AI Payment Security: What Kenya Can Learn from AP2

Agentic AI is already being asked to do something most Kenyan consumers still prefer to double-check: pay on your behalf.

That shift changes the risk model overnight. When an assistant can move money, the question isn’t just “Is the payment fast?” It’s “Can the system prove the AI should be allowed to pay, for this amount, to that merchant, right now?”

A recent signal from the global market is OnePay joining Google’s AP2 initiative to make agentic AI payments more secure. The original press coverage was blocked behind automated bot checks, but the direction is clear: big payment players are building standards and controls for AI-initiated transactions. For Kenya—arguably the most mobile-money fluent market on the continent—this matters immediately. Our payments are already mobile-first. The next step is AI-first.

This post sits in our series, “Jinsi Akili Bandia Inavyoendesha Sekta ya Fintech na Malipo ya Simu Nchini Kenya”, and focuses on one theme: AI payment security. Not theory. Practical guardrails Kenya’s fintechs, mobile money providers, banks, aggregators, and merchants can start implementing before “pay for me” becomes normal behavior.

Agentic AI payments: the risk isn’t the AI, it’s the authority

Agentic AI payments become dangerous when “intent” and “authorization” get blurry. A human can intend to pay and still get tricked. An AI can intend to pay and still be manipulated—at scale.

Here’s the simplest way to think about it:

• Traditional mobile payment risk: Is the user real and not being coerced?
• Agentic payment risk: Is the AI allowed to act, within strict limits, and can we verify the instruction chain?

Kenya’s mobile payments ecosystem already handles massive daily volume across P2P transfers, merchant payments, bill payments, and lending repayments. Add an AI layer and you introduce new attack paths:

What changes when an AI “acts”

1. Prompt injection becomes the new phishing. If an AI reads messages, emails, invoices, or chat content, attackers can hide instructions inside content that nudges the AI to pay.
2. Session hijacking gets more valuable. Stealing a token that allows an AI to initiate payments could be worse than stealing a user password—because it can run repeatedly.
3. Dispute complexity increases. “I didn’t authorize that” becomes “I asked my assistant to handle it and it made a bad decision.” Liability gets messy.

A strong AI payments model treats an AI like a junior employee: helpful, but never trusted with blank-cheque access.

Why Google AP2-style partnerships matter to Kenya’s mobile payment future

Global standards around agentic payments will shape local product expectations. Kenya’s users are already comfortable with mobile flows; what they demand next is confidence: fewer scams, fewer wrong-payments, faster reversals, and clearer audit trails.

Even without access to every detail of the OnePay announcement, the intent behind joining a Google-led program is easy to interpret: interoperable security rules for AI-initiated commerce. That’s relevant to Kenya for three reasons.

1) Kenya is mobile-first, so AI-first adoption will be fast

When most transactions already happen on phones, adding an AI assistant is a UI change, not a behavior change. People already:

• buy airtime and bundles
• pay rent and utilities
• pay at merchants via QR/USSD/app
• send money to family daily

If a reliable assistant can do those tasks faster, adoption will follow—especially in December when spending peaks and people juggle school fees, travel, gifts, and end-year business payments.

2) Kenya’s fraud reality is practical, not academic

Kenyan consumers have lived through social engineering: fake customer care, SIM-swap attempts, “wrong number” reversals, malicious links, fake till numbers, and impersonation. Agentic AI expands the attack surface.

So when global players build AI payment security frameworks, Kenya should treat it as a warning and a playbook: attackers will follow the easiest market to exploit.

3) Interoperability is the prize

Kenya’s ecosystem includes telcos, banks, fintech apps, aggregators, and merchants. Agentic payments will work best when rules can travel across systems:

• common token formats
• consistent authentication levels
• standardized risk signals
• clear merchant identity

That’s why AP2-style alignment is worth paying attention to. It’s not “Silicon Valley news.” It’s a blueprint for what customers will soon consider normal.

The controls Kenya needs for secure AI-powered mobile payments

Secure agentic payments require layered controls: identity, permissioning, context, and auditability. If you only do one of these, you’ll still leak.

1) Treat permissions as a product feature, not a legal checkbox

Most fintech apps bury authorization in terms and conditions. That won’t work for agentic AI.

A Kenyan-friendly model looks like this:

• Spend limits: daily/weekly caps for AI-initiated payments
• Merchant allow-lists: approved paybills, tills, and billers
• Purpose boundaries: “utilities only” vs “any transfer”
• Step-up approval: biometric/PIN required above KES X
• Time windows: AI can pay bills 7am–9pm only

If your AI assistant can’t explain why it was allowed to pay, your security model is incomplete.

