notification to the cardholder to say, “Hey, try this instead.”

Like, “Hey, you had set as part of your app some budgeting thing that said for this type of merchant category, don’t let me spend more than $100 this month, and this transaction is putting you over it. That is why this got blocked.” Or, “Hey, like, you had put a geographic restriction and you forgot to update it. You’re actually in Brazil right now, and it looks like that’s why the transaction got rejected.” And so now the cardholder understands why. It’s just a better experience for everyone to fix it in the moment.

And then separately, we have also built authorization challenges, right? So this is the idea that if a decline does happen because of some more complex fraud logic that’s been built out, instead of just declining it and letting it die, you can send an SMS or like an OTP inside of your banking app to the cardholder that says, “Hey, this transaction was declined. Was this really you? If yes, say yes, and then try the transaction again. We can override the system right now.”

And so already, it’s like a much better experience for the cardholder and the issuer. So those are the types of tricks that we’re employing and are readily available for our customers to make sure they can think about approval rates and like more positive experiences.

But that’s more of a maybe slightly more tactical answer. There are some things I will say that probably need to be enforced by the network more than anyone else at the end of the day, in terms of kind of making sure we’re optimizing on both sides for approval rates. A quick example maybe is like the way that 3DS has been implemented in the US.

Drew Edmond: I wanted to ask about that, specifically because I think this concept of kind of, we’ll call it enhanced data sharing, right, like can we add more fields that allow the issuer or whoever’s making the decision to make a better decision, right? Is it IP address, billing address, device ID, whatever it might be.

And we have the protocols in place, right? We have 3DS data only and things like that. We have folks like Capital One that built a proprietary kind of channel for that to be built. You know, American Express has had that for a long time.

Do you see that as kind of a necessary continued evolvement to say, the more data the better? If we can get this and actually use it, well, this should lead to higher authorizations and just a better experience for every player in the ecosystem essentially.

Nikil Konduru: 100%. On the surface, the more data the better. I completely agree with that, especially with modern issuer processors like us.

We’re able to ingest a much broader set of information as part of those authorization decisions in real time. So like device data or like behavioral signals, all these things you can factor into that real-time authorization decision. So we can do things like that. Sometimes, though, the enforcement is where it gets tricky.

So for instance, if merchants don’t have to send like a 3DS step-up like authentication, but they do, it’s almost creating an adverse selection problem on the issuing side. We’re now thinking the fact that they did it in the first place probably suggests they themselves think it’s really high risk, so let’s be careful here before we approve it.

And so, yeah, that can become challenging for us to individually solve for as nodes on the network, and kind of needs to be more of a network-led solution itself.

Chris Uriarte: Yeah, I mean, that is a theme that we’ve talked about both in some of our articles and on this podcast as well. The theme that you’re getting to is particularly in unregulated markets, the presence of 3D-Secure often looks like a risk signal, not a trust signal, right?

And what winds up happening is issuers just wind up getting lots of 3D-Secure requests for the absolute most risky transactions that merchants have deemed most risky at least. So it’s kind of a little bit of a garbage in, garbage out situation, is it’s difficult for issuers to make good decisions if they’re not seeing a larger universe of transactions, only seeing the most risky ones. So I think that’s a really big issue that we’re seeing in particular, we’re talking about optimizing transaction related to authentication.

I want to expand though on this topic that we’re talking about. We’re talking about better experience for cardholders, authorization approval rate improvements, et cetera. Drew and I and my colleagues Simon and Samantha just released an episode of Payments on Fire last week where we talked about the challenges of going global for merchants. And global payments in general is a really, really difficult thing to manage for everybody in the value chain from an approval rate perspective, from a risk perspective. It has cost implications, things along those lines.

We know that this is one area that you’re growing in and you have a number of your customers that are using your cards in different parts of the world, and that essentially results in cross-border transactions taking place, right? So we know historically that cross-border transactions have been challenging from an approval rate perspective.

I would love to get your perspective about what’s really unique for this customer base who’s traveling around the world making a lot of cross-border transactions and how issuers and companies like yourselves can really improve the experience for cardholders that want to use these cards around the world.

Nikil Konduru: Yeah, absolutely. We’ve learned many lessons definitely as we’ve been expanding internationally. So now we have programs that are live in Canada, live in Latin America and Caribbean region, live in EU and UK, and so forth. Payments infrastructure obviously is like hyper localized, and so there’s multiple things to have to think about. Like when we went to Canada, we had to implement offline PINs, whereas the US is an online PIN preferring market. All kinds of little quirks like that you have to think through, right?

