SardineCon SF/2026

Learn More
Fraudology

The Agentic Era: Visa’s OpenAI Partnership, VAMP Pitfalls, and the Threat of Cloned Sites

A Fraud/ology graphic #411 with the title 'The Agentic Era: Visa's OpenAI Partnership, VAMP Pitfalls, and the Threat of Cloned Sites,' and a photo of Karisse Hendrick.

Welcome back to Fraudology.

In this solo episode, I’m diving into agentic e-commerce, and specifically what happens when AI shopping agents start making purchases on behalf of consumers. This is one of those topics that sounded very future-looking for a while. There were conference panels, a lot of big predictions, and plenty of “this is coming someday” conversations, but not a lot that fraud teams could actually do anything with yet.

That changed when Visa and OpenAI announced a partnership to build payment infrastructure for AI commerce. Once Visa payment capabilities start being integrated into OpenAI experiences, and once ChatGPT shopping and AI-initiated transactions become more real, merchants are going to need to understand the fraud, chargeback, liability, and operational risks that come with this new channel.

And that is where I think we need to slow down and ask some very practical questions. Who is liable when an AI agent makes a mistake? What happens when a cardholder authorized the agent, but the agent bought the wrong thing? How does a merchant prove that a transaction was not fraudulent when the cardholder was one step removed from the checkout? And what happens to VAMP fraud monitoring when agentic e-commerce chargebacks and TC40 fraud start showing up in ways the current system was not designed to handle?

This episode is really about two risks that are already starting to show up. First, agentic e-commerce liability and CNP chargeback liability are not ready for the way AI shopping agents will behave. Second, cloned websites fraud and AI search shopping scams could create a new wave of customer service headaches, TC40 issues, and merchant risk management problems for enterprise e-commerce teams.

What you’ll hear in this episode:

  • Why Visa’s OpenAI partnership makes agentic e-commerce feel much more real for merchants.
  • How AI shopping agents could create new CNP chargeback liability and friendly fraud chargebacks.
  • Why merchants may struggle to use compelling evidence 3.0 when the cardholder directed an agent instead of completing the purchase themselves.
  • Why agentic e-commerce liability needs a new framework before losses scale.
  • How cloned websites fraud and online shopping scams could get worse when AI agents search for the lowest price.
  • Why TC40 fraud and VAMP fraud monitoring may become a major issue for large retailers.
  • What fraud leaders should start asking acquirers, card brands, customer service teams, and IT teams right now.

You should listen to this episode if you:

  • Work in merchant fraud prevention or e-commerce fraud prevention and need to understand where AI agent commerce is heading.
  • Are responsible for chargebacks, VAMP monitoring, TC40 review, or CNP fraud strategy.
  • Work at a bank, issuer, card brand, or payment company and want to understand why merchants are worried.
  • Are trying to figure out how agentic checkout, AI payments, and agentic payments may change fraud operations.
  • Want a practical fraud perspective on ChatGPT commerce, AI search shopping scams, and clone site risk.

Episode notes & key takeaways:

Agentic e-commerce is no longer just a future-looking conversation

For a while, agentic commerce felt like one of those topics everyone was talking about, but nobody could really point to what fraud teams needed to do next. There were a lot of predictions and a lot of theoretical conversations, but very few operational takeaways.

The Visa and OpenAI announcement changed that for me.

When Visa says its payment capabilities will be integrated into OpenAI experiences, and when ChatGPT commerce starts moving closer to actual AI-initiated transactions, this becomes something merchants need to take seriously. It does not mean every consumer will start using AI shopping agents tomorrow. But it does mean the rails are being built, and once the rails are built, fraud and chargeback issues usually show up very quickly.

The reason this matters for agentic e-commerce is that AI agents do not behave exactly like humans and they do not behave exactly like traditional bots either. They can be directed by a consumer, adapt to instructions, search across websites, compare prices, and complete a purchase. That creates a new layer between the cardholder and the merchant.

The current chargeback system is not ready for AI shopping agents

One of my biggest concerns with agentic e-commerce is that the current chargeback framework was not built for it. Right now, if a transaction is card-not-present, liability generally falls on the merchant. That may make sense in certain traditional CNP fraud scenarios, but it gets much messier when an AI agent is acting on behalf of a real cardholder.

If the cardholder tells an agent to buy two items and the agent buys 20, what exactly was the merchant supposed to do? If the agent books the wrong flight, chooses the wrong product, or misunderstands the user’s instructions, how would the merchant have known that at the time of purchase? Unless the merchant has superpowers or a psychic sitting next to the fraud team, there may be no practical way to detect that this is going to become a dispute.

That is why agentic e-commerce chargebacks are so concerning.

The merchant may receive a dispute where the cardholder says they directed the agent, but they changed their mind or the agent made the wrong purchase. That does not neatly fit the current fraud, friendly fraud, or compelling evidence 3.0 workflows. And if the merchant cannot meet the existing representment requirements, they lose the funds even if the purchase was initiated by an agent the cardholder authorized.

That is the liability gap.

And unless the card brands, agentic platforms, and payment networks create a clearer structure for AI purchase liability, merchants are going to be left holding losses they could not reasonably prevent.

VAMP exposure makes agentic e-commerce even riskier for merchants

This is not only about losing individual chargebacks. The larger concern is what these disputes could do to VAMP fraud monitoring.

VAMP is already a serious issue for merchants. Chargebacks and TC40s can create real financial exposure, and there is not the same kind of grace period merchants may have been used to under prior Visa monitoring programs. Once a merchant crosses the threshold, the fines and fees can add up fast.

Now layer agentic e-commerce on top of that.

If AI shopping agents create more disputes, even for transactions where the merchant did nothing wrong, those chargebacks can still count against the merchant. If agentic transactions are not clearly identified in the payment flow, merchants may not be able to separate those transactions into a different risk bucket. And if there is no new liability shift or representment process for AI-initiated transactions, the merchant is absorbing risk from a channel they may not even be able to identify.

That is the part that needs attention now.

