Agentic Commerce: The Fraud Hotbed No One’s Ready For

What's up fraud fighters? Welcome back to Fraud Forward. Today we're talking about something that sounds futuristic, but is going to become operational reality faster than most fraud teams can update a policy. Agentic commerce. Now, even when I first heard it, I was like, I don't think that probably pertains to us in FIs, but it definitely does. So AI agents, they don't just recommend, right? They act, they shop, they route, they pay, they retry, they optimize, and they do it at machine speed. And that's why today's guest is perfect for this conversation because he's not buying the hype. He's asking the uncomfortable questions fraud teams actually need to ask. Chen Zamir is a fraud strategy advisor who helps fintechs make strategic decisions about fraud. And he recently dropped a LinkedIn post that hit me right in the, no, he's right, part of my brain, especially the line about OTP being sent while you sleep. Welcome to Fraud Forward. Before we dive in, tell our audience who you are, what you do, and why agentic commerce has you concerned.

Thank you very much for this intro, Hailey. And great job on pronouncing my name. It's one of the better ones I've heard. So as you said, my name is Chen Zamir. I'm the head of fraud strategy at Sardine. And I'm also the founder at Native Risk, which is a fraud strategy consulting firm that works with fintechs. And yeah, agentic commerce has been around for probably a year on the headlines and I haven't paid too much attention to it because for me it was always this, as you said, futuristic thing that when it would arrive, we would understand how it looks for real and what to do about it. But recently I started to think more and more about it, unstructuring the vagueness or the perceived vagueness that comes with this new flow or set of products. And yeah, that was what led me to write that LinkedIn post just a week or two ago.

I'm so glad you did. It definitely set the stage for this conversation. And especially with the one sentence that should scare everyone, it definitely made me pause, but it was, agentic commerce will be a fraud hotbed. So I'd love to unpack why. And we'll start with, of course, making sure that we're all talking about the same thing, and then we'll get into where it breaks. So when you say agentic commerce, what is it in practical terms, not marketing terms?

Yeah, so agentic commerce is a loose term that is supposed to describe payment flows where the initiator of the payment or the checkout is an AI agent rather than a real human user. And it's important to note that this can come in two flavors. There is one flavor that we see most of the agentic commerce volume or traffic that we see today actually comes from this flavor. And that is that the checkout is done through an API or an MCP. What's an MCP? It's basically a form of a protocol that allows AI agents to connect and to interface with websites such as e-commerce websites. And so the transaction in the end looks like an API call. It's very structured. This is mostly what we see today. But what we are expecting to see in the near future, what we mostly mean when we speak about agentic commerce, are actual AI agents that operate within your browser and they don't send out API calls, but they actually mimic you as a human user. So they would click on buttons and they would pick the product and they would click on pay now or buy now or checkout now and place a transaction exactly like a human user would. So not different. And these two flavors obviously look differently. But both of them are called today agentic commerce. I would say another thing, going back to the scary part, right? When I say that agentic commerce would be a fraud hotbed, and I don't want to take that back or walk down from that hill, I don't necessarily mean that as a threat or to sound alarmist. I think this is to be expected. Agentic commerce is going to be a new financial product or a new product that touches financial instruments. And by definition, such products, when they are released, they attract a lot of fraudsters. They have a lot of built-in vulnerabilities, which is a given because no one really used them outside of the lab. No one really used them in the field in real life. And so there are still a lot of loopholes and back doors and we should expect like any other new financial product that once it is live, it's going to get attacked and it's going to get tested and it's going to get stressed. And it's fine. Our job as fraud fighters is to match that.

100%. So I have a couple of questions. So what we're talking about in a real world scenario is if I set up in whichever platform I want to use, if I'm wanting to make this where it will go ahead and automatically shop for me, I fill in my sizes, I tell them what I'm looking for. Or if it's a particular product or something like if I say to my Alexa to buy me some laundry detergent. Is that what we're talking about where it's gonna automatically do it without me actually hitting the button? Is it a little bit deeper than that? Is it shopping around at different stores? And then the reason why I'm asking that is because this is a big shift for fraud teams, right? It's autonomy, it's speed, it's volume, it's diffused accountability. It is scary. So, I mean, I know you don't want to scare, but I'm scared.

