This article is provided by BRC Associate Member, Signifyd.
__________________________
Not long ago, the idea of a computer completing a purchase without any human input felt like science fiction. Today, it is a reality that the world’s largest payments companies are actively building for.
AI agents that browse, select, and pay - either autonomously or on a consumer's behalf - are moving from novelty to norm faster than most regulators anticipated. And the payments infrastructure underpinning those transactions is struggling to keep pace. PSD3, the EU's long-awaited update to its open banking rulebook, was meant to modernise the payments landscape. But as written, it largely assumes a human is still at the keyboard. Increasingly, they're not.
That gap between what the regulation assumes and what the technology is already doing is where liability goes unanswered and where fraud will move next.
PSD3: Evolution Without Full Alignment
PSD2 did what it set out to do by making payments harder to fake with Strong Customer Authentication (SCA) raising the bar for fraudsters at the point of transaction. However, fraud doesn’t disappear when you close one door. It finds another. As controls strengthened at the point of payment, malicious activity migrated to other parts of the transaction lifecycle, including account takeover and returns fraud. PSD3 presents an opportunity to address these broader vulnerabilities by extending protections beyond authentication and into the full lifecycle of a transaction.
But there's a more fundamental problem that PSD3 currently sidesteps entirely: it still assumes a human initiated the purchase. Agentic commerce challenges that assumption entirely. When an AI system selects products, determines payment methods, and executes transactions autonomously, the traditional definitions of “customer-initiated” and “merchant-initiated” payments begin to blur.
From “Knowing Your Customer” to “Knowing Your Agent”
This shift fundamentally changes the nature of risk. Historically, fraud prevention has centred on “knowing your customer” - verifying identity, behaviour, and intent. In an agentic environment, the focus moves to “knowing your agent.” That introduces new complexities: how is an agent authenticated, how is it authorised to act, and how can its behaviour be distinguished from fraudulent automation?
Current thinking suggests that agents may be tied to a consumer’s identity through pre-authorisation frameworks, effectively allowing them to act within predefined parameters. While this could provide a layer of control, it also raises questions about scalability and user experience. Overly rigid authentication models risk undermining the very convenience that agentic commerce promises.
The Liability Gap
At the same time, liability remains largely unchanged. Merchants continue to bear the financial risk of fraudulent transactions, even when they have limited visibility or control over how those transactions are initiated. In agent-led flows, critical signals, such as device data or behavioural indicators, may be absent or significantly altered. This creates an imbalance, where responsibility is not matched by capability.
For payment service providers (PSPs) and banks, PSD3 introduces additional complexity by bringing more payment methods, including digital wallets, further into scope. These methods are often central to agentic transactions due to their tokenisation and seamless authentication capabilities. Ensuring that these payment types are appropriately verified and secured will require new approaches to risk assessment; ones that can operate effectively without relying on traditional user interaction signals.
Adapting Fraud Prevention for an Agentic World
Encouragingly, there are early signs of how the industry can adapt. Fraud prevention models are already evolving to account for non-traditional data inputs. For example, alternative behavioural and transactional signals can be used to compensate for the lack of device-level insight in agentic purchases. With the right models, high levels of accuracy are achievable, even in these less transparent environments.
However, technology alone is not enough. Addressing the risks of agentic commerce will require a coordinated effort across the payments ecosystem. Clear frameworks for authentication, consent, and liability must be established. Not just to protect merchants, but to maintain consumer trust. Transparency will be critical. Consumers need to understand how and when agents are acting on their behalf, and what safeguards are in place.
A Narrow Window for Regulatory Catch-Up
There is still time for PSD3 to evolve. With implementation not expected until 2027 at the earliest, regulators have an opportunity to incorporate provisions that reflect the realities of agent-led commerce. Doing so would help ensure that the framework remains relevant and effective in a rapidly changing landscape.
In the meantime, merchants cannot afford to wait. Preparing for an agentic future means adapting risk strategies now - investing in flexible fraud prevention systems, exploring new data sources, and engaging with partners across the payments chain. It also means taking a more active role in shaping how these systems develop, rather than reacting to them after the fact.
Balancing Innovation and Trust
Ultimately, the goal is not just to manage risk, but to enable progress. Agentic commerce has the potential to deliver faster, more seamless, and more personalised shopping experiences. But without the right foundations, it could just as easily erode trust.
PSD3 represents an opportunity to strike that balance: to create a payments ecosystem where innovation and security advance together. Whether it succeeds will depend on how effectively it addresses the realities of a world where machines are no longer just tools, but participants in the transaction itself.