Visa, Mastercard, OpenAI, and any other AI commerce platform need to think through the merchant side of this before these losses scale. If the agentic platform makes the mistake, or if the consumer authorized the agent and then disputes the result, it does not make sense for the merchant to automatically carry the financial liability.

The chargeback system has never been perfectly fair. But this is a new channel, and new channels need new rules.

Merchants need a way to identify agentic transactions

Another issue is visibility. Right now, most merchants do not have a reliable way to tell whether a transaction was placed by a human, a bot, or an AI shopping agent.

If you cannot identify the transaction type, you cannot build a different risk strategy around it. You cannot route it differently. You cannot measure the chargeback rate. You cannot test whether agentic checkout behaves differently from mobile checkout or web checkout. You cannot separate agentic payments from normal e-commerce transactions. And you cannot create a strong merchant fraud prevention strategy around a channel you cannot see.

Some newer vendors are starting to work on AI agent detection, but most merchants using legacy tools do not have a clean way to identify agentic transactions. Timing alone may not help because these AI agents can mimic consumer behavior. Device signals may not be obvious because agents may use real device IDs or emulators. And the payment flow itself may not yet tell merchants that the transaction came from an agent.

That is why I think we may eventually need to think about agentic commerce as its own channel.

We already think about web and mobile differently. Agentic e-commerce may need the same treatment. AI agents may need a different checkout flow, a different risk flow, and a different set of signals because they do not interact with websites the same way humans do. They may hallucinate where a button is. They may misunderstand a page. They may choose the wrong product. They may follow a path that makes sense to a machine but not to a merchant’s current fraud controls.

Until merchants can identify the channel, they are going to be stuck trying to manage agentic risk with tools that were built for a different world.

Clone sites may become a bigger problem because AI agents are trained to find the best deal

The second big risk in this episode is cloned websites fraud.

Fraudsters have always loved fake retail sites, fake merchant websites, and phishing websites. That is not new. What is changing is how easy it is to clone a website and make it look functional. AI can help fraudsters duplicate product pages, images, checkout experiences, and brand presentation much faster than before.

Now combine that with AI shopping agents.

If a consumer tells an AI agent to find the best deal on a product, what is the agent optimizing for? Often, it is price. And fake retail websites are very good at offering the best price because they are not actually trying to deliver the real product. They are trying to steal card data, harvest personal information, process a fraudulent transaction, or redirect the buyer into a scam.

That creates a very obvious problem.

An AI agent may find what looks like the lowest-price version of a product and send the consumer to a cloned site. The consumer may trust it because the AI tool recommended it. The site may look legitimate. The price may look amazing. And the customer may believe they purchased from the real merchant.

Then the product never arrives, or the customer receives a fake product, or their card information is compromised.

And who hears about it first? Often, the real merchant’s customer service team.

Even if the merchant did not process the transaction and did not receive the funds, the customer may still believe they bought from that merchant. That creates operational cost, customer frustration, brand damage, and another fraud problem the merchant has to help untangle.

TC40 fraud and fake descriptors can create VAMP problems even when the sale was not yours

The clone site problem is not only a customer service issue. It can also become a TC40 and VAMP issue.

TC40s are tied to descriptors, not just the merchant ID. That means if a fraudulent merchant uses a descriptor that looks like a major retailer’s name with extra words, numbers, or modifiers attached, the legitimate merchant may see TC40 activity that does not actually belong to them.

That is a major problem for large retailers.

If a fake site uses a descriptor that starts with a real brand name, the legitimate merchant may have to identify those transactions and prove they are not theirs. In a VAMP environment, that timing matters. Merchants need to know how quickly their acquirer will notify them if they are on the VAMP list because the clock may start when the acquirer is notified, not when the merchant finally hears about it.

That means merchants need to be proactive.

If you are responsible for VAMP fraud monitoring, talk to your acquirer now. Ask how quickly you will be notified. Ask what TC40 data you will receive. Ask whether you will have enough detail to identify fraudulent descriptors. Ask what the process is for removing transactions that do not belong to your merchant ID.

Because if agentic e-commerce drives more AI search shopping scams and clone site traffic, merchants may see more noise in their TC40 data. And if that noise is not removed quickly, it can become expensive.

Customer service, IT, and fraud teams need to prepare together

One of the most practical takeaways from this episode is that this cannot sit only with the fraud team.

If agentic e-commerce and cloned websites fraud become a bigger issue, customer service teams need to know what they are looking at. They may start hearing from customers who insist they ordered from your website, but there is no order in your system. That is confusing for the customer and frustrating for the support team if nobody has explained the clone site problem in advance.

IT teams also need to be part of the conversation because fake websites may need to be reported, escalated, and taken down through DNS or hosting channels. Legal, brand protection, fraud, customer service, and security may all need to coordinate quickly.

And the customer communication piece matters too.

Merchants may need to remind customers to go directly to the official website or app, especially during high-volume shopping periods, product drops, and holiday seasons. That message cannot fix the entire problem, but it can reduce some of the exposure.

This is where merchant risk management has to become cross-functional. Agentic e-commerce is not just a fraud issue. It touches payments, chargebacks, customer service, brand protection, IT, legal, and the customer experience.

Final takeaway

Agentic e-commerce is moving from theory to infrastructure. And once infrastructure exists, fraud follows.

Visa’s OpenAI partnership may help make AI-powered commerce easier and more scalable, but it also raises serious questions about agentic e-commerce liability, AI purchase liability, CNP chargeback liability, and merchant exposure under VAMP. At the same time, AI search shopping scams and cloned websites fraud could send AI shopping agents toward fake retail sites that look legitimate, offer great prices, and create real damage for consumers and merchants.

So if you are a merchant fraud leader, now is the time to start asking uncomfortable questions. Can you identify agentic transactions? Can you separate agentic payments from normal web and mobile activity? Do your chargeback teams know how to handle agentic e-commerce chargebacks? Does your acquirer notify you fast enough if VAMP issues show up? Can your team identify fake descriptors in TC40 data? Does customer service know what to do when someone calls about an order that does not exist?

Because this channel is coming. The question is whether merchants, issuers, acquirers, card brands, and AI platforms are going to build the rules before the losses scale, or after.