Yeah, it's a new world, definitely. Here again, agentic commerce can come in flavors. The first one is human in the loop flows. Human in the loop flows means that I'm going to prompt my AI agent, through talking to Alexa or writing a prompt on my ChatGPT app, I'm going to prompt the agent to buy something for me. And what the agent would do is probably to discover on the web what are the places to buy these things and maybe do some comparisons and find the best deal or the best option or the shop that would ship it the fastest, whatever is important for me, and would present me this transaction and ask me to approve it and allow the user to basically consent to this transaction. And here, we do expect the human to look at something. And probably that would be the actual basket, a URL, maybe even going into the web shop themselves. But there is also another flow, and that is the one where the agent fulfills the transaction without asking you, without prompting the human to give consent. And these, of course, are for us from a prevention perspective, are much more risky because there can be a lot of different things that can happen without the human checking the basic fundamentals. But on the other hand, that's exactly the experience that we want to live. For example, I know that my favorite band is performing at my city and the ticket sale is about to open at a certain time and I would be on the airplane at that time. I want the agent to buy that for me. That's a classic agentic commerce use case. And I won't be able, even if I want to, to consent to approve this transaction. So this second flow is what would change the paradigm for us.

It definitely will. And I love how you were breaking down even the flow of it, right? You've got checkout or account creation, payment initiation, and then support and dispute. So we are seeing that those parts of the flow will change. It's just which one will change first, right? And I guess it's also depending on the consumer and what accounts they set up. But I'd love to talk through, in your view, what are the first three fraud typologies that will spike as agents become common?

Yeah, it's a good question. And somehow I feel that these typologies would match the typologies that we already see spiking today. I don't want to say powered by AI, because that's an overused term, but maybe riding on agentic commerce. So I think the first one is going to be ATO. Specifically in agentic commerce we present a new actor into the full transaction flow and that is the AI app or the AI provider. So this can be ChatGPT, this can be Claude, this can be Perplexity and so on. These apps would in the end contain the identity and the funding instrument information. That doesn't necessarily mean that they would contain the full credit card number. It might be just a token that they get from the PSP or the wallet that they connect. But basically, the user would initiate a payment using the details that are held within this app. So that means that after I've done all my verification as a user on that app, of course someone can take over my account. And exactly as they can take over my bank account or my wallet account or whatever. And once something like that happens, merchants would have zero idea that it happens. From their perspective, it's an AI agent that arrives to their web shop and they are now placing a transaction and they have no idea or no capability to assess whether this can be an ATO attack or not. So this is, I think, the first major threat that I'm seeing. And I would put in parentheses also the fact that with all due respect to ChatGPT and Anthropic and so on, these are not financial institutions that are security first, compliance first type of organizations, right? So managing identities, managing financial instruments, managing the security of these environments is something that's, let's say it like that, it's new for them. So there are vulnerabilities here. So this would be the first type of typology that I would think about. The second one would be scams. And specifically, I'm thinking about it like that. When we are thinking about agentic commerce and agents placing transactions for us humans, you got to think, when would we see the first website, the first e-commerce shops that are optimized for AI agents versus humans? How would they look? How would their UI look? How would their UX look? It would probably look differently. I don't know how, right? I'm very curious and anxious to know, but I don't know. At the same time, you must wonder if I'm a fraudster and I want to fool AI agents. How would they do that? Us humans, when we go on a fake website of a merchant, a spoofed website, or even a complete scam, right? A merchant that is a complete scam, us as humans, can many times smell it. It would be a bit hard for us to fall for something like that. I'm not sure how resistant or resilient AI agents would be to these threats. We suddenly imagine that these agents need not only to be great shopping assistants, but they should also be themselves a great risk analyst, right? Themselves, they should be able to go on a webshop and say this looks a bit funky to me, so I'm gonna stop here. And I'm not sure that they're going to do a great job at that, at least for starters.