In terms of the challenges, frankly, there is a bit of a merchant acceptance gap for sure when you are using BINs that are issued in one region, acquired in different region. There’s multiple reasons for that. Many of them are good reasons, of course. On the acquiring side, these things can be higher risk. Sometimes there’s some fraud tool that was implemented a while ago, the BIN tables haven’t been updated and people don’t even know that that fraud rule is triggering somewhere on the acquiring side.

And so it just takes time to some extent to make sure that those systems themselves are being upgraded correctly to make sure you’re recognizing these cards and that’s ultimately going to solve more systematically the actual approval rates, is the kind of enforcement from the network side to make sure that all the acquirers are actually updating things correctly in their hardware and their software.

So that’s more high level. I will say the actual solution for us from the issuing side though, is actually do more local issuance. That’s the real answer, right? Not even just from an acceptance standpoint, but from a cost standpoint. It’s not really sustainable to expect that the program is going to run well with positive economics if you’re expecting to issue all your cards in like from the US with a US issuing bank, when actually they’re going to spend all of their money with foreign merchants.

Those cross-border network assessment fees will destroy you at scale, right? Just like simple rule of thumb. If it’s a US-issued BIN acquired by a foreign kind of merchant cross-border, I think just in network fees alone, you’re paying something like 1 to 1.2% plus 30 to 40 cents on a completed transaction. That eats into so much margin that that cannot be the right long-term solution. And that’s why these types of programs are required to put in their cardholder agreement, “Hey, there’s cross-border transaction assessment fee,” and you pass it through the cardholder and that’s an ugly experience.

And all those things I think, over time, the correct way to just avoid it is as you are scaling internationally, work with a local partner, a local issuing bank in each geo you expand to, so that you can issue from a local BIN if you expect that audience to be spending with merchants in that region primarily.

Chris Uriarte: Yeah. I think that’s a really, really good point. And we should probably note also back to the comment that you made about here in the US. If you’re going to issue in the US, you pretty much have to be a bank at the end of the day. You need to be chartered.

But that does change, right, when you look at different, other geographies like the UK and the EU and others where there are licensing regimes, that does make it a little bit more flexible for non-banks, for fintechs, for example, to get e-money licenses that would allow them to become members of Visa, Mastercard and issue. So, we should note that the landscape definitely does vary from different parts of the world.

But that’s a really interesting point. I mean, you’re on the issuing side just stressing, listen, if you’re really going to play in different geographies, you need to start looking at issuing directly in those geographies, right?

Absolutely.

Drew Edmond: So I think there’s another kind of level of nuance that I want to understand too, and that’s around the different types of customers that you have. If I think about, again, just comparing to the acquiring side, an airline compared to a grocery store compared to a streaming service have very different payments acceptance needs, whether that’s how you’re optimizing for recurring transactions and recovering failed payments or the types of payment methods that you might offer to your customers.

There’s just a handful of different things that are different across these different businesses. If you look at kind of your portfolio of customers, how do their needs differ, and how has Lithic kind of built to accommodate and to solve those challenges across those different categories?

Nikil Konduru: Yeah. This is really interesting. There’s a ton of variety, right? Like per your point, even at the highest level, a consumer card program looks so different from a business or commercial card program. Within that, a prepaid or debit program is so different from a credit program, right? A prepaid or debit program firstly not only needs like a front of card network like a Visa or Mastercard, but also you need to like integrate a secondary network on the back like an Interlink or a MyStore or Pulse or whatever it is.

So already now, settlement can look different, reporting is different, reconciliation is different. How chargebacks are handled can be different. So all of those things change even at the highest levels.

And then as you click further into it, there’s a ton of variety, right? Some cards, some card programs have like custom physical card chips that need to behave a certain way. Some fleet programs and need that fleet and fuel data that comes from the authorization if possible. Sometimes it’s a private label card program. So all of these things can really make it complex, and that’s why on the issuing side, it is more complex to launch a card program from scratch.

We are obviously trying our best to bring it as much as possible to do more like a, almost like a payfac for issuing model, right? That’s the absolute vision. That’s the North Star. However, it is more complicated to launch a card program versus just onboarding a merchant, right?

