top of page
Search

Agentic Commerce and the New Fraud Frontier: When AI Agents Buy on Your Behalf

  • Writer: TrustSphere Network
    TrustSphere Network
  • 5 hours ago
  • 5 min read

Agentic commerce — where AI agents browse, compare, and complete purchases on behalf of their human principal — is moving from research demonstration to live deployment. Major platforms and payment providers are publishing protocols, identity frameworks, and merchant onboarding specifications designed to let autonomous agents transact at scale, and the first wave of consumer-facing agentic shopping experiences is already in market through 2025 and into 2026. The retail, travel, and financial services sectors are recalibrating around a fundamental change: a meaningful share of purchase decisions and payment authorisations may soon be initiated not by a human but by an agent acting on their behalf.


For fraud and financial crime teams, the implications are significant and largely uncharted. Detection models trained on human behaviour — typing cadence, dwell time, navigation paths, and decision hesitation — are not directly applicable to agent traffic. Authentication frameworks built on the assumption of one human, one device, one credential need to be re-thought for delegated authority, machine-to-machine signatures, and dynamic spending limits. Meanwhile, the same agentic capability is available to attackers, who are already exploring agent-driven account takeover, agent-mediated mule onboarding, and synthetic-agent identities.


The regulatory and standards community is moving, but at uneven speed. Payment networks, identity providers, and large platforms are publishing agentic-commerce specifications, while consumer-protection regulators in the European Union, United Kingdom, United States and Singapore are signalling concern about consumer accountability, agent liability, and the data-handling implications of delegated commerce. Financial institutions cannot wait for the dust to settle; the operational reality of agentic flows will arrive faster than the regulatory framework, and firms need a working position now.


Regulatory, Standards, and Market Context


The card networks and payment platforms have moved early. Visa's agentic-commerce framework, Mastercard's Agent Pay programme, and PayPal's agent-payments protocol all publish standards for cryptographic delegation tokens, intent-bound authorisations, and merchant-side handling of agent traffic. The W3C and OpenID communities are progressing standards for agent identity and verifiable credentials. The objective in each case is to give merchants and issuers a way to distinguish authorised agentic activity from unauthorised automation, while preserving consumer accountability.


Regulators are watching closely. The European Commission's AI Act and the UK's emerging AI assurance regime will both apply where agents make decisions with legal or financial consequences. Consumer protection bodies are concerned about clarity of consent, transparency of recommendations, and remedies when an agent makes a mistake. Financial regulators — the FCA, ECB, MAS and OCC — are specifically interested in delegated authority, audit trails, and the AML implications of agentic transactions, which break some long-standing assumptions about the natural-person link between customer and transaction.


What the Data Is Showing


Pilot deployments through 2025 give early indications of the patterns to come. Agents typically transact in much narrower behavioural envelopes than humans — consistent device fingerprints, repeatable timing, predictable basket shapes — which on the one hand should make them easier to distinguish from human users, but on the other hand makes them harder to distinguish from automated fraud. Early merchant data shows agentic checkouts have lower abandonment but higher chargeback rates in some categories, primarily because the human principal disputes purchases the agent made on their behalf.


On the attack side, security researchers and threat-intelligence vendors have begun documenting adversarial uses of agentic capability — including agent-driven credential stuffing, agent-orchestrated synthetic identity creation, and agent-mediated mule recruitment via social platforms. The attacker-defender asymmetry is real: attackers can iterate agent behaviour cheaply, while defenders are simultaneously trying to authorise legitimate agent traffic and detect malicious agent traffic with shared technology stacks.


Implications for Financial Institutions


Banks and fintechs need to begin treating agents as a distinct identity class with their own onboarding, authentication, and monitoring requirements. This means defining what authority a customer can delegate to an agent, how the delegation is cryptographically expressed, what spending limits and merchant categories apply, and how revocation works in real time. It also means upgrading transaction monitoring to recognise agent-initiated traffic explicitly, rather than treating it as either generic automation or generic human behaviour.


Equally, fraud prevention must absorb the new threat surface. Account-takeover attacks now include compromise of the customer's agent or their delegation tokens; mule recruitment can be agent-mediated; and synthetic identities can be created and operated more cheaply through agentic tooling. Investment is needed in agent-aware behavioural analytics, in delegation-token revocation infrastructure, and in collaboration with payment networks and platforms to share intelligence on agent-driven attack patterns as they emerge.


