You flash your AARP card at Hertz and save 25%. You show your military ID at Home Depot and get 10% off. Your kid logs in with a .edu email and pays half price for Spotify. This is eligibility verification. It is a $300 billion economy built on plastic cards, manual checks, and databases that do not talk to each other. It works today because a human is standing at the counter. It breaks completely the moment an AI agent shops for you instead.
The discount economy is enormous and invisible
Eligibility-based discounts are everywhere. AARP has 38 million members with discounts at over 100,000 businesses. Home Depot, Lowe's, Under Armour, and Apple all offer military discounts verified through ID.me. Spotify, Amazon Prime, and Apple Music cut prices in half for students verified through UNiDAYS or SheerID. AAA members get preferred rates at Hertz, Hilton, and thousands of other merchants.
None of this runs on a shared standard. AARP has its own card. ID.me has its own database. UNiDAYS has its own verification flow. Every merchant integrates with each provider separately. Every customer carries a different set of credentials in their leather wallet, phone, or email inbox.
The system works because humans are flexible. You can pull out a card, show an app, recite a membership number, or forward a confirmation email. A cashier can look at it and make a judgment call. But flexibility is not scalability. And it is definitely not automatable. Today, there is no way to verify eligibility programmatically across providers. That is the gap.
Credentials are already moving on-chain
This is not a prediction. It is happening. Singapore's government issues real polytechnic diplomas and trade certificates through OpenCerts, anchored to Ethereum mainnet. Not a private chain. Not a pilot. Public, verifiable by anyone, no issuer cooperation needed. South Korea has gone further on scale: millions of citizens use mobile driver's licenses backed by a DID infrastructure. Real government IDs, used at real checkpoints, verified digitally. The EU has mandated digital identity wallets for every member state by 2027 under eIDAS 2.0.
Then there are the credentials that are already natively on-chain. Gitcoin Passport has over 2 million users and 35 million attestations. Binance issues soul-bound tokens to KYC-verified users. World ID has 18 million verified users and just launched AgentKit with Coinbase to let AI agents carry proof-of-human credentials into payment flows.
Credentials are moving from leather wallets to digital wallets to on-chain wallets. The question is what happens when a merchant needs to verify one of them.
Apple Wallet got halfway there
Apple Wallet and Google Wallet already hold digital versions of membership cards, loyalty passes, boarding passes, and in 21 US states, mobile driver's licenses. When you tap your phone at a TSA checkpoint, the agent sees your ID without you handing over a physical card.
But these systems are closed. Your Apple Wallet pass only works where Apple's infrastructure reaches. Your Google Wallet credential cannot be verified by a system that does not integrate with Google. The credentials are not portable, not composable, and not independently verifiable. If Apple's servers go down, your credential is useless. If a merchant does not support Apple's SDK, your membership might as well not exist.
On-chain credentials solve this by design. A soul-bound token proving AARP membership does not need AARP's server to be online for a merchant to verify it. An EAS attestation proving veteran status does not need ID.me to be in the loop. The credential is on a public chain, verifiable by anyone, portable to any platform that can read the chain.
The catch: reading a wallet to verify one credential risks exposing everything else in it. Checking for an AARP NFT should not reveal how much ETH you hold, what DeFi positions you have, or which other tokens are in there. That is the privacy problem.
Now add AI agents to the picture
Mastercard launched Agent Pay. Visa published the Trusted Agent Protocol. Coinbase built x402. Stripe is building the Machine Payments Protocol with Tempo. Every major payment rail is racing to let AI agents spend money on your behalf.
These systems solve authorization: can this agent pay? They do not solve eligibility: does the person behind this agent qualify for a discount?
Think about what happens when your AI agent goes shopping for you. It finds a hotel on Hilton's site. You are an AARP member, a AAA member, and a Hilton Honors Gold member. The agent should get the best available rate stacking all three. But how does it prove any of them?
The agent cannot flash a card. It cannot forward a confirmation email. It cannot type in a promo code and hope the cashier accepts it. It needs to prove eligibility programmatically, in real-time, before checkout. And the merchant's system needs to verify that proof without seeing everything else in the agent's wallet.
This is not a hypothetical. The Universal Commerce Protocol, a Google and Shopify joint project for agent checkout flows, is actively designing how eligibility claims work at checkout. Their technical committee is right now debating how to handle multiple concurrent verification-based discounts: military, student, teacher, loyalty tier, each with different rules and seasonal availability. The payment rail exists. The credential layer is forming. The verification layer between them is the gap.
The credential gap
On-chain infrastructure can already prove you are a real person, that you passed KYC, or that an AI agent has a registered identity. But it cannot prove you are an AARP member, a veteran, a student, a Costco member, a union worker, or a Hilton Gold loyalty tier holder. The entire real-world credential layer, the memberships and eligibilities that drive hundreds of billions in preferential pricing, has zero on-chain representation.
Starbucks tried with Odyssey, NFT loyalty stamps on Polygon, and shut it down after 15 months. Shopify built native token-gating features and deprecated them. Both failed because they treated credentials as gamification instead of infrastructure. But the underlying need did not go away. A human can work around missing infrastructure. An agent cannot.
Wallet auth is the verification layer
When credentials do move on-chain, whether as soul-bound tokens, EAS attestations, or W3C Verifiable Credentials anchored to a chain, someone needs to verify them at the point of transaction. And that verification needs to be privacy-preserving. Boolean, not balance. "Does this wallet hold credential X?" Yes or no, cryptographically signed, independently verifiable, nothing else exposed.
That is what wallet auth does. An agent presents a wallet. The merchant's system queries whether the wallet holds specific credentials. The response comes back as a signed attestation: this wallet holds an AARP-equivalent NFT, or a veteran soul-bound token, or a loyalty tier credential. The signed result is verifiable offline via JWKS. No raw wallet contents are exposed. No other holdings are revealed.
The same call can stack. Military plus loyalty tier plus alumni credential, all verified in one request, each returned as a separate boolean. The agent gets the best available price. The merchant gets cryptographic proof of eligibility. Neither side sees anything they should not.
This is not new technology applied to a new problem. It is the same verification primitive that already works for token holdings, NFT ownership, and on-chain attestations, applied to the credential layer as it forms. The credentials will come. Token-gated commerce is already live at scale for fan tokens and NFTs. The next wave is memberships, eligibilities, and qualifications.
The cards in your leather wallet are going on-chain
Your AARP card will become a soul-bound token. Your military status will become an on-chain attestation. Your alumni credential will become a Verifiable Credential anchored to a public chain. This is not a question of if. Singapore is already doing it with diplomas. South Korea is already doing it with driver's licenses. The EU is mandating it by law.
These credentials will sit in your on-chain wallet next to your tokens and NFTs. Your AI agent will present them at checkout the same way you flash a card at the register today. The difference is that verification will be instant, private, composable, and signed. No calling a database. No trusting a third party. No exposing your wallet to check one credential.
The payment rails are being built. The credential layer is forming. The verification layer between them, the one that lets an agent prove "this person qualifies" without revealing anything else, is wallet auth. It will become the default way eligibility works. And it is live today.
Top comments (0)