How Agentic Commerce Changes Fraud and Chargebacks: What Merchants Must Do Before Visa and Mastercard Enforce New Rules

What Agentic Commerce Actually Means for Your Payment Operations

Within the next 12–18 months, a growing share of transactions hitting your payment stack won't be initiated by a human clicking "Buy Now." They'll be initiated by AI agents — autonomous software acting on behalf of consumers to compare prices, select products, and complete purchases without real-time human confirmation. If your fraud rules, dispute workflows, and monitoring thresholds aren't built for this reality, you're exposed. Agentic commerce fraud prevention merchants need to prioritize now isn't a future-state concern — Visa and Mastercard are already publishing frameworks, and enforcement timelines are taking shape.

Let's be specific about what "agentic commerce" means in a payments context. A consumer sets preferences, budgets, and constraints inside an AI assistant — think a next-generation version of Google Shopping, an OpenAI plugin, or an embedded agent in a banking app. That agent then:

Searches merchant catalogs or APIs for matching products
Selects the optimal option based on the consumer's criteria
Initiates and completes a payment using stored credentials — without the consumer reviewing the final transaction in real time

This is fundamentally different from subscription billing or recurring payments. There's no pre-agreed amount. There's no fixed merchant. The agent exercises discretion on the consumer's behalf, and the cardholder may not see the specific charge until after it posts.

For fraud and payment ops teams, this creates a new category of authorization risk. The cardholder didn't click anything. They didn't enter a CVV. They may not recognize the merchant name on their statement. And when they dispute the charge, your existing evidence package — IP logs, device fingerprints, session recordings — won't contain the signals you normally rely on.

Visa Trusted Agent Protocol vs. Mastercard Verifiable Intent: What Each Framework Means for Merchants

Both major networks recognized early that agentic transactions would break existing authorization models. Their responses differ in architecture but share a common goal: creating a verifiable chain of consent from cardholder to agent to merchant to issuer.

Visa's Trusted Agent Protocol

Visa's approach centers on a registration and certification model for AI agents. Under the Trusted Agent Protocol, agents that initiate transactions must be registered with Visa and certified to meet specific security, identity, and consent standards. Key elements for merchants:

Agent identification in authorization messages: Visa is extending its authorization API to include agent-level identifiers. Merchants will receive — and must store — data fields indicating that a transaction was agent-initiated, which agent initiated it, and the associated certification status.
Liability framework: When a transaction is initiated by a Visa-certified Trusted Agent and the merchant processes it correctly (including passing agent identifiers), liability for certain dispute categories shifts away from the merchant. If the agent isn't certified, the merchant bears full chargeback liability — same as today, but with fewer defenses.
Single API integration: Visa has been consolidating its authorization infrastructure to support intelligent routing, and the Trusted Agent Protocol slots into this architecture. Merchants already integrated with Visa's modern authorization APIs will have a shorter path to compliance.

Mastercard's Verifiable Intent Framework

Mastercard takes a different architectural approach, focusing on cryptographic proof of cardholder intent at the moment the agent initiates a purchase. The Verifiable Intent framework requires:

Intent tokens: When a cardholder delegates purchasing authority to an agent, the agent must generate a cryptographic intent token that encodes the scope of the delegation — spending limits, merchant categories, time windows. This token travels with the authorization request.
Merchant validation responsibilities: Merchants must validate that the intent token is present, unexpired, and matches the transaction parameters. Processing a transaction outside the token's scope (e.g., above the spending limit the cardholder set) exposes the merchant to disputes with limited representment options.
Dispute evidence requirements: Mastercard has signaled that intent tokens will become required evidence in chargeback representment for agent-initiated transactions. If you can't produce the token, you lose the dispute. Period.

The Practical Difference

Visa's model trusts the agent (once certified) and puts less real-time validation burden on the merchant. Mastercard's model trusts the math — the cryptographic proof of intent — and requires the merchant to actively verify it. For merchants processing on both networks, this means two parallel workflows: agent certification checks for Visa transactions and intent token validation for Mastercard transactions.

Neither framework is optional. Both networks have indicated these protocols will move from pilot to mandatory within their standard rule update cycles. If your payment gateway or processor doesn't yet support these fields, that conversation needs to happen now — not when the mandate drops.

New Chargeback and Dispute Risks: Why Your Current Fraud Rules Will Fail

Traditional fraud detection relies on a set of assumptions that agentic commerce breaks systematically.

The Signals You Lose

Device fingerprinting becomes irrelevant. The "device" initiating the purchase is a cloud-hosted AI agent, not the cardholder's phone or laptop. Every transaction from every customer routed through the same agent platform will share identical device characteristics. Your device-based fraud scoring models will either flag everything or flag nothing.

