Agentic commerce represents one of the most significant shifts in the evolution of digital transactions. It introduces a world where autonomous AI agents initiate purchases, compare prices, apply promotions, and complete checkout flows without human involvement. This expansion of capability creates new opportunities for efficiency, but it also multiplies the surface area for fraud and abuse.
Recent industry research shows that agent-initiated transactions are fundamentally reshaping how payment selection, authentication, and liability work, and introducing security and compliance questions that did not exist in traditional ecommerce flows. Meanwhile, major institutions such as Mastercard warn that agent-driven shopping will require new standards for trust, consent, and verification to prevent unintended purchases and fraud escalation. Visa reports that fraud actors are rapidly adopting AI to target these new flows, leading to sophisticated crimes that exploit the logic of autonomous agents instead of traditional human interactions.
In this environment, security and fraud prevention must be re-engineered. This blog explores why agentic commerce demands a new security model, the emerging threat landscape, and the controls and capabilities required to operate safely.
Why security needs a new model
Agentic commerce changes not only how transactions are executed but also who is responsible for intent, authentication, and authorisation. AI agents can search, select, compare, and buy on behalf of users. In some early pilots, agents have even been observed using hidden browser sessions to fill out checkout forms and complete purchases in the background without the consumer seeing the flow directly.
This shift fundamentally alters the threat landscape. Threats now include:
• Fraudsters exploiting the agent’s logic, not the user’s behaviour
• Manipulation of prompts, results, or reasoning pathways
• Exploits that target real-time automated flows
• New consent, liability, and compliance gaps when agents act independently
Mastercard’s research highlights that verifying a shopper’s true intent becomes much harder when agents choose products, interpret context, and execute checkout on behalf of humans. Misinterpretations, spoofed instructions, and manipulated data feeds can result in unintended transactions and new fraud avenues that merchants never see coming.
Security must therefore evolve from user-centric controls to multi-layered verification of agent actions, system behaviour, policy adherence, and real-time analytics. Defence in depth is no longer optional. It is a prerequisite for operating in agentic commerce.
The threat model
The threat landscape for agentic commerce is expanding rapidly. Insights from Visa, The Paypers, ECB, and other industry sources illustrate an ecosystem under pressure from increasingly sophisticated threats.
1. Identity attacks
Account takeover and session hijack remain among the most critical issues in digital payments. Fraudsters now use AI-generated deepfakes, voice impersonation, and high-quality phishing to bypass security checks. Fraud incidents have risen sharply, with The Paypers reporting major increases in social engineering and synthetic identity attacks across European markets in 2025.
2. Policy evasion
Agents may be manipulated into breaching spend limits or acting outside defined scopes. Fraud actors increasingly aim to trick autonomous systems rather than human users, exploiting loopholes in agent-initiated flows.
3. Data exfiltration
If an agent’s tool calls are not properly scoped, attackers can coax models into leaking sensitive or payment-related data. Visa highlights that attackers increasingly manipulate agentic search and automated logic to steer decision-making toward fraudulent sites or outputs that enable data capture.
4. Prompt attacks
Prompt injection, indirect prompt poisoning, and adversarial instruction inputs from suppliers, customers, or data integrations can redirect agents into harmful behaviours.
5. Supply chain vulnerabilities
Compromised SDKs, plugins, or integrations—especially within global marketplaces—pose systemic risks. Ryft’s analysis shows that marketplace and multi-party transaction flows already carry unique compliance and operational risks that worsen when agents act autonomously.
6. Payments fraud
Europe saw €4.2 billion in payment fraud in 2024, a 17 percent increase from the prior year, with instant payments significantly raising the risk profile due to compressed detection windows. Fraud risk in instant credit transfers is up to ten times higher than in traditional transfers.
When agents execute payments within seconds, reactive fraud detection becomes almost impossible unless real-time controls are embedded directly into agent policies.
7. Abuse and scraping
AI-augmented scraping can mimic legitimate agent behaviour, exploit pricing gaps, harvest inventory data, and automate fake storefront creation at scale.
Principles that hold under stress
To counter this expanding threat surface, agentic commerce requires a foundational security strategy rooted in resilient architectural principles.
Zero trust
Never trust based on network position or platform context. Always verify identity, purpose, and risk. Mastercard reinforces that consent and step-up verification will become essential for maintaining trust in agent-led transactions.
Least privilege
Scope tokens tightly. Use short-lived credentials. Restrict access to only the data and operations required for each action.
Segmentation
Separate agent runtime, adapters, vector indexes, PII stores, and payment systems. Minimise the blast radius.
Deterministic critical paths
Checkout, refunds, and sensitive flows must follow structured decision paths with explicit checks, not free-form reasoning.
Comprehensive logging
Record all actions, tool calls, policies applied, and outcomes. Visa emphasises the importance of clear auditability to maintain trust in an increasingly automated and risk-prone environment.
Identity and access
Strong identity is non-negotiable in agentic commerce. Industry consensus points to stronger authentication, richer identity metadata, and real-time risk checks.
• Use OIDC and OAuth for verified identities and scoped tokens
• Default to passkeys for phishing-resistant sign-in, improved security, and higher conversion rates
• Require step-up verification for sensitive actions, especially in B2B procurement
• Enforce role-based and attribute-based policies for enterprise workflows
• Use mTLS for service-to-service encryption
• Ensure all credentials remain short-lived
As Europe moves toward PSD3 and enhanced SCA rules, these measures become even more critical. New research confirms that agent-initiated payments will test the limits of today’s consent and authentication standards, requiring a more dynamic approach to verifying authority and intent before transactions are executed.
