Agentic wallet Malaysia: 2026 guide for merchants

Cherie Foo
Growth Content Manager

Key takeaways:
An agentic wallet is a digital wallet that lets an AI agent spend on a consumer's behalf within rules they set in advance, with no raw card or wallet credentials ever leaving the wallet environment.
Malaysia's wallet-heavy market gives merchants a structural head start, but most existing wallets aren't built for agent delegation yet, and FPX's redirect model is incompatible with agentic payments by design.
Airwallex Payments gives Malaysian merchants payment infrastructure that is well positioned for agentic commerce, combining FPX, 160+ payment methods, and cross-border settlement through a single integration.
Agentic wallets are emerging as the next evolution of digital payments, allowing AI agents to make purchases on a consumer's behalf.
For Malaysian merchants, this shift brings both opportunities and challenges. While digital wallets are already widely used, most existing wallet infrastructure wasn't designed for AI-initiated purchases.
In this article, we'll explain how agentic wallets work, why existing payment methods weren't designed for AI-initiated purchases, and what Malaysian merchants can do today to prepare for the next phase of online commerce.
For a full breakdown of what's already live in Malaysia and how agentic payments work mechanically, see our guide to agentic commerce in Malaysia and our guide to agentic payments.
What is an agentic wallet?
A digital wallet like Touch 'n Go eWallet or GrabPay stores your payment credentials and lets you tap, scan, or click to pay. Every transaction is still initiated by you.
An agentic wallet goes a step further. It not only stores your payment credentials, but also lets you authorise an AI agent to make purchases on your behalf within rules you set in advance. Instead of approving every individual checkout, you define what the agent is allowed to do, and it carries out purchases within those limits.
The AI agent never sees your card number or wallet login details. Instead, the wallet issues a scoped payment token: a credential that only allows transactions within the conditions you've approved.
Those conditions might include:
Which merchants the agent can buy from
The maximum amount it can spend
How long the authorisation remains valid
Transactions outside those limits are rejected, and the token can no longer be used unless it remains within the authorised policy.
For merchants, this distinction is important. An agent-initiated payment isn't an unauthorised transaction; it's one the customer approved in advance.
Whether a payment is tapped, scanned, or triggered by an AI agent acting within the customer's pre-approved limits, your role remains the same:
Accept the payment
Keep accurate transaction records and any authorisation information provided with it
Settle the transaction
Handle any exceptions if a payment falls outside the customer's authorised mandate
Airwallex gives you the infrastructure to do that at scale: accepting payments locally in MYR across FPX, GrabPay, and 160+ payment methods, with like-for-like multi-currency settlement built in.
How an agentic wallet works: the three layers
An agentic wallet sits between the AI agent and the payment rails it needs to access. The architecture has three layers. Running through each one: a Malaysian business owner has set up an AI assistant to reorder office supplies from a supplier in Petaling Jaya when stock drops below a set threshold.
1. The intent layer
This is where the AI agent operates. Based on the owner's instructions, it decides what to buy, from which supplier, and when. It passes that decision to the policy layer.
At no point does the agent touch payment credentials directly: it has no access to the wallet's underlying card or account details.
2. The policy layer
This is the enforcement layer. Before any payment fires, the wallet checks the agent's request against a set of hard rules the owner defined:
Is this supplier on the approved merchant list?
Does the order amount fall within the RM spend cap?
Is the agent's authorisation window still active?
If the answer to any of these is no, the payment is blocked. This layer is deterministic: it doesn't reason, negotiate, or make exceptions. It checks the rule and acts on the result.
That's an important point for business owners evaluating agentic wallets. The security of an agentic payment doesn't rest on the AI behaving correctly. It rests on the policy layer, which doesn't rely on AI at all.
A confused agent, a poorly worded prompt, or a malicious instruction embedded in a webpage cannot override a hard RM spend cap or an approved merchant list.
3. The settlement layer
Once the policy layer clears a transaction, payment executes through existing payment infrastructure, whether that's card networks or another supported payment method tied to the token.
Relevant transaction details are logged, including which agent acted, which merchant was paid, how much, and when.
