As AI business agents remove friction from online commerce, they are also erasing the behavioral signals that retailers rely on to detect fraud – creating a visibility gap that could trigger the biggest wave of friendly fraud since e-commerce began.
According to Kevin King, vice president of credit risk at LexisNexis Risk Solutions, friendly fraud is the fastest growing threat that retailers are not seeing. Agency shopping turns this blind spot into a prevention nightmare.
Friendly fraud, also known as first-party abuse, has become a global crisis, now accounting for approximately 75% of all chargebacks and costing merchants an estimated $132 billion annually. Agency shopping is becoming a black box that could push those numbers even higher.
“This moment reflects the early days of e-commerce, when fraud trumped security,” Conrad Kennington, vice president of AI at digital risk management platform Accertify, told the E-Commerce Times.
Friendly fraud leads to a double retail crisis
Some business experts say customer fraud, in which customers challenge legitimate transactions, is now the top global fraud category. Others are urging digital security teams to rethink what prevention actually looks like, leveraging identity insights, behavioral analytics, stronger proof of contention, and smarter issuer-merchant collaboration.
E-commerce experts suggest that the chain of responsibility for these disputes is quite unclear. The biggest problem is data loss. Every stage of digital commerce has removed fraud signals. Proxy transactions reduce this visibility to almost zero.
But Kennington noted that if purchases are made using one-time tokens without behavioral context, fraud teams could be left to assess risk based on a single data point: the shipping address.
He explained that historical context is critical to friendly deception. A customer with years of clean behavior then questions a single purchase and subsequently reverts to normal behavior, possibly making a random purchase prompted by an agent or a child.
“A customer whose behavior turns bad and stays bad is more indicative of intentional first-party abuse. First-time offenders are the hardest to detect because there’s no baseline of behavior yet,” he said.
Why Agentic Shopping leaves no fraud trail
Unlike human shoppers or fraudsters, AI agents will make purchases with almost no trace. AI shopping assistants require no browser data, no device signals, no form fields, and often no memory from the consumer who delegated the task.
Security experts warn that this autonomous freedom opens the door to both widespread abuse by fraudsters and a wave of friendly scams, where people challenge allegations made by agents they’ve forgotten or accidentally activated by a child.
Kennington reasoned that retailers need a world in which autonomous agents must authenticate themselves before making a transaction. He countered that this problem is largely solved for humans.
“For example, we now authenticate using multi-factor authentication and access keys. The agent ecosystem must catch up to the same standard,” he urged.
How identity data replaces lost fraud signals
According to Andy Mortland, vice president of product and development at Accertify, autonomous agents are reducing traditional telemetry. Still, marketers can gain meaningful and actionable identity information.
“The order form itself continues to contain valuable data: payer name, email, payment method, SKU patterns, and any information associated with delivery or fulfillment. These data points help provide context for assessing whether a transaction reflects legitimate purchasing behavior or an increased risk of fraud,” he told the E-Commerce Times.
In his view, historical context remains one of the strongest indicators of the legitimacy of a transaction. A shopper’s long-term reputation, including purchase history, dispute behavior, fulfillment outcomes, and return or refund patterns, is highly predictive and unaffected by the disappearance of browser-level signals.
Plus, Accertify can already distinguish between bots and humans, so that’s not a problem, Kennington added. The real question is how to tell the good bots from the bad ones.
“In this context, behavioral analytics is less about page scrolling gestures and more about long-term historical transaction patterns, such as prior purchase patterns, average spend, category consistency and dispute outcomes, rather than session-level behavioral signals,” he said.
For example, if someone who reliably shops at a low- to mid-price retailer suddenly buys a luxury watch, this anomaly matters regardless of whether the transaction was initiated by a human or an agent.
Why Legacy Fraud Tools Miss Friendly Fraud
According to Jeffrey Feinstein, global head of data science at LexisNexis Risk Solutions, fraud has historically targeted types of third parties that are easier to predict due to identity anomalies. In order to succeed, fraudsters need to control at least one element of identity – such as a phone number, email address, device or address.
“This creates a signal of identity change that is easier for lenders to prevent with notifications and alerts, such as notifying consumers of a change of address, which is easier for data providers to identify based on the data signal,” he told the E-Commerce Times.
In comparison, first-party fraud comes in at least three varieties, each with its own warning signs. First, consumers engage in fraudulent transactions under their own identities. The second type is synthetic identities created by another person to commit fraud on the first party on behalf of the synthetic identity. The third is fraudulent or mule behavior, in which a third party persuades consumers to engage in a transaction that is not in their best interest.
Feinstein noted that cybersecurity teams often don’t divide fraud as cleanly into categories like first, third and synthetic fraud. They don’t want to create a walled set of criteria.
“Fraudsters don’t specialize in specific tactics. They think creatively about how to steal funds from institutions. They use different tools to avoid classification,” he offered, adding that by focusing on anomalies using broader definitions, besides that classic definitions, can often classify fraud more completely.
Risks of fraud that no one can quantify
Feinstein deviated from a discussion of how fraud litigation contaminates the financial system beyond the merchant. It is clear that the continued increase in consumer fraud is impacting credit files, issuer risk models and lending decisions. This risk is still significantly underestimated.
“This is a dangerous question because if I answered it, I would be informing fraudsters how to commit fraud,” he replied.
Feinstein added that information gaps can ultimately be empowering for fraudsters. This is why LexisNexis Risk Solutions encourages its customers to provide as much information as possible to confirm transaction information.
When shoppers forget their AI bought something
Retail experts are predicting a wave of disputes from consumers who forget they authorized a representative to make a purchase. This will require new forms of compelling evidence to prove that a consumer has delegated a task to an AI.
Accertify’s Kennington agreed with this sentiment. Several groups are developing protocols for obtaining payment information, he revealed. However, most do not yet consider the implications of the risk of fraud.
He emphasized that payment networks will eventually need to agree on a single protocol for matching merchants with buyers. For example, with a one-time token, if there is a dispute, the token can show that the person authorized the agent to make the purchase.
“It’s important for Accertify that we actively engage with industry groups to help shape what these new evidence standards will look like,” he said.
Mark Michelon, president of Accertify, further confirmed that his company’s technology is helping to address fraud issues.
“Data at scale from the Accertify Consortium helps merchants spot the truly fraudulent or abusive so they can precisely target interventions and avoid these draconian, trust-damaging rules,” he told the E-Commerce Times.