TL;DR: Retailers are moving conversational commerce into AI-driven discovery, checkout, and support, but external platforms still lack access to product, inventory, and customer context, according to Riskified. The identity question is no longer whether AI can sell, but whether merchants can keep decision authority, customer trust, and abuse controls inside their own environment.
NHIMG editorial — based on content published by Riskified: conversational commerce and merchant-side AI for customer decisions
Questions worth separating out
Q: How should retailers govern AI agents that handle refunds and returns?
A: Retailers should govern refund and return agents as decisioning identities with bounded authority.
Q: Why do external AI platforms create governance risk in conversational commerce?
A: External platforms can improve discovery, but they usually lack the merchant’s proprietary inventory, catalog, and customer-history context.
Q: What breaks when AI agents issue customer service decisions without risk context?
A: Without risk context, an agent cannot reliably tell a loyal customer from a repeat abuser, so it will either approve too much or block too aggressively.
Practitioner guidance
- Classify merchant AI as a decisioning identity Map every conversational commerce use case to the data, policy, and transaction rights the agent can touch.
- Insert identity intelligence at the moment of action Feed real-time risk and behavioural context into refund, return, and claims workflows before the agent finalises a decision.
- Define blast-radius limits for AI-mediated service flows Set hard policy boundaries for refunds, credits, escalations, and exceptions so a single automated decision cannot create outsized financial or trust impact.
What's in the full article
Riskified's full analysis covers the operational detail this post intentionally leaves for the source:
- How its identity intelligence is applied inside customer service workflows at the moment of refund or high-risk request
- How cross-merchant behavioural signals are correlated when no single shared customer key exists
- How merchants can use AI agents for discovery while preserving control of the customer relationship
- How real-time scoring changes handling for trusted customers versus serial abusers
👉 Read Riskified's analysis of merchant-side AI in conversational commerce →
Conversational commerce and merchant-side AI: what changes for identity?
Explore further
Merchant AI turns conversational commerce into an identity governance problem, not just a customer-experience feature. The article is really about where trust and decision authority live when an AI agent can influence purchase and post-purchase outcomes. Once the agent is given customer context and action rights, access control, policy enforcement, and data minimisation become the real design variables. Practitioners should govern the agent as a decisioning identity, not as a front-end chatbot.
A few things that frame the scale:
- While 71% of IT teams have been advised on AI agent data access, only 47% of compliance teams, 39% of legal teams, and 34% of executives have the same visibility, according to AI Agents: The New Attack Surface report.
- That visibility gap matters because 80% of organisations report AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, sharing sensitive data, and revealing access credentials.
A question worth separating out:
Q: Should organisations keep conversational AI inside their own environment?
A: Where the AI is making or influencing high-stakes commercial decisions, keeping it inside the merchant environment usually preserves better governance and clearer accountability. External platforms can still support discovery, but the business should retain the decision path, the supporting signals, and the ability to enforce policy at runtime.
👉 Read our full editorial: Conversational commerce shifts identity control to merchant-side AI