Where supported, the consumer can review the transaction history. If something looks wrong, they can revoke the agent's access to prevent future transactions.
Why Malaysia's wallet ecosystem matters
Malaysia is one of the region's most wallet-centric payment markets.
Digital wallets such as Touch 'n Go eWallet, GrabPay, Boost, and ShopeePay are part of everyday spending for millions of consumers, making the market quite different from card-first markets where payment cards remain the default way to pay.
This creates a strong starting point for agentic wallets. Because payment credentials are already stored within the wallet environment, wallet providers are well placed to introduce delegated payment capabilities as the technology matures.
The concept is similar to setting a spending limit or other controls on a digital wallet today: the user defines the rules, and the wallet enforces them automatically.
That doesn't mean Malaysia's existing wallets already support agentic commerce. Most are still designed around payments initiated directly by the user rather than by an AI agent acting under delegated authority.
Here's a snapshot of where the key technologies behind agentic wallets stand in Malaysia today:
Technology | Current status in Malaysia |
|---|---|
Card-based agentic payments (for example, Mastercard Agent Pay and Visa Intelligent Commerce) | Live |
Wallet-native agent delegation (Touch 'n Go eWallet, GrabPay, Boost) | Not yet mainstream |
Ant International's Agentic Mobile Payment (AMP) protocol, with Touch 'n Go eWallet as a deployment partner | In development |
One notable development is Ant International's Agentic Mobile Payment (AMP) protocol, which was designed specifically for mobile wallets. Touch 'n Go eWallet has been announced as a deployment partner, signalling that Malaysia is likely to be an important market as wallet-native agentic payments evolve.
For merchants, the key question isn't whether customers will continue using digital wallets; they almost certainly will. It's whether your payment infrastructure will be able to accept transactions authorised by an AI agent, rather than only those initiated directly by a person.
Supporting delegated payment tokens requires different capabilities, and preparing your checkout infrastructure early will make it easier to adopt agentic commerce as it becomes more widely available.
The FPX problem (and what to do about it)
FPX is Malaysia's most widely used online payment method, so for many eCommerce merchants, it's a core part of the checkout experience.
The challenge is that FPX was designed for people, not AI agents. Every transaction redirects the customer to their bank's website or app, where they must log in, complete authentication (such as a one-time password or approval), and manually authorise the payment before returning to the merchant's checkout.
An AI agent can't complete that process. Once the payment flow requires a bank redirect and manual authentication, the agent cannot complete the purchase.
Rather than a payment failure, merchants are more likely to see customers abandoning the checkout because the AI can't finish the purchase.
That doesn't mean you should remove FPX. It remains an essential payment method for human shoppers. Instead, merchants should offer additional payment options that support AI-initiated transactions alongside FPX.
Some of the most important payment capabilities merchants should look for include:
Payment methods that support delegated or tokenised credentials as they become available.
Credential on File (CoF) implementations that support merchant-initiated transactions (MIT).
A payment platform that can support new payment methods without requiring a checkout rebuild.
As agentic commerce develops, it's worth asking your payment provider a few practical questions:
Can your platform support delegated payment tokens as they become available?
Can your platform accept delegated payment tokens from Mastercard Agent Pay and Visa Intelligent Commerce?
Does your Credential on File implementation support merchant-initiated transactions without an active customer session?
Airwallex Payments supports FPX, GrabPay, and 160+ payment methods through a single integration, allowing merchants to accept local and global payments without managing multiple separate payment integrations.
Consumer control: spend rules, audit trails, and what happens when something goes wrong
One of the most common concerns business owners raise about autonomous payments is visibility. If an AI agent is spending on a customer's behalf, how do you (and your customer) know what it bought, where, and when?
A well-designed agentic wallet answers this at the infrastructure level, not just as a product feature. Here are the five controls that govern what an agent can and cannot do:
RM spend caps. The agent cannot spend more than the consumer set. This is a hard ceiling enforced at the policy layer — not a preference the agent can override.
Merchant restrictions. Agents can only transact with pre-approved merchants. A vendor outside that list is blocked before the payment even attempts to go through.
