IDV Article
Agentic AI and e-commerce fraud: Why anonymity is the real threat
Agentic AI is moving from concept to reality, with autonomous shopping and AI-initiated payments rapidly becoming part of e-commerce. As platforms race to enable this new model, one question matters more than ever: how do you establish trust when AI, not humans, is making the purchase? Hear Veriff CTO Hubert Behaghel discuss what’s needed to make agentic commerce work safely.
Anonymous accounts are the biggest fraud vulnerability e-commerce platforms carry into the agentic AI era. Stop tolerating unverified users. Every other security measure depends on it.
Agentic AI is reshaping e-commerce faster than most platforms are prepared to handle. Bots that shop autonomously on behalf of humans are no longer a future concept, they’re being built now. Stripe, OpenAI, Visa, and Mastercard have all launched infrastructure to enable agent-initiated payments in recent months.
That shift creates a trust problem with no easy workaround. When a human makes a purchase, accountability is straightforward. When an AI agent acts on behalf of an account, at speed, across platforms. That accountability chain breaks. The weak point isn’t the AI. It’s the anonymous account behind it.
We know these agents are coming, but there is a bit of a chicken and egg problem, you need the trust framework and the trust technology to be in place before you can open the gates and let the flooding happen.” Agentic commerce is opening those gates now. Most platforms aren’t ready.
Listen to the full podcast here:
What fraud risks does agentic AI introduce?
Agentic AI breaks a foundational assumption: that the entity initiating a transaction is the verified account holder. Bad actors exploit that gap through impersonation, fake agents, traceability gaps, and by blending malicious bot traffic with legitimate AI activity.
The data is unambiguous. According to Veriff’s Identity Fraud Report 2026, compiled from analysis of global customer data throughout 2025, impersonation fraud accounted for more than 85% of all fraud attacks Veriff observed. One in every 25 verification attempts was fraudulent. Digitally presented media was 300% more likely to be entirely AI-generated or otherwise altered in 2025 compared to 2024.
The marketplace picture is particularly severe. Ecommerce sites recorded a net fraud rate of 19.2% in 2025, nearly five times the global average, and more than ten times the global average of authorized fraud. This is not a future risk. It is the current baseline.
Manual review and static verification cannot keep pace with this volume or sophistication.
Why anonymity is the root problem
Platforms tend to ask: what new tools do we need? The right question is: why do we still have anonymous accounts?
The problem isn´t the AI. The problem is the anonymous account behind it. They remove the accountability chain that every other fraud prevention measure depends on. When AI agents act on behalf of unverified users, the traceability problem becomes exponentially worse. This is “Level 0” agentic readiness: a trust policy that structurally refuses to tolerate anonymous accounts.

Luukas Ilves, former Chief Information Security Officer of Estonia, put the risk in stark terms: many organizations are already “practicing the technical equivalent of very unsafe sex right now when they let agents on their machine go out and do things and interact.” Agents acting on behalf of unverified accounts amplify that risk at a scale no manual control can absorb.
The accountability gap deepens as agent delegation becomes normalized. As Ilves observed: “If I delegate to my accountant the right to do things in my online banking or to declare taxes, I don’t necessarily delegate them all of the rights… it’s not much of a leap to say the same framework might also work for agents.” Delegation without verified identity is delegation without accountability. In agentic commerce, that gap is exploitable at machine speed.
Ask yourself: what proportion of active accounts on your platform are currently unverified? What happens to your fraud exposure when AI agents operate those accounts at scale?
Anonymity is not a neutral default. In agentic commerce, it is a liability.
Static verification is not enough
One-time onboarding checks fail because accounts can be sold, shared, or taken over long after the initial check passes. An AI agent can execute hundreds of transactions on behalf of a compromised identity before a single flag is triggered.
Veriff’s Identity Fraud Report 2026 confirms this pattern: impersonation fraud increased in both volume and sophistication from 2024 to 2025, even as document fraud declined. A clear signal that fraudsters are shifting to tactics that exploit post-onboarding vulnerabilities rather than defeating initial checks.
The attack surface is continuous. Agentic systems fundamentally change where and when verification is required. As Behaghel explained: “Each time there is an interaction online, you need to be able to assume it could be an agentic interaction or a human interaction. You need to be able to escalate to the human being at any moment in time. So suddenly the ability to verify becomes pervasive.” Verification cannot be a one-time event. It must follow the account throughout its entire lifecycle.

Removing anonymity drives growth
Verified identities create a self-reinforcing cycle. Trust increases. Trust drives more transactions. More transactions attract more genuine users, raising platform liquidity and improving the experience for everyone on it. This is the Trust Flywheel: verified identity becomes a growth engine, not a compliance cost.
The reverse holds equally true. A single high-profile incident can damage platform-wide trust irreparably. Removing anonymity accelerates a marketplace; verified identity is the precondition for liquidity at scale.
How Veriff helps
Veriff provides the adaptive, continuous identity infrastructure that agentic commerce demands:
- Deepfake and Synthetic Identity Defense: Passive liveness detection combined with silent, multi-layered analysis of device, network, and image-level signals; automated and unobtrusive. Built to detect the AI-generated and manipulated media that grew 300% year-on-year in 2025.
- CrossLinks: Maps device fingerprints, behavioral patterns, network signals, and biometric face embeddings across sessions to surface fraud rings and repeat offenders in real time.
- Selfie-to-Selfie (S2S): Stateless, privacy-first re-authentication at any point in the user lifecycle, no biometric data stored.
- Profile Image Capture (PIC): Liveness-verified profile photos that eliminate ghost and rented accounts.
- Adaptive Workflows: Risk-based orchestration that routes each user through the right verification path and triggers re-verification when defined risk thresholds are exceeded.
- Biometric Authentication: Ensures the returning user is still the genuine account owner throughout the account’s lifespan, not just at sign-up.
Every AI agent action stays traceable to a verified human source.
The same logic that applies to your users applies to your infrastructure. Just as static, one-time verification of an account holder isn’t enough, neither is a one-time vendor sign-off. The uncomfortable truth is that KYB for vendors has lagged far behind KYC for users. The question is no longer whether you should verify your identity verification partner, but whether you can justify not doing so. Read more →
What to do next
Audit the proportion of unverified accounts on your platform and set a concrete timeline to close that exposure. Then replace one-time onboarding checks with continuous, adaptive identity verification that confirms authorization at the moment of action.
The trust infrastructure needed to secure agentic commerce already exists. Fighting fraud on so many fronts requires all the tools in the box. One tool in isolation will simply never be enough to counter the multitudinous fraud threat that exists in the modern digital world.
The question is not whether your platform needs this infrastructure. The question is whether you deploy it before fraud at scale forces the decision.