Because this card program is issuing a financial product at the end of the day, and so you need to think about a lot of regulatory things, a lot of compliance, a lot of risk, and a lot of product structuring to make sure we’re accommodating the needs of that program, right? The simplest example maybe is like, we have some big AP automation and procurement customers, right?

And so you can imagine the average transaction sizes are massive. Hundreds of thousands in some cases of dollars in a single transaction. Versus we have some other programs where it’s truly a consumer kind of disbursement use cases, like a corporate incentive type use case, where the card load to begin with was only ever $25, and they’ve spent it on like a $5 pack of gum and things like that, and sometimes in quick succession.

And so you need to adjust your models to make sure you’re thinking through that and not flagging transactions incorrectly for no reason.

Drew Edmond: Super interesting. Let’s switch gears for the moment as we kind of bring the conversation to a close in a few minutes here. But I think we wanna talk about agentic commerce. In my experience, well, and I laugh a little bit because we were having, even just on Slack at Glenbrook here, a civil discourse about agentic commerce, a particular topic in agentic commerce today.

But I wanna talk to you a little bit about it because you recently wrote an essay that you published on LinkedIn called The Intent Toll Booth. And I think, from my perspective, a lot of the discourse in the industry has been on, well, particularly the merchant perspective, I think, in terms of what is being built to enable merchants to accept agentic payments in some way, whether that’s you make sure your product schema and your inventory is up to date and all these types of things.

There’s been a lot of discussion, of course, on kinda just generally the protocols and all these things and some discussions around maybe the commerce surface area where we expect these transactions to happen. A lot of different angles to talk about. But if I look at even just the purely just the title of your piece, The Intent Toll Booth, two things kind of stick out to me there.

One is that we’re, you know, intent is such a critical component of this conversation around agentic commerce, ’cause you’re tying the behavior of an agent to the intent of a human, and trying to get that piece right. And then the toll booth component of that to me says, well, there’s gonna be a fee involved here.

So help us understand the kind of the core argument of your thesis so that we can dig into it a bit.

Nikil Konduru: Absolutely. I think you kind of nailed it in some ways. That’s exactly what I was trying to create kind of an image for, that was the picture I was trying to paint, right?

So the core premise really is to say that liability determines control. You kinda said this already up above, right? In some ways what you’re basically saying on the kind of merchant acquiring side, if you are willing to take on and price risk, your margins are bigger, naturally. It’s a similar type of argument I’m trying to make, which is that whoever is taking on liability gets to call their shots and demand what needs to be a part of the deal here.

Insurance carrier gets to demand any number of things from you ahead of time before they agree to the policy. And then actually even when you’re filing a claim, they have to ask for 10 other things from you before they will actually pay you out. Similar thing, I think, the issuers in these cases are going to be stuck with some of the liability because we’re not quite nailing these frameworks just yet.

And so when a cardholder does disagree with the transaction that happened that they’re out of pocket for, the first port of call, first place that you’re supposed to get protection from is your issuer, right? You call, there’s a purchase protection thing, there’s a chargeback system that works generally. So that’s who’s going to have to field that call and either eat the fraud losses or even just eat the costs of doing the servicing upfront.

And so I’m trying to make this argument that if that is going to be the case, the issuer is going to start demanding more in terms of that intent data. And then once they do have that intent data, there’s so many interesting things you can do because it’s the most highly monetizable asset that’s now being created now across this ecosystem.

Like, when you talk to ChatGPT or you talk to Claude and you say, “Hey, I’m in the market for,” or, “Help me think through the differences between this vitamin supplement or the other one,” there’s a ton of signal in there about what you might actually end up buying over the next couple of days that someone in the ecosystem is going to make a trillion dollar company off of.

Drew Edmond: I just wanted to double-click on the intent piece because it’s something that I think I’m still kind of grappling with a little bit because I think there’s actually a lot of analogous points to this of the Privacy.com virtual card, right?

There’s certain pieces of intent that are quite deterministic, right? Like, I want this thing from this merchant, it needs to be under this amount, and there are certain elements of that intent that can be really, I think, precise. And then when you start to have a little bit more science fiction conversations around what agentic commerce could look like in the future, where people start talking about, like, oh, I’m gonna have an agent that’s kind of essentially making judgment decisions on my behalf based on some amorphous blob of intent.

