UK scam-detection service Ask Silver recently found fraudulent websites impersonating established British retailers appearing in ChatGPT recommended shopping results. The incident exposed a structural gap in the industry’s agentic commerce architecture: the payment industry is investing heavily in verifying AI agents as trusted buyers, but almost no equivalent mechanism exists to verify merchants as trusted sellers. The question of who vets the merchant at the point of AI recommendation is unanswered, and the payments ecosystem has strong incentives to solve this problem before it significantly impacts consumer trust in the emerging agentic channel.

The new fraud vector

Ask Silver gave ChatGPT a simple question: recommend popular bags from Russell and Bromley, the British footwear and accessories retailer. The AI responded with product details and prices. Several sources it cited were fraudulent websites impersonating the brand. Shoppers who followed the links lost money and had their payment details exposed. The scam exploits a specific vulnerability: Russell and Bromley went into administration in January 2026 and was absorbed by Next, leaving no standalone official site against which a consumer, or an AI, can verify. Fraudsters filled the gap.

Security firm Huntress confirmed in March 2026 that this attack method is spreading deliberately. Scammers seed the internet with fake pages designed specifically so that AI tools will cite them as legitimate results. Visa’s Payment Ecosystem Risk and Control unit tracked a more than 450% increase in dark web posts discussing AI agent tools in the six months to late 2025, and a 25% rise in malicious bot-initiated transactions globally. The threat has moved from theoretical to measurable.

Where the ecosystem has focused

The industry’s response to agentic commerce risk has been rapid, coordinated and almost entirely directed at the agent side of the transaction. Visa’s Trusted Agent Protocol, Mastercard’s Agent Pay and American Express’s agentic developer kit all address the same question: how does a merchant know that the AI agent at checkout is a legitimate, consumer-authorised buyer? Visa uses cryptographic signatures in HTTP headers; Mastercard binds payment credentials to a specific agent and consent policy; Amex covers erroneous purchases made by registered agents. The agent authentication problem these tools solve is real and the contribution made by these initiatives has moved the industry forward.

The platform operators have made parallel progress. OpenAI’s Agentic Commerce Protocol, built with Stripe, defined how agents interact with merchant catalogues. Google’s Universal Commerce Protocol, launched in January 2026 with Shopify, Walmart, Adyen and Mastercard, adds cryptographically signed mandates capping what an agent can spend. PayPal enrolled millions of existing merchants for AI-surface acceptance automatically, using platform membership as a proxy for legitimacy. Most major protocols address the buyer’s trust problem. The seller’s trust problem has received far less attention.

The merchant verification gap

Visa’s Agentic Directory is the industry’s closest approach to a merchant-side trust mechanism. It includes merchants that Visa has verified as legitimate participants in agentic commerce, and membership determines whether Visa-infrastructure agents will transact with a merchant at all. Agent Score, Visa’s companion readiness diagnostic, evaluates whether a merchant’s site can support agent-driven checkout. However, readiness diagnostics of this kind identify whether a site can transact with agents, not necessarily whether the merchant is who it claims to be.

The platform-as-gatekeeper model used by Google, OpenAI and PayPal offers the most practical near-term mitigation. Merchants on Shopify or Etsy carry an implicit endorsement from those platforms’ existing onboarding rigour. The fraudulent sites in the Ask Silver investigation had no additional platform onboarding. They needed only to appear in a language model’s web index.

The cost of doing nothing

Over the past 20 years marketplaces have built enterprise value by solving precisely this problem. Amazon, eBay and Airbnb spend heavily every year to verify that their sellers are who they claim to be, checking identity, business registration and payment flows at onboarding and monitoring behaviour thereafter. That investment is not a cost centre, it is the foundation of the trust that underpins their valuations. A buyer transacts with confidence because the platform stands behind the seller as merchant of record.

The contrast with unmanaged platforms is instructive. Marketplaces that perform no seller validation, operating as bulletin boards rather than as merchant of record, are routinely characterised as the wild west and accused of enabling seller fraud. If agentic commerce develops without any enhanced agentic seller verification, it risks reproducing the bulletin-board model at the scale of the entire web, with an AI agent that has no instinct for a suspicious storefront, and no human hesitation at checkout. A channel that surfaces merchants without validating them is not a neutral pipe; it is a magnet for the impersonation fraud the Ask Silver investigation already shows is under way. The lesson from two decades of marketplace history is that trust is built deliberately and expensively, and the platforms that decline to build it significantly forfeit consumer confidence.

Why this matters for acquirers

For merchant acquirers the merchant verification gap has a direct portfolio implication. Agent-driven commerce removes the human decision point that has historically provided a line of defence against merchant fraud. A consumer choosing a retailer through a search engine exercises judgement about the domain name, reviews and brand familiarity. An AI agent operating autonomously does not. The fraudulent merchant that previously had to build a full fraudulent website now needs only to fool an AI with a single page. Acquirers with significant exposure to segments like fashion, footwear, FMCG, or travel, which are already moving into agentic shopping, carry elevated exposure as agentic volumes scale.

Acquirers do not need to wait for a network or platform standard to act. A number of steps are available now. First identify portfolio exposure: which merchants operate in impersonation-prone categories, and which trade under brands with no single authoritative website. Second ensure the merchants are legitimate, particularly if there are PayFac relationships involved. Acquirers are required to check merchant websites at onboarding, but it may need to become a perpetual review process.

Who else needs to fill the gap?

The acquirer steps above close part of the gap, but not all of it. The payment networks can complement the participants with risk signals of their own using the large data sets they hold. The AI platforms can seek to verify merchant identity, not merely a catalogue feed, before a merchant is surfaced in a recommendation.

The most likely outcome is some combination of acquirers, networks and agents coming together. This will need to happen quickly if consumers are to build the kind of trust we have seen in major marketplaces which have addressed this bad-actor issue for many years.