Connect with Karisse Hendrick | LinkedIn

Host of the Fraudology Podcast

Award-Winning Cyberfraud Expert

Ecommerce Fraud Prevention Consultant

Startup Advisor, Keynote Speaker, and

Consultant to Fortune 500 merchants

Host
A smiling woman with short brown hair and glasses, wearing a black and white striped blazer.
Karisse Hendrick
Ecommerce Fraud Prevention Consultant
Episode transcript
00:00
Karisse Hendrick (00:00:02): Welcome to Fraudology Podcast, where we dive into the science and study of online fraud from the perspective of an e-commerce fraud fighter. I'm Karisse Hendrick. 2 00:00:01,000 --> 00:00:02,000 Karisse Hendrick (00:00:12): Welcome back to the Fraudology Podcast. This will be another solo episode. I think if you've been listening along in chronological order, you can guess that I've been kind of doing every other one with a guest and one on my own today. 3 00:00:02,000 --> 00:00:03,000 There's a topic that I want to dive into, and that is AI agentic commerce, specifically. So purchases made by AI agents in the online world. And if you work for a bank and you're like, oh, this is for merchants, hold tight because this will impact you as well. 4 00:00:03,000 --> 00:00:04,000 And if you're from a card brand, please listen because we need your help. Before that, I'm just going to do a reminder that the Merchant Fraud Alliance first inaugural conference. So I guess that's a double, double meaning there. So inaugural conference is October 6th and 7th in Chicago. 5 00:00:04,000 --> 00:00:05,000 We have some pretty optimistic goals for how many people are going to come, but we also have some really killer ambassadors that have from companies such as Booking and Best Buy and Walmart and Google and so many more that I can think of that have stepped up to be part of the planning committee and the board essentially, and have also pledged to come to the conference. 6 00:00:05,000 --> 00:00:06,000 So we have a great group of people that are coming already. They'll also. A lot of them will be speaking as well. We just met for a second time this past week, going through all the topics and starting to address some of the speakers. 7 00:00:06,000 --> 00:00:07,000 And we have, you know, someone from PlayStation, someone from Booking talking about how they're integrating AI into fighting fraud and training their analysts to utilize AI in different ways, whether it's for data analytics, reporting, dashboards, things like that. 8 00:00:07,000 --> 00:00:08,000 We have someone from Best Buy talking about working cross functionally with other departments. She literally is the best person, I think, that could speak to this topic. 9 00:00:08,000 --> 00:00:09,000 A good friend of the podcast, Holly Sandberg, is going to be talking about creating an executive score chart or scorecard for your executives and really explaining managing up and really quantifying fraud for them in ways that they understand. I had a chance to see her speak on this topic at the Assertify User conference last month, and it was really good. 10 00:00:09,000 --> 00:00:10,000 So those are just off the top of my head, a few of the sessions I can think of that you'll want to be there for. We're also doing an AI bootcamp on October 5, the day before the conference starts. And that's only open to people that register. 11 00:00:10,000 --> 00:00:11,000 You know, it's in the order you register. We're going to have about 50 slots, so I know that there's a few more spaces open. So make sure that you register soon. And if you're listening to this before July 1st, tickets are only 495 for merchants. We aren't selling vendor tickets. 12 00:00:11,000 --> 00:00:12,000 We have a select number of sponsor companies that are attending, but we won't be selling vendor tickets. This is for merchants only. Okay, that's enough of a plug for my conference, but that is literally all that I'm like breathing and doing right now. 13 00:00:12,000 --> 00:00:13,000 So I had to give a little bit of an update. I want people to show up. I want it to be as good of an experience as it can be for everyone. If you have known me at all. I try to make sure that everyone gets their time and their money's worth of anything that I work on. 14 00:00:13,000 --> 00:00:14,000 And this podcast is a good example. It's free and I still give out a lot of information. So, you know, just assume that the conference will be even better than a podcast episode. 15 00:00:14,000 --> 00:00:15,000 All right, I really am going to turn to agentic commerce now. I've, you know, I've had Robbie McDermott on the podcast talking about liability for agentic commerce. I've talked a little bit about it here and there, but I've kind of shied away from it for a few reasons. One is there was a conference in the spring that really focused a lot on agentic commerce, but there wasn't any news. 16 00:00:15,000 --> 00:00:16,000 It was all kind of pontification and future forward looking. And you know, the feedback I heard from almost everyone I talked to about it was there was no, there were no takeaways because we just aren't there yet. 17 00:00:16,000 --> 00:00:17,000 Then we saw OpenAI scrap their project. And I think, I think I made mention of that on the podcast on a solo episode a few weeks ago where they scrapped their project for, I can't remember what they called it, but it was where they had AI agents finish a purchase. So they were going to be the merchant of record. 18 00:00:17,000 --> 00:00:18,000 And I think they realized that liability rules as well as other issues. They didn't want to get involved, so they scrapped that project. I think also adoption was really low, so all of those things combined. 19 00:00:18,000 --> 00:00:19,000 I haven't really talked about it because I haven't felt like there's been a lot to say. I haven't known if it's actually going to be a thing. Yes, it's been talked about a lot. But it, you know, is going to be adopted by more than 5% of consumers. Those of them I open questions. 20 00:00:19,000 --> 00:00:20,000 But then an announcement came out about two weeks ago that made me think, okay, this is probably happening. I'm going to go ahead and read the LinkedIn post that I wrote about it to start just because I think I did a pretty good job of summarizing this. 21 00:00:20,000 --> 00:00:21,000 Last week it was announced that Visa and OpenAI are partnering to build infrastructure designed to make AI commerce secure, scalable and seamless. That's in quotations. Those are their words in this statement. 22 00:00:21,000 --> 00:00:22,000 Visa also said that Visa's payment capabilities will be integrated into OpenAI experiences, giving developers and merchants a streamlined way to accept Visa payments initiated by AI agents. 23 00:00:22,000 --> 00:00:23,000 They also said Visa will deliver the underlying global network payment tokenization authorization, agent identification and fraud monitoring infrastructure to support secure and trusted AI initiated transactions. 