Authentication, fraud and agentic commerce are converging in 2026

At a glance

What this is: OneSpan’s January 2026 newsletter argues that authentication, fraud prevention, and mobile app security are converging into a single trust problem as agentic commerce, regulation, and mobile fraud reshape controls.

Why it matters: IAM teams need to treat authentication as part of a broader identity and transaction control stack, because human, device, and non-human trust decisions are now intertwined across banking, commerce, and mobile app security.

By the numbers:

• 2025, 025, reported losses in Japan from account takeover fraud reached approximately ¥690 billion, or US$4.44 billion.
• Lack of credential rotation is cited as the top cause of NHI-related attacks by 45% of organisations, followed by inadequate monitoring and logging (37%) and over-privileged accounts (37%).
• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.

👉 Read OneSpan's January 2026 Authentication Newsletter on fraud, regulation and agentic commerce

Context

Authentication is no longer just about proving a user is real. In the newsletter, OneSpan links fraud prevention, mobile security, payment regulation, and agentic commerce into a broader trust problem where identity, intent, and transaction risk all have to be evaluated together.

For IAM leaders, the main issue is that old access models assume a human starts and completes the transaction. That assumption breaks when an AI agent negotiates purchases, mobile devices shape fraud exposure, and regulated payment flows demand stronger assurance at the point of action.

Key questions

Q: How should security teams handle delegated access when AI agents act on behalf of customers?

A: Security teams should treat delegated access as a separate governance layer, not as a normal login session. Define what the agent can do, how much value it can move, which approvals are required, and how delegation is revoked. Without those boundaries, the agent inherits more authority than the customer intended and fraud risk expands quickly.

Q: Why do passkeys and phishing-resistant MFA not solve fraud on their own?

A: They reduce credential theft, but they do not stop a compromised device, a manipulated session, or social engineering that exploits a legitimate user after authentication. Fraud controls must continue after login by checking device state, behavioral signals, and transaction intent. Otherwise, the attacker simply moves from identity compromise to transaction abuse.

Q: How can banks tell whether transaction risk is higher than sign-in risk?

A: Banks need to compare the context of the transaction against normal user behavior, device posture, and previous session activity. If the payment amount, payee pattern, timing, or device integrity deviates from the account’s baseline, the transaction should face stronger verification. That is how risk moves from abstract authentication confidence to operational decisioning.

Q: Who is accountable when an AI agent or mobile app enables authorized fraud?

A: Accountability sits with the organisation that delegated the access and defined the control boundaries, not with the authentication method alone. In regulated environments, teams should align fraud controls, approval paths, and audit evidence with the relevant payment and consumer protection rules. If the delegation model is unclear, accountability will be unclear too.

Technical breakdown

Agentic commerce and delegated trust

Agentic commerce changes the identity model because a software agent can act on behalf of a person without being that person. The control problem is not simple authentication. It is delegated authority, where the system must decide how much purchasing power, data access, and approval scope an agent should hold while still allowing a usable customer experience. That makes trust dynamic, not static. In practice, teams need to think about how consent, transaction scope, and revocation work when the actor is a machine making decisions on behalf of a human.

Practical implication: define separate controls for delegated action, transaction approval, and revocation rather than reusing consumer login logic.

Fraud kill chain in mobile banking

Modern fraud is rarely a single event. It is a sequence that often begins with impersonation, moves through account takeover or device compromise, and ends in transaction abuse or unauthorized payment. That is why mobile threat intelligence, behavioral analytics, and device risk signals matter. They let defenders observe not just whether credentials were accepted, but whether the session, device, and transaction are behaving like the legitimate account holder. Authentication alone only covers the first gate; fraud prevention has to track the whole journey.

Practical implication: align detection and response to the full fraud chain, not only to the initial sign-in event.

Why stronger authentication is not the whole answer

Passkeys, FIDO, and stronger authentication reduce password abuse and phishing success, but they do not solve every trust problem. If a device is compromised, if a session is manipulated, or if a legitimate user is socially engineered, the attacker can still reach the transaction layer. That is why banks and commerce leaders are moving toward layered defenses that combine authentication, verification, behavioral analysis, and fraud intelligence. The architectural lesson is simple: identity proofing and transaction integrity are related, but they are not interchangeable.

Practical implication: pair phishing-resistant authentication with transaction monitoring and device intelligence so assurance continues after login.

Threat narrative

Attacker objective: The objective is to move from trusted access to financially damaging transactions while appearing legitimate enough to bypass conventional authentication controls.

