As the technology develops in giant strides and new iPhone models are delivered each year, it sounds extremely strange that the backbone of omnipresent card payment systems is still the protocol that’s almost forty years old. Even with its last major revision in 2003, the upgraded version of ISO 8583 is a couple decades too legacy to support modern payment infrastructure. It’s high time to discuss the alternatives.
What Are Payment Protocols
Although some of you might be heavily invested in the tech details of the payment processes, most non tech-savvy people see only the outer layer of daily transactions, paying attention to UIs, checkout convenience and availability of payment options.
However, all the main aspects of payments you care about (speed, safety, accessibility, etc) depend in large part on the hidden underlying tech stack which common observers tend to ignore. We hear about intra-industry partnerships, integrations of one payment infrastructure with another, emerging technologies like agentic payments and blockchain-based stablecoin transactions. What is rarely spoken about is the deepest foundation of any digital payment – payment protocols.
Payment protocols are the invisible communication rules that make transactions possible. In other words, they are the standardized languages through which banks, payment processors, and networks exchange transaction data securely and reliably.
Payment protocols define how messages like “payment approved” or “insufficient funds” are formatted, transmitted, and verified between systems.
From card-based standards like ISO 8583 to newer frameworks like ISO 20022 or API-based open banking schemes or even a brand-new emerging class of agentic payment protocols for AI-driven commerce, these protocols ensure that money moves seamlessly across countless platforms, geographies, and institutions. Today, it often happens in just seconds, even though the underlying exchanges involve complex chains of encrypted data flows and compliance checks. However, in many cases, payments are delayed, and payment protocols deficiencies are also to blame for that.
What Powers Card Payments and Why ISO 8583 Is Not Enough Anymore
While digital wallets are the fastest growing contactless payment type today, card-based payments are extremely popular in both online and offline settings. In the last couple of years, card payments constituted about 60% of the total number of payment transactions globally, varying by region and payment context.
ISO 8583 in a Nutshell
They are still largely powered by ISO 8583 – the international messaging standard that defines how financial transaction card-originated messages (payments initiated via debit or credit cards) are structured and exchanged between payment system components like ATMs, POS terminals, and card networks.
ISO 8583 has been around since 1987 and had its last major revision in 2003. Needless to say, a lot of its approaches are outdated. Firstly, it was designed for batch-oriented, mainframe systems used by banks and card networks in a very different era – one of static connections and slower settlement times.
ISO 8583 messages are not human-readable. They’re composed of tightly packed binary or fixed-length fields designed to minimize bandwidth and processing time on 1980s-era mainframes. Although ISO 8583 has been the backbone of global card payments for decades, it’s not flexible enough to support novel use cases like tokenization, biometric verification, QR, AI-driven fraud scoring, etc. Besides, it cannot efficiently handle modern richer data flows with heaps of merchant metadata, device fingerprinting results, cross-system customer info, multi-factor authorization details, and more.
Therefore, while its structure still handles most card authorizations globally, the standard’s rigidity and limited data capacity make it less suited for instant, enriched, and intelligent transaction flows that modern users and regulators demand for cloud-native, microservice-based, real-time payment ecosystems.
ISO 20022 Takes Up the Baton
The shift toward ISO 20022, that started in 2004 and is still ongoing, marked one of the biggest evolutions in payment messaging. Unlike ISO 8583, which focuses on compact numeric fields, ISO 20022 offers a flexible, XML-based model that captures far richer contextual data: from compliance information to transaction metadata. And yet, ISO 8583 still remains the basic foundation for card payments.
As a result, banks, networks, and fintechs are now layering translation gateways and hybrid systems that let ISO 8583 and ISO 20022 coexist. Visa and Mastercard, for instance, are upgrading their networks to embed ISO 20022 elements, paving the way for more interoperable, transparent, and real-time payments without breaking existing card infrastructure.
At the same time, the ecosystem around payments is expanding beyond what ISO 8583 was ever meant to handle. Tokenized wallets, biometric authentication, contactless flows, and even early agentic payment systems require message formats capable of carrying new security fields and contextual data.
Rather than replacing ISO 8583 overnight, the industry is moving toward modular, API-driven architectures that can interpret and enrich legacy messages in real time. On one hand, card payments are evolving past the limits of ISO 8583, toward smarter, more dynamic protocols that keep pace with the way people and machines now transact. On the other hand, questions arise whether the card infrastructure may actually need to be “broken” (or completely overhauled) to move beyond its 1980s limits.
