Outseer 3-D Secure™

The Agentic Commerce Trust Gap

Fraud and Authentication for Issuers

Agentic commerce is shifting risk away from the checkout moment and across the full transaction lifecycle. For issuers, that creates a new trust gap: schemes can signal that an agent or credential should be trusted, but liability and decisioning still sit with the issuer.

ONE BIG THING: Agentic commerce does not reduce the need for fraud prevention and authentication. It raises the standard for both. Issuers will need controls that establish trust in delegation, monitor behavior continuously, and intervene selectively when risk changes.

What does agentic commerce change for card issuers?

THE SHIFT: Agentic commerce changes who initiates the transaction. Instead of a customer actively completing a purchase, an agent acts on the customer’s behalf. That changes where fraud and authentication controls need to sit.

How does cardholder authentication work for agentic commerce?

Authentication is not disappearing. It is moving into more parts of the journey. A customer may be verified when they add a card, approve an agent, or confirm a payment instruction with a passkey. And when 3DS is used, the issuer may still need to make a transaction-time authentication decision.

The shift for issuers is that the challenge point is no longer just checkout. Trust has to be assessed across the full journey, from enrolment and consent to authorization and exceptions.

THE BIG PICTURE: this is not a niche payment mechanics issue. It is a broader operating shift. Schemes are introducing trust frameworks, passkeys, tokenization, and related controls to support agent-initiated payments, and issuers are being pushed to adopt them as part of a broader ecosystem.

The market is still early. Use cases are emerging in phases, from guided interactions to more autonomous behavior. But the direction is clear, and the supporting infrastructure is already being pushed by the schemes.

What fraud and authentication gaps emerge in agentic commerce?

Most legacy fraud and authentication models were built around a simple assumption: the human is present at the point of transaction.

That assumption no longer holds. In an agentic model, the human may have delegated authority earlier, but the payment itself may be initiated later, at speed, across merchants, and without direct customer interaction.

That matters because a process can still be working as designed while failing against the new risk model. If controls are tuned only for human-initiated behavior, they will either miss emerging risk or introduce friction in the wrong place.

REALITY CHECK: The answer is not to throw out existing fraud and authentication controls. It is to adapt them. What changes is the scope: controls now need to operate across the full transaction lifecycle, not just at checkout.

Why can’t issuers rely on scheme trust frameworks alone?

The core issue is not that scheme-level trust is not the same as issuer-grade decisioning.

Schemes can signal that a credential, token, or agent should be trusted. They can constrain parts of the transaction. But issuers still retain liability and still have to decide whether to approve the payment in context.

That creates a trust gap.

The schemes provide valuable trust signals, but issuers still have proprietary customer, account, fraud, device, behavioral, and risk-appetite context that networks do not fully replicate. As agent-driven payments scale, those missing signals translate more directly into fraud losses or declined legitimate transactions.

At the same time, the signals are becoming more complex. Agent identity, tokenization data, passkeys, and new transaction patterns add data, but they do not automatically add confidence. An issuer receiving more signals still has to decide what they mean in the context of a specific transaction.

What are the costs if issuers get agentic commerce wrong?

If issuers rely too heavily on scheme assurance, they risk accepting transactions they do not fully understand. If they respond by applying blunt friction, they risk suppressing approval rates and damaging customer experience.

Here are the challenges that issuers will face.

New fraud risks emerge with agent-driven payments

Agent-driven payments introduce new attack vectors that do not exist in traditional commerce. Compromised AI agents, stolen credentials, and malicious automated bots can initiate transactions at scale, increasing opportunities for fraud.

Legacy fraud models will struggle

Many existing fraud models are trained on patterns of human behavior and purchasing activity. As a result, they can struggle to accurately assess agent-driven transactions, reducing the effectiveness of fraud detection and risk decisioning.

Increase in false declines

If issuers cannot reliably distinguish legitimate agent activity from suspicious behavior, they are likely to decline transactions unnecessarily. This can increase false positives and create a poorer customer experience.

Liability uncertainty

Issuers remain central to the approval decision and must evidence why transactions were trusted, challenged, or declined. Yet fraud and dispute liability also depend on scheme rules, authentication outcomes, merchant evidence, and specific dispute scenarios, many beyond an issuer’s visibility or control.

