It’s a statistic that should make anyone in eCommerce pause: over 51% of internet traffic is now generated by non-human users — bots, scripts, automated agents. For years, whole industries have been built to check that a click, a form fill, or a purchase request comes from a real person. From Google’s reCAPTCHA to Cloudflare’s bot management tools, the challenge has always been the same: how do you separate the humans from the machines?

Now, there’s a new wrinkle. Many online merchants are starting to think about how they can support customers who want to shop through “agentic AI” — autonomous tools that can browse, compare, and even transact on their behalf. However, while businesses are figuring out how to serve these new customers, you can be sure that fraudsters are figuring out the same thing.

The question is no longer just “how do we spot bots?” — it’s “how do we know which agents are being run by bots?”

The New Identity Problem

As commerce becomes more “agentic,” merchants face a simple but high-stakes problem: how do you know that an AI agent visiting your site represents a legitimate shopper, not a malicious actor or an opportunistic fraud bot?

In the short term, the answer is tricky. Many of the traditional cues we use to detect fraud — keystroke patterns, mouse movements, session behaviour — can be imitated by an AI. The situation is also made more complex by the fact that when an agent is acting on behalf of a real customer, the human might not be in session at that moment.

That doesn’t mean merchants are powerless, but it does mean the toolbox is limited.

Short-Term Defences: Keeping the Human in the Loop

There are a couple of immediate steps merchants can take to reduce risk while still supporting legitimate AI-assisted commerce:

• Use payment methods that are hard to fake

Opt for payment mechanisms that require authentication for every transaction, ideally biometric, and that come with a liability shift. Apple Pay and Google Pay are good examples — they’re designed to prove that the authorised human is involved at the point of payment. Other wallet or A2A products that require authentication could also be considered. By contrast, unauthenticated card transactions or SEPA Direct Debits are riskier and should be avoided where possible. This is an easier ask in Europe where consumers are used to authentication challenges than in other regions where this is likely to create basket abandonment. 

• Make account registration mandatory

It might mean the end of guest checkout for certain types of purchases, but requiring customers to log in ensures they’re “in session” for at least part of the journey by (for example) validating email receipt. Even if their agent is doing most of the work, there’s a point where the real person must engage.

• Blocking all agents

This is a drastic option, but players like Amazon are seeking to block all agents from their platforms. This may be a short term fix, but also provides a window to explore new options. This approach is also likely to be an ongoing war on attrition as the agent operators adjust their digital fingerprints to evade detection. 

Medium-Term Measures: Building a Trust Framework for Agents

In the medium term, the ecosystem will need a broader set of safeguards — not just for merchants, but for the customers and agent providers themselves. Some of the most promising ideas include:

• Enhanced registration: If an agent is going to enable purchasing as well as browsing, the agent’s platform should push users through an enhanced onboarding process. This doesn’t have to be full-blown Know Your Customer (KYC), but there should be proof that the consumer (or at least their payment method) has been verified ideally by the issuer themselves. Apple Wallet’s issuer token registration is a good model.
• Rigorous authentication: Agents with commerce capabilities should act like wallets or banking apps: logging in should require two-factor authentication. Klarna, for example,  launched with minimal security but as transaction volume grew, so have its authentication requirements.
• Self-monitoring by agent providers: Those who create agents need to actively monitor for abnormal behaviour, especially anything that could operate at scale. If an AI “user” is shopping across hundreds of sites at the same time, that’s a red flag.
• Enhanced identification at the payment level: Payment schemes should enable interactions to be flagged as “agent-originated” versus “human-originated.” That way, merchants can apply different authentication flows, and disputes can be handled with more context if something goes wrong. If merchants want to take on the risk of accepting and agentic transaction, they should have the information to support this decision, and the ability to turn them off. 

Why It Matters: Trust Will Make or Break the Market

Both merchants and AI providers will have to work hard to earn consumer trust in this emerging ecosystem. The risk of abandonment is high: customers who have poor experiences with their shopping agents will rarely give them more than two or three chances. This is particularly true where the downside risk levels of experimentation are high. If trying agentic commerce requires the consumer to get a refund, or worse, initiate a chargeback, they aren’t going to try it again,

Getting Ahead of the Curve

For merchants, this is not a problem to put off until “agentic commerce” becomes mainstream — because by then, fraudsters will already have figured out their playbook. The businesses that get ahead now will be the ones that not only protect themselves, but also help shape the standards and expectations for safe AI shopping.

We’ve seen this movie before. Payments history is full of examples where convenience innovations had to be matched, or quickly retrofitted, with trust measures: Chip and PIN for cards; 3D Secure for online payments; or two-factor authentication for wallets. In every case, adoption only accelerated once both sides of the transaction felt protected.

Final Thought: The Human Touch Still Counts

The future of commerce may be autonomous, but the future of trust still depends on humans, both the customers making the purchase and the businesses safeguarding the transaction. The job now is to design a system where AI can shop freely, but not anonymously or without control ie where convenience doesn’t compromise security; and where both consumers and merchants know exactly who, or what, is at the checkout.

If we can get that balance right, agentic AI won’t just be a technical curiosity. It could be the next major leap in eCommerce.

If we get it wrong, it risks becoming just another cautionary tale — the kind merchants are still paying for years later.