Conclusion


Agentic commerce is one of the most consequential structural changes the payments and fraud landscape has seen in a decade. Institutions that engage with the standards, build agent-aware detection, and define a clear delegated-authority model now will be in a position to enable safe agentic experiences for their customers and merchants. Those that wait will find themselves both economically disadvantaged and exposed to a new generation of fraud typologies their existing controls were never designed to detect.


Suggested Next Steps


  • Form a cross-functional working group across payments, fraud, AML, and customer experience to define your institution's position on agentic commerce, including delegated authority, authentication, and dispute handling.

  • Engage with the Visa, Mastercard, PayPal, W3C and OpenID agent-commerce standards work, and pilot at least one agent-mediated transaction journey end-to-end before the end of 2026.

  • Extend your transaction monitoring and behavioural analytics to recognise agent traffic as a distinct identity class, with its own thresholds, indicators, and escalation rules.

  • Build a delegation-token lifecycle capability — issuance, scope, monitoring, and rapid revocation — and integrate it with your account-takeover response so a compromised agent can be neutralised in seconds, not minutes.


Sources: Visa Agentic Commerce Framework Documentation; Mastercard Agent Pay Programme Materials; PayPal Agent Payments Protocol; W3C Verifiable Credentials Working Group; European Union AI Act; UK FCA AI Discussion Papers; OpenID Foundation Agent Identity Workstream.


TrustSphere Risk Index — Vendor Spotlight


The TrustSphere Risk Index is our independent assessment of the global fraud, financial crime and identity vendor landscape. The March 2026 edition covers 221 vendors across eight functional categories — Risk Orchestration, Enterprise FRAML & Decisioning, Identity / eKYC / KYB Onboarding, Behavioural & Device Intelligence, AML Data, Screening & Regulatory Intelligence, FRAML Technology Stack, Deepfake Detection, and adjacent specialist categories — each scored across eleven capability dimensions including fraud detection, transaction monitoring, identity verification, watchlist screening, and regulatory intelligence.


This week's vendor spotlight is Persona, which scored 55% on the TrustSphere Risk Index in the Identity, eKYC, KYB & Onboarding Platforms category. Persona is an API-first identity verification and orchestration platform, designed for the kind of programmable, journey-aware identity flows that agentic commerce will require. As banks and merchants begin to define how delegated-authority identities, agent credentials and human principal verification interlock, Persona's flexible building blocks — KYC, KYB, document verification, behavioural signals and decisioning — make it a strong candidate for institutions building agent-aware identity architectures.


If you would like a comprehensive vendor suitability assessment for your institution — mapped to your specific use cases, regulatory footprint, and target architecture — please contact TrustSphere directly. The full Risk Index, peer benchmarks and tailored shortlist work is available on request.


TrustSphere helps financial institutions design and deploy intelligent fraud and financial crime detection solutions. Visit www.trustsphere.ai

Comments

Recommended by TrustSphere

Atfinity


 

Izengard


 

Trefis


 

Noto360



 

Thetaray


 


Regulation Asia


 


FCC Analytics

 

Futurum



 



Darwinium


 

Arkose Labs


 

SumSub



 

FinanceX



 

FullArmor



 

Clari5



 

© 2024 TrustSphere.ai. All Rights Reserved.

hello@trustsphere.ai

  • LinkedIn

AML Watcher


 

Relevance.ai



 

LevelFive



 

Disclaimer for TRUSTSPHERE.AI

The content provided on the TRUSTSPHEREAI website is intended for informational purposes only. While we strive to provide accurate and up-to-date information, the data and insights presented are generated from a contributory network and consolidated largely through artificial intelligence. As such, the information may not be comprehensive, and we do not guarantee the accuracy, reliability, or completeness of any content.  Users are advised that important decisions should not be made based solely on the information provided on this website. We encourage users to seek professional advice and conduct their own research prior to making any significant decisions.  TruststSphere Partners is a consulting business. For a comprehensive review, analysis, or support on Technology Assessment, Strategy, or go-to-market strategies, please contact us to discuss a customized engagement project.   TRUSTSPHERE.AI, its affiliates, and contributors shall not be liable for any loss or damage arising from the use of or reliance on the information provided on this website. By using this site, you acknowledge and accept these terms.   If you have further questions,  require clarifications, or requests for removal or content or changes please feel free to reach out to us directly.  we can be reached at hello@trustsphere.ai

bottom of page