Disputes and friendly fraud in the age of agentic commerce

Michael Greenwood, Senior Research Analyst at Juniper Research, analyses the regulatory grey area around agentic commerce, and what it means for disputes and friendly fraud. 

Agentic commerce is still in its infancy, but anticipated to have a significant impact on the ecommerce space. Agentic commerce refers to the use of AI agents to streamline the ecommerce process for consumers and can be split into two main categories: product recommendation and product purchasing. Product recommendation refers to the agent suggesting options to the consumer based on the parameters they set, with the consumer making the final decision to purchase. By contrast, product purchasing sees the agent making the final decision to buy the item itself. 

When examining friendly fraud, which is a major issue in the fraud space, an AI agent that offers product recommendations does not have an impact, as the purchase is still being made by the consumer, so the usual considerations apply. It is when the agent is making purchases independently of the consumer that questions of friendly fraud and liability become more complex. 

One of the most significant challenges presented by agentic commerce is an unclear regulatory and legal environment. Due to the emerging nature of the technology, agentic commerce has no regulation that specifically applies. This means that when it comes to compliance, consumer rights and merchant obligations, stakeholders must reinterpret existing legislation to see how it applies. This is not always easy, or clear, and this uncertainty creates a grey area in which friendly fraud may thrive. 

Who is responsible for mistaken purchases?

One of the most significant areas of uncertainty is around who is responsible for mistaken purchases. If an agent purchases an item or service that the consumer does not want, or retrospectively claims not to have wanted, then which party is responsible for the transaction? 

There are arguments for all parties taking responsibility. It was the consumer that gave an agent their payment credentials and gave it permission to make that kind of transaction. It could also be the agent’s responsibility, as it was the party that actually initiated the transaction. The merchant also has existing responsibilities to prevent fraudulent purchases, meaning that if a consumer claims an agentic commerce purchase is fraudulent, the responsibility may be with the merchant. 

Regardless of the strength of the respective arguments over who should be responsible, there is no definitive ruling for the respective parties from which to operate. 

The need for agentic commerce regulation

For all parties, a clear ruling of who holds which responsibility regarding a purchase by an AI agent would be very beneficial. For merchants, this should clearly lay out which checks a merchant must perform on a transaction in order to not be responsible if the transactions were not desired by the consumer. 

Agentic commerce regulation must also set out how far an agent can stretch its interpretation of the consumer’s data. This is important, as these AI agents operate on probability; meaning that an agent can be restricted to only initiating transactions for purchases that meet a certain probability threshold. Even with this, there will still be room for subjective interpretation as to whether the probability of the consumer wishing to purchase an item is what the agent attributes. 

Setting out clear rules for the AI agent is made more complex by the ‘black box’ nature of most AI agents. This means that despite knowing the code the AI operates from, we do not know the decision process that the AI follows when making a purchase. This makes it extremely difficult for operators to pinpoint what went wrong when an AI makes the wrong decision. It also means regulations cannot prescribe the decision-making process for compliant AI agents, as there is no way of ensuring that an agent is following the prescriptions. 

Verifiable Intent – a collaborative industry response

Leaders in the space are already working on solving these issues. An example of this is the collaboration between Mastercard and Google resulting in Verifiable Intent. Verifiable Intent is an open source, standards-based trust layer designed to work with agentic commerce. It aligns with Google’s Agent Payment Protocol (AP2) and Universal Commerce Protocol (UCP) and will integrate directly into Mastercard’s Agent Pay’s intent APIs. 

Verifiable Intent creates a tamper-proof record of the instructions a consumer gives to an AI agent; creating a single shared source of truth. This record can provide merchants, agent operators, and consumers with the evidence needed to resolve chargeback disputes in their favour. The challenge would be with adoption. If an agentic commerce transaction does not include Google or Mastercard, merchants could be left without the source of truth. 

Regardless of where the responsibility is attributed, and the exact form regulation takes, the existence of regulation would allow each party to make decisions from a position of knowledge regarding their responsibilities. This certainty would allow whichever party deemed responsible to take steps to mitigate the risks of chargeback fraud; making all involved safer from fraud risk.

The merchant data gap

Another way in which the rise of agentic commerce will make merchants more vulnerable to first-party fraud, and other types of fraud, is the reduction in user data before the transaction that can be screened for signs of fraud. 

Inputs such as keystrokes, a device’s ID and device location are all lost from the risk assessment process when the order is placed by an AI agent on behalf of a consumer. These inputs play a vital role in risk scoring for fraud prevention, and their absence makes it more likely that a merchant will allow a fraudulent transaction. It also means this evidence is not available to the merchant for chargeback disputes; making it more difficult for a merchant to recoup losses on a fraudulent chargeback. 

When transactions are made by AI agents, the user’s data can be replaced with metadata such as agent identity, conditions for purchase, cross-platform behaviour, and sequences of actions for the purpose of fraud prevention. However, fraud prevention solutions are not currently set up to use this data. To utilise this metadata will require recalibrating checks used for risk management solutions. 

However, this only has a limited capability to protect against friendly fraud, as these transactions will look legitimate at the point of purchase. This is where the lack of clear regulations is again an issue, as it is unclear what a merchant must prove in order to win the chargeback. Do they have to prove that they fulfilled the order as advertised, or do they have to prove that the consumer gave consent to the agent to purchase an item or service? These are two completely different levels of proof, and it is unclear which, if any, would protect a merchant from friendly fraud, if proven. 

Final thoughts

The key to managing chargebacks in the world of AI agents in the short term is clarity. Whether it comes from governmental regulatory bodies, or industry representative bodies, a clear framework on how merchants must operate in regard to fraud prevention from AI agents is essential to allow the technology to progress. 

This regulation or industry standards must set out which fraud checks a merchant must carry out, what data it should collect for a dispute, and what it must prove to show that a chargeback claim against an AI agent purchase is not legitimate. This should be done in collaboration with the creators of the AI agents; using information sharing to prove fraud on a consumer’s part, and protecting both against false claims. This same data sharing can also be used to demonstrate when a consumer is lodging a legitimate chargeback; offering greater protection to consumers. 

About the author

Michael is a Senior Research Analyst at Juniper Research. Michael focuses on analysing the latest developments within the fintech and payments market; helping stakeholders understand future market outlooks and sizing.

His recent research reports include B2B Payments, B2B Card Strategies, Chargeback Management and Digital Wallets.

Michael has a BSc (Hons) in Economics from the University of Huddersfield.

About Juniper Research

Juniper Research has been a trusted source of market intelligence to the banking, payments, and anti-fraud sectors for over 20 years.

Our fintech and payments research portfolio spans more than 45 reports; covering everything from established markets including QR Code Payments and Virtual Cards to fast-evolving technologies such as CBDCs & stablecoins.