TL;DR: Retail fraud losses reached just over $56 billion in 2024 and are projected to hit $131 billion by 2030, while Signifyd says 13% of shoppers will not return after one false decline and 82% will not tolerate more than two bad experiences. Precision, context and identity-aware decisioning now matter as much as fraud blocking.
NHIMG editorial — based on content published by Signifyd: Retail Fraud Prevention: 2026 Guide to Stop Ecommerce Losses
By the numbers:
- Juniper Research found that global ecommerce fraud losses hit just over $56 billion at the end of last year, and they’re expected to reach $131 billion by 2030.
- Signifyd found that 13% of shoppers won’t shop with a retailer again after one bad experience, i.e. being mistakenly turned away, and 82% won’t tolerate more than two poor experiences.
- LexisNexis found that U.S. merchants lose an average of $4.61 for every $1 of fraud.
Questions worth separating out
Q: How should security teams handle trust assumptions when customers use AI shopping agents?
A: Treat the agent as a delegated identity with a limited scope, not as a harmless interface.
Q: Why do retail fraud systems need identity context as well as transaction signals?
A: Because the same checkout pattern can mean different things in different contexts.
Q: What breaks when fraud controls are too strict in ecommerce?
A: Retailers start blocking good customers, increasing support load, reducing repeat purchase rates and damaging lifetime value.
Practitioner guidance
- Define delegated-agent trust boundaries Map every customer-facing AI agent to a named owner, explicit action scope, expiry rules and revocation path so delegated trust cannot persist indefinitely.
- Measure false decline cost alongside fraud loss Track approval rate, chargeback rate, appeal volume, repeat purchase loss and manual review time together so risk policy reflects revenue impact, not just blocked transactions.
- Add context to risk scoring Incorporate SKU sensitivity, seasonality, buyer history and channel behaviour into decisioning so unusual but valid purchases are not treated the same as clear abuse.
What's in the full article
Signifyd's full guide covers the operational detail this post intentionally leaves for the source:
- The retail-specific model design details behind SKU-level scoring, seasonal signals and buyer-pattern analysis.
- The practical comparison between generic fraud rules and commerce-context models for approval-rate tuning.
- The provider evaluation checklist for teams that need to assess machine learning refresh cycles and financial guarantees.
- The examples of how false positives affect CLTV, manual review load and customer support operations.
👉 Read Signifyd's guide to retail fraud prevention and AI agent takeover risk →
Retail fraud prevention and AI agent takeover fraud: are controls keeping up?
Explore further
AI agent takeover fraud creates a new governance problem because the trusted actor is no longer always human. Retail fraud teams have long modelled customer accounts, payment credentials and device reputation, but delegated agents change the boundary of who or what is acting on the customer’s behalf. That means identity governance has to extend into consent scope, delegation lifecycle and revocation. Practitioners should treat AI shopping agents as governed non-human identities, not as a simple checkout feature.
A question worth separating out:
Q: Who is accountable when delegated AI agents make unauthorised purchases?
A: Accountability should sit with the merchant for control design, the platform for permission governance and the customer only within the scope they explicitly granted. If the delegation model is unclear, organisations will struggle to determine whether the failure was trust scope, revocation delay or insufficient monitoring.
👉 Read our full editorial: Retail fraud prevention needs identity-aware context, not blunt rules