Agentic Commerce Isn't Coming. It's Here. Is Your Fraud Stack Ready?

Fireside chats and keynotes across the country are busy imagining a future changed by agentic commerce, but those conversations were out-of-date before they started. Agentic commerce is not a twinkling star in a far-off night sky. It’s here now and it’s showing up in purchase behavior and retailer infrastructure as clear as day.

Meanwhile, fraud detection still treats traffic in one of two ways, presuming that either a human has navigated their way to your checkout or a heavy-handed piece of software is brute-forcing its way across the internet. But AI agents arrive differently at checkout and your fraud tools – with no prior modelling to call upon – have to work out whether they represent a sale or a risk.

Agentic commerce is not going to change your business; it already happened. Your fraud stack has been increasingly influential in your conversions and revenue for months. That can’t continue unchecked. Let this article be the line in the sand.

The buyer journey just changed, and your fraud stack missed the memo

Big shifts in commerce have rarely been about technology, they happen when technology changes behavior. Online checkout systems didn’t change shopping habits, the convenience and variety they offer did. Behavior is sticky and once it changes, it’s unlikely to go back.

That’s where we are with agentic commerce today. The technology now exists for your customers to share their preferences, limits, and payment credentials with an AI agent and entirely outsource the act of browsing, comparing, and purchasing. The consumer's role in this model becomes as simple as saying yes.

You might be able to see where your fraud stack falls short in this new model. For the last 20 or so years, ecommerce fraud tools have analyzed journeys that encompass behavioral signals, session duration, browsing-to-checkout ratios, device fingerprinting, and on-page activity. Now, an agent appears at checkout with a full cart and barely a pixel’s worth of information for your fraud engine to consider.

Merchants are already seeing this pattern in their data, which is why we’ve already built, tested, and launched agent-initiated transactions as a live channel. The Morph Industry Report titled The Agentic Economy forecasts that AI agents will influence more than $500 billion in gross merchandise value globally by 2028. We’re past potential and into activity you can trace to your P&L.

Humans didn't leave the transaction. They moved

In the rush to adapt to AI payments, it would be easy to swing too far and presume that agents have completely removed human input from ecommerce. Buyers may be opting out of the long middle section, but they’ve relocated rather than being removed entirely. The best fraud stacks are going to follow them to the edges of the journey, to where fraud risk and signals now live.

Anybody setting up an agent is placing trust in a nascent system. Most of these buyers, hopefully, are treating agentic commerce with the appropriate level of caution. Nevertheless, they’re still setting its rules about spend limits, vendor choices, and the credentials it can carry. That's a human decision with far-reaching consequences. If those credentials are compromised or their agent manipulated, fraudulent activity is indistinguishable from their previous purchases. Same agent, same authorization, entirely different outcome.

Similarly, at the very end of the transaction process, fraud analysts are still interpreting system flags. They may be using AI to streamline their own work, but human judgment informs future modelling. It takes human insight to decipher the signal in the noise – especially when we’re dealing with brand new patterns of behavior. A safe, reliable agent behaves nothing like a safe, reliable human.

As with so many AI developments, the human element in any process becomes more pronounced and consequential. Fraud risk is changing, not ending, and it’s our responsibility to meet the humans where they’re still involved.

Your fraud stack's blind spot is the buyer journey

Fraud detection has developed into an incredibly efficient process. Years of rich, contextual data have trained systems that can pick a fraudulent needle from a haystack of payments. The journey those systems had perfected is now fragmenting – and fragmentation is a breeding ground for risk.

A single fraud tool, tooled for a single touchpoint, cannot protect the full user journey. More to the point, there’s no way it can distinguish a legitimate agent-initiated transaction from a compromised one, because it has no view of what came before the transaction. Unification is the answer.

To match up to agentic commerce, fraud tools need to see the full session context. They need oversight of the agent’s parameters and the device on which it was built. They need to tally an agent’s intent against historical behavior from the customer account. And they need to understand the legitimacy of any agent that tries to checkout.

Agent identification and verification is the big problem that remains unsolved. Many tools have gaps around agent identity, verifiable credentials for non-human principals, and permission boundaries for delegated authority.

