What’s worse, letting a fraudulent transaction slip through the cracks, or blocking a good transaction in the name of caution? This is an important question because false positive declines are on the rise in ecommerce.

A false positive is a legitimate transaction incorrectly flagged as fraud. It’s also called “customer insult,” and with good reason – research shows that almost half of customers who experience an incorrectly flagged transaction will never return to that merchant. And with many ecommerce merchants experiencing false positive rates of 5% or greater, and some even exceeding 10%, there is a real risk that clamping down on fraud could actually be costing merchants more than the fraud itself.

This article takes a deep dive into false positives, including why they’re such a big problem for ecommerce merchants, why they’re on the rise, and what tools merchants can adopt to reduce them while continuing to fight back against payments fraud.

Customer insult is a serious problem for ecommerce merchants.

The 2026 Global eCommerce Payments and Fraud Report by the Merchant Risk Council (MRC) and Visa offers some key insights into how false positives are impacting merchants.

In 2026, payment success rate was the number one metric ecommerce merchants rated as extremely important, leapfrogging revenue for the top spot. Simply put, merchants are increasingly worried about how often payments fail, and false positive declines are a huge part of that problem.

Overall, 78% of ecommerce merchants told Visa/MRC they had customer insult rates of 2% or more. 27% of merchants reported rates between 5% and 10%, and 13% of merchants reported staggering rates of 10% or greater.

The obvious first-order consequence of declining anywhere from two to over ten percent of transactions is the immediate revenue loss. But research shows that roughly 40% of shoppers who are hit with a false positive decline not only abandon that sale, but also don’t return to shop with that merchant in the future. That means almost half of false positives are resulting in loss of the complete future lifetime value of the customer.

The average customer lifetime value (CLV) for an ecommerce brand is often cited in the $100–$300 range, but there is rarely any reliable data offered to back up those numbers. In reality, CLV is highly unique to each merchant. But it isn’t hard to imagine that for luxury brands or merchants with high repeat purchase rates, CLV could easily be in the thousands of dollars. The MRC data means unnecessary losses of that scale could be happening on anywhere from ~0.8% to over 4%+ of all transactions. That’s a huge leak in the overall return on merchants’ investments in fraud management.

False positives are on the rise because the evolution and costs of fraud are outpacing merchants’ ability to keep up.

The number of merchants experiencing false positive rates of 2%-10% is up almost 23% from Visa’s 2024 Global Payments and Fraud Report. There are a number of reasons for that increase, including more sophisticated fraud, tighter and overly static fraud screening rules, and underoptimized use of tools that could help solve the problem.

Fraud management is failing to keep up with the evolving sophistication of fraud.

Fraud itself is changing, and that’s putting strain on all but the most advanced screening systems. For example, the emergence of Fraud-as-a-Service and widespread use of shared infrastructure can cause outdated fraud defense stacks to incorrectly and automatically treat huge volumes of traffic as fraud. VPNs are another common problem. Fraudsters now commonly abuse consumer VPNs and, as a result, many anti-fraud tools will automatically flag a transaction as soon as they detect a VPN. But about a third of all adults in the U.S. use one, including 40% of Gen Z.

As AI tools help fraudsters become even more sophisticated, these kinds of gaps where systems lag evolving tactics will continue to have a huge impact on false positive rates.

Merchants are going too far with rigid, rules-based fraud screening.

The struggle to keep up with evolving fraud is real and, in MRC/Visa’s 2026 report, adapting and staying up to date was the most cited challenge category among ecommerce merchants. As merchants and fraud management teams fall behind the threat, one natural response is to simply clamp down on the rules triggering the basic filters they already use

The instinct to turn to no-tolerance policies is understandable as the costs to remediate fraud and disputes rise. According to LexisNexis, in 2026, fraud now costs an average of $5 in total for every $1 of direct loss. Fighting first-party chargeback fraud is also getting more expensive, exceeding $80 per dispute for the first time ever. But, like a finer net that catches more fish but also catches more of everything, clamping down on static screening rules is a guaranteed way to force false positive rates up, and with today’s technology, it’s an archaic tactic.

