
The Agentic Era: Visa’s OpenAI Partnership, VAMP Pitfalls, and the Threat of Cloned Sites

Welcome back to Fraudology.
In this solo episode, I’m diving into agentic e-commerce, and specifically what happens when AI shopping agents start making purchases on behalf of consumers. This is one of those topics that sounded very future-looking for a while. There were conference panels, a lot of big predictions, and plenty of “this is coming someday” conversations, but not a lot that fraud teams could actually do anything with yet.
That changed when Visa and OpenAI announced a partnership to build payment infrastructure for AI commerce. Once Visa payment capabilities start being integrated into OpenAI experiences, and once ChatGPT shopping and AI-initiated transactions become more real, merchants are going to need to understand the fraud, chargeback, liability, and operational risks that come with this new channel.
And that is where I think we need to slow down and ask some very practical questions. Who is liable when an AI agent makes a mistake? What happens when a cardholder authorized the agent, but the agent bought the wrong thing? How does a merchant prove that a transaction was not fraudulent when the cardholder was one step removed from the checkout? And what happens to VAMP fraud monitoring when agentic e-commerce chargebacks and TC40 fraud start showing up in ways the current system was not designed to handle?
This episode is really about two risks that are already starting to show up. First, agentic e-commerce liability and CNP chargeback liability are not ready for the way AI shopping agents will behave. Second, cloned websites fraud and AI search shopping scams could create a new wave of customer service headaches, TC40 issues, and merchant risk management problems for enterprise e-commerce teams.
What you’ll hear in this episode:
- Why Visa’s OpenAI partnership makes agentic e-commerce feel much more real for merchants.
- How AI shopping agents could create new CNP chargeback liability and friendly fraud chargebacks.
- Why merchants may struggle to use compelling evidence 3.0 when the cardholder directed an agent instead of completing the purchase themselves.
- Why agentic e-commerce liability needs a new framework before losses scale.
- How cloned websites fraud and online shopping scams could get worse when AI agents search for the lowest price.
- Why TC40 fraud and VAMP fraud monitoring may become a major issue for large retailers.
- What fraud leaders should start asking acquirers, card brands, customer service teams, and IT teams right now.
You should listen to this episode if you:
- Work in merchant fraud prevention or e-commerce fraud prevention and need to understand where AI agent commerce is heading.
- Are responsible for chargebacks, VAMP monitoring, TC40 review, or CNP fraud strategy.
- Work at a bank, issuer, card brand, or payment company and want to understand why merchants are worried.
- Are trying to figure out how agentic checkout, AI payments, and agentic payments may change fraud operations.
- Want a practical fraud perspective on ChatGPT commerce, AI search shopping scams, and clone site risk.
Episode notes & key takeaways
Agentic e-commerce is no longer just a future-looking conversation
For a while, agentic commerce felt like one of those topics everyone was talking about, but nobody could really point to what fraud teams needed to do next. There were a lot of predictions and a lot of theoretical conversations, but very few operational takeaways.
The Visa and OpenAI announcement changed that for me.
When Visa says its payment capabilities will be integrated into OpenAI experiences, and when ChatGPT commerce starts moving closer to actual AI-initiated transactions, this becomes something merchants need to take seriously. It does not mean every consumer will start using AI shopping agents tomorrow. But it does mean the rails are being built, and once the rails are built, fraud and chargeback issues usually show up very quickly.
The reason this matters for agentic e-commerce is that AI agents do not behave exactly like humans and they do not behave exactly like traditional bots either. They can be directed by a consumer, adapt to instructions, search across websites, compare prices, and complete a purchase. That creates a new layer between the cardholder and the merchant.
The current chargeback system is not ready for AI shopping agents
One of my biggest concerns with agentic e-commerce is that the current chargeback framework was not built for it. Right now, if a transaction is card-not-present, liability generally falls on the merchant. That may make sense in certain traditional CNP fraud scenarios, but it gets much messier when an AI agent is acting on behalf of a real cardholder.