Of like, oh, build this cart based on some prior purchase history and, and make that decision. Or, buy me some clothes that are good for a wedding in July in Florida. There’s a lot of judgment that goes on in that decision-making process. And so defining that intent, especially in an autonomous agent commerce purchase, to me, that’s where it gets really challenging to build this framework around.

‘Cause it’s, at the end of the day, who is judging the accuracy of that? Correct. Because you’re gonna have every player in that flow of, the consumer’s gonna have a judgment of they did it wrong. What if the bank says, “Well, we think it was pretty close,” you know? And now you have this kind of adversarial relationship between the bank and the cardholder to say, “Well, we think the intent was good, and you don’t.” So I’m just curious, how you’ve thought about that notion.

Nikil Konduru: No, absolutely. And there’s so, right, technically, anything that’s not in the ISO 8583 message requires you to have judgment because it’s non-deterministic, right? Yeah. If it’s not specified field, technically we are applying judgment. Sure. And we all know that in consumer transactions, you’re basically never really getting L2, L3 data. There’s no SKU data coming through.

So, if I tell my agent to go and buy something, there’s nothing in the network message that says what size the T-shirt was. Was it red or green? Was it cotton or linen? Right. It’s a judgment that needs to be kept elsewhere outside of the network message itself today.

And so absolutely, there’s gonna have to be a lot of judgment involved, which means someone is taking on liability when that judgment is wrong or the consumer disagrees with it. So, yeah, it’s gonna be complicated.

Chris Uriarte: So I wanna expand on that. And first of all, I want to speak to just the last point you made, which you also spoke about earlier, which is kind of a fundamental notion in payments economics just altogether.

Actually, we teach this in our boot camps, which is that if you want to make more money in payments, you have to take on risk, right? So if you process an ACH transaction, just switch it, you can charge 15 cents a transaction. If you process an ACH transaction and guarantee it, you could charge 1.5% a transaction, for example.

Right. So I’m getting the sense here in your point, at number one to start with, is that probably the economics have to change here somewhere in the value chain. Oh, I don’t know about change, but maybe it introduces a new point in the value chain where economics need to be considered. And then the other thing that I’m thinking about is we’re talking about understanding what the consumer’s intent is, to what extent do we think issuers are actually gonna go in satisfying the consumer when it comes to disputes around this?

Because right now, as a consumer, I feel like consumers feel like most major issuers are kind of, they’re rooting for them. You know, the consumer is the issuer’s customer, and the issuer is representing them in a dispute. I certainly feel like that. I mean, most of my card transactions are done through Chase or through American Express, and I feel like they’ve always had my back on a dispute.

But now you’re in a scenario, right, where the consumer potentially says, “I didn’t really mean to buy that, but the agent bought this for me. I want to dispute it.” And perhaps we enter a scenario where the issuer maybe needs to be not as consumer-friendly with these type of disputes. How perhaps do we see that change as well?

Nikil Konduru: It’s a very interesting call-out, and it’s gonna have to be a fine line that they kind of have to tread. Yeah. I will say today it’s semi-adversarial. You’re absolutely right in that by and large, we feel like the issuer does have our back, and that’s the final port of call. Like, if I call the merchant and say, “Hey, this was not correct,” and they say no, that’s what I’m gonna do. I’m gonna call Chase and say, “These guys screwed me over. Figure it out, please.”

However, even on the issuing side today, friendly fraud is kind of rampant. This is something they struggle with, right? And so in some cases, they are forced to actually validate and be a little bit more interrogatory and ask questions to make sure that it was, in fact, the merchant’s fault because people do take advantage of issuers as well, like these cardholders.

So it’s almost like the ultimate backstop then is actually going to be, it needs to be regulatory, right? Like Reg E and Reg Z and things like that today have relatively good frameworks for how issuers must apply provisional credits, how they must handle servicing and notifications, things like that.

And Chris, you’re absolutely right. If it gets to a place where it feels like issuers almost being, are self-interested to say, “No, no, this agent executed it correctly. This is on you now.” The regulators are going to have to step in and figure out how they make the ecosystem deliver on obligations to the ultimate consumers here.

Chris Uriarte: Yeah. So there’s got to be a point, I’m not sure at what point the regulators actually act on this, but I think the thing that we’ve all been waiting for is to see how the card networks react to this, right? It’s probably realistic that the card networks at some point will step in and strengthen the liability rules and sort of create some new liability frameworks around this.

