How Invisible Payments Are Forcing Digital Identity to Evolve

As real-time commerce accelerates, the future of authentication isn’t about remembering. It’s about being recognized.

“Passwords are dinosaurs,” said Chris Palumbo, chief risk officer at Citadel Credit Union, during a recent PYMNTS panel on the future of authentication. “They just don’t know it yet.”

It was a moment that captured the truth about how people feel when they try to transact in a world built on six-digit codes, one-time passwords, and endless verification loops. The password, once the foundation of digital security, has become the very thing that slows commerce down. Every new credential or authentication step was designed to protect the user, but each has instead created fatigue, friction and frustration.

Invisible payments, the industry’s next great ambition, will never truly be invisible until authentication disappears into the background. That means building a model of trust that does not depend on memory or repetition but on recognition. It means embedding identity directly into the transaction itself, where it can work quietly and continuously to protect consumers, merchants and banks alike.

That was the focus of the PYMNTS conversation among Palumbo, Tom Poole, senior vice president of digital payments at Capital One, and Rodger Desai, founder and CEO of Prove. The panel explored what comes after passwords and how a more durable and dynamic identity layer can make authentication effortless without sacrificing security.

Advertisement: Scroll to Continue

“Invisible payments depend on invisible trust,” said PYMNTS CEO Karen Webster in opening the discussion. “Trust has to be built in, not bolted on.”

Every password and verification code is a layer of effort bolted onto an experience that should feel seamless. Consumers are asked to remember their way into security, but each new code they type is a reminder that the system doesn’t actually know who they are. Palumbo called it a cycle that undermines confidence. “When there’s a single compromise, trust starts to erode,” he said. “People lose faith that these steps are really protecting them.”

Shift From Memory to Presence

Capital One’s AirKey technology illustrates what the next stage of authentication looks like. Poole described it as a way to transform the payment card into a cryptographic cornerstone of trust. When that card interacts with the customer’s phone, the two create what he calls “dual presence,” a secure pairing that allows the bank to verify both card and device in a single moment.

“Everybody has a card,” Poole said. “We asked ourselves what else it could do. If the card can become the anchor of identity, then authentication happens inside the transaction instead of around it.”

Once the card and phone are linked, the relationship carries forward. The consumer doesn’t have to reestablish trust each time they transact. Instead, that trust persists. The friction vanishes. The protection stays.

Desai called this evolution inevitable. “[The industry] has spent years involving consumers in securing themselves,” he said. “That was always the flaw. Security should happen for them, not because of them.” AirKey, he added, fits naturally into a world where digital keys already unlock everything from phones to cars. Identity should work the same way, invisible but always present.

Anatomy of Invisible Trust

An embedded model of authentication changes the balance of security and convenience. Consumers no longer bear the weight of proving who they are. Merchants see fewer abandoned transactions and fewer false declines. Banks can gain a more reliable signal of trust, allowing them to approve more payments in real time.

Poole explained it as a way to remove unnecessary friction. “AirKey allows us to say ‘yes’ more often,” he said. With a single tap of the card to the phone, “It takes those moments when life is interrupted by authentication and replaces them with continuity. The customer just goes on with their day.”

Palumbo agreed that this is what consumers now expect. “They want choice,” he said. “They want security that feels natural, not like a test. The right balance is one where they are protected without ever feeling interrupted.”

Future of Embedded Identity

As agentic commerce, connected devices, and real-time payments expand, authentication will need to evolve from something transactional into something ambient. Trust will no longer appear as a separate checkpoint but as a property of the system itself. Standards will make that possible, ensuring interoperability and consumer confidence as identity moves invisibly across platforms and institutions.

Desai sees this future as a continuation of what younger consumers already experience. Their phones and cards are one object. Their devices already verify them in the background. They expect payments to feel as natural as unlocking a screen.

Passwords cannot survive in that environment. They belong to an era when identity was static and transactions were occasional. The world has moved on.

Invisible payments will depend on invisible authentication, and invisible authentication will depend on an identity layer that is alive, portable, and built into every transaction. The password age is ending, not with a sudden collapse but with a quiet replacement. A shift from remembering to being recognized.

When that happens, the panel concluded, trust will no longer feel like work. It will simply feel like part of how commerce now happens.