Time-bounded sessions. Authorisations expire. An agent given access for a specific task loses that access automatically when the window closes, without the consumer needing to manually revoke anything.
Instant revocation. If something looks wrong, the consumer can cut off the agent's access immediately, without cancelling the underlying payment method or affecting any other agents they've authorised.
Full audit trail. Every transaction is logged: which agent acted, which merchant was paid, how much, and when. The consumer can review the complete record at any time.
For merchants, the audit trail isn't just a consumer-facing feature. Merchants should also maintain robust transaction records to support dispute resolution and compliance obligations.
There is no dedicated case law on agentic commerce disputes yet, which means your transaction records are your primary defence if a purchase is later challenged.
Malaysia's central bank issued a Policy Document on Technology Requirements for Payment Services Regulatees in March 2026, setting clear expectations for audit trail integrity and cybersecurity standards across payment providers.²
The recordkeeping expectations that flow through to payment providers flow through to merchants too. Capture mandate context, agent identity, and authorisation details at the point of sale: incomplete records make disputes significantly harder to resolve.
How agentic wallets handle threats that regular wallets weren't built for
A regular digital wallet was designed with one threat model in mind: stop unauthorised humans from accessing your money. An agentic wallet has to go further. It also has to handle threats that emerge specifically because the buyer is an AI.
There are three worth understanding as a merchant:
1. Prompt injection
A malicious instruction embedded in a webpage or product listing tries to hijack the agent's behaviour — for example, telling it to ignore its spending limit or buy from an unapproved merchant.
The policy layer can prevent unauthorised payments resulting from prompt injection by enforcing hard transaction limits, even if the AI has been manipulated.
A hard RM spend cap cannot be overridden by a prompt. This also means that a compromised product listing on your own site cannot be used to manipulate an agent transacting with a competitor.
2. Model error and hallucinations
AI models make mistakes. A poorly worded prompt or an unexpected input can cause an agent to misinterpret its instructions.
Hard spend caps and approved merchant lists act as a safety net: even an unreliable model cannot cause disproportionate financial damage when the policy layer is doing its job.
3. Know Your Agent (KYA)
Know Your Agent (KYA) is the emerging standard for verifying that a transaction came from a legitimately authorised agent, not a bot running automated checkout attacks.
This is particularly relevant in Malaysia's high-frequency, wallet-heavy payments environment, where fraud controls calibrated for human sessions can incorrectly flag legitimate agent traffic or, worse, pass fraudulent automated traffic that mimics it.
As a merchant, KYA is the specific question to raise with your payment provider as agent transaction volumes grow. Fraud models built for human behaviour need to be recalibrated for machine-generated payment patterns, and the sooner that work starts, the less disruptive it is.
What Malaysian merchants should do now
Agentic wallets aren't fully mainstream yet, but the infrastructure decisions you make now will determine whether you're ready when they are. Here are four things to do now:
1. Check your checkout for FPX-only dependency
If FPX is your primary or only online payment method, agent-initiated transactions will drop off silently. Add additional payment methods alongside FPX so your checkout isn't dependent on a single redirect-based payment flow.
2. Ask your payment provider three questions
Can your checkout receive delegated payment tokens from Mastercard Agent Pay and Visa Agentic Ready?
Can your platform support delegated payment tokens and automated transaction flows as they become available?
Does your Credential on File setup support merchant-initiated transactions without an active customer session?
3. Set up separate tagging for agent-initiated traffic
When agent transactions start appearing in your data, you want to see them clearly — not blended into your card-not-present (CNP) volume where they'll distort your fraud models and conversion metrics. Setting this up before volume arrives is far easier than retrofitting it later.
4. Start capturing mandate context at the point of sale
Under the Electronic Commerce Act 2006 and the Contracts Act 1950, your transaction records are your primary protection in a dispute where no human was present. Capture agent identity, mandate context, and Know Your Agent (KYA) credentials at checkout now.
Incomplete records make disputes significantly harder to resolve, and Malaysia has no dedicated agentic commerce case law yet to fill the gap.