I 100% agree with that. I'll pause you one second just to say, I was featured on a podcast and quoted in a document fraud report for 2026. And I said, I can't find the exact quote right now, but I basically said AI doesn't have a gut. They are not going to have that trust your gut instinct, right? To say, oh, something feels a little off. Yeah, we're going to be able to pick and choose and see the different analytics or whatever. Yeah, this page might seem off, but it's a gut instinct that usually is what prevents anybody from falling for a scam. It's not because we know things, it's just a gut reaction of, something does seem a little off. That's usually the only thing that will stop a scam.

Yeah. How easy it would be for an agent to say to the user, this price looks suspiciously low or this shipping date looks suspiciously fast. I don't think it's going to be that easy for them. And I think that fraudsters would know how to manipulate agents to fall to these honeypot traps. So that's a second type of threat that I'm seeing here. The third one, again, just going with what we're seeing in the industry as a whole, first party fraud. And what do I mean by that? I think that today already we see, especially in economic downturn and so on, we see that phenomenons like buyer remorse they manifest as return fraud, refund fraud, chargeback fraud and so on. And now when you put agentic commerce into that there's this question of accountability, ownership, intent, authorization and when you match that all with hallucinations and the fact that we know that AI has from time to time hallucinations, you can expect a lot of agent mistakes and a lot of, I didn't do that and so on. So that's one thing. And I don't think that is fraud. I think that is a built-in feature, not a bug. And this is something that merchants will need to understand how to deal with agent mistakes. What I'm talking about is something a bit different. What I'm talking about is the fact that agent mistakes do exist. When it's a known phenomenon, it is also an outlet for me as an opportunistic fraudster to say, no, I didn't mean to buy that, my agent got confused and yeah, that's not on me. And I don't know exactly how it would manifest. I think we will need to see how e-commerce merchants terms and conditions would cater to agentic commerce, we'll need to look at how the schemes would look at agentic commerce disputes. The regulator, there are so many question marks here, but I would not be surprised if we would see a huge chunk of chargeback fraud migrating to agentic commerce.

That all tracks. It's definitely something that I have thought about. We have dispute abuse all the time that comes through financial institutions as well. I love how you said buyer's remorse. I can't tell you how many dispute or chargeback cases I worked whenever I was doing regulated disputes where it was right after Christmas and somebody was doing a return, but they weren't doing a return. They were calling it fraud. And it was like, come on. You know you bought that expensive bag that you didn't need to, but okay, we'll go through the process because you're claiming fraud. So yeah, definitely can see where that will be a problem for merchants, the acquirer side and the issuer side. We're both going to have an uptick in cases that we have to work. It's so frustrating. But yeah, definitely agree. There was something else you said in that post that I wanted to ask specifically about, what do you mean by you don't buy the secure systems hype? What do you think is the most dangerous assumption that you're seeing?

Yeah, I think what we're seeing in the market or in the space is that a lot of large actors are coming out with security protocols. Visa has their own agentic commerce protocol. MasterCard, Google, now Cloudflare is working on a protocol. So there are a lot of different protocols out there that aim to standardize and secure agentic commerce. And that's great. That's great. That's the very minimum that we should expect. And the idea behind these protocols, I think there are some features around making sure that hallucinations don't go completely out of control, but I don't think that it would abolish them. But the main part is making sure that the agents themselves are secure. And when an agent comes to my shop, I have very high confidence that it really represents this legitimate buyer, that it would be very hard to spoof. And today, that's by the way not the case. Today, it can be, with some of the AI providers, very easy to spoof AI agents. But the point is that, A, we know that every system, every verification system is in the end vulnerable. It is hackable. We see that today. We see that in identity verification, bank verification, KYC, 2FA, 3D secure. All the systems that we have in place, none of them are immune to fraud. But let's put all of that aside. Let's say, the 2% most advanced, sophisticated fraudster, the organized crime rings, the state actors, they will know how to bypass even these protocols. I don't think it matters because, as I said, these protocols, they aim to show that this agent belongs to that user. The three MOs, the three typologies that we just discussed, it wouldn't change anything. You can still, your agent can still fall for a scammy website. Your account can still get ATO'd and your agent would be, the agent itself is not spoofed, your account is spoofed. And first party fraudsters obviously own their agents and own their accounts. So I do think that there is a lot of different ways for fraudsters to monetize around agentic commerce and in general, right? This is not a new notion. This is how they behave today. So none of these are new and we've seen all of these typologies already. So I don't see how protocols would help with the most basic, cheapest, rudimentary form of fraud, but this is far, far from securing the ecosystem. And that means that us fraud fighters, this is basically my bottom line. We fraud fighters, we need to understand that it is on us. It is not Visa's protocol. It is not Google's protocol that would save the day. It is on us to do that. As always.

