Not long ago, fraud teams could keep pace by reviewing incidents one by one. That era is ending. Armed with artificial intelligence and cloud-scale infrastructure, today’s cybercriminals operate faster, more broadly, and with far greater sophistication than ever before.
The rise of agentic commerce will only intensify these challenges, in part because it upends a longstanding assumption in fraud prevention: that bot traffic is inherently suspicious. In a world where legitimate transactions may be initiated by AI agents, that distinction becomes far less clear.
In a recent PaymentsJournal podcast, AtData’s Diarmuid Thoma, Head of Fraud and Data Strategy, and Brandt Hoffman, Sales Director, Fraud Services, along with Jennifer Pitt, Senior Fraud Management Analyst at Javelin Strategy & Research, discussed how these shifts are dramatically impacting payments risk.
At the center of this transformation is a simple but growing imperative—organizations must know, with confidence, who (or what) is on the other end of every transaction. Achieving this now requires systems capable of analyzing and contextualizing vast, dynamic data streams in real time.
The Outputs of Scalability
Historically, many fraud attacks were treated as isolated events, leading financial institutions to adopt a reactive, situational approach. However, there are often patterns that emerge when these incidents are viewed collectively. Recognizing and operationalizing those patterns is critical.
“From a law enforcement perspective, I remember a mail theft case that I investigated,” Pitt said. “We conducted a search warrant on the suspect’s home and found bags of open and unopened mail. We also found stacks of paper that contained full personally identifiable information—name, date of birth, Social Security number, next of kin, last known addresses—you name it, he had it.”
“We searched his phone and his computer, and we were able to see that he was connected with several other suspects that we were already investigating,” she said. “What we uncovered was this hierarchical organized crime ring where there ended up being more sophisticated identity theft and other crimes. If we were just looking at one of those players or incidents, we wouldn’t have seen this whole organized crime ring.”
While traditional vectors like mail fraud persist, the digital landscape has allowed bad actors to expand their reach exponentially. Technologies such as AI and cloud computing have supercharged criminal capabilities faster than most organizations can evolve their defenses.
Beyond just deploying generative AI to create more convincing impostor sites and deepfakes, bad actors can now deploy AI agents to autonomously carry out widescale fraud campaigns. For example, agentic AI has been used in a technique where email addresses are rapidly and sequentially created for use in fraudulent activities.
“We see thousands and thousands of them every day, where we see sequential types of emails created and they’re not necessarily in one client,’” Thoma said. “Somebody’s using an email over here to create a bank account and going and buying a pair of sneakers over there.”
“Individually, it looks fine; there’s nothing wrong there,” he said. “At a platform level, we see the cumulative effect. It’s a simplistic example, but that type of behavior is a direct output of the scalability of fraud.”
Distinguishing Malicious Automation
Given agentic AI’s potential to amplify fraud across every channel, the emergence of agentic commerce presents unique challenges for fraud prevention teams.
Many of the open questions around agentic transactions center on authorization. In the conventional e-commerce model, the shopper selects items, completes verification, and explicitly authorizes the purchase. When an AI agent acts as the consumer’s proxy, however, new gray areas emerge.
“What happens in a chargeback scenario?” Thoma said. “The industry hasn’t got all the answers on that. It’ll slowly emerge, but one of the things that won’t change is history. It’s still you buying it. Especially for physical goods, it’s going to your physical location, it’s going to your name, and it’s probably using your e-mail address to confirm all the details. There’s still a lot of information, even in the agentic world, that’s going to be coming through.”
This means that one of the most important considerations for fraud prevention will be the user’s history. Fortunately, this data is already present for many consumers. For example, the organization can confirm the age of an email address, whether it has been actively used, and if there are any red flags associated with it.
This historical data becomes a critical point of continuity as organizations design fraud strategies for agentic commerce.
“It was always, ‘Let’s look at the negative aspects of what this transaction could present,’” Hoffman said. “Now, we have to be cognizant to bring in those positive signals. What are the good signals that we can lean on? What allows us to interpret or infer more quickly? How do we start to identify what it means to be a positive bot, or to be a good transaction along the line?”
A Timeline Event
To act on these signals effectively, teams must start from an accurate baseline. A core lesson from AI is that models are only as strong as the data that feeds them. Just as importantly, that data must remain current, especially as consumers’ digital footprints continue to expand.
“Many still look at data like it’s a credit report, where it’s a static thing that you see in a piece of paper and that’s it,” Thoma said. “It’s not. It’s a timeline event. If you think about when you were 20 to now, you’ve had different addresses, you’ve had different IPs and different devices. Your name may have changed for different reasons, and your email probably changed one or two times.”
“Your profile naturally evolves, so the importance of the data quality and the skill in the overlaying models is to know when that change is abnormal versus normal,” he said.
A practical way to evaluate changes in a user profile is through percentage-based shifts. Significant or rapid deviations across key attributes may indicate potential account compromise.
Similarly, the repeated use of a single element across multiple account creation attempts can signal synthetic identity activity, where bad actors combine real and fabricated information.
“We commonly see that, and its behavior that is distinctly different from somebody who’s just moved addresses,” Thoma said. “Yes, they’ve moved addresses, but a lot of the time when people move, they only move a couple of blocks down. There’s continuity in that profile, where we can still say that even though the profile has changed, it’s still fine.”
“That’s a broad example of how important it is to have that data quality,” he said. “Because if you don’t have fresh data to reference, the timeline to reference back further, you can’t say, ‘This is normal behavior for them or not.’ That’s how important it is.”
Data for the Whole Organization
The growing emphasis on identity verification is driving a widescale shift in how financial institutions approach fraud prevention. Yet opportunities remain to break down data siloes and improve visibility across systems.
“We are seeing some evolution in the ability for payments teams and fraud teams to come together quicker,” Hoffman said. “Payments teams are very focused on the transaction and what it means to bring that revenue in. There still is some hesitation for the fraud teams and the payments teams to merge together.”
“In the most advanced organizations that I work with, those two functions are working hand-in-hand,” he said. “They know exactly what’s going on from a payments perspective and how that affects the flow of fraud.”
The pace and complexity of the threat landscape demand more sophisticated infrastructure. Modern fraud prevention solutions rely on graph-based methods to map relationships between entities—sometimes referred to as fraud topology or halos.
These topology-aware systems can enhance detection accuracy while reducing costly false positives. They also enable organizations to apply the right level of friction within the customer journey, including step-up authentication when warranted.
While designed for fraud prevention, the benefits of these capabilities often extend well beyond risk teams, strengthening decision-making and operational efficiency across the entire organization.
“The data is customer data; it has huge amounts of value,” Thoma said. “You’re seeing their geolocation, behavior, age demographics—all that stuff is extremely important for the business, not just for the fraud team. Everybody thinks that’s a lot of money for fraud prevention, but it becomes very cheap because you’re splitting that into multiple budgets.”
“The marketing team can use it for targeted products, and you can increase conversions,” he said. “It doesn’t have to be fraud data, it’s company data for all divisions of that business to use.”