Far too many merchants aren’t using the best tools, likely due to cost or complexity.

MRC/Visa’s 2026 data shows an alarming trend in fraud monitoring and tool use. The number of merchants monitoring for fraud at key points in the customer journey is falling. Only 51% said they actively monitor during checkout and less than half monitor during disputes. Even monitoring during payment is down to 57%. What this means is that it’s becoming a challenge to get merchants to monitor at all, let alone to adopt the most advanced artificial intelligence and machine learning (ML) enabled systems. As a result, most merchants who are actively screening are using outdated tools.

The reality is that many merchants see modern fraud management as expensive and overly difficult. MRC/Visa found that, for the first time ever, almost a third of all merchants now cite minimizing fraud-related operational costs as more important than reducing fraud or improving customer experiences. That’s 3x higher than 2024 and a clear signal that the cost of fraud management is an issue. The complexity of systems is another issue, and fraud orchestration was cited as a key area that needs improvement by almost half of merchants.

Unless it gets easier and cheaper for merchants to adopt advanced tools, they’ll continue to rely on simple rules-based screening, and false positive rates will continue to rise.

What merchants can do to reduce their customer insult rate while still fighting back against next-gen payments fraud.

Action Step: Adopt the latest AI/ML-powered fraud screening tools.

The most effective way merchants can reduce false positives is to ensure they’re using the most up-to-date AI/ML-powered tools and capturing more data points to use in decisioning. Just some of the tools merchants should be using include:

• Pre-authorization AI/ML fraud detection: ML significantly improves the quality of scoring that can be done before a transaction is sent for authorization so it can be challenged further or declined before incurring fees.
  Impact: Reduces false positives by analyzing transactions more deeply and dynamically than simpler rules-based screening.
  

• Positive behavior models: ML systems model what good customer behavior looks like and then positively weights orders closely matching those behavior patterns. The higher the positive behavior score, the stronger the signal to send the transaction for authorization.
  Impact: Reduces false positives by balancing verifiably positive behaviors against other potential flags.
  

• Device fingerprinting: Device fingerprinting builds a profile of a customer’s device that can be tracked across multiple sessions. That helps ensure a customer is who they claim to be. ML-powered fingerprinting can catch advanced tricks like device spoofing and keep up with fraudsters across multiple accounts, even if they’ve cleared their cookies.
  Impact: Reduces false positives by whitelisting friendly device fingerprints while blocking flagged ones.
  

• Identity intelligence: Identity intelligence networks build profiles of the user identities behind transactions and use the enormous amount of data captured across the network to score transactions. For example, Kount uses Equifax’s Digital Identity Global Network, which uses data from 60 billion consumer interactions to identify good and bad users.
  Impact: Reduces false positives by whitelisting identities that have a clean record across the network.
  

• Behavioral biometrics: ML passively monitors how a user interacts with their devices. It analyzes things like typing speed or touchscreen and gesture patterns and builds a profile unique to the individual from thousands of data points.
  Impact: Reduces false positives by identifying signals that can override low or medium-risk fraud flags if the transaction closely matches the user’s known behavioral fingerprint.
  

• Negative behavior scores: The flipside of positive behavior models, where ML maps on-site customer behavior against known use patterns of fraudsters and automated attacks.
  Impact: Enables screening rules to be loosened while still catching fraud based on high-risk or botlike behaviors.

Action Step: Use 3DS as a step-up challenge instead of automatic declines.

Rather than automatically declining or quarantining transactions that flag as potential fraud, merchants should use a multi-layered step-up verification using 3D Secure. 3DS services, like Verified by Visa and Mastercard Identity Check, verify a customer’s identity using an additional authentication step like a one-time code, biometric scan, or an authorization request pushed to the customer’s banking app. This adds some additional friction to a transaction, but it’s a minor annoyance compared with the potentially relationship-ending frustration of customer insult.