As always, exactly. You said it best there. It's always on us. And that's just the way of the world, the way of the industry right now. And hopefully we'll be able to rely on our product partners as well. But yeah, for right now, business as usual and it falls on us. We got to do our part. So also in your post, you talked about sleeping through OTP. And that really resonated with me and really struck a nerve. Your point is one that I honestly can't stop thinking about. It's a mess for everyone involved, banks, merchants, and customers, right? So I want to walk through that. You called this an OTP timing problem. Explain what the core issue is in plain terms.

Sure, so today one of the most prevalent risk controls that we have is 2FA, two factor authentication. And what that entails usually is that I'm sending the user a one time password or OTP. I'm sending that to a trusted device or a trusted email. And once the user returns this OTP within their user flow, within the purchase request and so on, then I know that I verified the user and this is a very low-risk purchase. This is very standard, very secure, in-app. There are so many different manifestations and implementations of this principle. It is known to anyone and all risk organizations use it. The problem is that, if again, if we go back to the two flavors that we have for agentic commerce, human in the loop or without human in the loop, the first one is, yeah, we can call it agentic commerce, but how different it is really from just plain discoverability that we have today baked into all of the AI apps. And we had that for at least six to 12 months. So in my mind, the real innovation behind agentic commerce is being able to place these transactions without human in the loop. It's because I'm on an airplane, it's because I'm sleeping. It's because I'm at the dentist, whatever, I'm too busy. You do the grocery shopping for me. And so we need to consider that when we want traditionally to present an OTP or a challenge to the user, either the user is not even aware that a transaction is being placed right now and they're not necessarily checking their phones or checking their emails or whatever. Or worse, they are really incapable of getting that notification. They're outside of service, they're asleep, whatever. And that means that the notion of not having a human in the loop in agentic commerce, it fades, right? Because the moment that I want to introduce some friction, I automatically cannot complete this flow. And so almost by definition, we should expect way lower conversion rates. And by the way, to an extent, maybe also a bit more fraud pressure because fraudsters know that no one is expecting you to complete the challenge, right? And it's not going to necessarily say that this is a riskier transaction than normal. So the problem here is that once we assume we don't have a human in the loop, the entire concept of step-up friction towards the user is pretty much meaningless. And so we need to think if this is the first most prevalent basic risk control that we have to date at our disposal, and it's not going to be as effective as before, by far, then what do we do with that? And I see three options. One, we can say it is what it is and accept that we have decreased conversion rates. I don't know who is happy with that. I don't think the user would be happy with that. And I think once users would notice that they come back, or they wake up and they see, yeah, I wanted to buy tickets, but sorry, 3D Secure sent an OTP. I don't see how anyone enjoys that. So this is one option. Second option is that we don't send challenges anymore. This doesn't work, this fails, this is meaningless, this can only bring down conversion, so we don't use it anymore. Again, what does that mean? Does that mean that we accept the risk? Does that mean that we would see not lower conversion, but way higher fraud? Again, I'm very skeptical that merchants at least would want that. The third option is that we rethink how an OTP, how a 2FA challenge looks in the age of agentic commerce. And I don't have an answer for that by the way. I also don't see or hear anyone speaking about it. And this is concerning. But one of the ways in which you can do that, this is the first thing that came to my mind, is to extend the time, right? In general, you usually have 60 seconds to produce the OTP into the user flow. Maybe it gets extended. I don't know by how much. By how long? By an hour? By a full day? I don't know. The point is that once we start extending the time that you have until the OTP expires, this obviously opens the door to fraud, to social engineering. There's a reason why OTP usually expire after 60 seconds. There's a reason. And so I think no matter how we twist and turn this problem, there's going to be an experience versus risk rebalancing exercise where currently I don't see how it would be better in any sense in agentic commerce. I actually think that the experience both for merchants and users would actually be worse than usual.