24 00:00:23,000 --> 00:00:24,000 So I'll stop there from my post and just say that, you know, the fraud monitoring isn't necessarily from the merchant perspective. It's just the general fraud monitoring that Visa does, you know, looking for card testing, that type of thing. 25 00:00:24,000 --> 00:00:25,000 Also on the issuer side, their fraud monitoring, I it doesn't say that Visa is doing anything new as far as fraud monitoring. So I wouldn't take that statement to mean, oh, they're going to do fraud monitoring on agentic transactions so I don't have to. 26 00:00:25,000 --> 00:00:26,000 Karisse Hendrick (00:06:39): I would not at all read in that into it. So now that Visa and you know, OpenAI, who you know is behind ChatGPT, are partnering with each other. That's a lot of power. That's a lot of brand power, but also just a lot of, you know, they're lending the visa rails to OpenAI transactions, to transactions that are initiated in ChatGPT. 27 00:00:26,000 --> 00:00:27,000 So some of the use cases would be, you know, if I wanted to book the best flight for the cheapest price. But I didn't want to search all of the, you know, travel agent online travel agency sites. 28 00:00:27,000 --> 00:00:28,000 I didn't want to use Google. I and maybe I had a little time, so maybe I had a week. I could create a prompt in ChatGPT to ask it to, you know, create an agent to look for the best Airline price from Seattle, Washington to San Francisco, California. 29 00:00:28,000 --> 00:00:29,000 And you know, you can set as many parameters as you want, right? Like I want my departure time to be after 10am. I want my arrival time to be before 9pm. I want, you know, a window seat, I want an aisle seat. 30 00:00:29,000 --> 00:00:30,000 But a lot of people aren't going to do all of those qualifiers. You can, but they may not. So you know, that opens it up to a lot of issues right. 31 00:00:30,000 --> 00:00:31,000 What if my, you know, and then my final prompt for that would be, find the best rate in the next week and book it on my behalf. Here's my card information. Here's, you know, my TSA pre check number or whatever you need to do, just do it for me. 32 00:00:31,000 --> 00:00:32,000 Others would be around, you know, sale prices, the best, you know, best deal on a sweater or a pair of shoes, or what if there's a drop coming of new sneakers. It's kind of similar to a bot, but it's different where you're directing an agent to do it for you rather than a bot, so it can adapt more. 33 00:00:32,000 --> 00:00:33,000 There's a lot of issues that I see with this and we're going to talk about another issue after I talk about this first one. But, from a chargeback perspective, this was really scary to me because at the end of the day, the VISA infrastructure does not support agentic e-commerce chargebacks. 34 00:00:33,000 --> 00:00:34,000 Karisse Hendrick (00:08:50): There's no process for them, there's no verbiage for them. There's nothing. There are chargebacks that are going through right now to merchants that are very obviously, you know, were initiated by an agent. 35 00:00:34,000 --> 00:00:35,000 Either the, you know, cardholder says so in their statement or the merchant can tell it was created by an agent and not a person. There's no guidance for. 36 00:00:35,000 --> 00:00:36,000 So the merchant is getting those chargebacks. The liability is working the way it always has where it's, if it's card not present, it's on the merchant. There's no additional liability. 37 00:00:36,000 --> 00:00:37,000 You know, hey, if it's, if the agent makes a mistake or it books something that the cardholder didn't want it to, or it orders 20 items instead of two, all of those different scenarios. There's no additional guidance for where liability goes. 38 00:00:37,000 --> 00:00:38,000 So it falls on the merchant. And I'll read what I wrote in my LinkedIn post and then I'll go a little bit further about this too. 39 00:00:38,000 --> 00:00:39,000 So I said there are two things I want to highlight about this announcement from the merchant perspective. Number one, and this is a little, you know, a little bit what I just said. But there are no stated changes to the chargeback liability framework for CMP transactions. 40 00:00:39,000 --> 00:00:40,000 This most likely means that when mistakes are made, like an agent orders the wrong thing or too much of one thing, these cardholder disputes will fall to the merchant to repay to the consumer. 41 00:00:40,000 --> 00:00:41,000 Even if there was nothing a merchant could have done to know it was a mistake or prevent it at the time of a transaction. The reason I said that is the whole point of the CMP liability Rules has been, well, merchants should be able to detect fraudulent transactions before they occur. 42 00:00:41,000 --> 00:00:42,000 So therefore they have the liability rules. In this case, it's similar to what we call friendly fraud. Right. If the cardholder information validates and it looks like the cardholder initiated the transaction, and the cardholder was involved in the transaction they initiated the agent, that type of thing, it still falls on the merchant. 43 00:00:42,000 --> 00:00:43,000 Karisse Hendrick (00:10:50): Even though there was nothing, aside of having superpowers or a psychic on hand, there's nothing they could have done to say, oh, that one order is going to come back as a chargeback, or, you know, the cardholder told the Agent to buy two, not 20, so we should cancel 18 of these. There's nothing a merchant can do. 44 00:00:43,000 --> 00:00:44,000 However, they're still liable. So I said, we also need to consider that more chargebacks for merchants equals a higher risk for VAMP infractions. This could mean more fines, fees, and issues with acquirers that are outside the scope of prevention for CNP merchants. 45 00:00:44,000 --> 00:00:45,000 So with VAMP, which man did we have a good webinar with Anoush at Visa for MFA? It was a couple weeks ago. I think it's available through About Fraud. 46 00:00:45,000 --> 00:00:46,000 I actually haven't asked PJ or Ronald about that, but it was recorded. I know that it was so good. And we're actually going to have a second one in August because there were just. There was so much engagement from the audience that we didn't get through everything that we needed to or wanted to or that the merchants had asked us to. 47 00:00:46,000 --> 00:00:47,000 Anyway, that's a side note about VAMP, but, you know, VAMP is real, and your acquirers are now managing your risk. And the more chargebacks you have, the higher risk for VAMP infractions. Vamp is not cheap. And there's no. There's no trial month. There's no safety month. That used to be that you had two to three months before the VFMPs or VDMPs would charge fines. 48 00:00:47,000 --> 00:00:48,000 That doesn't happen anymore. There's now, it's the first month that you go over that 1.5%, you occur $8 per TC, 40 and per chargeback. And that adds up real quick. So there's, you know, there's no wiggle room. There's no safety time. It's just instant. 