This feature draws on conversations and interviews from Money20/20 Europe earlier this month, where industry leaders warned that agentic payments are about to collide with fraud systems built for a different era
Fraud has become the most prevalent crime in the UK and it is starting to feel like a losing battle. Every time the industry introduces an improved method for paying, shopping, or managing money, bad actors look for ways to turn those same innovations into opportunities for exploitation.
The challenge can feel like stepping into a boxing ring with Mike Tyson, except he has an earpiece connected to every boxer and coach offering recommendations on what to throw next.
Each time your corner develops a strategy to help you survive the next round, he studies it, adjusts and finds a way to use it against you. To make matters worse, you are forced to follow the rules of the fight while he is not, oh, and there is no final bell.
The arrival of AI has proven this, with the same technology that is used to improve fraud detection also being adopted by criminals to create more sophisticated attacks.
Unfortunately, the industry appears to be on the cusp of a more disruptive era as agents begin initiating transactions.
A system built for humans is now meeting a world of agents
AML systems have always been built on the assumption that the actor behind every transaction is a person whose behaviour can be profiled, monitored and risk scored.
Rules are set around human thresholds, scenarios are built on human routines and investigators are trained to compare customer activity against past behaviour or peer groups.
Speaking at Money20/20 Europe earlier this month, Garima Chaudhary, VP of Financial Crime and Compliance AI at Thetaray, told Payment Expert that this assumption is now breaking.
“Agentic payments completely shift the assumptions AML systems are designed on,” she says. “Instead of thinking what a normal human behaviour is, we need to think about what a dedicated normal behaviour is.”
Travel bookings, subscription renewals and cross-border transfers are happening without a human pressing a button. As this starts to become the norm, and it most likely will due to the improved conveyance and speed, the behavioural baselines banks have relied on for decades start to lose meaning.
A machine does not sleep, does not follow weekly routines or respond to the same cues that influence people. Agentic payments run on prompts and optimisation rules that AML systems were not built to interpret.
Most payment regimes still rely on the idea that every transaction can be traced back to an authorised instruction from an account holder or recognised agent. Controls enforce this through deterministic checks like sanctions screening, velocity rules, tokenisation logic and AML filters, all based on the assumption of a clear, human-initiated action.
Agentic payments break this model because authorisation is no longer tied to a single moment of intent.
This raises harder questions around traceability, consent and liability. If an agent makes a payment at 3am to optimise a subscription cycle, is that within the user’s mandate?
If an agent is compromised, how does a bank tell the difference between legitimate automation and misuse? And if a transaction is disputed, what counts as proof of authorisation when no explicit instruction was ever given at the transaction level?
Chaudhary believes this requires a fundamental rethink of detection models. “It changes everything they have known about AML,” she says. “A bank that knows how to manage these agentic payments better will have an upper hand when it comes to compliance and trust.”
Digital IDs, for agentic payments
Digital identity has become a recurring topic at industry events, policy discussions and even in casual debate.
Some worry about state overreach, others question whether the technology will ever deliver the security and convenience it promises and many fraud specialists see it as one of the few tools capable of addressing the weaknesses exposed by modern payment systems.
Whether welcomed or not, digital identity is coming, with the UK and the EU developing their own frameworks. However, these systems were designed for people and not for agents.
Martina Forster, Head of Strategy for the Payment and Identity Division at G+D Netcetera, highlights this gap.
“Everything was designed for a human being,” she tells Payment Expert. “It is a matter of understanding what the originator of the payment is. Has it been an agent or has it been a human person?”
Mastercard has looked to get ahead with its Know Your Agent trust architecture, which introduces a registration and governance layer for AI-powered agents.
It uses cryptographic tokens to bind an agent to a specific mandate, verifies intent and consent alongside biometric authentication and provides traceability over which agent initiated a payment and under what conditions.
While this is a good start, Forster states the industry must go further. Identity cannot remain a point-in-time check when the actor is a machine. Device signals, behavioural patterns and contextual data need to be monitored throughout the user journey and not just at the moment of payment.
“You cannot simply observe the one moment of the transaction,” she says. “You must be constantly with your device to score whether it is a risky account or a risky person.”
The system has to understand when the last human touchpoint happened, whether the agent still has valid authorisation and whether its behaviour still matches the mandate it was given.
Forster also sees potential in decentralised identity models, but believes the ecosystem is not yet ready. Signals remain fragmented across channels, and the industry has not yet found a way to bring identity, authentication and fraud prevention data into a single, coherent view.
“You need to bring it together,” she says, emphasising the need for a more connected approach.
Criminal networks won’t wait around
While there are still many unanswered questions for the industry, one thing is certain. Bad actors will not wait for new standards, identity frameworks or authorisation models to be finalised before they get started.
João Moura, Founder and CEO of Fraudio, tells Payment Expert that even before agentic payments fully enter the picture, one example of this is the rise of money-mule infrastructure. He explains that it has evolved into a service that can be rented, scaled and automated.
“I can go on the dark web and rent a money-muling network,” he says. “It will have a few layers. The first layer is where the money goes. Then money is quickly moved to a second layer and then taken out of the system.”
These networks now operate with the speed and coordination of a commercial supply chain and are built to exploit real-time payment rails, fragmented intelligence and the limits on how quickly institutions can share data across borders or even within the same market.
It becomes easy to see how agentic payment fraud, which will require a wholesale rethink of defences and entirely new forms of understanding, could become an even greater challenge when the restrictions already slowing institutions down are still in place.
“And it comes to the regulator side and you’re trying to combat it and you have to be careful, you have to stay in your silo and can’t share data with them, you can’t talk about that,” he says.
“Banks can blacklist a person for an account, they can tell the central bank, but they can’t tell other banks in their country.”
He argues that scams need to be detected at the mule-network level. Too much focus is placed on the victim’s payment, he says, when the stronger signal can be found in the receiving accounts, which are rented, rotated and controlled in ways that resemble automated systems more than individual users.
These accounts, which Moura explains, already show a level of consistency and structure that begins to mirror early agent-like behaviour, despite the fact that the underlying actors are still human.