I definitely agree. And I'm so glad you mentioned, you know, that if the response windows were extended, the room that just creates for fraud with that relay, with the social engineering, it's one of those that, and as you've been talking about, I've been thinking, you know, if you're an Apple user, your phone's connected to your computer. If you're an Android user, you can connect Windows to your HP. There's different things that I'm like, okay, technically the device could be connected to a computer that maybe controls the agent, you know, maybe that's how it works. But then again, you've got ATO issues, right? You've got even the deepfake risk that comes with this, that you know, with that upstream of 2FA, that upstream might shift, right, for that sign up. So I think it just, like you said, we don't have the answer right now, but it's definitely a conversation that has to be had because we need to start considering this now and start considering what the options are because the three options you provided, you mentioned it in your post too. It's just a three-way vulnerability trap, right? It's just, it's one of those things that, okay, we can do nothing, keep it as it is, but that causes friction and it's not going to be successful. Transactions aren't going to go through if they're waiting on the OTP. Then we've got, we could lower it or we could turn off OTP altogether. And then what? That's increased risk for us. So that's going to hurt bottom dollar, bottom line, whatever. We don't want to do that either. So the alternative is we've got to start thinking of ways to fix this. And so I really appreciate that perspective that you're bringing.

Yeah, and thank you. And by the way, I also think this is not only a single transaction challenge. Think about it. How many issuers are looking at 3D Secure abandonment rates or 3D Secure failure rates per specific users and take that into account when they are calculating the risk level for subsequent transactions. So it might be that I asked my AI agent to do something. He tried to do that when I was asleep at night. Tried to buy something at five different shops, kept getting 3D Secure, abandoning the flow. I wake up, I want to do something completely different. I want to buy something else that I didn't ask for my agent. And suddenly I get declined because my risk levels are through the roof. So there are so many cascading effects that can come just from this single point that I don't hear anyone talking about. And that's what worries me the most.

Chen, this is just great. I'm really appreciating this conversation because I'm learning. When I bring someone on to the podcast, it's not because I have the same views or mindset. It's because I want to learn and I want to make sure that we as an industry can have this holistic understanding of both sides, right? We need to know what this looks like on the merchant side, for the issuer perspective as well. And you brought up such great valid points about things that we will have to consider as the fraud fighter in these transactions. One of those things that I wanted to ask you about too is that proof of intent, what you were just talking about where it's like, I wanted the agent to do this, but they did something completely different. And how do we prove that in our investigations whenever we're trying to say, did they actively participate in this or not? And so the follow-up to that is, what should teams monitor immediately as we're making this shift into this agentic commerce? Is it the OTP latency? Is it the resend rates, device changes, login anomalies, agent fingerprinting? What are your thoughts on what they should look for immediately?