Airwallex supports FPX, GrabPay, and 160+ local payment methods through a single platform, with local MYR acquiring and like-for-like multi-currency settlement. This gives you the infrastructure to accept payments from customers globally, whether initiated by a person or an AI agent.
Frequently asked questions (FAQs)
What's the difference between an agentic wallet and a regular e-wallet like Touch 'n Go or GrabPay?
A regular e-wallet stores your payment credentials and lets you pay when you choose to. An agentic wallet goes further: it also delegates bounded authority to an AI agent to spend on your behalf, within limits you set in advance. The agent gets a scoped payment token, not your actual wallet login or card details. Touch 'n Go and GrabPay are not currently agentic wallets, but as wallet providers develop support for agent delegation, that may change over time.
Can an AI agent use my customer's Touch 'n Go or GrabPay to pay at my store today?
Not yet at a mainstream level. Card-based agentic payments are live in Malaysia today via Mastercard Agent Pay and Visa Agentic Ready, meaning agents can transact using tokenised card credentials. Wallet-native delegation — where an agent draws directly from a Touch 'n Go or GrabPay balance — is the next frontier. TNG Digital's CEO has publicly confirmed the company is actively exploring agentic payments, describing Malaysia's regulatory climate as encouraging for the move.
If an AI agent makes a purchase my customer didn't intend, who is responsible under Malaysian law?
Under the Electronic Commerce Act 2006, purchases made by AI agents are likely treated as legally enforceable electronic transactions, with the agent acting as an extension of the account holder. Malaysia has no dedicated case law on agentic commerce disputes yet. In practice, the spend mandate the consumer set before authorising the agent serves as the primary record of consent. As a merchant, capturing that mandate context, agent identity, and authorisation details at the point of sale is your best protection if a transaction is later challenged.
Does Malaysia have regulations specifically for agentic wallets?
Not yet. Existing rules — the Electronic Commerce Act 2006, AML/CFT requirements, and e-money regulations — apply to agent-initiated transactions the same way they apply to any digital payment. Malaysia's central bank issued a Policy Document on Technology Requirements for Payment Services Regulatees in March 2026, which sets clear standards for audit trail integrity and cybersecurity across payment providers, but there is no dedicated regulatory category for agentic wallets at this stage.
My business uses Islamic banking, are there agentic wallet considerations I should know about?
Yes, and this is currently unaddressed by any formal Malaysian authority. Autonomous AI transactions raise open questions around contractual consent and agency under Islamic law, particularly for businesses operating under the Islamic Financial Services Act 2013 or with Shariah-compliant banking relationships. No formal guidance has been issued. Seek specialist advice before deploying agentic payment flows in this context.
Sources:
https://pymnts.com/artificial-intelligence-2/2026/agentic-ai-gets-its-own-payment-protocol/
https://fintechnews.my/57254/payments-remittance-malaysia/bnm-technology-requirements-payment-providers-regulatees-malaysia/
This publication does not constitute legal, tax, or professional advice from Airwallex nor substitute seeking such advice, and makes no express or implied representations / warranties / guarantees regarding content accuracy, completeness, or currency. If you would like to request an update, feel free to contact us at [[email protected]]. Airwallex (Malaysia) Sdn. Bhd., a company incorporated under the laws of Malaysia with company registration number 201801007747 (1269761-X), is regulated as a licensed remittance business under the Money Services Business Act 2011 (Licence number 00743 with an expiry date of 3 August 2028, an E-Money Issuer and a registered merchant acquirer under the Financial Services Act 2013.)

Cherie Foo
Growth Content Manager
Cherie is a Growth Content Manager at Airwallex, where she develops content for businesses in Singapore and across Southeast Asia. She focuses on turning complex topics like cross-border payments, business accounts, and spend management into clear, practical guides that help founders and finance teams make confident decisions.
Posted in:
Online paymentsShare
- What is an agentic wallet?
- How an agentic wallet works: the three layers
- Why Malaysia's wallet ecosystem matters
- The FPX problem (and what to do about it)
- Consumer control: spend rules, audit trails, and what happens when something goes wrong
- How agentic wallets handle threats that regular wallets weren't built for
- What Malaysian merchants should do now