If the cardholder tells an agent to buy two items and the agent buys 20, what exactly was the merchant supposed to do? If the agent books the wrong flight, chooses the wrong product, or misunderstands the user’s instructions, how would the merchant have known that at the time of purchase? Unless the merchant has superpowers or a psychic sitting next to the fraud team, there may be no practical way to detect that this is going to become a dispute.
That is why agentic e-commerce chargebacks are so concerning.
The merchant may receive a dispute where the cardholder says they directed the agent, but they changed their mind or the agent made the wrong purchase. That does not neatly fit the current fraud, friendly fraud, or compelling evidence 3.0 workflows. And if the merchant cannot meet the existing representment requirements, they lose the funds even if the purchase was initiated by an agent the cardholder authorized.
That is the liability gap.
And unless the card brands, agentic platforms, and payment networks create a clearer structure for AI purchase liability, merchants are going to be left holding losses they could not reasonably prevent.
VAMP exposure makes agentic e-commerce even riskier for merchants
This is not only about losing individual chargebacks. The larger concern is what these disputes could do to VAMP fraud monitoring.
VAMP is already a serious issue for merchants. Chargebacks and TC40s can create real financial exposure, and there is not the same kind of grace period merchants may have been used to under prior Visa monitoring programs. Once a merchant crosses the threshold, the fines and fees can add up fast.
Now layer agentic e-commerce on top of that.
If AI shopping agents create more disputes, even for transactions where the merchant did nothing wrong, those chargebacks can still count against the merchant. If agentic transactions are not clearly identified in the payment flow, merchants may not be able to separate those transactions into a different risk bucket. And if there is no new liability shift or representment process for AI-initiated transactions, the merchant is absorbing risk from a channel they may not even be able to identify.
That is the part that needs attention now.
Visa, Mastercard, OpenAI, and any other AI commerce platform need to think through the merchant side of this before these losses scale. If the agentic platform makes the mistake, or if the consumer authorized the agent and then disputes the result, it does not make sense for the merchant to automatically carry the financial liability.
The chargeback system has never been perfectly fair. But this is a new channel, and new channels need new rules.
Merchants need a way to identify agentic transactions
Another issue is visibility. Right now, most merchants do not have a reliable way to tell whether a transaction was placed by a human, a bot, or an AI shopping agent.
If you cannot identify the transaction type, you cannot build a different risk strategy around it. You cannot route it differently. You cannot measure the chargeback rate. You cannot test whether agentic checkout behaves differently from mobile checkout or web checkout. You cannot separate agentic payments from normal e-commerce transactions. And you cannot create a strong merchant fraud prevention strategy around a channel you cannot see.
Some newer vendors are starting to work on AI agent detection, but most merchants using legacy tools do not have a clean way to identify agentic transactions. Timing alone may not help because these AI agents can mimic consumer behavior. Device signals may not be obvious because agents may use real device IDs or emulators. And the payment flow itself may not yet tell merchants that the transaction came from an agent.
That is why I think we may eventually need to think about agentic commerce as its own channel.
We already think about web and mobile differently. Agentic e-commerce may need the same treatment. AI agents may need a different checkout flow, a different risk flow, and a different set of signals because they do not interact with websites the same way humans do. They may hallucinate where a button is. They may misunderstand a page. They may choose the wrong product. They may follow a path that makes sense to a machine but not to a merchant’s current fraud controls.
Until merchants can identify the channel, they are going to be stuck trying to manage agentic risk with tools that were built for a different world.
Clone sites may become a bigger problem because AI agents are trained to find the best deal
The second big risk in this episode is cloned websites fraud.
Fraudsters have always loved fake retail sites, fake merchant websites, and phishing websites. That is not new. What is changing is how easy it is to clone a website and make it look functional. AI can help fraudsters duplicate product pages, images, checkout experiences, and brand presentation much faster than before.
Now combine that with AI shopping agents.
If a consumer tells an AI agent to find the best deal on a product, what is the agent optimizing for? Often, it is price. And fake retail websites are very good at offering the best price because they are not actually trying to deliver the real product. They are trying to steal card data, harvest personal information, process a fraudulent transaction, or redirect the buyer into a scam.
That creates a very obvious problem.
