How generative and agentic AI are changing the tempo of eCommerce fraud wars

The emergence of agentic AI—autonomous systems that can plan, act, and learn with minimal human oversight—is transforming fraud prevention. Where earlier generations of fraud tools relied on static rules and even sophisticated machine learning still required substantial human tuning, agentic systems can orchestrate complex responses end-to-end, from detection to investigation and remediation.EY+2McKinsey & Compan

At the same time, fraudsters are experimenting with their own AI agents, capable of testing stolen credentials, probing checkout APIs, crafting personalized phishing lures, and laundering stolen funds across a web of accounts. This dual use of AI turns anti-fraud into a contest of automation against automation.

The Limitations of Legacy Rules and Static Models

In many e-commerce operations, legacy fraud systems still rely on a hybrid of simple rules and periodically retrained models. Analysts write rules like “block all transactions from X country” or “flag orders above a given threshold,” then calibrate thresholds against historical loss data. While this approach is familiar, it is brittle.

Fraud rings adapt quickly, finding gaps between rules, splitting transactions into smaller chunks, or using “low and slow” strategies to avoid triggering volume thresholds. Static models trained on last year’s data can miss new attack variants or overestimate risks in emerging markets, harming growth. The speed of change—especially with generative AI automating attack design—demands more agile defenses.Feedzai

What Makes Agentic AI Different

Agentic AI combines the pattern-recognition capabilities of modern models with planning, decision-making, and the ability to take actions across systems. In fraud prevention, this can look like an AI agent that:

Thinks about risk across the entire customer lifecycle instead of just at checkout.
Coordinates between IDV providers, payment gateways, and internal case management tools.
Learns from feedback—such as chargebacks, customer complaints, or regulator feedback—and updates policies automatically.

Banks and financial institutions are already piloting such systems to assist with transaction monitoring, sanctions screening, and customer risk scoring. Analysts note that agentic AI can dramatically reduce false positives, streamline investigations, and generate more dynamic risk models.McKinsey & Company

For eCommerce, these capabilities are beginning to move from concept to implementation.

Autonomous Case Management and Investigation

Traditional fraud operations rely on teams of analysts who work queues of alerts, toggling between multiple systems to decide whether to approve, decline, or escalate a transaction. Agentic AI can automate large portions of this workflow.

Upon detecting an anomalous transaction, an agent might pull prior order history, check device fingerprints, query external threat feeds, and even read previous support tickets for context. It can then generate a structured summary of the case, recommend an action, and either execute it automatically within predefined thresholds or present it to a human reviewer for final approval.EY+1

This kind of intelligent orchestration both speeds up decisions and reduces analyst fatigue—a critical benefit as fraud volumes grow faster than staffing budgets.

AI Red Teaming: Simulating Fraud to Harden Defenses

Another emerging use of agentic AI in anti-fraud is red teaming: using AI agents to simulate attacker behavior, probe systems for weaknesses, and stress-test policies.

Agents can mimic credential stuffing campaigns, experiment with different shipping and payment combinations, or generate synthetic customer profiles to see which ones slip through the cracks. Combined with reinforcement learning, agents can iteratively search for optimal attack strategies—data that defenders can then use to patch gaps, refine models, or adjust risk thresholds.TechRadar

The result is a more resilient fraud stack that is continuously tested against the latest AI-enabled techniques, rather than reacting only after losses occur.

Guardrails, Governance, and the Human in the Loop

With great autonomy comes great responsibility. Agentic systems that can approve or decline transactions, freeze accounts, or report suspicious activity to regulators must operate under strict guardrails.

Organizations are building governance frameworks that define what actions agents can take automatically, where human approval is required, how decisions are logged and auditable, and how models are monitored for drift or bias. For eCommerce platforms that operate across jurisdictions, these frameworks must also accommodate local regulations around automated decision-making and customer recourse.Business Insider

The goal is not to remove humans from the loop entirely, but to elevate them to higher-value tasks: designing policies, handling edge cases, and overseeing AI behavior rather than clicking through routine reviews.

Attackers’ Agentic AI: The Other Side of the Coin

While defenders deploy agentic tools, attackers are doing the same. Reports and commentary describe how AI agents can automatically log into accounts, scrape personal data from email and social feeds, generate convincing phishing messages, and coordinate multi-step fraud campaigns.Business Insider

In eCommerce, that could mean AI agents that systematically:

Test stolen credentials across dozens of merchant sites.
Inject fake listings or promotions into marketplace platforms.
Exploit promotional codes and referral programs at scale.
Coordinate mule accounts to cash out loyalty points and gift cards.

Defenders must assume that such capabilities either already exist or will soon, and design anti-fraud strategies around continuous, automated adversaries rather than sporadic, manual attackers.

Closing Thoughts and Looking Forward

By 2026, agentic AI will likely be a defining feature of advanced anti-fraud programs in eCommerce. The shift from static rules and periodic model updates to continuously learning, acting, and red-teaming agents will reshape how merchants protect revenue and customer trust.

The winners will be organizations that combine agentic AI with strong governance, reliable data pipelines, and clearly defined ethical boundaries. They will build systems in which AI handles the repetitive grind of detection and triage, while humans oversee strategy and accountability.

As both attackers and defenders race to operationalize AI agents, anti-fraud will increasingly resemble a high-speed, automated chess match—one in which the quality of data, the clarity of rules, and the strength of human oversight will determine who stays ahead.

References

The Rise of Agentic AI: Transforming Fraud Risk Management – EY – https://www.ey.com/en_ca/insights/banking-capital-markets/the-rise-of-agentic-ai-transforming-fraud-risk-management EY

How Agentic AI Can Change the Way Banks Fight Financial Crime – McKinsey & Company – https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/how-agentic-ai-can-change-the-way-banks-fight-financial-crime McKinsey & Company

Harnessing Agentic AI for Advanced Fraud Detection – Akira AI – https://www.akira.ai/blog/agentic-ai-for-fraud-prevention Akira AI

Garbage In, Agentic Out: Why Data and Document Quality Is Critical to Autonomous AI’s Success – TechRadar Pro – https://www.techradar.com/pro/garbage-in-agentic-out-why-data-and-document-quality-is-critical-to-autonomous-ais-success TechRadar

The Use of AI in Real-Time Transaction Monitoring and Suspicious Activity Reporting – SSRN – https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5393794 SSRN

Author: Claire Gauthier, Author: – eCommerce Technologies, Montreal, Quebec; Peter Jonathan Wilcheck, Co-Editor, Miami, Florida.

#agenticAI #autonomousfraud #fraudredteaming #AIfincrime #ecommerceAI #riskautomation #fraudanalytics #generativeAI #onlinerisk #AIGovernance