The idea of a robot automatically buying a consumer the perfect new pair of jeans is no longer a futuristic pipe dream. It’s a reality occurring now through the advent of agentic commerce, in which AI agents make purchases on consumers’ behalf.
In fact, Mastercard cardholders will have agentic AI shopping access in time for this holiday season, the company announced this month. Days before, Visa added toolkits to help developers build AI agents that connect to its Visa Intelligent Commerce.
As these payments firms roll out agentic AI capabilities, security is at the forefront of their initiatives. Industry experts see huge potential for seamless shopping experiences as agentic commerce catches on, but they also acknowledge the technology opens the doors to risks.
“Fraud is the earliest technology adopter out there,” said Jeff Otto, chief marketing officer of Riskified, a software firm focused on fraud prevention.
The possibilities of fraud
In agentic commerce, a consumer interacts with a large language model to say something like “buy me new shoes.” The AI agent can ask for more specifics before it automates the search process across e-commerce sites, reasons through the options and ultimately makes a purchase.
Agentic commerce is in its early stages, with firms such as PayPal Holdings, Shopify, Amazon and Walmart, in addition to Visa and Mastercard, announcing tests and launches of tools just this year.
As with any new technology, there are bound to be bumps along the way. Marcia Klingensmith, CEO of FinTech Consulting, said fraudsters “are very quick to attack and exploit the vulnerabilities.”
Klingensmith and Otto said account takeovers could result from a bad actor – a person or bot – spearphishing a consumer and gaining access to their shopping agent, stored payment details or identity.
A stolen credit card number could be placed on file with an AI agent, which could quickly make a bevy of unauthorized purchases that merchants and payment processors would later have to resolve.
Another possibility, Otto said, is that a fraudulent AI agent mimics a legitimate agent and makes authorized purchases. Fraudsters could inject prompts into AI models, giving it malicious instructions that attempt to alter purchase behavior.
“We don't know how many different ways this can be exploited yet,” Klingensmith said.
Mastercard and Visa are both creating servers and toolkits to secure agentic payments, but Klingensmith acknowledged it's hard to establish all the necessary controls up front. New technology is often a learning exercise, where exploitations occur and the payments companies react by putting in new controls.
Big questions remain like what happens in the event of a chargeback. “Who’s on point for eating that?” Klingensmith said. “How does that dispute process get resolved?”
Payments firms and merchants would need an audit trail so they can go back through each step and understand why a decision happened, she added.
Otto said consumers might refute a purchase, even a legitimate one, blaming the bot for making it errantly. Agentic commerce could also increase instances of buyer’s remorse, leading to more return or claims.
“All the same problems that we have with this spectrum of abuse can still happen,” Otto said. “It could just be slightly worse because the agent was the one that actually did most of the work.”
Despite risks, Otto is enthusiastically optimistic about the possibilities that agentic commerce holds. There’s an “incredible, elegant experience” he said, of an AI agent that learns and retains consumers' preferences, brands, sizes and much more.
“It never forgets,” Otto said. “It’s 24/7/365 convenience.”
Agentic catches on
Payments firms are emphasizing safeguards as they launch agentic commerce capabilities.
Visa said its model context protocol server lets AI agents connect to Visa’s infrastructure and securely grab transaction data or get payment links. Mastercard employs a similar toolkit and MCP server, and it’s collaborating with industry groups to help set standards for “how AI can securely and confidently handle payments,” the press release noted.
Aside from MCP servers and merchants such as Amazon spinning up AI shopping agents, Otto said there could also be a “disintermediated” approach to agentic commerce in which LLMs, such as Google Gemini or Anthropic’s Claude, would build their own commerce agents.
In many ways, the timing is ripe for agentic commerce. AI is catching on in the payments industry, with financial services companies collectively expected to spend $97 billion on AI implementation and investments by 2027 — more than double what they spent in 2023 and the fastest growth rate of any primary industry, according to the International Monetary Fund.
In July, PayPal’s CEO predicted that 25% of all e-commerce will be agent-driven by 2030. In addition, the recent migration to ISO 20022 standardized fields is making it easier for AI agents to digest and process information.
“I think that’s really going to help accelerate the adoption,” Klingensmith said.