Why Payment Industry Chooses Coexistence Model Over Replacement
Despite its limitations, the payment industry has so far opted for coexistence rather than complete replacement. Instead of discarding ISO 8583 altogether, banks, schemes, and fintechs are building translation layers and hybrid gateways that allow both protocols to operate in parallel. There are practical reasons for this cautious approach.
The first is the massive installed base. Hundreds of millions of POS terminals, ATMs, and host systems across the world still communicate in ISO 8583. Replacing all of them would mean rewriting the operational DNA of global card payments. Then comes the regulatory and operational risk: you cannot simply “switch off” a network that moves trillions of dollars in card transactions every single day.
Interoperability also plays a critical role. Card acceptance relies on a fragile balance between issuers, acquirers, and merchants; a hard protocol break could easily fragment this global acceptance layer. Finally, there’s investment inertia. Decades of sunk cost in legacy switch software make incremental upgrades more politically and financially viable than a full rebuild.
In short, today’s dual-system setup: translation gateways, message converters, and ISO 20022 overlays, is less about bold innovation and more about risk control and continuity. Yet this very strategy raises an uncomfortable question: how long can the industry afford to patch the old rails before it becomes more efficient (and perhaps inevitable) to replace them entirely?
Why “Breaking” the Old Payment Rails Might Be Necessary
At the same time, a growing number of payment architects and infrastructure innovators argue that the coexistence model, while safe, is holding back progress. Translation layers help maintain stability, but they also lock innovation into the grammar of the past. Even when wrapped in ISO 20022 elements, the underlying ISO 8583 logic still imposes rigid field limits, fixed transaction codes, and sequential message flows — a structure that belongs to the mainframe era. In other words, you can paint the ancient walls by enriching the message, but the building is still old and frail, as the communication standard speaks an old language.
Modern payments, however, demand something entirely different. They require context-rich, real-time communication that can carry detailed metadata from device and merchant information to behavioral and biometric signals, all the while enabling instant settlement and programmable logic. These capabilities are far easier to support on API-native or ISO 20022-based architectures, not legacy card protocols.
Security expectations have also outgrown the card model. PANs, BINs, and acquirer identifiers, once essential to card transactions, are now seen as brittle constructs in a world of tokenized wallets and AI-driven risk engines. A true breakaway would mean rebuilding around persistent digital identities, programmable payment tokens, and end-to-end encryption designed into the core, rather than added on top.
Finally, the cost of maintaining parallel systems is rising. Every translation gateway adds latency, complexity, and compliance overhead. At some point, modernization becomes cheaper than preservation — a pattern already seen in telecommunications (from 2G to 5G) and banking infrastructure (from COBOL cores to cloud-native systems).
The Question of Replacing Payment Protocols Is Not Whether But When
The future, therefore, may lie in controlled disruption. In the short term, hybrid systems will continue to bridge ISO 8583 and ISO 20022. Over the next decade, high-value, cross-border, and instant payments will likely migrate fully to richer, ISO 20022-native and API-based formats. In the longer view, card networks themselves may evolve into tokenized, identity-centric, and programmable ecosystems, effectively retiring the legacy rails they once relied on.
Visa’s VisaNet Next, Mastercard’s NextGen IPM, and a wave of emerging blockchain and AI-integrated payment frameworks all suggest that this quiet transformation is already underway. Given the scale and importance of infrastructure in need of substitution, it will probably arrive not as a sudden break, but as a gradual rearchitecture of how money moves in the digital economy.
Beyond traditional upgrades, the rise of agentic payment protocols, novel systems that allow AI agents to initiate, negotiate, and complete payments autonomously, is set to accelerate this transformation even further. These protocols rely on continuous, context-aware data exchange that simply cannot be expressed efficiently within ISO 8583’s rigid, transaction-by-transaction logic.
For AI-driven commerce to function safely and seamlessly, payment infrastructure needs to be unified, interoperable, and capable of real-time data sharing across networks, assets, and counterparties. Maintaining multiple overlapping standards only multiplies friction, cost, and integration complexity. By contrast, moving toward a single, extensible, and intelligent messaging framework, where ISO 20022 and emerging agentic protocols converge, would allow the ecosystem to operate more efficiently, securely, and predictably, bridging human and machine-driven transactions under one universal language of value exchange.
Some Food for Thought
It’s ironic that while payments are racing toward real time, the systems underneath still speak the language of the 1980s. Translation layers can only stretch so far before innovation snaps. As AI agents start making payments on our behalf, clinging to fragmented standards will feel like running modern apps on dial-up. Perhaps, it’s time to finally stop patching the old rails and start building one smart, unified protocol that lets humans, machines, and money finally speak the same language.
