Why it matters

Payment security is existential. Understanding threats guides defense.

Advertisement

The architecture

Token theft: intercept token in transit. Defenses: TLS, short expiration, single-use.

Agent compromise: attacker controls user's agent. Defenses: agent-user binding, spending limits.

AP2 threat modelToken theftintercept in transitAgent compromiseattacker controlMerchant fraudfake merchantDefense-in-depth: multiple protections at each layer; no single break causes total loss
Threats and defenses.
Advertisement

How it works end to end

Merchant fraud: fake merchant collects payment for nothing. Defense: merchant identity verification, dispute process.

Replay: reuse captured token. Defense: single-use, nonce tracking.

Wallet compromise: catastrophic. Defense: hardware-backed keys, multi-factor auth.

Fraud detection: velocity checks, anomaly detection at wallet.