1. Entry occurs when an attacker uses phishing, impersonation, or device compromise to reach a legitimate account or session.
2. Escalation follows when the attacker leverages trusted authentication or delegated authority to initiate payments, approvals, or agent-led actions.
3. Impact is realized through authorized fraud, account takeover loss, or transaction abuse that looks legitimate at the point of execution.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• IOS app secrets leakage report — iOS apps leaking hardcoded secrets and credentials endangering user privacy.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Authentication is becoming a transaction control, not just a login control. The newsletter reflects a market shift that IAM teams can no longer ignore. Once fraud moves into the transaction layer, classic sign-in assurance is only the first checkpoint. Practitioners should treat authentication, device risk, and payment integrity as one operating model, not three separate teams.

Agentic commerce creates a delegated identity problem that existing consumer IAM patterns do not fully cover. A software agent can shop, negotiate, and act on behalf of a person, which means the real question is what authority was delegated, for how long, and with what revocation path. That is a governance problem as much as a technical one. Teams need to recognise that machine-mediated consumer action changes accountability across the whole authorization chain.

Dynamic trust stacks are becoming the right architectural response to fraud that blends identity, device, and behaviour. The newsletter’s emphasis on verification and layered defenses matches what many programmes are now discovering in practice. A single control rarely breaks the fraud chain end to end. The practitioners who will cope best are the ones who can combine authentication, verification, analytics, and fraud signals into a coordinated decision path.

Mobile app protection is now part of identity governance because the application has become a trust boundary. The planned Build38 acquisition points to a broader industry view: protecting the app, the session, and the user experience is no longer separable from identity assurance. That means security teams should evaluate how application-layer controls support authentication and anti-fraud outcomes, especially where regulated transactions are involved.

From our research:

• 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to Ultimate Guide to NHIs.
• Only 5.7% of organisations have full visibility into their service accounts, which is why governance teams struggle to verify where non-human access is actually active.
• That visibility gap is explored further in Ultimate Guide to NHIs , Key Challenges and Risks, which is the right next resource when fraud and identity controls start to overlap.

What this signals

Agentic commerce will force IAM teams to separate human authentication from delegated execution. The next control question is not whether a customer can sign in, but whether a machine can act within a bounded mandate and be stopped cleanly when that mandate ends. That makes delegation scope, transaction revocation, and auditability the programme priorities.

Authentication programmes that stop at login will miss the next wave of fraud. The operating model now needs signals from device intelligence, behavior, and transaction context, or else valid credentials will continue to be used as a fraud bypass. For practitioners, the governance challenge is to keep assurance alive after the user or agent has already entered the system.

Mobile app protection is becoming part of identity assurance because the app is where trust is increasingly negotiated. Leaders should expect more overlap between application security, fraud prevention, and customer identity controls. That means the relevant benchmark is no longer whether the login is strong, but whether the whole transaction path can be trusted end to end.

For practitioners

• Map delegated authority for agentic commerce Define what an AI agent may do on a user’s behalf, which transaction types are allowed, and how consent is revoked before the agent can complete a purchase or payment.
• Extend fraud controls beyond login Correlate authentication events with device posture, behavioral analytics, and transaction context so that a valid login does not automatically equal a trusted payment.
• Treat mobile app security as an identity control Review whether app hardening, integrity checks, and runtime protection are feeding identity and fraud decisions in regulated mobile journeys.
• Reassess control coverage for APP fraud and ATO Use the fraud kill chain to test where your current stack detects impersonation, account takeover, and transaction abuse, then close the blind spots before approval or transfer completion.

Key takeaways

• Fraud, authentication, and mobile app security are converging into one governance problem rather than remaining separate technical domains.
• The scale of account takeover losses shows that sign-in assurance alone is not enough when transaction abuse can follow a valid session.
• Teams should design for delegated authority, device risk, and post-login fraud detection if they want controls that still work in agentic and mobile-first flows.

Key terms

• Agentic Commerce: Agentic commerce is a buying and transaction model where software agents act on behalf of a person. The identity challenge is not just proving who owns the account, but constraining what the agent may do, for how long, and under what revocation and audit rules.
• Fraud Kill Chain: A fraud kill chain is the sequence of steps an attacker uses to move from initial impersonation or access to financial harm. It links identity compromise, device abuse, transaction manipulation, and monetisation into one operational model that defenders can break at multiple points.
• Delegated Authority: Delegated authority is permission granted to one actor to act within the bounds of another actor's intent. In agentic and mobile flows, it must be explicit, time-bound, and revocable, because uncontrolled delegation turns a convenience feature into a trust expansion problem.
• Transaction Risk Signals: Transaction risk signals are contextual indicators used to judge whether a payment or account action looks legitimate. They include device posture, behavioural patterns, payee history, and session consistency, and they are critical when authentication alone no longer explains trust.

Deepen your knowledge

Authentication and fraud prevention in agentic commerce are covered in our NHI Foundation Level course, the industry's only accredited NHI security programme. If your programme now has to govern delegated actions, it is a strong fit for the challenges you are facing.

This post draws on content published by OneSpan: The Authentication Newsletter for January 2026. Read the original.