Keeping agentic commerce secure

Before too long, many online consumers will stop clicking ‘buy’ and instead will issue instructions to AI agents that autonomously search, select, and purchase on their behalf. This shift toward agentic commerce promises convenience and efficiency, but it also threatens to upend traditional fraud detection and payment verification models that depend on human presence and behavioural context.

 

In today’s ecommerce world, the verification of a transaction involves multiple parties: the card issuer, retailers and payment service provider gateways, sometimes the customer’s bank and authentication steps like 3-D Secure or biometrics. The buyer’s device, browsing behaviour, and purchasing context are strong signals in that flow.

 

In agentic commerce, however, the shopper is entirely missing. Instead, an AI agent—an autonomous software programme—initiates and drives the transaction. The retailer will only become aware of a purchase when it receives a completed order, often stripped of the usual metadata that helps it assess risk. As such retailers are faced with the difficulty of trying to determine the veracity or legitimacy of the order in a vacuum.

 

Know your agent

In the same way that retailers have developed the Know Your Customer concept, a new idea is emerging to fill the gap left by AI agent purchasing – Know Your Agent. This has helped to establish how a new verification chain might look. Firstly, before agents are permitted to make transactions their developers will need to be verified and approved. Agent software will be locked and signed to establish a link between the agent and the customer, and from this a digital token can be issued. This will then be used by retailers and payment service providers to validate and authorise a transaction.

 

The vanishing context problem

Even with identity verification, the absence of human signals means that shopping context is vanishing. The AI may run on cloud servers or embedded systems, rather than personal devices with traceable identifiers. Equally agents could operate from multiple IP addresses at once, invalidating geolocation as a trust factor. Human-like purchase rhythms will also be replaced by algorithmic efficiency, which will make even legitimate agents look suspiciously robotic.

 

To counter this, fraud detection will have to evolve from monitoring human behaviour to monitoring agent behaviour. Systems will need to profile how each agent typically acts—which retailers it prefers, what spending limits it observes, how it sequences actions—and detect deviations from those norms. In other words, the AI itself becomes the subject of behavioural analysis.

 

A new role for bots

For years, ecommerce retailers have fought to keep bots out of their systems. Suddenly, those bots will become the primary customers. That inversion creates a profound trust dilemma: retailers and their payment partners must now distinguish between good agents acting on behalf of verified users and bad ones designed to commit fraud or exploit vulnerabilities.

 

Without a robust verification layer, fraudsters could easily create fake agents that impersonate legitimate ones, hijack user credentials, or exploit weaknesses in API integrations. Because these agents act autonomously, the window for detection shrinks dramatically with a malicious agent able to execute thousands of fraudulent transactions before a human even notices.

 

This is why agentic commerce doesn’t just add incremental risk; it transforms the nature of the threat entirely. Fraud shifts from identity theft and card misuse to the manipulation of digital intermediaries, the agents themselves.

 

Building a new verification framework

To restore trust in a world of agentic commerce retailers and payment networks will need to rethink the entire verification process. A new framework might include: 

• Agent registration - Every agent must be registered through a trusted authority, with its code, developer, and permissions verified before being allowed to transact.
• Digital agent passports - Agents would carry cryptographically signed credentials confirming their identity, version, and the shopper they represent. These could be checked automatically at checkout.
• Real-time transaction attestation - Each transaction should include metadata that proves the agent’s integrity and authorisation in that specific moment — like digital signatures in secure messaging systems.
• Behavioural agent profiling - Fraud systems should model normal agent activity just as they do for humans, learning what “safe” looks like for each agent over time.
• Revocation and oversight mechanisms - If an agent behaves suspiciously or is compromised, retailers and payment service providers must have the ability to revoke its credentials or require a human reauthorisation. 

Trust matters in an autonomous world

Agentic commerce has the potential to revolutionise online retail, streamlining purchases, enabling hyper-personalisation, and opening entirely new forms of digital interaction. But convenience without control is a recipe for disaster.

 

If retailers cannot verify the agents acting in their ecosystems, they risk a wave of invisible, high-speed fraud. The challenge isn’t simply preventing bad actors; it’s rebuilding trust in an environment where the “actor” is no longer human.

 

The solution lies in designing systems that treat agents as first-class entities with their own verifiable identities, permissions, and behavioural histories. Know Your Agent may soon become as essential as Know Your Customer once was — the bedrock of a safe and scalable digital marketplace.

 

In the new ecommerce world order, the winners will be those who can trade autonomy for trust — giving AI the freedom to act, but never without accountability. 

 

---

 

Philip Plambeck is Managing Director at Computop UK

 

Main image courtesy of iStockPhoto.com and Julia Garan