The short answer is I don't know. A bit longer answer would be, I don't know what you need to monitor and I would also reason that for different teams what they need to monitor would look differently. This is of course dependent on whether you're a provider working for an issuer or a merchant or an acquirer or an AI provider. All of them are actors and I didn't even mention everyone who is involved in one single transaction. But even between different issuers or between different merchants, you would see different behaviors, different patterns and so on, different threats also. Having said that, I think what is critical and this is my base recommendation is to make sure that agentic flows are monitored and that they are managed from a risk management perspective. They are managed separately. And this sounds like a very basic, trivial advice. I'm not sure how easy it would be to do that. I think this is going to be a challenge. By the way, especially for issuers. And when I'm thinking about it, okay, a merchant knows. It's reasonable to believe that the merchant would know that a certain transaction is agentic commerce. For sure there would be also cases where the merchant would be confused, but for the merchant it's relatively easy. Agentic commerce transactions or AI agents, at least legitimate ones, should declare themselves as such. They shouldn't try to sneak in or masquerade as humans or anything like that. And merchants have the technology and the protocols to identify agentic commerce transactions. How would an issuer know that the payment that was just placed was placed by an agent and not a user. I have no idea. I see two options. And I'm guessing that I'm not seeing all options, but the two options that come to my mind is one, maybe somehow through 3D Secure, through those rails where you get the user agent from, and you touch the user and you are able to get that user agent signature header from the user agent. And this is how you would know. Would that mean that you would need now to enforce 3D Secure on every single transaction just to validate if it's agent-guided? I don't see it happening. The other option is somehow that the merchant through the rails that are available for them today would somehow report this to their PSP that this was an agent-guided transaction, the PSP would relay that to the acquirer, the acquirer to the scheme, the scheme to the issuer, with all the processors in between and so on. This is again a very optimistic, sunny, the best case scenario. I don't know how issuers would know this is an agentic commerce transaction and I think this is probably the most important question to be able to answer. Can I capture the vast majority of agentic commerce transactions as such? And if so, can I route them in real time through an environment that I can monitor separately and that I can manage separately? All the rest, what are the patterns, what signals, which technology? This is for 2027. This is less what I'm worried about right now. I'm worried more about us missing the fundamental basic infrastructure that would allow us to even start.

I have to pause because I think you mentioning the basic fundamental infrastructure as being the biggest thing that we need to understand, I 100% agree. Even if it's not just with agentic commerce right now as we're talking, but in general, we should know our infrastructure internally. That's something I preach about all the time that it's like we don't know where payments flow. It's a hard sell whenever you're talking with the executives trying to make them understand ACH flow and card flow and this and that. And so then you add on these multiple layers of AI and things where it's something that we have issues because we're bringing on multiple AI providers and agents on top of not truly having that basic fundamental understanding of our infrastructure and external infrastructure as well and how we all flow and how it all processes. I think that you're right. It is the most important question that needs to be asked and answered within organizations and within the industry as a whole. I just thank you for that. That is such a valid point that just resonates so much with me.

Yeah, and you know, if you want to look at the bright side, we fraud fighters still have our jobs, right? AI is actually helping us keep our jobs rather than becoming a threat.

Okay, I feel like we kind of already answered the others and don't want to stack it back up. So we're talking about infrastructure, right? And I think that it just is making such a very valid point. And one thing that, you know, as we're kind of wrapping up this episode, I wanted to make sure we also talk through another thing that was mentioned in your post. Your stack currently will not handle this mess, right? We're talking about broken pipelines, misbehaving models, and a stack that was already duct taped together, right? Before we added, again, those multiple AI providers and agents. So you mentioned multiple AI providers, agents, your spaghetti, right? What failure modes do you expect? What are we currently missing with our stack?