An AI agent may find what looks like the lowest-price version of a product and send the consumer to a cloned site. The consumer may trust it because the AI tool recommended it. The site may look legitimate. The price may look amazing. And the customer may believe they purchased from the real merchant.
Then the product never arrives, or the customer receives a fake product, or their card information is compromised.
And who hears about it first? Often, the real merchant’s customer service team.
Even if the merchant did not process the transaction and did not receive the funds, the customer may still believe they bought from that merchant. That creates operational cost, customer frustration, brand damage, and another fraud problem the merchant has to help untangle.
TC40 fraud and fake descriptors can create VAMP problems even when the sale was not yours
The clone site problem is not only a customer service issue. It can also become a TC40 and VAMP issue.
TC40s are tied to descriptors, not just the merchant ID. That means if a fraudulent merchant uses a descriptor that looks like a major retailer’s name with extra words, numbers, or modifiers attached, the legitimate merchant may see TC40 activity that does not actually belong to them.
That is a major problem for large retailers.
If a fake site uses a descriptor that starts with a real brand name, the legitimate merchant may have to identify those transactions and prove they are not theirs. In a VAMP environment, that timing matters. Merchants need to know how quickly their acquirer will notify them if they are on the VAMP list because the clock may start when the acquirer is notified, not when the merchant finally hears about it.
That means merchants need to be proactive.
If you are responsible for VAMP fraud monitoring, talk to your acquirer now. Ask how quickly you will be notified. Ask what TC40 data you will receive. Ask whether you will have enough detail to identify fraudulent descriptors. Ask what the process is for removing transactions that do not belong to your merchant ID.
Because if agentic e-commerce drives more AI search shopping scams and clone site traffic, merchants may see more noise in their TC40 data. And if that noise is not removed quickly, it can become expensive.
Customer service, IT, and fraud teams need to prepare together
One of the most practical takeaways from this episode is that this cannot sit only with the fraud team.
If agentic e-commerce and cloned websites fraud become a bigger issue, customer service teams need to know what they are looking at. They may start hearing from customers who insist they ordered from your website, but there is no order in your system. That is confusing for the customer and frustrating for the support team if nobody has explained the clone site problem in advance.
IT teams also need to be part of the conversation because fake websites may need to be reported, escalated, and taken down through DNS or hosting channels. Legal, brand protection, fraud, customer service, and security may all need to coordinate quickly.
And the customer communication piece matters too.
Merchants may need to remind customers to go directly to the official website or app, especially during high-volume shopping periods, product drops, and holiday seasons. That message cannot fix the entire problem, but it can reduce some of the exposure.
This is where merchant risk management has to become cross-functional. Agentic e-commerce is not just a fraud issue. It touches payments, chargebacks, customer service, brand protection, IT, legal, and the customer experience.
Final takeaway:
Agentic e-commerce is moving from theory to infrastructure. And once infrastructure exists, fraud follows.
Visa’s OpenAI partnership may help make AI-powered commerce easier and more scalable, but it also raises serious questions about agentic e-commerce liability, AI purchase liability, CNP chargeback liability, and merchant exposure under VAMP. At the same time, AI search shopping scams and cloned websites fraud could send AI shopping agents toward fake retail sites that look legitimate, offer great prices, and create real damage for consumers and merchants.
So if you are a merchant fraud leader, now is the time to start asking uncomfortable questions. Can you identify agentic transactions? Can you separate agentic payments from normal web and mobile activity? Do your chargeback teams know how to handle agentic e-commerce chargebacks? Does your acquirer notify you fast enough if VAMP issues show up? Can your team identify fake descriptors in TC40 data? Does customer service know what to do when someone calls about an order that does not exist?
Because this channel is coming. The question is whether merchants, issuers, acquirers, card brands, and AI platforms are going to build the rules before the losses scale, or after.
Episode resources & links:
Connect with Karisse Hendrick | LinkedIn
- Host of the Fraudology Podcast
- Award-Winning Cyberfraud Expert
- Ecommerce Fraud Prevention Consultant
- Startup Advisor, Keynote Speaker, and
- Consultant to Fortune 500 merchants





















