AI Agents Create New Fraud Battleground as Chargebacks and Scams Surge in Autonomous Commerce

The Agent Did It: Why Agentic Commerce Changes the Chargeback Equation: By Roenen Ben-Ami

Since the chargeback system was first introduced through the Consumer Protection Act of 1968, consumers have found creative ways to dispute transactions. First came the rise of "friendly fraud" -- also known as first-party or illegitimate fraud -- where customers dispute valid purchases they regret, or forgot. Then came social media tutorials coaching consumers on how to game the system. Now comes agentic commerce, and with it, a new and more complicated chapter in the story of chargebacks that should never have been filed. AI agents can now browse, compare, fill carts, and complete purchases on behalf of consumers -- all flowing from a single moment of consent granted to the agent at the outset. The infrastructure for autonomous shopping is no longer theoretical. It's operational. And that's precisely where the problem begins. When One Click Becomes Five Consider a scenario playing out in homes right now: a consumer asks their AI assistant to find a highly-rated vitamin C serum. The agent searches, compares reviews, identifies a top-rated option, and presents it. The consumer approves with a tap. The product page clearly disclosed that this was a subscription - monthly shipments, cancel anytime. The agent processed that information. But did the consumer fully absorb it? In the speed of the interaction, with the agent handling the details, the subscription terms may have been clearly displayed by the merchant, yet never truly registered with the consumer.. A month later, a second shipment arrives. The consumer doesn't remember signing up for ongoing deliveries. They file a chargeback. Here's the question that will define the next era of disputes: was the consumer bound by the consent they provided to the agent to make a payment on their behalf? Is this a valid chargeback -- a genuine case of an agent executing beyond the boundaries the consumer intended? Or does it fall into the realm of friendly fraud, where the consumer is using the agent as cover for buyer's remorse? This is the new grey zone. Not outright fraud. Not a clear mistake. Something murkier: a purchase made with reduced cognitive intent, where the consumer's agency was diluted by the speed and efficiency of the agent acting on their behalf. The The Lines Converge There will be legitimate times when an agent makes a purchase that was genuinely not sanctioned by the consumer. There will be other times when it's unclear - the consumer approved something but didn't fully define the scope. And there will be times when the consumer knows exactly what happened and is practicing chargeback fraud, using the agent as cover. All of these scenarios are about to blur together more than ever before. According to LexisNexis Risk Solutions' analysis of over 104 billion global transactions, first-party misuse/friendly fraud, jumped from 15 percent of all fraud in 2023 to 36 percent in 2024, representing a significant swing in global fraud. Now add a new variable: when an AI agent sits between the consumer and the merchant, the psychological distance increases. The consumer didn't visit the merchant's website. They didn't scroll through product pages. They didn't manually enter payment details. The transaction happened somewhere else, orchestrated by something else. This further distance of the cardholder from the merchant will create both more cardholder confusion of the descriptors on their credit card statement, and less remorse to falsely claim, 'I didn't authorize that' or 'I didn't receive what I expected.' The Evidence Challenge For merchants, fighting chargebacks has always required evidence: proof of delivery, records of customer communication, documentation of authorization. In traditional e-commerce, that trail exists in server logs, email confirmations, and checkout flows. In agentic commerce, the evidentiary landscape fragments. The consumer's intent is expressed to an AI assistant. The browsing happens through a protocol layer - Google's Universal Commerce Protocol, Microsoft's Copilot Checkout, Shopify's multi-protocol infrastructure, PayPal's abstraction layer. The merchant may never have direct contact with the buyer at any point in the transaction. When a dispute arrives, merchants face a new question: where is the evidence that the consumer authorized this specific purchase, with this specific scope? The data exists - somewhere across these platforms and protocols. But compiling it into a coherent response requires capabilities most merchants don't yet have. This is why evidence traces are so critical post-purchase. Not just for merchants, but for the entire ecosystem to have visibility into what cardholders consented to, what was disclosed, and what the cardholder understood at the moment of approval. But collecting that data is only half the challenge. The other half is transforming it into tailored, scenario-specific evidence -- and that requires smart automation, not simply automated templates. Preparing for the Shift The protocols being deployed by major platforms include authentication frameworks and transaction logging precisely because the industry recognizes the complexity ahead. The infrastructure for secure, agent-mediated transactions is in the process of being built. But infrastructure is only half the equation. The other half is what happens after the transaction -- when a consumer files a dispute and the merchant must respond. That's where the new complexity sits: parsing consent signals from multiple protocols, reconstructing the decision path an agent took, demonstrating that the purchase fell within the scope the consumer authorized. Merchants selling through agentic channels need to think about post-transaction intelligence with the same rigor they've applied to fraud prevention. The disputes are coming - legitimate, ambiguous, and fraudulent alike. The question is whether the systems to distinguish between them will be ready. The Moment of Preparation Most merchants won't face an avalanche of agent-related disputes tomorrow. But the pattern is clear: as more transactions flow through AI-mediated channels, the proportion of chargebacks involving agent ambiguity will grow. This isn't about predicting disaster. It's about recognizing that the rules of engagement are changing. Consumers are gaining new ways to shop. Merchants are gaining new channels to sell. And between them, a new layer of complexity is emerging that will test every assumption about how disputes are triggered, fought, and resolved. The companies that build robust post-transaction intelligence -- evidence trails that can reconstruct what happened across fragmented protocols -- will be positioned to protect their revenue. Those that don't will find themselves incurring losses where the line between legitimate confusion and friendly fraud becomes impossible to draw.

