By NHI Mgmt Group Editorial TeamPublished 2026-07-08Domain: General NHISource: Signifyd

TL;DR: AI agents are increasingly influencing or placing ecommerce orders, but today’s liability-shift mechanisms still assume a human cardholder and a stable authentication flow, according to Signifyd. That mismatch means merchants need controls that distinguish legitimate agent-led orders from fraud without adding avoidable checkout friction.


At a glance

What this is: This is an analysis of payment liability shift in ecommerce, showing that EMV and 3DS move risk only when the transaction signal is strong enough to support it.

Why it matters: It matters because merchants and identity teams now have to account for AI agent-led purchasing and authentication gaps without turning every borderline order into a false decline.

By the numbers:

👉 Read Signifyd's analysis of payment liability shift and fraud risk


Context

Payment liability shift is the mechanism that determines who absorbs the financial loss when a transaction later proves fraudulent. In ecommerce, that decision increasingly intersects with AI agent purchasing, which makes static checkout assumptions less reliable for merchants and the identity controls behind them.

The core problem is not whether an order is authenticated once, but whether the signal used to approve it is strong enough to support liability transfer. That is an identity and governance issue as much as a fraud issue, because merchants are now making risk decisions about orders that may originate from a human, a card network, or an AI agent acting on behalf of a shopper.


Key questions

Q: How should merchants handle liability shift when AI agents place orders on behalf of customers?

A: Merchants should treat AI agent-led orders as a distinct trust case, not as a routine extension of human checkout. The key is to separate who initiated the order from which signals prove it is legitimate. Liability should follow verifiable order evidence, not assumptions about the presence of a human cardholder.

Q: Why do step-up challenges create so many false declines in ecommerce?

A: Step-up challenges often fail good orders because they rely on narrow signals such as OTPs, device familiarity, or challenge questions. Those controls can stop some fraud, but they also block legitimate customers when the signal is weak or the user experience is degraded. The result is avoidable revenue loss and customer churn.

Q: What breaks when merchants rely only on authentication to approve orders?

A: Authentication alone cannot tell you whether an order is commercially trustworthy. A transaction can clear a challenge and still be abusive, or fail a challenge and still be legitimate. Merchants need decisioning that combines identity evidence, behavioural context, and risk outcomes instead of relying on a single gate.

Q: Who is accountable when a fraud guarantee shifts liability away from the merchant?

A: Accountability still sits with the merchant for selecting the control model, defining review thresholds, and setting escalation rules. A guarantee changes who pays for fraud losses, but it does not remove the merchant’s responsibility to understand what evidence supports approval and where the residual risk now lives.


Technical breakdown

EMV and 3DS liability shift mechanisms

EMV and 3DS are both authentication-based liability shift models, but they work differently. EMV relies on chip-based proof that a physical card is present, while 3DS uses step-up authentication at checkout to verify the cardholder. In both cases, liability shifts only when the transaction produces a sufficiently strong signal that the payment is legitimate. That model fits environments where identity is stable and the checkout path is predictable, but it becomes less reliable when the purchase is mediated by an AI agent or when the customer experience is intentionally friction-light.

Practical implication: merchants should map which transaction flows truly create verifiable identity signal and which only create the appearance of assurance.

Why step-up authentication creates false declines

Step-up authentication reduces some fraud risk, but it also introduces friction that can block legitimate customers. OTP failures, biometric mismatches, or knowledge-based questions can all cause a good order to fail. That is why 3DS can lower acceptance rates even when the underlying order is valid. The deeper issue is that rules-based fraud logic is often optimized to reject suspicious activity rather than to recognize trustworthy behaviour. In a commerce environment where AI agents may initiate purchases, that bias can punish legitimate transactions that simply do not fit older human-centric patterns.

Practical implication: teams need to measure false decline rates separately from fraud capture so they do not optimise one at the expense of the other.

How contractual fraud guarantees change liability handling

Guaranteed fraud protection shifts liability in a different way. Instead of relying on cryptographic authentication alone, the provider evaluates the full order using behavioural and contextual signals such as device fingerprinting, IP data, geolocation, velocity, and historical patterns. Ambiguous cases can be routed to manual review, which adds human context before the transaction is finalised. This is a decisioning model, not an identity proofing model, and that distinction matters. It does not remove the need for identity controls; it changes where trust is established and who bears the downstream cost when trust is misplaced.

Practical implication: merchants should separate transaction decisioning from identity assurance and understand which control is actually underwriting the risk.


Threat narrative

Attacker objective: The objective is to complete fraudulent purchases or exploit weak transaction controls so that liability falls on the merchant instead of the fraudster.

  1. entry: A shopper or AI agent initiates a payment flow that looks legitimate enough to reach the checkout decision point.
  2. escalation: Weak or static rules misclassify the order, and a step-up challenge or false negative blocks a real purchase or allows a risky one through.
  3. impact: The merchant either loses revenue through false decline or absorbs fraud and chargeback costs after approval.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

Static fraud logic is now an identity problem, not just a checkout problem. Liability shift depends on whether the merchant can establish enough trust in the actor behind the order. When that actor may be an AI agent, a shopper, or an automated purchase flow, the old assumption that a human is always in the loop stops holding. Practitioners should treat payment decisioning as part of identity governance, not just fraud operations.