Policy engine and runtime guardrails
Every action taken by an agent must be evaluated against a strong policy framework. This ensures that autonomy never exceeds defined boundaries.
Core policy controls include:
• Spend caps per order, day, and month
• Merchant and category allowlist
• Geofencing rules
• Currency restrictions
• Approval rules based on risk scores
• Data access restricted by purpose and consent
Payment service providers warn that agent-initiated transactions create new liability questions unless consent, authentication, and authorisation are captured at every stage. Without clear policy enforcement, merchants risk becoming accountable for actions taken outside expected parameters.
Risk scoring and fraud controls
Risk controls must shift from slow human-centred reviews to real-time machine-driven models.
Key controls include:
• Device health and integrity checks
• IP reputation and impossible-travel detection
• Behavioural biometrics and interaction anomalies
• Basket anomaly detection and price abuse patterns
• BIN risk assessment
• Velocity monitoring on cards, accounts, and tokens
• Graph analytics to detect collusion across addresses, accounts, or devices
Emerging research shows that synthetic identity fraud, deepfake-enabled scams, and automated misinformation will continue to escalate, requiring fraud systems to harness AI as aggressively as the fraudsters themselves.
Prompt and model safety
Agentic systems depend on prompt integrity. As a result, prompt security becomes a first-class control.
Controls include:
• Safety-primed agent instructions
• Input and output filtering for PII, sensitive data, and prohibited actions
• Tool-use whitelists enforced by role and context
• Structured response validation
• Adversarial red-teaming using supplier feeds and synthetic attacks
• Shadow deployments for safe testing
• Canary rollouts for controlled launches
Visa has already documented attempts by fraud actors to manipulate agentic search logic, tricking agents into selecting counterfeit merchants or unsafe results. Prompt security helps mitigate these attacks.
Data protection and privacy
Data protection remains at the core of trust. Compliance requirements across Europe underscore the importance of transparent, consent-driven data policies.
Essential practices include:
• Data minimisation
• Full-path encryption at rest and in transit
• Tokenisation of payment data to limit PCI exposure
• Segregated vector indexes for public and sensitive data
• Strict retention and automated deletion policies
• User-friendly GDPR and UK GDPR controls
• Support for PSD2 SCA and exemptions aligned with risk levels
The Paypers reports that SCA performance and fraud rates differ significantly across geographies, and that authentication flexibility is critical for enabling seamless but secure agent-driven flows.
Payments and refunds hardening
Payments are the most attractive target in agentic commerce. Strengthening checkout and refund flows is essential.
Core defences include:
• Network tokenisation
• Wallet-first payments
• Strong intent capture during checkout
• Evidence storage for dispute resolution
• Real-time monitoring of high-risk BINs and MCCs
• Clear runbooks for incidents and escalations
As instant payments rise across Europe, the risk window narrows dramatically. Fraud detection that previously had hours must now operate in seconds. European regulators report that instant transfer fraud rates can be up to ten times higher than traditional transfers, reinforcing the need for real-time, AI-driven decisioning at the agent layer.
Observability and incident response
Observability ensures transparency and accountability.
Key components include:
• Traces for every agent step and tool call
• Real-time risk dashboards for fraud and anomalies
• Clear runbooks with escalation paths
• Tabletop exercises to test readiness
• Chaos drills simulating API failures and policy bypass attempts
• Post-mortem reports with assigned actions
Without strong observability, merchants cannot detect agent misbehaviour, policy violations, or emerging fraud techniques until damage has already occurred.
Compliance by design
Agentic commerce intersects multiple regulatory frameworks. Compliance cannot be bolted on; it must be part of the design.
Required practices:
• Mapping ISO 27001 controls to agentic services
• SOC 2 readiness with process documentation
• PCI DSS scope minimisation through tokenisation and provider delegation
• Data Protection Impact Assessments (DPIAs) for agent-driven flows
• SBOM-based analysis of supplier risk
• Ongoing vendor assessments and audit readiness
As highlighted by legal analyses, payment regulations lag behind agentic innovation. PSD2 and PSD3 still assume human-initiated payments, creating challenges when mapping consent, liability, and authentication to autonomous agents.
Continuous evaluation
Agent behaviour must be monitored, measured, and improved continuously.
Best practices include:
• Offline test suites for common user journeys
• Canary releases for new agent capabilities
• Shadow mode to compare agent decisions with human outcomes
• Outcome-driven training signals
• Quarterly fraud and threat landscape reviews
Given the acceleration of AI-enabled fraud and real-time payment systems, experts forecast that continuous adaptation will be essential to maintain security and trust in digital commerce ecosystems.
Conclusion
Agentic commerce introduces unprecedented convenience and efficiency but brings equally unprecedented security challenges. As AI agents take over decisions and actions traditionally performed by humans, the risks shift from predictable behavioural patterns to complex systemic vulnerabilities.
To thrive in this new era, ecommerce platforms, payment providers, and retailers must adopt:
• Zero-trust identity
• Strong policy engines
• Real-time risk scoring
• Multi-layered fraud defences
• Continuous monitoring and evaluation
• Robust compliance frameworks
• Transparent consent and clear authority delegation
The organisations that succeed will be those that treat security not as an add-on but as the foundation of agentic commerce. Future-ready systems must be safe, observable, explainable, and engineered for trust. Only then can autonomous agents deliver the frictionless experiences they promise while maintaining consumer protection and regulatory integrity.