Agentic Agents Confront and Combat Fraud as Scams Accelerate | PYMNTS.com

Across town, a mid-sized business CFO reviews an invoice from a long-standing supplier. The amount aligns with prior payments. The banking details are new, accompanied by a routine explanation. The transaction is approved. Days later, the supplier calls. The funds never arrived. These situations reflect a common weakness in modern fraud prevention. The transactions are authorized. The credentials are valid. The behavior, viewed in isolation, appears reasonable. The deception occurs at the level of human judgment rather than system breach. PYMNTS Intelligence data underscores how rapidly this pattern is expanding. Scams recently accounted for 23% of fraudulent transactions reported by financial institutions, following a 56% year-over-year rise. Even more telling, the share of dollars lost due to scams increased by 121%. Fraud systems have traditionally been structured around discrete checkpoints such as verified logins and scored transactions. The payment is approved or declined. If fraud later emerges, disputes and reimbursements follow. That structure performs well when fraud originates from stolen credentials, compromised cards or abnormal spending patterns. Scam-driven fraud introduces a different challenge because the payment "intention" appears legitimate. The risk signals often develop during the interaction itself. Instant payment rails intensify this pressure due to the fact that settlement windows are compressed. Reversals become more difficult. Financial institutions are already seeing the strain. PYMNTS Intelligence finds that 40% of financial institutions (FIs) lost more money to fraud, while 38% experienced higher fraud volumes. Agentic artificial intelligence (AI) agents introduce a different operational posture when it comes to battling fraud. Instead of evaluating risk at fixed points, the system observes and assesses continuously throughout the transaction lifecycle. In effect, agentic agents can change when and how intervention occurs. Speed and data are critical in an era, where, as PYMNTS CEO Karen Webster noted, data as recently as last month indicate that 41% of consumers used dedicated AI platforms for product discovery, and agent-enabled shopping may equate to more than $5 trillion in spending activity. "They're not layering AI on top of old habits," Webster said of these consumers, "they're shutting the door and leaving them behind." An agent can evaluate behavioral patterns as a customer navigates a payment session. The data and patterns can correlate device attributes, session dynamics, historical activity and contextual anomalies as signals evolve. Decisions are refined while the interaction unfolds. Most importantly, intervention does not inherently require interruption, so the parties on either end of the transaction don't experience a hiccup. A frequent concern surrounding advanced fraud controls is the risk of slowing legitimate activity. In practice, agentic systems can operate largely outside the customer's awareness. Risk evaluation occurs in parallel with the payment flow. Authentication strength may adjust using credentials already present in the session. Contextual confirmations appear as routine security checks rather than alerts. This capability addresses a longstanding tension in fraud management. Stronger controls have historically translated into broader friction. Agentic systems enable more selective responses. The industry's investment patterns reflect these pressures. PYMNTS Intelligence reports that 26% of financial institutions added behavioral analytics capabilities in the past year, while 76% are deploying or planning new fraud technologies. Confidence in faster payments is also rising. Ninety-eight percent of FIs report that they believe faster payment experiences can be offered without compromising security. External forecasts reinforce the urgency. Deloitte has projected significant growth in authorized push payment fraud as instant payment adoption expands. Loss prevention strategies increasingly require systems that can assess intent, context and behavior in dynamic fashion. From an economic perspective, earlier intervention reduces loss severity Agentic agents also align with the trajectory of commerce interfaces. As digital experiences move toward embedded finance and agent-driven interactions, continuous decisioning will move towards becoming a structural requirement. For the time being, adoption challenges remain material. Cost pressures continue to dominate investment decisions. PYMNTS Intelligence data shows that 83% of FIs cite cost as a constraint on fraud-prevention upgrades. Governance demands also expand. Continuous decisioning introduces model-risk considerations, auditability requirements and accountability questions. Against a longer term backdrop, agentic agents reflect a broader shift in defensive strategy as risk assessment becomes continuous.