In 2025, agentic commerce started to move from concept into real payment flows. And the pace of development is not slowing down. In 2026, we will see software beginning to act on behalf of customers: selecting products, initiating payments, and completing purchases using trusted identity and payment information.
These developments have obvious appeal. It promises convenience, speed, and fewer steps for the customer. But once you look at it through the lens of payments and risk, it also raises some very practical questions that merchants will need to answer sooner than they might expect.
I explored this in a recent episode of Payments Unfiltered with Jeff Otto, Chief Marketing Officer at Riskified, where we spoke about what happens when AI agents are trusted with identity and payment credentials, how that changes risk exposure for merchants, and why early implementations are already creating pressure points across fraud and payments.
Who owns the risk when an agent is in the flow?
The defining feature of agentic commerce is delegation.
Customers aren’t just getting help choosing what to buy. They’re starting to trust software with their identity and payment credentials, giving agents permission to act on their behalf.
At that point, the agent isn’t assisting the customer; it is the customer in the transaction. We’re moving from a world where we previously had customer-initiated payments (CIT) and merchant-initiated payments (MIT) to one where we will also have agent-initiated payments (AIP).
This evolution is significant. Currently, the rules shaping the payments ecosystem are built around a human decision-maker. Fraud models, the authentication process, and liability frameworks all assume that a person (at some point) is present, expressing intent directly.
When software becomes the actor, those assumptions break down. Intent is inferred, not expressed. Identity is represented, not embodied. And trust is granted upstream, long before a merchant ever sees the transaction.
In other words, once an agent is in the flow, questions around risk ownership get harder to answer.
If a transaction turns out to be fraudulent, who owns that risk? Is it the merchant who fulfilled the order? The agent provider that acted on the user’s behalf? The issuer or network that approved the payment?
This isn’t an academic concern. Payments perform best when ownership is clear. When it isn’t, issuers tend to become more conservative, approval rates suffer, and merchants see changes in performance they didn’t directly cause or control.
Less data means more merchant exposure
At the same time, a lot of early agentic commerce protocols are changing how much data actually reaches the merchant. Compared to traditional checkout flows, they often pass with far less context.
That loss of data directly exposes merchants to more risk. Fraud systems rely on context to separate good transactions from bad ones. When that context is reduced, merchants are making approval decisions with less certainty, often without realizing it.
Jeff shared a concrete example of this from Riskified’s own testing.
The team ran side-by-side tests using synthetic identities. When they pushed a fraudulent order through an early agentic checkout flow, using a newly created email address, an incorrect billing address, and a VPN, the transaction was approved. They then ran the same order through the merchant’s traditional checkout flow. This time, the transaction was declined and the account was blocked.
Every decision is a trade-off
We also discussed how merchants aren’t locked into a single approach here. Agentic commerce presents real choices.
Some merchants will go fully agentic and rely on external agents and protocols. Others will look for a middle ground, participating while keeping more control over data and decision-making. Larger merchants may choose to build their own AI shopping agents, keeping identity, risk, and customer relationships closer to home.
On the latter point, Jeff pointed to Amazon as a clear example of this in practice. Rather than relying on external agents, Amazon has invested in its own AI shopping agent, Rufus.
Early results shared after Black Friday and Cyber Monday showed that customers using Rufus converted at a significantly higher rate than those who didn’t. For Amazon, owning the agent meant owning the data, the decisioning, and the risk, while still delivering a better customer experience.
Of course, Amazon has the scale to take a merchant-owned approach, which won’t be realistic for every brand. What matters is that leaders understand each path comes with trade-offs around control, reach, visibility, and risk, and make those decisions deliberately.
Waiting isn’t a strategy
Agentic commerce is evolving in real time. Waiting for perfect clarity might feel sensible, but it increases the risk of having to adapt later, on someone else’s terms.
The practical advice we discussed is straightforward: start learning now. Build small, cross-functional teams across payments, fraud, product, and engineering. Experiment in controlled environments. Ask clear questions about data, liability, and performance. And stay close to peers through industry conversations and working groups.
This isn’t about rushing to production. It’s about avoiding surprises.
Payments and risk still rise and fall together
For all the change agentic commerce introduces, one thing hasn’t changed: payment performance and risk strategy still rise and fall together. When visibility drops, approvals suffer. When ownership is unclear, optimization gets harder. And when automation moves faster than understanding, both fraud losses and customer friction increase.
Agentic commerce has transformational potential. But realizing it means engaging deliberately, with a clear view of where control sits, how risk is managed, how performance optimization can occur, and what happens when software truly becomes the customer.
(1).png)
.png)