49 00:00:48,000 --> 00:00:49,000 So it is something to be considered. But then I put my take and I said, my hope in asterisks is that visa and OpenAI rework the liability for these circumstances to require the agentic platform OpenAI in this case, to take financial liability for agent mistakes. 50 00:00:49,000 --> 00:00:50,000 Karisse Hendrick (00:12:56): Do I know that that is extremely optimistic and probably not likely. Yeah, I do, but I at least need to call it out. I felt the need to call it out and say, hey, merchants shouldn't be responsible for agentic mistakes. What if it's a mistake on the developer's side? 51 00:00:50,000 --> 00:00:51,000 You know, there's nothing a merchant could have done to stop that, but yet now they have to pay back the transaction. Doesn't make a lot of sense, doesn't seem fair, which, I mean, the chargeback system has never been fair. 52 00:00:51,000 --> 00:00:52,000 My grandmother used to say if I ever said something wasn't fair, she would say, you know, the fair only comes once a year, meaning that nothing's fair and the county fair is the only thing that exists. 53 00:00:52,000 --> 00:00:53,000 I know the chargeback system isn't fair, but we're opening a new channel. I just saw a good presentation from a startup recently where they talked about, you know, we have the e-commerce channel or the web channel, we have the mobile channel and now we're going to have the agentic channel. 54 00:00:53,000 --> 00:00:54,000 And the agentic channel should go through a different flow because it doesn't, you know, recognize the website in HTML format the way that human eyes do. And you know, they often will hallucinate where a button is or it will, you know, order the wrong thing because they think that button's over here or it just. 55 00:00:54,000 --> 00:00:55,000 Agents can't navigate websites the way that humans can. And so there needs to be a more agent friendly site where maybe humans can't understand it, but agents will know exactly, exactly what to do and where to go. 56 00:00:55,000 --> 00:00:56,000 I thought it was an interesting take because then also your fraud and risk decisions would be different as well if you are able to parse out the agentix transactions into their own bucket and look at the data on those. 57 00:00:56,000 --> 00:00:57,000 So yeah, that is something to, you know, consider. Right now we don't have an agentic channel. There is a company trying to build one right now. Visa doesn't have any way for merchants to identify in the payment flow that a transaction was initiated by an agent. 58 00:00:57,000 --> 00:00:58,000 Maybe that will change once their partnership with OpenAI goes through, but right now they don't. I only know of maybe two vendors on the merchant side that are really able to identify agentic orders. 59 00:00:58,000 --> 00:00:59,000 Karisse Hendrick (00:15:12): Most of the merchants using legacy tools, if not all of them, have no way of, you know, they've done so many tests, transactions on every different agentic site and then, you know, looked on the back end for any identifiers of what, you know, how they can tell that an order was placed through ChatGPT. 60 00:00:59,000 --> 00:01:00,000 And timing doesn't matter anymore because these agentic platforms are trying to mimic consumer behavior so the transactions are approved so they aren't moving fast. Otherwise they get caught up in bot detection. There's no device difference. They're using real device, you know, IDs and emulators. There's no way right now to identify it. 61 00:01:00,000 --> 00:01:01,000 Unless you have maybe one of two tools that are still pretty new. Yes, Sardine is one of them. I got a one on one demo from Supes, actually the CEO of Sardine, while at a conference this spring on exactly how they can detect an AI agent. And it was really fascinating. 62 00:01:01,000 --> 00:01:02,000 But I know of another company that is able to do that as well. But my whole point being right now there's no way to tell if it was an agentic transaction on the merchant side. And there's no additional liability shift for merchants when errors occur or when fraud occurs or anything like that. And that needs to be looked at. 63 00:01:02,000 --> 00:01:03,000 My other concern, and this is, this kind of, this goes hand in hand, right? Because if you don't know that an agentic transaction is coming in, you can't do anything to stop it or prevent it. There are currently no provisions for chargeback represented by a merchant. 64 00:01:03,000 --> 00:01:04,000 When an agent initiates a transaction on behalf of a cardholder, a cardholder can change their mind, claim fraud, or state that the wrong item was purchased. And there is no way for merchants to dispute these claims or reverse the debited funds. 65 00:01:04,000 --> 00:01:05,000 Merchants are currently receiving these chargebacks and are automatically losing them. Once OpenAI and visa partner up, these losses will skyrocket. My take before this partnership goes live is that it's imperative that Visa and MasterCard as well. But right now it's about Visa. 66 00:01:05,000 --> 00:01:06,000 At least give merchants an opportunity to prove that these purchases were not fraudulent and that the cardholder authorized their agent to make this purchase. If changes aren't made to the liability structure of CMP transactions and to the ability for merchants to dispute chargebacks, the financial losses will be astronomical. 67 00:01:06,000 --> 00:01:07,000 So yeah, that's some big news. But you know, if you have a Visa rep that you work with, bring this up to them, ask them what they're doing about it. I have been in touch with my contact at Visa who said, you know, this is such a new thing. 68 00:01:07,000 --> 00:01:08,000 They don't know if this has been considered yet, but that they were going to do their best to run it up the flagpole for consideration. I don't know if there will be any motivation to change these things if there's not a little pressure so, you know, be aware that this is the case. 69 00:01:08,000 --> 00:01:09,000 I already know of one merchant that lost a pretty big dollar transaction when the cardholder said I directed my agent to the purchase, but I changed my mind. That was in the cardholder documentation of the chargeback. 70 00:01:09,000 --> 00:01:10,000 The merchant highlighted that along with their terms of service and you know, all the other things that were required for that specific chargeback reason code. And they were given an automatic decline because this is agentic e-commerce, and it didn't fulfill the compelling evidence 3.0 requirements. 71 00:01:10,000 --> 00:01:11,000 You know, an agentic transaction may not even fulfill the C2.O requirements because the cardholder technically wasn't involved, but they directed it. So the cardholder is one removed from the transaction now, which makes it difficult. 72 00:01:11,000 --> 00:01:12,000 Karisse Hendrick (00:19:10): This episode is brought to you by Sardine. One of the things I enjoy about working closely with Sardine is the ability to learn more about identifying and preventing fraud and scams. 