Operational impact

Agentic commerce requires fraud teams to evaluate new types of signals, manage emerging dispute scenarios, and maintain clear visibility into how trust decisions are made. Teams must be able to determine how trust was established, when it was established, and whether it remains valid throughout the lifecycle of a transaction.

How should issuers adapt fraud prevention for agentic commerce?

Issuers will need to extend fraud prevention and authentication across the full agent lifecycle. That means moving beyond a single control point and designing for three distinct moments:

[fs-toc-H3]1. What should happen at delegation?

Verify the user when the agent is authorized and establish the initial trust relationship.

[fs-toc-H3]2. Why does agentic commerce require continuous monitoring?

Issuers need to track agent behavior over time and detect deviations from expected patterns.

[fs-toc-H3]3. When should issuers intervene during an agent-driven transaction?

Transaction-time intervention should still be a fallback option. Step up only when risk thresholds are exceeded or context changes.

This is the practical response to the shift. Delegation becomes a critical new control point, but not the only one. Trust must be established, observed, and, when necessary, challenged.

TOP TIP: Do not frame agentic commerce as a new channel that sits outside your existing fraud strategy. Treat it as an extension of your fraud and authentication model, with additional signals, different timing, and higher sensitivity to context.

What does an agentic fraud and authentication model look like in practice?

The measure of success is whether the issuer has enough assurance to make a confident risk decision, not simply whether an authentication event occurred. In practice, that means several things.

Authentication for agentic commerce moves earlier in the journey

Delegation-time authentication becomes more important because it establishes the trust relationship between the user and the agent. That may include strong authentication at the point an agent is authorized, rather than at every subsequent transaction.

Continuous fraud monitoring

Agent behavior needs to be tracked against expected patterns. That includes velocity, merchant distribution, token usage, and behavioral changes over time. Fraud models need to evolve from human-centric baselines to agent-aware ones.

The role of step-up authentication

Intervention becomes selective. Higher-risk activity still requires a fallback, including the ability to authenticate the human when risk increases or behavior falls outside expected parameters. The point is not to remove step-up. It is to apply it with more precision.

Token and access control

Token provisioning, usage monitoring, and revocation become part of the control model, not just technical plumbing. Issuers need to know which agents they trust, which they do not, and when that status changes.

What capabilities should issuers evaluate now to secure agentic commerce?

A useful operating model for agentic commerce should include at least five components:

  • Delegation controls. Strong authentication and clear trust establishment when the agent is authorized.
  • Agent-aware risk models. Decisioning tuned to agent behavior, not only human behavior.
  • Continuous monitoring. Ongoing assessment of behavior, context, and anomalies.
  • Selective intervention. The ability to authenticate the human when risk justifies it.
  • Evidence and visibility. Records that support dispute handling, auditability, and regulatory requirements.

The quality of the fraud and authentication layer determines whether issuers can use scheme signals to approve or decline with confidence.

How does Outseer approach fraud and authentication for agentic commerce?

Schemes help secure the credentials, but the ultimate decision still belongs to the issuer. That is where the trust gap sits, and where fraud intelligence matters most.

Outseer’s role is to operate on top of scheme frameworks, combining scheme-level signals with issuer-side intelligence such as device data, behavioral patterns, and historical context. That is what makes trust signals usable in practice.

Outseer’s approach is built around risk-based authentication rather than authentication as a static control. In an agentic environment, that means aligning authentication decisions to real-world threats, adapting assurance to the context, and supporting consistent decisions across the transaction lifecycle.

What does good fraud prevention look like in an agentic commerce model?

Issuers must maintain control while integrating new trust signals into their existing decisioning models. This means moving authentication earlier in the process, making monitoring more continuous, and applying interventions more precisely. That reduces unnecessary friction without weakening assurance.

Issuers need confidence that every decision is being made with the appropriate context, the right controls, and a level of assurance that matches the risk.

What should issuers do next to prepare for agentic commerce?

Agentic commerce is still evolving and adoption will vary by market, merchant, and use case. But the core requirement is already visible: issuers need a fraud and authentication strategy that can operate across delegation, monitoring, and intervention.

Start by asking three questions.

  • Where does trust get established in your current model?
  • Where does it need to be revalidated?
  • What signals are you missing today to make decisions with confidence?

DEEP DIVE: For a detailed analysis of agentic commerce for issuers, download this Datos Insights report: Rebuilding Payment Trust in the Age of Autonomous Agents.