I think they’re going to have to. We haven’t obviously seen that yet, but I think we’re just too early in this for the card networks to really put something substantial in place. But certainly agree with you there.

Drew Edmond: So these are super thorny questions and the answers to them will evolve over time, I think, as a lot of the different components of agentic commerce continue to evolve.

I think that how we think of it today is gonna probably look a lot different from how it looks in 5 years, 10 years anyways. But it’s really interesting, I think, to start having these really foundational conversations about how these things could and should be implemented.

You brought up friendly fraud. I think that obviously merchants, a lot of merchants are very tired of friendly fraud and concerned with friendly fraud, and it’s a really challenging thing to resolve, and this is kind of an extension of that, to your point, right? This is, my dog ate my homework, you know? It wasn’t my fault. What do we do about it?

So no easy answers, but that’s why we get to have interesting conversations about them. And maybe with this, a last question around just your thoughts maybe on the future, where do you see the issuing industry kind of headed over the next several years? So we can kind of round out the conversation.

Nikil Konduru: Absolutely. I think about this deeply. The main thing I’ll say is that, kind of scary thing for the traditional issuers today is that it seems like they’re not quite reading the tea leaves and they are weirdly going down with the ship with, like, the legacy core banking solutions they’ve always had.

Behind closed doors always complaining, and yet they’re just stuck with them, married at the hip. And they’re not really able to innovate because they’re not moving onward and actually investing in that modernization of the tech stack, right? If they saw what kind of these next gen issuer processors are able to do, their heads would spin.

Just to give an example, with Lithic you can connect the MCP. You can literally use whatever voice-to-text AI app you like, get whisper flow going. Just if you can imagine it and articulate it, in minutes you can build the card product of your dreams. This is all possible today, and yet they think that they have a decade to get there.

They don’t. These fintechs are gonna lap them unless they get their act together quickly and start to actually make the kind of scary investments to modernize and replace some of the legacy infrastructure that’s preventing them from creating the experiences that they know the consumers are asking for, right?

Consumers these days, even small businesses, are trained to expect consumer tech experiences. Like, everyone has used ChatGPT and seen that magical moment. And yet we give them these banking experiences from 25 years ago. Super clunky, not digital first. it’s just not gonna work, right?

Very quickly they’re gonna find out that the ground is moving from underneath them. So that’s what I’ll say is I think whoever acts quickly over the next year or two is gonna be in a much, much better place than folks that think they have a long time to start take actions on modernizing.

Chris Uriarte: I think that’s a super point. And I think we kind of see that from our own experience here is, is we work with a big, big legacy bank, and I’m not gonna name and shame on the podcast today, but the user experience, the digital experience, is just so terrible that I would actually consider switching banks just because of that experience, right?

‘Cause at the end of the day, what else are they offering, right, the end user? It’s all about the experience. I mean, anybody can hold money at the end of the day, but what does that experience look like? And I agree with you. I think some of the legacy players in both the banking and the issuing space have a long way to go

Drew Edmond: Yeah. I was gonna say something very similar, just the challenges that older banks have, it’s nothing new, in terms of this perspective. But they’ve got siloed data. They’ve got really legacy core infrastructure. They’ve got siloed organizational issues.

Them thinking about, “How do I provide a better issuing and digital banking experience for their customers?” It’s just like, it’s one of so many, instant payments, there’s so many things that these banks have to think about and try to do that, yeah, it’s just really challenging for them to do it.

And I think the time period that you’re saying, Nikil, in terms of where the market’s going, who’s starting to grab that market share, and just truly the capacity of the banks to catch up or to stay at pace with some of those things is really challenging.

Okay. This was a great conversation, Nikhil. I really appreciate you joining us for it and, yeah, thanks for coming on board.

Nikil Konduru: No, this was super fun. Thank you so much.

Drew Edmond: All right. Well, for everybody else that’s listening, thank you and have a great one.

 

 

Payments News

Stay on top of the rapidly evolving payments world with Glenbrook’s free curated news feed, delivered daily to your inbox.

Payments Views

Read our commentary and opinion blog written by members of the Glenbrook team on payments industry topics, large and small.

Glenbrook’s live and on-demand workshops help you understand and apply the innovations shaping the payments industry. Register today or schedule a custom workshop for your team.

$

Trending Episodes

Launch, improve & grow your payments business