73 00:01:12,000 --> 00:01:13,000 For instance, I've learned that the best way for a bank or fintech to detect a scam is to look at the five seconds before a transaction. Most fraud in AML controls focus on the transaction itself, but it's those things immediately before it that help you stop scams. 74 00:01:13,000 --> 00:01:14,000 That's in the preauth signals. That's why user, device, and behavior are so crucial. In those five seconds you can identify if another user is driving that device from a remote desktop access. 75 00:01:14,000 --> 00:01:15,000 Or you can learn that the phone making a transaction is upside down and not actually in use. You can also identify the behavior of the person behind the device and what their true intentions are. 76 00:01:15,000 --> 00:01:16,000 It's those little details that all add up. 77 00:01:16,000 --> 00:01:17,000 For more information about this or any of the other products within Sardine, go to www.Sardine.AI to read more information or to request a one on one product. 78 00:01:17,000 --> 00:01:18,000 Karisse Hendrick (00:20:13): So I'd love to know your thoughts other than oh crap. 79 00:01:18,000 --> 00:01:19,000 If you're on the banking side, the issuer side, be aware of this. I would love for you to not forward these on to merchants when you see mention of an agent. But obviously I know you have cardholders to appease and everything else. 80 00:01:19,000 --> 00:01:20,000 And that's why I really do think that the agentic platform should have liability on these transactions, especially for errors. But I don't know how they would be able to do that because obviously OpenAI and any other agentic platform is going to lobby to keep playability the way it is. 81 00:01:20,000 --> 00:01:21,000 So that is something to be aware of as we start talking about agentic AI. Those are two concerns and two things that I think we all need to be aware of there is no liability shift for merchants. 82 00:01:21,000 --> 00:01:22,000 It's always on them. And there's no way for them to win those transactions because there's no provisions in the chargeback documentation about agentic transactions. Obviously, agentic commerce is moving very quickly. 83 00:01:22,000 --> 00:01:23,000 There wasn't even a lot to report in March, you know, so now there is right now in June. We're like, oh, okay, Visa and ChatGPT are gonna, you know, join forces. That sounds big. 84 00:01:23,000 --> 00:01:24,000 MasterCard has made a similar announcement, but not with a large, it's not in partnership, it's like their own thing. And I mentioned a few weeks ago another solo podcast that amex has said that if a cardholder uses their agents and their rails for a transaction, that the cardholder won't be liable for that. 85 00:01:24,000 --> 00:01:25,000 They don't say that it won't be turned on to the merchant. They just say that there's consumer protections on those transactions. So I don't know if they're planning to take the hit or pass those on, but, you know, the ball is moving already, is what I'm trying to say. 86 00:01:25,000 --> 00:01:26,000 So along that note, another issue that I see for agentic e-commerce, and this was something I thought of kind of right away when I started wrapping my head around what agentic e-commerce is, is that agents will be trained to look for the best price or they'll be, you know, trained to look for the best location or the best timing or, you know, whatever it is. 87 00:01:26,000 --> 00:01:27,000 If it's for concert tickets, it's the, you know, the best seating. It's the best, you know, whatever those things are, they're trained to look for those. But I would say the majority of them are looking for a deal. 88 00:01:27,000 --> 00:01:28,000 There are a lot of fishing websites out there, especially because of AI, because it's so easy. And Matt Vega on the podcast a month or two ago, talking about how easy it is to clone a website, he clones MasterCard's website right in front of me as we were talking and recording the podcast. 89 00:01:28,000 --> 00:01:29,000 He did it in about five minutes, and he was able to harvest people's information off of that. So had he made that website go live? Had he, you know, attached it to Google SEO or other search engine optimization for other browsers, he could advertise and people could think, oh, that's MasterCard's website. 90 00:01:29,000 --> 00:01:30,000 I have no problem putting in all of my information. But then later down the line, their identity is stolen or their credit card is used. So, you know, it's easy to make fake websites. We know that fraudsters love to create fake websites and replicate merchants. So duplicate their websites. 91 00:01:30,000 --> 00:01:31,000 So say, I'm not going to pick on one particular company, but like Merchant A, for whatever reason, sorry, I couldn't come up with like a creative name that wasn't real. Merchant A has, you know, sells furniture and they have, you know, proprietary photographs of all their furniture on their website. 92 00:01:31,000 --> 00:01:32,000 They have, you know, it's. It's their website and then it allows consumers to interact with it, to put things in their cart, to visit their cart, to, you know, then check out. 93 00:01:32,000 --> 00:01:33,000 Fraudsters can now duplicate not only the, they used to be able to duplicate the pictures they would copy and paste, they would scrape the websites, etc. But now they can make those functional. They can say, hey, make it possible for a cardholder to order this item and purchase this item. 94 00:01:33,000 --> 00:01:34,000 Karisse Hendrick (00:24:28): And then chances are they're harvesting credit card numbers and the person that you know, placed the order never gets the item. Or if they do, it's something that's really fake. It's not the real item that they thought they were ordering. 95 00:01:34,000 --> 00:01:35,000 Well, with agentic e-commerce, those agents are looking for the best deal possible. Those phishing websites are known for giving the best prices ever. I think we've all seen, you know, especially around drops or holidays, big purchase times. 96 00:01:35,000 --> 00:01:36,000 I'm sure we've all seen Facebook ads or Instagram ads for $20 Nikes or, you know, $50 airline tickets or whatever it is. You just have to click their website. Well, chances are that website isn't real and it's going to look like it's coming from Costco or United Airlines or it's going to look like it's coming from Nike themselves, but it's not. 97 00:01:36,000 --> 00:01:37,000 So what's going to happen is a lot of those agents are going to choose the lowest price, which is going to go to a fake website. A fake website that now has actions that can now collect credit cards, that can sometimes in some cases process credit cards. 98 00:01:37,000 --> 00:01:38,000 That's going to cause a lot of fraud. It's going to cause a lot of issues. The types of issues it'll cause are at your call center. You'll see more calls with people saying, hey, I ordered this item on your website, but it never came, or I got a pair of fake Nikes instead of real ones or whatever it is that is going to cause, you know, going to take time for your customer service to research it because there won't be an order on file for that cardholder. 