TL;DR: Agentic commerce is creating a “signal blackout” for traditional fraud controls because AI agents can shop from data centres without the IP, device, or cookie signals merchants rely on, while consumer trust and fraud patterns vary sharply by age group, according to Signifyd. The governance challenge is no longer only fraud detection, but deciding how to authorise, inspect, and differentiate legitimate delegated activity from automation abuse.
NHIMG editorial — based on content published by Signifyd: MRC Vegas: What the future of fraud looks like
By the numbers:
- Gen Z consumers show 63% willingness to trust AI agents for shopping, compared with 72% of Millennials and less than 20% of people over 55.
Questions worth separating out
Q: What breaks when fraud controls are built only for human browsing sessions?
A: Fraud controls built only for human browsing sessions lose critical context when AI agents act on behalf of customers.
Q: Why do AI agents complicate fraud and identity governance?
A: AI agents complicate governance because they can act with delegated authority while lacking the stable user-session signals that older controls assume.
Q: How do security and fraud teams know whether agentic commerce controls are working?
A: They should measure both fraud loss and customer friction.
Practitioner guidance
- Define delegation scopes for AI shopping flows Specify which actions an agent may take, what purchase thresholds apply, and when human confirmation is required for cart finalisation or payment submission.
- Replace browser-only trust checks with delegated-context signals Supplement IP, device, and cookie signals with authorisation metadata, task scope, and revocation state so legitimate agent activity is not treated as generic automation.
- Create review paths for ambiguous agent-driven orders Route uncertain transactions into analyst or customer-confirmation workflows before approval decisions become final, especially where intent and behaviour do not align.
What's in the full article
Signifyd's full post covers the operational detail this post intentionally leaves for the source:
- How Signifyd describes agentic commerce workflows from discovery through checkout and where merchant controls start to fail
- The specific guidance shared by Greg Smith and Varun Kumar on getting started with agent-involved transactions
- How the report frames profit not captured, dark pool testing, and model stack ranking for operational use
- The fraud team collaboration patterns discussed for ticketing, hospitality, and entertainment environments
👉 Read Signifyd's analysis of MRC Vegas and the future of fraud prevention →
Agentic commerce and the fraud signal gap: what should teams do?
Explore further
Agentic commerce creates a trust boundary problem, not just a fraud problem. The article shows that AI agents can complete commerce actions while stripping away the device and session signals that fraud systems were built to interpret. That means the real governance question is who or what is authorised to act, under what delegation, and with what audit trail. Practitioners should treat delegated commerce as an identity and authorisation control surface, not as a purely payments issue.
A question worth separating out:
Q: Who should be accountable for AI agent shopping risk?
A: Accountability should sit across identity, fraud, and commerce risk, but one team must own the policy. Agentic shopping crosses traditional boundaries, so unclear ownership creates gaps in approval logic, telemetry, and incident response. The right model is shared execution with named accountability for delegation rules, exception handling, and customer-impact decisions.
👉 Read our full editorial: Agentic commerce is exposing fraud teams to a new signal gap