False declines are a governance failure because they misclassify legitimate behaviour as risk. The article shows that 3DS can raise friction and still miss the true objective, which is to distinguish valid intent from abuse. That is why the control question is no longer only whether a transaction was challenged, but whether the challenge criteria map to actual trust signals. Merchants need a sharper boundary between authentication evidence and commercial approval logic.

AI agent-led purchasing creates an identity mismatch that existing liability models were not built to absorb. Payment frameworks were designed for cardholder-centric transactions with stable accountability. That assumption fails when the initiating actor is an autonomous or semi-autonomous agent acting on behalf of a person, because the checkout system may see a valid payment path without a stable human decision-maker. The implication is that liability, authorisation, and identity evidence must be rethought together.

Ephemeral trust in commerce is becoming the real control surface. The strongest transaction signal may exist only for the few seconds needed to approve an order, then disappear. That compresses review, accountability, and dispute handling into a much shorter window than traditional IAM or fraud teams are used to. Practitioners should assume that the future problem is not just preventing bad orders, but proving why a good-looking order should have been trusted at all.

From our research:

  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
  • A separate finding from our research shows that 97% of NHIs carry excessive privileges, which broadens the attack surface when access decisions are not tightly scoped.
  • For practitioners, the next read is Ultimate Guide to NHIs , Key Challenges and Risks, which connects sprawl, privilege, and offboarding failure to governance outcomes.

What this signals

Ephemeral trust: payment approvals are increasingly made on signals that exist only briefly, which means merchants must know exactly which evidence underwrites liability before the transaction completes. That is especially important when AI agents can influence ordering behaviour without changing the underlying payment rails.

With 92% of organisations exposing NHIs to third parties according to the Ultimate Guide to NHIs, the broader lesson is that delegated trust needs lifecycle boundaries. Commerce teams and identity teams are converging on the same problem: proving who or what was authorised, and for how long, when a decision is made fast.


For practitioners

  • Separate authentication evidence from order approval logic Define which signals establish identity and which signals support commercial decisioning. Do not treat a 3DS success event as the same thing as a low-risk order decision.
  • Measure false declines alongside fraud losses Track how often valid customers are blocked, how often risky orders pass, and how those outcomes affect revenue and retention. Use those metrics to recalibrate step-up policies.
  • Document AI agent order flows in the trust model Identify where an AI agent can initiate, modify, or complete a purchase, and define which identity evidence supports that path before liability is assigned.
  • Use manual review for ambiguity, not as a blanket override Reserve human review for transactions where automated signal quality is genuinely insufficient. Review should add context, not become a workaround for weak policy design.

Key takeaways

  • Payment liability shift is really a trust-allocation problem, because merchants need to know which signals justify approving an order.
  • 3DS and other step-up mechanisms can reduce some fraud, but they also create false declines that directly affect revenue and retention.
  • AI agent-led purchasing raises the bar for identity evidence, because checkout systems now need to distinguish human intent from automated ordering behaviour.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the technical controls, while ISO/IEC 27001:2022 define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0PR.AC-4The article centers on access and trust decisions for payment approval.
NIST SP 800-53 Rev 5IA-53DS and similar mechanisms depend on authenticator management and assurance.
ISO/IEC 27001:2022A.5.15Access control governance is relevant where agent-led or delegated purchases blur authorisation boundaries.

Map payment decisioning to PR.AC-4 and ensure trust evidence is explicit before liability shifts.


Key terms

  • Payment liability shift: Payment liability shift is the transfer of financial responsibility for a fraudulent or disputed transaction away from one party and onto another. In ecommerce, it determines who absorbs the loss after an order is approved, making it a governance and risk-allocation control, not just a payments feature.
  • 3D-Secure authentication: 3D-Secure authentication is a cardholder verification step used during online checkout to strengthen transaction assurance. It can shift liability for certain fraud cases, but it also adds friction and can misclassify legitimate shoppers when the challenge signal is weak or inconvenient.
  • False decline: A false decline is a legitimate transaction that is rejected because the fraud controls interpret it as risky. It matters because the operational cost is not limited to one lost sale. It can also damage customer trust, reduce retention, and distort fraud programme metrics.
  • Agent-led order: An agent-led order is a purchase initiated or influenced by an AI agent rather than directly by a human at the point of checkout. The identity challenge is proving whether the action was authorised, how much autonomy the agent had, and which trust signal should govern liability.

What's in the full article

Signifyd's full post covers the operational detail this post intentionally leaves for the source:

  • The distinction between EMV, 3DS, and contractual fraud guarantees in practical checkout terms.
  • The mechanics of how step-up authentication creates false declines and why merchants see conversion loss.
  • The specific order signals used in the vendor's decisioning model, including device, geolocation, and velocity data.
  • The business logic behind liability transfer when a provider guarantees chargeback reimbursement.

👉 Signifyd's full post covers the checkout friction trade-offs, approval mechanics, and liability models in more detail.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an IAM programme, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-07-08.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org