3DS has seen enormous success in the European Union and United Kingdom, where it’s a mandatory security feature on most card-not-present transactions. But merchants all around the world can activate it through their payment service providers (PSPs) and modern fraud screening tools make it easy to set 3DS up to ask for verification only when certain flags or thresholds are triggered. That step-up challenge represents a great way to turn false positives into successful authorizations with minimal impact on the customer experience. Better still, a positive authentication through 3DS can be logged as part of a customer’s digital fingerprint, allowing future transactions to be whitelisted, as well.

Action Step: Look for one-stop, out-of-the-box orchestration.

Fraud management is no longer simple, but orchestration doesn’t have to be difficult. Many providers now offer highly orchestrated suites of anti-fraud tools that merchants can easily integrate into their payments, either as simple third-party API connections or directly through their PSPs. These platforms not only improve fraud outcomes through extensive network effects and multi-tool integrations, they also reduce the complexity and cost of managing fraud, especially for smaller merchants that can’t afford dedicated in-house teams. That solves a major pain point and helps ensure merchants aren’t just turning away from fraud monitoring altogether to save time, money or headaches.

Platforms like Kount, Signifyd, Riskified, and Forter all offer highly capable suites of tools that go beyond simple risk scoring and incorporate multiple AI/ML tools that cover the full lifecycle from checkout to payment to disputes. Merchants still trying to piece together their own layered fraud defense stacks from disparate tools are taking on work that doesn’t really need to be done, and moving to a natively-integrated platform can significantly reduce false positives.

For PSPs, failing to offer frictionless connection to one or more of the platforms mentioned above is failing to address a top merchant pain point, and a major competitive disadvantage. Adding one-stop integration with an extensive fraud defense platform should be a top priority.

Conclusion

The entire fraud space is evolving rapidly, and merchants are struggling to keep up. As fraudsters and their attacks get more sophisticated, defending gets more complex and, in many cases, more costly. That’s creating an environment where merchants paralyzed by options and orchestration challenges are trying to catch fraud with the simplest, least discriminating tools. That, in turn, causes major problems with false positives.

Without a solution, merchants are faced with the choice between losing out on important customer relationships through false declines or dialing back on their fraud prevention and letting bad actors slip through the cracks. That’s a poor set of options. It’s also a false dichotomy, because there are plenty of tools today that can both choke out payments fraud and reduce false positives. Payments, as an industry, just needs to find better ways to get those tools into the hands of more merchants. That’s going to mean finding ways to make it faster, simpler, and cheaper for merchants to adopt extensive and pre-orchestrated fraud platforms.

Because only when staying at the cutting edge of anti-fraud technology is cheap and easy will the rate of adoption near the 100% level it really should be at, and only then will false positive rates start to shrink significantly.

Ryan Healy is a fractional senior content writer who works with companies in payments and fintech. He primarily ghostwrites long-form reports and executive thought leadership for his partners. His edge is his ability to synthesize complex information into content that delivers value and human beings actually want to read. He's fueled entirely by the 23 glorious flavors of Dr Pepper. Visit DPIntel.com for more of his writing.

Read the full report: Merchant Underwriting in an Age of Bad Agents now.

Agentic payments are the hot topic today, but it’s agentic fraud that should be at the front of everyone’s mind. It represents a real and asymmetric threat that will have major impacts on the payments industry far before the earliest adopters are using agents to regularly make purchases. Failure to recognize and deal with the immediate problem of agentic fraud could not only help derail the success of the agentic payments everyone is distracted by, but it has the potential to usher in a golden era for payments fraudsters that could make ecommerce itself far less attractive to merchants and consumers.

