Fraud in the age of agentic AI: What e-commerce merchants need to know

When the first retail e-commerce store was introduced in 1984, it presented a massive opportunity: consumers no longer had to leave their homes to shop. As online shopping capabilities have grown, purchasing everything from clothing and furniture to medication and more has become quick and convenient. Today, shoppers seldom have to set foot in a physical store. This phenomenon has radically shifted the way that retailers operate.

The industry is now staring down the barrel of yet another bombshell disruption: agentic AI. E-commerce made shopping available at the push of a button – but with agentic AI, consumers no longer have to push a button at all; a bot will shop on their behalf.

The potential of agentic AI does not come without consequences: increased convenience must be balanced with increased risk of fraud. So how can platforms keep their customers safe while still remaining competitive and innovative in today’s agentic AI race?

What is agentic AI?

When most people think of AI, they think of generative AI, which produces text, images, and code. Agentic AI takes these capabilities a step further by using generated content to accomplish specific tasks or goals and make decisions with limited supervision. It consists of “AI agents” that mimic human decision-making processes to solve problems in real time.

In e-commerce, this often takes the form of an automated shopping assistant. A recent example is Amazon’s “Buy For Me” feature, which enables AI agents to purchase products on behalf of a user – even if those products are not on the Amazon platform. The new feature, which debuted in April of this year, demonstrates the growing appeal of agentic AI in the e-commerce space.

What is the potential impact of agentic AI in e-commerce?

The retail e-commerce industry is already massive. Agentic AI has the potential to boost sales even further by making shopping faster and more convenient for consumers.

Indeed, consulting firm Edgar Dunn & Co. predicts that the value of AI-driven commerce will spike in the next 5 years, from $136 billion today to $1.7 trillion by 2030. Similarly, PayPal CEO Alex Chriss has forecasted that 25% of e-commerce spend could be agent-driven by 2030.

What are the risks of agentic AI in e-commerce?

As promising as agentic AI may be, it introduces equally significant risks. One of the most pressing issues is the question of authority: How can we verify that an AI system truly has permission to act on behalf of a human user, every time it makes a purchase?

If authorization or identity controls are weak, bad actors can exploit AI agents in several ways:

• Impersonation and identity theft: Fraudsters could hijack or mimic legitimate AI agents to make unauthorized purchases or access sensitive data.

• Fake AI agents: Attackers might create counterfeit agents that appear trustworthy but are designed to manipulate transactions, harvest credentials, or redirect funds.

• Traceability gaps: When AI decisions aren’t properly logged or linked to a specific human identity, it becomes difficult to audit actions or hold anyone accountable, making post-fraud investigations nearly impossible.
  
• Hiding in plain sight: Agentic AI allows the everyday consumer to use bots. Fraudsters have long leveraged bots in high volume to drive scams at scale, and e-commerce sites may have trouble keeping pace. Fraudsters will likely have an easier time hiding in plain sight amidst legitimate agentic traffic.

Solutions for e-commerce merchants

As agentic AI evolves, so too must the identity verification tools that keep businesses and their users safe. Today, most e-commerce sites don’t have the advanced technology required to differentiate between genuine AI shopping agents and those controlled by impostors. 

Establishing authority requires more than a one-time consent checkbox. It involves defining clear, context-specific boundaries for what the AI is allowed to do, for how long, and under what circumstances. These permissions must remain under the user’s control. Every decision or transaction made by an AI agent should be traceable back to a verified human source – making identity verification technology infrastructure crucial.

Establishing authority requires more than a one-time consent checkbox. It involves defining clear, context-specific boundaries for what the AI is allowed to do, for how long, and under what circumstances. These permissions must remain under the user’s control. Every decision or transaction made by an AI agent should be traceable back to a verified human source – making identity verification technology infrastructure crucial.

Hubert Behaghel Chief Product and Technology Officer Veriff

What comes next?

Agentic AI marks not just a new stage in the e-commerce industry, but a turning point in how we build and maintain trust. The future of this innovation depends on our ability to tell the difference between authorized agents and those acting with bad intent, and to make sure every automated decision can still be traced back to a real person. Rather than starting from scratch, progress will come from strengthening the identity verification systems we already rely on.