AI agents are buying on our behalf. Xavier Sheikrojan, director of risk intelligence at Signifyd explains how agentic commerce shifts payment choice, SCA, fraud signals and liability—and what merchants must do next.
A purchase is made. The product is selected, the payment authorised and a parcel is dispatched. They didn’t even browse. In some cases, they may not have even known the transaction happened until after the fact. This isn’t the start to an impossible riddle. It’s agentic commerce – where AI agents act on behalf of the consumer, initiating and completing purchases across the web without any direct
involvement from the individual.
Amazon’s “Buy for Me” offers an early glimpse, allowing users to shop with third-party retailers entirely within the Amazon app. The agent selects the item, fills in the forms and completes the payment without the shopper ever leaving Amazon’s ecosystem. For the merchant, the
checkout process is reduced to an off-stage function.

This means retailers are being written out of their own transaction flow. With no control over how their product is presented, how payment is handled or what safeguards are applied, the risks compound quickly: if the consumer isn’t initiating the transaction, who is choosing the payment method? Who is authenticating it? And if something goes wrong, who is liable?
For now, these agent led flows remain relatively new. But as traditional checkout processes and fraud checkpoints are bypassed, the fundamentals of how payments are selected, authenticated and protected will need to change.
AI agents are the new payment decision makers
In agentic commerce, the choice of payment method is no longer a point-of-sale decision made by shoppers. It’s a step carried out by the agent, often before the consumer even knows the transaction is underway. Acting as a payment adviser, the agent evaluates options: available loyalty balances, likelihood of issuer approval, processing speed, cost to the merchant or even
incentives negotiated between platforms and payment providers.
This repositions the decision-making process. The locus of control shifts upstream to the agent, leaving the retailer with far less influence over the payment mix than they currently have. Once a purchase is passed into the agent’s environment, the merchant’s checkout flows and
promotional prompts no longer shape the outcome.
This will accelerate the adoption of certain methods. BNPL and instalment options can be surfaced exactly when they are most likely to convert. Digital wallets, with their tokenised credentials and near-instant authentication, are well suited to agent-led transactions and could
become the default in many scenarios. Methods that introduce friction, carry higher costs, or lack API-driven integration may find themselves deprioritised by default.
For merchants and payment providers, the impact is structural. A different payment mix affects processing costs, settlement cycles and exposure to fraud. The merchant might not even see the signals that once informed their fraud checks if the transaction is initiated and completed within the agent’s domain.
And once payment selection sits with the agent, another question follows: who has the authority and obligation to authenticate the payment?
Regulatory uncertainty
PSD2’s Strong Customer Authentication (SCA) frameworks were built on the assumption that the consumer is the one initiating the payment. Agent-led flows challenge that premise. An AI agent making the purchase on a shopper’s behalf does not map cleanly to “merchant-initiated transactions” and yet is not strictly a customer-initiated payment either.
Delegated authentication is possible, but only with formal issuer agreements and a clear assumption of liability by the platform. Without this, ambiguity emerges over who applies SCA which risks failed challenges, issuer declines and ultimately non-compliance.
This uncertainty is not confined to Europe. Expanding 3DS requirements in markets like Japan and Australia are raising similar questions about how to apply authentication without a human present. Offsite, agent-led flows also make exemption ownership unclear. Whether the
exemption is based on transaction risk analysis, low-risk thresholds or whitelisting, it is not always obvious who is responsible for applying it. That lack of clarity can add friction and reduce conversion rates.
In EMEA, the stakes are particularly high. Retailers will need to rethink exemption strategies and authentication flows to ensure agent-led payments do not erode conversion. And the success of agentic commerce here may depend as much on consumer perception as on
regulatory clarity.
European shoppers tend to be privacy-conscious, security-aware and accustomed to strong identity checks. The idea of an AI making purchases on their behalf may feel intrusive. Without transparency, clear consent flows and a strong trust framework, merchants risk losing customer confidence before the technology has a chance to scale.
Disputes in the dark
Agent-led payments introduce new dispute scenarios that today’s frameworks are not prepared to handle. A customer might claim “I didn’t authorise the agent to use this payment method” or “I never agreed to that purchase being made this way.” Untangling those claims is harder when the order arrives with less context than a typical eCommerce transaction.
When the purchase is completed within the agent’s environment, merchants may lose visibility of the signals they rely on for fraud detection. In some cases, even the merchant’s name may not appear clearly on the customer’s bank statement, increasing the risk of disputes and brand confusion. Fraudsters are already experimenting with ways to mimic trusted agent behaviour to slip past detection systems, and most current fraud tools are not yet trained to spot the nuances of AI-driven activity.
Traditional defences were designed for human behaviour. They often struggle to detect the rapid, non-human checkout patterns of an AI agent. Without adaptations, merchants may find themselves unable to distinguish between a legitimate agent-led transaction and a fraudulent one.
Liability also becomes more complex. Different payment types follow different dispute rules. For instance, a BNPL dispute is handled differently from a card chargeback, and if the payment is processed offsite, the merchant may not be able to apply their own fraud controls at all. That loss of visibility and control can leave them exposed to higher chargeback rates, weaker evidence in disputes, and ultimately reduced protection for both revenue and brand reputation.
Agentic commerce changes where value and risk sit in the payments chain. Decisions once made at the point of sale are shifting to upstream environments controlled by platforms, meaning that influence over payment choice, authentication and liability will consolidate in fewer hands.
Rather than focusing solely on optimising their own checkouts, merchants will need to position themselves inside the agent’s decision logic through data sharing, fraud signal integration or commercial incentives. Those who secure that position could gain preferred routing and better conversion; those who don’t risk being deprioritised entirely.
The next phase for the payments industry is to establish shared rules for consent, authentication and dispute handling in agent-led flows. Without them, trust and performance will erode. With them, payments could become faster, more secure and better matched to consumer needs.
Xavier Sheikrojan is a seasoned professional in risk management and fraud prevention, currently serving as the Senior Risk Intelligence Manager at Signifyd since September 2021, where responsibilities include building and managing the Risk Intelligence team and implementing innovative risk strategies. Prior to this role, Xavier was a Fraud Manager at Glovo, leading a high-performing fraud team and contributing to fraud policy development.