IP geolocation loses meaning. The agent's IP is a data center in Virginia or Frankfurt, not the cardholder's home in Dallas. Geographic velocity rules — "flag if the card is used in two countries within an hour" — will fire constantly on legitimate agent transactions.

Behavioral biometrics don't exist. There's no mouse movement, no typing cadence, no scroll pattern. The agent makes an API call. Behavioral analytics platforms that feed your fraud scoring have zero signal to work with.

Session-based evidence disappears. When a cardholder disputes an agent-initiated charge, you can't produce a session recording showing them browsing your site, adding items to a cart, and entering payment details. That evidence — which wins a significant percentage of friendly fraud disputes today — simply won't exist.

The Disputes You'll Face

Three dispute scenarios will spike as agentic commerce scales:

"I didn't authorize this" (Reason Code 10.4 / 4837): The cardholder set up an agent weeks ago, forgot the delegation parameters, and doesn't recognize a charge. This is friendly fraud, but your traditional evidence package won't overcome it without agent-specific proof of consent.
"Not as described" (Reason Code 13.3 / 4853): The agent selected a product that technically matched the cardholder's criteria but wasn't what they actually wanted. The cardholder blames the merchant, not the agent. Expect these disputes to be highly subjective and hard to win without clear documentation of what the agent requested versus what you delivered.
"Duplicate processing" (Reason Code 12.6 / 4834): An agent retries a failed transaction, or two agents operating on the same cardholder's behalf both complete a purchase. Without agent-level deduplication logic, you'll process both — and eat the chargeback on one.

Mid-market merchants processing $5M–$500M annually can't afford the basis-point creep these disputes will cause. A 15–20 bps increase in chargeback rate from agent-related disputes could push you past network monitoring thresholds (Visa's Dispute Monitoring Program triggers at 0.9% dispute ratio; Mastercard's Excessive Chargeback Program at 1.5%). The penalties — fines starting at $25,000/month for Visa, escalating assessments from Mastercard — are material at mid-market scale.

Three Fraud Trends from MRC Vegas 2026 That Apply Directly to Agentic Transactions

The Merchant Risk Council's 2026 conference in Las Vegas surfaced several themes directly relevant to agentic commerce fraud prevention for merchants. Three stand out.

1. Dynamic Friction Is the New Standard

The old model — apply the same authentication flow to every transaction — is dying. Leading merchants are moving to dynamic friction models that adjust authentication requirements based on real-time risk signals. For agentic transactions, this means:

Low-risk agent transactions (certified agent, valid intent token, amount within normal parameters) should pass through with minimal friction to avoid false declines that damage agent-merchant relationships
Medium-risk transactions (valid agent but unusual merchant category or amount) should trigger step-up authentication — a push notification to the cardholder's device asking for confirmation
High-risk transactions (unrecognized agent, missing intent token, first-time purchase on this card) should be declined or held for manual review

The key insight: you need to build agent-specific risk tiers into your fraud engine, separate from your consumer-direct risk tiers. The signals are different, the baselines are different, and the false positive costs are different.

2. Embedded Detection Over Bolt-On Screening

The trend toward embedding fraud detection directly into the payment flow — rather than running transactions through a separate screening layer — is accelerating. For agentic commerce, this matters because:

Agent-initiated transactions move fast. An agent comparing prices across 15 merchants will abandon any merchant that introduces latency. If your fraud screening adds 800ms to authorization, agents will route around you.
Embedded detection allows you to evaluate agent credentials, intent tokens, and transaction parameters within the authorization call itself, rather than in a separate pre-auth or post-auth step.

Platforms like Cellix that integrate dispute intelligence directly into payment monitoring workflows are better positioned for this shift than bolt-on fraud tools that require separate API calls and introduce additional latency.

3. Deepfake-Resistant Identity Verification

The rise of AI agents creates a parallel rise in AI-generated fraud agents — malicious software that impersonates legitimate agents to initiate unauthorized purchases. MRC 2026 highlighted deepfake-resistant verification as critical for:

Agent onboarding: Verifying that an agent connecting to your commerce API is actually the platform it claims to be, not a spoofed version
Delegation verification: Confirming that the cardholder who delegated authority to an agent is a real person who actually set up the delegation, not a synthetic identity
Ongoing monitoring: Detecting when a previously legitimate agent's behavior shifts — indicating compromise or takeover

Merchants should require mutual TLS (mTLS) authentication for any agent accessing their purchase APIs, and should validate agent certificates against network-published registries (once available under Visa's Trusted Agent Protocol).

Agentic Commerce Fraud Prevention Merchants: Your Action Checklist

Don't wait for network mandates to formalize. The merchants who move first will have lower dispute rates, better authorization rates on agent transactions, and a competitive advantage as agentic commerce scales. Here's what to do now.

