TL;DR: Agentic shopping is moving from experimentation to near-term reality, and the article argues that merchants will face a sharper trade-off between customer control and traffic loss as AI assistants take over more purchasing steps. Riskified also reports LLM-referred traffic as 2.3x riskier in one ticketing example and 1.8x riskier in electronics.
NHIMG editorial — based on content published by Riskified: agentic commerce, fraud risk, and the future of shopping
Questions worth separating out
Q: How should merchants govern AI shopping agents without losing customer trust?
A: Merchants should treat shopping agents as delegated identities with narrow, explicit permissions.
Q: Why do AI shopping agents create more fraud risk than normal ecommerce traffic?
A: AI shopping agents remove many of the human behavioural signals that fraud teams depend on, such as browsing rhythm, mouse movement, and device consistency.
Q: What breaks when merchants rely on old fraud signals in agentic commerce?
A: Old fraud models break when they assume a human is always the actor behind the session.
Practitioner guidance
- Define delegated purchase scopes Limit what shopping agents can do across search, comparison, cart creation, payment initiation, and repeat buying.
- Add identity signals to fraud scoring Blend account provenance, step-up authentication outcomes, and session integrity into transaction risk decisions.
- Set controls for agent takeover scenarios Detect when a customer account begins behaving like a machine-operated purchasing workflow, especially across multiple merchants or repeated checkout patterns.
What's in the full article
Riskified's full analysis covers the operational detail this post intentionally leaves for the source:
- Traffic and risk examples by merchant segment, including the transaction patterns behind the 2.3x and 1.8x figures.
- The fraud vectors the vendor expects to emerge as agents become more common, including account takeover and automated arbitrage.
- How Riskified suggests merchants adapt operationally as agent-driven shopping becomes a real channel.
- The vendor's discussion of how risk teams can think about policy, loss prevention, and customer experience together.
👉 Read Riskified's analysis of agentic commerce and fraud risk →
Agentic commerce and fraud risk: what should merchants change now?
Explore further
Agentic commerce creates a delegated identity problem before it creates a fraud problem. When a software agent is allowed to research, compare, and purchase on behalf of a user, the organisation must govern the delegated action chain, not just the customer login. That changes the control surface from session authentication to authorization scope, policy enforcement, and accountability for machine-initiated commerce. Practitioners should treat this as a new identity governance boundary, not an incremental ecommerce feature.
A question worth separating out:
Q: Who is accountable when an AI agent makes an unauthorised purchase?
A: Accountability should be shared across the merchant, the platform exposing the agent workflow, and the organisation that allowed the delegation. The practical test is whether the scope of the agent’s authority was defined, monitored, and revocable. If those controls were absent, responsibility cannot be pushed solely onto downstream fraud detection.
👉 Read our full editorial: Agentic commerce will reshape fraud and merchant control online