99 00:01:38,000 --> 00:01:39,000 Karisse Hendrick (00:26:03): And the cardholder will be really confused because they're very certain that they made the purchase on your website. The other issue it has is for TC40s. TC40s are based on the descriptor, not the merchant ID. So if this fake company selling $20 Nikes created a website called Nike123 chances are the real Nike would get the TC40s for those. 100 00:01:39,000 --> 00:01:40,000 And that adds up to their VAMP very quickly. They would get the TC 40s and the chargebacks for those. Now Visa does allow a 10 day window between the time that your acquirer is notified that you're on the VAMP list. 101 00:01:40,000 --> 00:01:41,000 So it's a ticking clock from when your acquirer was notified, not from when you were notified. But they allow 10 days of grace for you to pull all the reporting and say oh, 430 of these were not for us, they were for a fraudulent descriptor. Um, or maybe it's, you know, 2,000 of these were for a fraudulent descriptor. It's Nike 1, 2, 3, not Nike.com. 102 00:01:41,000 --> 00:01:42,000 Karisse Hendrick (00:27:04): Sorry to Nike that I'm picking on them. It was just the easiest example I could think of. It happens to every large retailer. So I'm, no one is immune from this. So you know, when the cardholder realizes that they made an, place an order with a fake website, they're going to issue a TC40 because they want their money back. 103 00:01:42,000 --> 00:01:43,000 And unfortunately if you don't have the time to manually go through all of the TC data or if your acquirer doesn't provide it to you, because I know some of you are still in that boat, you can't see the printout or the, you know, the data that says this is not for us, this is for a different company that added on letters after our company name. 104 00:01:43,000 --> 00:01:44,000 And you know, it might be Nike DAILY sale. It doesn't have to be a number, it can be all kinds of things. But as long as it starts with Nike, they're gonna put it under Nike's, you know, account. And so it is important to dedicate some time when you get, if you are put on VAMP to look at those TC 40s and verify that they are coming for your website. 105 00:01:44,000 --> 00:01:45,000 But I really believe that as agentic commerce continues to grow, this is going to become a major problem because agents don't have a way of deciphering a legitimate website from a fake one. 106 00:01:45,000 --> 00:01:46,000 So they're just looking, if they're just looking at price, they're going to go for the $20 Nikes either because they were stolen and that's still profit for the fraudster or more likely you're not going to get those shoes ever, but your credit card is going to be stolen down the road or you were charged for those items if the fraudster was able to get a merchant account. 107 00:01:46,000 --> 00:01:47,000 And then that means chargebacks. So it's not going on your med, it's not going on your, you know, you, you won't be responsible for that chargeback amount. That's the good news. But for VAMP counts, those will be applied and the only way to take them out is to. 108 00:01:47,000 --> 00:01:48,000 Very quickly, when you're notified that you're on VAMP, look through every single CC40 or search for it. Maybe you can use ChatGPT for this. Actually, you know, look for any descriptor that isn't yours and make sure they subtract those from the total. However, it is challenging because acquirers are sitting on these notices. 109 00:01:48,000 --> 00:01:49,000 Karisse Hendrick (00:29:21): They're not always providing them to the merchant within just a couple days. So it is important to talk to your acquirer and say, hey, if I get on the VAMP list and if you're going to find me, how quickly do you notify merchants of that? 110 00:01:49,000 --> 00:01:50,000 I need to be notified within two to three business days of when you're notified because I need to be able to highlight these transactions for Visa that shouldn't be under our name. So that's my big overview. But I found an article that talks about this too. 111 00:01:50,000 --> 00:01:51,000 And, you know, this has been kind of my. So what I just talked about was kind of my take on it and like, what I thought would happen. And this article from the Guardian actually says that I'm right. And like I always say, when it comes to fraud, I don't like to be right necessarily. I don't like to be called the fraud psychic. 112 00:01:51,000 --> 00:01:52,000 It's just, you know, those of us that have been in fraud for a long time, we know the cause and effect of it and we know, you know what's going to happen if you change something upstream and how it's going to impact the downstream. So this article is titled Cloned Sites, which is just what I was talking about. 113 00:01:52,000 --> 00:01:53,000 The shopping scams that led ChatGPT to fake stores, or that lead ChatGPT to fake stores. Buyers are ripped off, assuming online stores were genuine, because they are recommended by an AI tool. You want to buy a new bag and you ask ChatGPT for help. 114 00:01:53,000 --> 00:01:54,000 You always liked Russell and Bromley, so you asked ChatGPT what is popular there at the moment. The AI assistant gives you a crossbody shoulder, casual, informal options with the prices listed beside them. You click through from the sources to what looks like the official Russell and Bromley site and buy your new bag, which is conveniently on sale. 115 00:01:54,000 --> 00:01:55,000 The item will never arrive, however, you have handed money over to a scammer and your bank details have been harvested through an elaborate fraud where fake sites are created to look convincingly like real retailers. Ask Silver, a scam checking service, says clone sites have been showing up in search results on ChatGPT. 116 00:01:55,000 --> 00:01:56,000 The ones it has seen are rip offs off of Russell and Bromley and furniture retailer Dunelm. This must be in the UK because those are brands I'm not familiar with, Anna Jones of Ask Silver says. In this instance it looks like scammers are taking advantage of the fact that Russell and Bromley went into administration in January of 2026 and was absorbed by Next. 117 00:01:56,000 --> 00:01:57,000 Karisse Hendrick (00:31:45): So there is no longer an official Russell and Bromley website, but potential customers will likely still be searching for it. Louise Baxter, the head of scams team at National Trading Standards, said people should not assume a website is genuine just because it is recommended by an AI tool. 118 00:01:57,000 --> 00:01:58,000 And that's the same for Internet browsers as well. When they come back with results. You can't assume that all of those websites are real either. Consumers are increasingly turning to AI tools to ask for advice and recommendations, but criminals are adapting just as quickly. 