In this article, I’ll examine the four key asymmetries that make agentic fraud so consequential for payments:

• Reliability asymmetry

• Cost asymmetry

• Information asymmetry

• Persistence asymmetry

I’ll also examine what an impending wave of complex, high-volume agentic attacks means for the future of fraud prevention in the industry.

In a game of ever-bigger walls vs ever-bigger ladders, every single aspect of agentic artificial intelligence currently favors the ladder builders. That’s going to have serious implications for the payments industry, because the threat and costs of agentic AI are immediate, whereas the potential payoff is many years down the road. At a minimum, the industry needs to move fast to make today’s best premium fraud prevention tools the baseline norm. At worst, a major victory for the bad guys may just be inevitable, even if temporarily.

Reliability Asymmetry: Bad Agents Can Fail Without Consequence, Good Ones Can’t

It’s hard to win when the playing field is tilted against you. The reality of security and fraud prevention is that bad actors don’t have to follow the same rules or meet the same standards that legitimate businesses do, and that gives them an advantage. Agentic AI takes that tilt in the playing field and pushes it to new extremes.

Today, the rollout of AI agents at companies is extremely limited. Recent research from Anthropic shows that the vast majority of agents on its public API only tackle low-risk, reversible tasks that fall well below the company’s own bar for “high autonomy.” Of all those agentic API calls, 73% still have a human in the loop and less than 1% involve an irreversible action.

The reason for this toe-dipping is simple: companies have regulatory, financial and reputational considerations that they must manage, and that creates limitations that they must adhere to. The agentic space is still the wild west, and agents, as they exist, represent serious risk. This is especially true in the payments space where questions of liability loom large. If an agent goes rogue or fails badly, it can have serious business consequences, so payments companies can’t just turn agents loose haphazardly and hope for the best.

Fraudsters face no such limitations.

While deployment of agents at scale represents a huge risk for companies, it involves effectively zero risk for fraudsters, who have no reputation to protect, no customers to keep happy, no compliance requirements and no laws to follow.

Operationally, agent failures are no concern for bad actors, because failure is the expectation anyway. Fraud is a numbers game in which perpetrators know that the vast majority of their financial gains will come from a very small sample of successful attacks. Agents represent a way for them to scale those attacks cheaply and easily, and even high rates of task failure or misalignment don’t really matter because attacks can just be run again, over and over. The potential ability of future agents to self-refine makes this an even bigger asymmetrical threat in favor of the bad guys.

Cost Asymmetry: Bad Agents Can Be Spun Up Far Cheaper Than AI-Powered Defenses

The cost of AI is currently a hot topic. GitHub Co-Pilot and Claude Code both recently moved to token-based billing that saw users’ costs increase anywhere from 20% to over 20x. We are currently in the phase of AI rollout where companies like OpenAI and Anthropic are getting ready to IPO and it’s time to face the music that, until now, everything we’ve done with AI has been heavily subsidized by VC money, and prices for access to top models are going to go up.

So, with subsidies running dry and things like token-based billing rolling out, how will bad actors be able to employ agents at scale without their costs ballooning out of control?

The answer lies in free, open source models. As previously explained, fraud and cybercrime are numbers games where all but a small percentage of attacks are expected to fail. That means bad actors don’t need cutting edge models to run persistent, agentic attacks – at least not for simpler schemes. Free frontier-class models like DeepSeek are more than powerful enough to drive agentic fraud. And, while proprietary frontier models like ChatGPT, Claude and DeepSeek have started to pull away again, open-source models that can be run locally are less than a year behind in capability – no issue when automated volume is the primary goal.

In contrast, there is huge pressure on companies to use frontier models. That requires absorbing the cost increases coming down the pipe as labs like OpenAI and Anthropic go public and face pressure to stop losing billions of dollars every year.

(Note: the recent SpaceX IPO prospectus laid these losses bare, showing the xAI division took $2.47 billion in losses on $818 million in revenue in Q1 2026 alone.)