It's a good question. I think it's mainly a question of variety and specificity that creates an ecosystem where we have so many, a long tail of setup scenarios that are bound, some of them are bound to fail. Some of them are, I wouldn't say fail, some of them are bound to have vulnerabilities. And fraudsters would look exactly to identify and exploit those. Let me give you an example. Let's look at it from the merchant perspective because I think this is the clearest example. Merchants already, you know, they have several payment methods. They might have several different flows. They might have several PSPs that are servicing them, maybe even several acquirers. I hope not, but maybe if they're big enough, they might have several fraud vendors or several risk controls that they're using. We mentioned 3D Secure or 2FA. So as you said, this is already quite a mess. And making sure that everything fits together nicely and the data flows without any issues and the models work and the rules work and nothing is amiss. And I have all of my tools at every decision checkpoint that I need. That is already quite hard to manage. Now let's add agentic commerce. First of all, as we said, we introduce another player to the chain, the AI provider. And these today can be five, six names. And who knows how many there would be just in two years time. Who knows? It can be easily 20. Each of them with their own platform, their own stack, their own way to do identity verification, their own way to do session authentication, their own vendors that they use for that. Okay. Then we discussed that agentic commerce on its own has all of these dimensions. Is it via MCP/API? Is it in browser? And what kind of in-browser flow? Because there are several types of in-browser flows. Is it with human in the loop or without? And who implements all that? Am I implementing that as a merchant? Wow, that's going to be very interesting because we'll see a lot of different implementation types. But even if we see the implementation through the PSP, there are so many PSPs out there. And so we introduce all of these different flows and all of these considerations and specific player setups. And now we need to ask ourselves, would we be able, especially when all of this is new and we're all rushing to hit the mark, will we not be producing vulnerabilities somewhere? Would our data pipelines be whole and fully integrated through all of these flows? Would we receive the same data quality? In parentheses, no, we won't. Would we have the risk controls? Would we have everything in the right order that I need to hit vendor A first and then vendor B and relay the data between them. All of these architectural topics suddenly become even more complex and mistakes would be made. A specific merchant or a specific PSP or a combination of a merchant and a PSP and an AI provider, they would have a gap and we would likely have a lot of these gaps all over the place. And this is where fraud would flow. Where, how and why? We'll see.

For sure. I think that unless you have a crystal ball somewhere that you're not telling us, we are just going to have to sit back and wait and see what happens. And also, maybe you're right. That's what I'm going to start calling ChatGPT. I'll just say, I'm going to look into my crystal ball and I'll let you know, hold on, give me three seconds and I'll figure it out. Yeah, no, I think that you've presented so many valid points for us all to consider, right? It's not just looking at, hey, this is a new technique, but it's also making sure that we have accountability within our own systems, making sure that we understand and own that infrastructure and that we can then communicate and onboard new products, new AI systems, new platforms, whatever, and that it all flows the way that it's supposed to and that we don't have the jumbled up spaghetti mess that it feels like that we have currently. I also think that we talked a lot about where the models, we've got those misbehaving models, but then there's also the shifts from, or the model drift, right? It's like sometimes it's learning from itself and it drifts, but we've got to make sure that we keep the fraud fighter in that loop like you mentioned before too, but where we truly have that ownership and accountability of these models. So it's not just a misbehaving model, but it's also just normal model drift.

Yeah, regarding this point, so I didn't mention that, but we know that the data, even in the best case scenario where we get the same data in terms of quality, we won't get biometrics, or we would, but it would be the biometrics of a bot. What should I do with that? Also, we can assume that velocity counters can be affected in certain flows if it's all coming through the same IP range, for example, of these transactions. And also, if it all comes from the same IP range, then also the location of the IP is the same. And this would probably mismatch the billing address, the shipping address, my phone, my card, whatever. There are so many issues here that can go wrong at the data layer and that would dictate that I cannot use the same model. I cannot. Because not only that fraud would look different and the patterns would look different in this flow, but also good transactions would look different. For the first time, we would look at bots and we would need to say these are good bots and these are bad bots and we don't have this information right now. We don't have this data. And by the way, even if you think you have this data, even if you think you are looking at agentic commerce right now, you're not. You're looking at early adopters, you're looking at power users. When this would become a household topic where it would be available for everyone and easy to use, it would look differently. And your models would need to be different, your rules would need to be different. Your velocity checks would need to be different. And that is why you must have the separation, not only in monitoring, but also in controls.

So true, so valid. I'm very excited that we've had you on today to talk about this. Just one final question, and then if you don't mind, I'd love to do a rapid fire segment, give you a couple of quick questions and quick answers. But the last question that I really have is just around, you know, what should we do? If a fintech or bank or organization is listening and wants to start preparing right now, what would you suggest they do? It could be 30, 60, 90, or even just a first initiative that they should do to begin tackling.