119 00:01:58,000 --> 00:01:59,000 The fact that scam websites can appear in AI generated results is worrying and a stark reminder that fraudsters will exploit any new technology that helps them reach potential victims, she said. The Ask Silver research asked ChatGPT a general question. What are the popular Russell and Bromley purses and bags? 120 00:01:59,000 --> 00:02:00,000 The results include details and prices of different bags, trends and what bag was good for what occasion. Among the sources for the answer were two fraudulent Russell and Bromley sites. These sites look credible. In one case there are huge discounts, up to 80% offered on a bag. 121 00:02:00,000 --> 00:02:01,000 In reality, it is likely that if you buy something, fraudsters will make off with your money. The cloned website will often have a similar address to one that you may expect a legitimate store to have. Ask Silver identified the Russell Bromley official and Russell Bromley London, Russell Bromley Online UK and Russell Dash and Dash Bromley as some of the names of the fake sites. 122 00:02:01,000 --> 00:02:02,000 The legitimate Russell and Bromley store sits within the next website, so there isn't actually a Russell and Bromley website anymore dedicated to them. What you can do when shopping online, watch out for clone sites by looking at their address. Legitimate UK sites will often use .co.uk or .com. In the US it would be you know .com or maybe .co.us. 123 00:02:02,000 --> 00:02:03,000 Sometimes and beware of extra words in the title such as official or deals. Fraudulent sites will often only take payment by bank transfer, which is an immediate red flag and have large discounts on them. So large fees on them. Go directly to retailers websites when you can rather than following the sources. That's my big suggestion. 124 00:02:03,000 --> 00:02:04,000 A spokesperson for Dunelm said we encourage our customers to only engage with our official website, www.dunelm.com or via the official Dunelm app. He said that when the retailer became aware of a fraudulent site, it worked hard to ensure its removal as soon as possible. 125 00:02:04,000 --> 00:02:05,000 If you find that you have handed over your financial details, reported bank and report fraud, that's in the uk. There's not really a place to report fraud here in the US like that. Next, which brought Russell and Bromley in January, said that it was aware of the situation and had been working to have the sites closed down. 126 00:02:05,000 --> 00:02:06,000 A spokesperson for ChatGPT said it had removed the fraudulent websites from its search index. Users of the AI tool can report sites that violate its policies through this form that requires consumers to notice that it's fake and that's, you know, the onus shouldn't be on them, in my opinion. 127 00:02:06,000 --> 00:02:07,000 Karisse Hendrick (00:34:57): This article and its headline were amended on 12 June to remove the suggestion made by Silver that the large language model powering ChatGPT may have been poisoned. This is a specific term that applies to the manipulation of AI training data rather than AI simply providing false research results and that is it. 128 00:02:07,000 --> 00:02:08,000 So basically the website said what I was saying, but just a little bit more because you know, we're aware of the VAMP program and having received those TC 40s from those fake sites can be really detrimental and can add up and then you can be fined for them. But also the impact on your customer service is big. 129 00:02:08,000 --> 00:02:09,000 You know, they're expecting their item and they are mad at you. They're not mad at some scammer. They want their money back. Well, they can't get it back from you, it's going to be a lot of headaches. So if I were a fraud leader now for an enterprise e-commerce, I would first notify customer service that this may be happening and explain what's happening. 130 00:02:09,000 --> 00:02:10,000 You know that there are most likely scam websites out there, you know, that are depicting and look very legitimate to be your website. You know, let them know that's happening. Contact your IT department to have them try to take it down through the DNS servers. 131 00:02:10,000 --> 00:02:11,000 That can take a little time but they can, you know, do what they can there and then the other thing is, you know, really encourage your consumers as much as you can through messaging and other, you know, maybe creative ways. You know, maybe you meet them on social media, maybe you meet them, you know, you meet them where they are. 132 00:02:11,000 --> 00:02:12,000 Karisse Hendrick (00:36:30): Right. So it's important to educate your consumers that they need to be going to your official website. The challenge is going to be that ChatGPT and other, you know, large language models are going to keep directing their consumers to the lowest price. 133 00:02:12,000 --> 00:02:13,000 It would be very good if they had the same type of thing that Google put in place when they had this problem, which is a registry for the legitimate websites and not allowing the fake websites to do much. 134 00:02:13,000 --> 00:02:14,000 But the combination of being able to clone a website along with these large language models looking for the best deals tells me that this is going to be a real big problem for e-commerce merchants in the next few months and ongoing years. Again, you won't receive a chargeback for them because it'll be on a different M ID if they did charge their card. 135 00:02:14,000 --> 00:02:15,000 But you will receive customer service complaints and you will most likely receive TC 40s that you don't deserve. So those are just two of the things from Regenta Commerce that are impacting e-commerce fraud today or that will impact e-commerce commerce fraud. I would love to hear from you if you feel like I'm missing anything or if you have any questions or comments about the two topics that I shared today. 136 00:02:15,000 --> 00:02:16,000 Karisse Hendrick (00:37:46): That's it. That's really all that I wanted to talk about today. We might take a break next week for the U.S. holiday of the Fourth of July. I have not decided yet, but that's a possibility. So if you don't see a new episode next week, that's why. And then the next episode's going to be with a really good guest. You're not going to want to miss it. 137 00:02:16,000 --> 00:02:17,000 We're going to talk all about marketplace places and market volatility and how market volatility impacts marketplaces in their fraud and abuse. It'll be really interesting. We've already had a pre-call and I had a lot of fun geeking out and it's someone that's a friend of mine that I think you guys will all enjoy learning from and hearing from too. 138 00:02:17,000 --> 00:02:18,000 Karisse Hendrick (00:38:29): So you have that to look forward to either next week or the week after. I hope that you are enjoying a great summer if you are in the Northern hemisphere, and I will look forward to speaking with you more next week.