2) Use “step-up” authentication in a way that respects Kenyan UX

Kenyan users hate friction—but they hate losing money more.

A good compromise is risk-based step-up:

• Low-risk: known merchant + typical amount → allow with passive checks
• Medium-risk: new merchant or unusual amount → require biometric or PIN
• High-risk: new beneficiary + high amount + odd time/location → block or require manual review

This is where AI in fintech helps: fraud models can spot unusual patterns faster than manual rules.

3) Make merchant identity harder to fake

Merchant impersonation is a real issue. Agentic AI makes it worse if the assistant picks a merchant from text or images.

Practical safeguards:

• verified merchant directory inside the app
• strong normalization of paybill/till names (reduce lookalikes)
• confirmation screen showing logo + category + last paid date
• warnings for newly created or rarely used merchants

Your AI shouldn’t “guess” the paybill. It should verify it.

4) Build an audit trail that can survive disputes

Agentic payments need explainability, not just for regulators but for customer trust.

Every AI payment should store:

• the user’s instruction (“Pay KPLC 3,500”) and the channel it came from
• the data used (invoice reference, saved biller, due date)
• the risk score and which checks passed
• the authorization method (passive/biometric/PIN)
• the exact beneficiary identifiers (paybill/till/account)

When a customer complains, your support team shouldn’t be guessing. They should be reading a clear timeline.

5) Assume prompt injection and sandbox external content

If your assistant reads:

• SMS notifications
• WhatsApp business messages
• emails
• scanned invoices

…then it will eventually read something malicious.

Best practice is to sandbox and sanitize untrusted content:

• never allow payments from content alone
• require confirmation from an internal verified merchant record
• flag suspicious phrasing like “urgent”, “send now”, “change account”

Kenya’s fraudsters are creative. Your content filters must be, too.

What this means for Kenyan fintech marketing and customer education

Security messaging is now part of growth. If you want leads in Kenya’s fintech market in 2025, you can’t just promise speed and convenience. You need to explain safety in plain language.

Here’s what I’ve found works when educating users about AI-powered mobile payments:

Use simple, repeatable “rules of safe AI payments”

Publish and repeat a short list across app screens, SMS, and social:

1. AI can pay only saved billers (unless you approve a new one)
2. Big payments need biometrics
3. You can pause the assistant anytime
4. You’ll get instant alerts for every AI payment

These become mental guardrails customers remember under pressure.

Build trust with visible controls

A settings page that shows “Your assistant can do…” with toggles is not just UX—it’s conversion. People adopt what they can control.

For example:

• “Allow the assistant to pay utilities” (toggle)
• “Allow the assistant to send money to contacts” (toggle)
• “Require fingerprint above KES 2,000” (toggle)

Turn December spending into a security moment

December in Kenya comes with high transaction volume and higher scam attempts. Use it:

• push a short in-app checklist before end-month bill payments
• remind users about verified merchants
• highlight step-up approvals for unusual payments

That’s practical customer care—and it reduces losses.

“People also ask” for AI payment security in Kenya

Can AI really make mobile payments safer in Kenya?

Yes—if AI is used more for detection than for blind execution. AI excels at spotting anomalies (odd timing, device change, unusual merchant). But execution must be bounded by strong permissions and step-up authentication.

Will agentic AI replace M-PESA apps and bank apps?

Not replace—sit on top of them. The winning model is an assistant that can initiate actions across mobile money and bank rails while respecting each provider’s authentication and limits.

What’s the biggest mistake Kenyan fintechs will make with agentic payments?

Giving the assistant too much power too early. Start narrow: bill payments to verified merchants, capped amounts, clear reversibility, and strong logging. Expand only after you can measure fraud outcomes.

Where Kenya should go next

Agentic AI payments are coming whether the ecosystem feels ready or not. The smartest move is to define the rules early—permissions, step-up authentication, merchant verification, and audit trails—so adoption doesn’t become a fraud wave.

OnePay joining Google’s AP2 is a useful signal: serious players are standardizing how AI-initiated payments should be secured. Kenya’s fintech market should watch that trend closely and translate it into local product requirements, local language education, and locally realistic fraud defenses.

If you’re building or marketing a fintech product in Kenya, treat AI payment security as a lead driver. People don’t just want an assistant that pays. They want one they can trust.

What would it take for you—or your customers—to feel comfortable letting an AI approve a payment while you’re offline?