Payment Infrastructure Updates

Contact your gateway/processor and ask specifically: "Do you support Visa Trusted Agent Protocol agent identifiers in authorization messages?" and "Do you support Mastercard Verifiable Intent token validation?" If the answer is no, get on their roadmap or evaluate alternatives.
Add an agent-initiated flag to your transaction database. You need to segment agent transactions from human-initiated transactions for monitoring, dispute management, and reporting. If you can't filter by transaction origin, you can't manage the risk.
Implement mTLS for any commerce API that external agents will connect to. Basic API key authentication isn't sufficient when autonomous software is initiating purchases on stored payment credentials.

Fraud Rule Adjustments

Create separate velocity rules for agent-initiated transactions. An agent making 50 purchases per hour across different cardholders is normal behavior; a single cardholder making 50 purchases per hour is not. Your existing velocity rules don't distinguish between these patterns.
Disable or adjust device fingerprinting and IP geolocation rules for agent traffic. These signals are noise, not signal, when the "buyer" is a cloud-hosted AI. Replace them with agent-identity scoring: Is this a certified agent? Is the intent token valid? Does the transaction fall within delegated parameters?
Set agent-specific amount thresholds. Most consumer agents will operate within cardholder-defined spending limits. Transactions significantly above typical agent-initiated amounts for your merchant category should trigger step-up verification.
Build a known-agent allowlist. As certified agents emerge (via Visa's registry and Mastercard's framework), maintain an internal allowlist with risk scores. Transactions from unrecognized agents get higher scrutiny.

Dispute Evidence Workflow Changes

Store intent tokens and agent identifiers with every agent-initiated transaction. These will be required evidence for representment. Treat them with the same retention policies as signed delivery confirmations — keep them for at least 540 days (Visa's maximum dispute window for certain categories).
Update your representment templates. Create a new evidence template specifically for agent-initiated transactions that includes: agent certification status, intent token (with decoded parameters showing cardholder-set limits), timestamp of agent authorization versus transaction time, and confirmation that the transaction fell within delegated scope.
Pre-build responses for "I didn't authorize this" disputes on agent transactions. The evidence chain is: cardholder → delegated to agent (proven by intent token) → agent initiated transaction within delegated parameters → merchant fulfilled order as requested. Document this chain before your first dispute, not after.

Monitoring and Reporting

Track agent-initiated transaction dispute rates separately from your overall dispute rate. If agent disputes start pushing your blended rate toward monitoring thresholds, you need early warning — not a surprise letter from Visa's Dispute Monitoring Program.
Monitor authorization decline rates on agent transactions. If your fraud rules are misconfigured, you'll see elevated declines on legitimate agent traffic. This is lost revenue and damaged agent-merchant relationships. Target a false positive rate below 2% on certified-agent transactions.
Report agent transaction volume to your acquirer proactively. Acquirers will be developing their own risk frameworks for agentic commerce. Merchants who communicate transparently about their agent transaction volumes and risk controls will get better treatment than those who surprise their acquirer with a sudden spike in unusual-looking transactions.

Internal Readiness

Brief your dispute analysts on agentic commerce. If your team doesn't understand what an AI agent is, how delegation works, or what an intent token proves, they can't write effective representment responses. Invest in training now.
Run a tabletop exercise. Simulate a scenario where 10% of your transactions are agent-initiated, your chargeback rate on those transactions is 3x your baseline, and Mastercard sends you an Excessive Chargeback Program notification. What's your response plan? If you don't have one, build it.
Assign ownership. Agentic commerce touches fraud, payments, engineering, and legal. Someone needs to own the cross-functional coordination. At mid-market merchants, this typically falls to the head of payment operations or the fraud/risk lead.

Key Takeaways

Agentic commerce fraud prevention merchants must treat as an immediate operational priority — not a theoretical concern. Both Visa and Mastercard have published frameworks (Trusted Agent Protocol and Verifiable Intent, respectively) that will become mandatory, and enforcement timelines are measured in months, not years.
Your existing fraud signals — device fingerprints, IP geolocation, behavioral biometrics — are useless for agent-initiated transactions. Replace them with agent-identity verification, intent token validation, and delegation-scope matching before agent transaction volumes ramp.
Three new chargeback patterns will emerge — unauthorized transaction disputes from cardholders who forgot their agent delegations, "not as described" disputes when agents make imperfect selections, and duplicate charges from competing agents. Build representment evidence templates for each scenario now.
Separate your monitoring. Track agent-initiated dispute rates, decline rates, and transaction volumes independently from human-initiated metrics. Blended reporting will hide problems until they trigger network monitoring programs — and by then, you're already paying fines.
Move before the mandates. The merchants who implement agent-specific fraud rules, store intent tokens, and train their dispute teams in 2025 will have a structural advantage over those scrambling to comply after Visa and Mastercard begin enforcement. The playbook exists. Execute it.