Fraud systems that evaluate transaction events were doing a fine job. Agentic commerce means they’re now assessing a fraction of the information they need to make reasoned and defensible decisions.

Agent phishing is a new attack surface your current tooling wasn't built for

Humans are the biggest risk factor in payment fraud. Presumably, removing them from the buying process should reduce fraud rates. Well, phishing and cloning may become less prominent, but data extraction, transaction redirects, and prompt injection can more than make up the difference. As we’ve said above – agentic commerce is changing, not ending, fraud risk.

This is just called agent phishing: an umbrella term for bad actors attempting to manipulate or extract data directly from agents.

As a customer integrates more payment methods with an agentic system, the greater their surface area for attacks. If phishing is equivalent to someone stealing the details of one of your cards, agent phishing takes the whole wallet out of your pocket and paints the town red.

The stakes are undeniably high – and consumer trust data shows us that this is much more than a theoretical worry in pockets of the ecommerce world. Research from Spreedly and PYMNTS Intelligence shows that more than half of consumers are already hesitant to use AI-powered shopping assistants. 41% report outright distrust and only 4% have complete trust.

Relatively speaking, we’re in the early days of agentic AI. A single high-profile agent compromise with a household name is going to lead to a lot of headlines and distrust.

What fraud stack readiness actually looks like in an agentic world

The bigger picture is equal parts promising and worrying, but being more informed isn’t going to do much to settle merchants' nerves. To feel more confident in the age of agentic payments, merchants should ask three questions of their fraud stack. While the answers might not be positive, they’ll set your path to a more AI-ready checkout.

Can you see the full buyer journey?

The transaction event is the final step in a long and winding journey. AI agents have a completely different fingerprint to understand compared to human buyers, but it’s there and legible nevertheless. Beyond the sale, your fraud stack should see the session context, intent signals, and the agent’s configuration parameters.

When fraud tools focus only on the checkout page, they’re blind to the most important signals from an agentic buyer. The baseline for effective fraud tools is now end-to-end visibility; from first signal to last. It’s another reason why the single vendor bet now falls short.

Can your payments and fraud systems share context in real time?

Unified payments and fraud orchestration used to be a gold standard to aim for; as agentic commerce takes hold, it’s going to become the baseline. When your systems align and can speak freely with each other, they build a contextual picture that’s relevant and genuinely representative of the new world of ecommerce.

Compromised AI agents thrive in fragmented systems. When they aren’t working together, a transaction with a tail of unusual behavior pre-checkout will look totally legitimate to a fraud system that only sees checkout behavior.

These misaligned and entirely unaligned systems cause problems at both ends of the buyer journey. Expect to see regular false positives (that snatch legitimate agentic sales from your revenue line) and false negatives (that spike fraud rates).

Do you have a way to evaluate non-human principals?

At the protocol level, there’s no standard for understanding agent identity. With the proactivity and technical skill found in so many merchant engineering teams, it’s entirely possible to create internal controls that do some of this work for you.

Teams can build tools that assess configuration parameters, transaction pattern matching vs. authorization scope, and behavioral envelope monitoring for agent-linked accounts.

AI is, as we well know, developing non-stop. Standards may soon be established at the protocol level, but timelines are unreliable with such a fast-paced technology. Sure, it could happen in a week. Or the foundations of agentic commerce could become unrecognizable and need entirely new interpretation over several months. Whatever the timeline, there’s a gap in which your fraud stack is exposed.

The competitive window is now, and it's shorter than you think

As laughable as it may sound now, there was once a time when consumers were reluctant to store their credit card details online. Today, vaulted credentials are the presumed default. Developments in ecommerce fraud protection have happened at scale and speed in the interim.

Behavioral adoption starts when customers begin to trust the process. We'll see resistance fade when consumers believe that the experience and the infrastructure are reliable.

This point may be straightforward, but it’s important to stress: the merchants that build and adopt tools to handle agentic commerce will be the ones that capture more volume as the category grows. The Bain & Company forecast of $300 to $500 billion in US agentic commerce by 2030 represents 15 to 25% of total ecommerce sales. That revenue is up for grabs and it will come at a tipping point of consumer trust. If you’ve built and refined your infrastructure for agentic commerce by that point, you’ll be in prime position.