I think, let's start with awareness. I think there are a lot of organizations that don't necessarily even think that far away and are not realizing that this is coming. And this can potentially be very big. This can potentially be very, very big and it can happen overnight. Secondly, as I mentioned, ask yourself, are you able to identify what are agentic flows and what aren't. And if so, are you able to monitor and manage these flows separately? And thirdly, call your partners that are working for the schemes. Knock on your regulator's door and make sure that they are also working on that. Because I don't think in the end, there would need to be a holistic infrastructure solution that can only come from either the schemes more on the technological, to a degree on the regulation level or the regulator itself. And we didn't discuss the liability ticking bomb here, but that's obviously another big, big topic here. And I feel that the regulators are not in the loop at all. And that the schemes are waiting to see how the chips would fall and then decide what to do with that. Currently they are, you know, other than these security protocols, I don't hear or see them doing anything else. And I think we need to apply some pressure.

I think you're absolutely right. I think that oftentimes we are seeing that they are playing that sit back and wait to then make a determination, which in hindsight, yes, they should not make rules and regulations without having a holistic understanding of what's going on. But at the same time, give us something, give a dog a bone. Let us do something that we can start implementing now.

I agree. And I think it's also easy and comfortable for them to sit back and watch how it goes. But in the meantime, it's going to be merchants and consumers and maybe to a lesser degree issuers that would literally pay the price. So yeah.

Yeah. Okay. So quick rapid fire. So I'm just going to spit them out quick and hopefully you'll give quick answers and then I'll let you go, I guess. But I've so enjoyed this conversation. Okay. So what's the most overrated control people will cling to in agentic commerce?

Yeah, the same verification protocols, security protocols that I just mentioned. Yeah.

Yeah. Okay. What's the most underrated signal that will save teams early?

Wow, I don't know. Maybe is this an agentic commerce transaction? Yeah, definitely the first one.

Yeah, I do hope that there is a way that they will code those transactions. Okay, who is most unprepared? Merchants, issuers, wallets, or agent providers?

I'm going to go for issuers. I'm going to go for issuers. Probably merchants would be more pressed, but issuers are probably unprepared.

I agree. I think they're not ready for the fraud that's coming. I honestly, I know I said rapid fire, but then I'm just going to respond to these because my podcast, why not? But I think the fear that we had with faster payments that didn't come to fruition is going to be what this agentic commerce is. I think this is going to be that faster payments fraud that we thought we were going to see when faster payments came out with ACH. I think this is that new faster payments. So that's just my thought. Okay, and then last question, one prediction, what breaks first, OTP, disputes or monitoring pipelines?

Wow. Can I say all of the above? Is that a legit answer? There's a race condition here. That's hard. Yeah. But all of them are at risk.

I agree. And this was exactly the kind of conversation Fraud Forward exists for. You know, not hype, not fear out of falsification. This is just reality, right? Here's the takeaway I want everyone to sit with. Agentic commerce doesn't introduce a brand new fraud problem. It amplifies all the ones we already have. ATO, social engineering, identity gaps, weak channel routing, broken monitoring, and messy accountability. So don't wait for the first headline loss to justify action. Plan now, monitor now, document now. Where can people follow your work and find the deeper breakdown that you mentioned?

Sure. LinkedIn is always the go-to. I publish there weekly. There is also my weekly newsletter, the Sardine Cross Strategist, that you're also welcome to subscribe to. And also the Sardine Blog, where there would be a few content pieces coming up when it comes to agentic commerce, so definitely watch that space.

Love that. And we will definitely link all of those in the show notes. So everyone listening, if this episode sparked ideas, concerns, or you've already seen early signs of agents hitting your flows, I want to hear it. Message me on LinkedIn or share this episode with the person in your organization who owns authentication and payments because they need to be in this conversation. And Chen, thank you again so much for joining the conversation. I am so glad that we finally were able to bring you on the podcast and have this conversation and that I could introduce you to my audience.

My pleasure, thank you for having me, it was a pleasure.

Absolutely. Okay guys, stay vigilant, stay informed and keep moving fraud forward.