For the payments industry, this represents a second huge asymmetrical disadvantage. Stakeholders will expect anti-fraud tools, and AI tools in general, to be running on cutting-edge AI, which will come at increasingly steep costs. At the same time, the bad guys will be more than happy to get by spooling up armies of agents using tools like OpenClaw and free models like DeepSeek or Qwen3.

Information Asymmetry: In the War Against Payments Fraud, Fog Favors Bad Guys

The AI industry as a whole is still very much a black box. Upcoming IPOs of pure-play AI companies may help shed some light on where the technology actually stands. But, today, there are far more questions than answers.

Where are the lines between real future capabilities, hype, marketing and downright deception? Who is liable for damage resulting from actions taken by autonomous AI systems? When will lawmakers around the world begin to regulate AI in earnest? What is the appropriate balance of regulation that achieves societal good without kneecapping advancement? Are LLMs a dead end on the path to theoretical AGI and what does that mean for business outcomes? What does the term “agent” even mean?

Today, we have no answers to (or even general agreement on) any of these questions. That puts companies in the extremely difficult position of trying to invest in AI to avoid being left behind without having any real idea of what tomorrow is going to look like technologically or legally. This creates the third asymmetry that tilts the fraud battlefield in favor of bad actors: there is a fog of war that really only impacts one side.

Companies must make critical decisions about how and where to direct their AI investments in an extremely dynamic, low-information environment. The stakes of this are low when it comes to adopting LLMs for simple tasks like summarizing meeting notes or drafting emails. They go up when it comes to critical operational tasks like adopting copilots. But they go way up when it comes to building and employing autonomous agentic systems. At best, getting it wrong means falling behind, but at worst, heavy investment without clear direction could be financially catastrophic.

Fraudsters, on the other hand, have no need for better information or strategic caution because they don’t care where the technology or the regulatory landscape goes tomorrow. They can employ the tools available today with reckless abandon, without worrying about things like accruing technical debt or disruptions to their operations if the rules change. The fog is not a hindrance to them, it’s cover. That allows fraudsters to be first movers, barreling forward at speed while the organizations on defense are leaned in, squinting, just trying to see the landscape a few feet ahead.

Persistence Asymmetry: It’s Easy for Fraudsters to be Persistent and Hard for Defenders

Advanced persistent threats (APTs) are highly sophisticated cyberattacks that are designed to constantly probe and chip away at security over a long period. They use techniques like polymorphism to re-disguise themselves continuously and adapt tactics as they build a picture of defense systems. If a DDOS attack is shock and awe, APTs are a siege.

Until recently, running APTs was so complex and costly that it was mostly a tool employed by state intelligence services. Anthropic reports that these actors have already been documented using Claude Code to streamline the process. But widespread access to cheap agents is going to change the barriers to entry entirely.

Agents are tools designed specifically for low-cost, repetitive action at speeds and scales humans can’t match, and that makes them ideal tools for APTs. But with open source models and agent management systems, anyone with the right technical knowledge can theoretically spool up home-brew attacks that closely resemble APTs.

Even without technical knowledge, Fraud-as-a-Service (FaaS) is already exploding. For example, in 2025, data from Recorded Future showed a 4x increase in scam merchant accounts over the prior year. This is directly attributable to FaaS and AI-powered boosts in everything from phishing to synthetic identity creation and beyond. Agentic FaaS is going to democratize APTs and make it possible for anyone with the desire to run complex, long-lasting, recursively improving attacks.

On the opposite side, AI-powered anti-fraud measures are fairly well equipped to handle the siege, but it’s still going to result in tighter screening, and a higher rate of “customer insult” – when false positives incorrectly deny or quarantine a legitimate customer’s payment. But processes like merchant underwriting are much less prepared for siege-style fraud, and this is where the persistence asymmetry really comes into play.

As Recorded Future’s data shows, more fraudulent accounts will slip through the cracks, which means re-underwriting will have to happen far more frequently, if not constantly, in order to catch bad sellers and long-term fraud like bust-out schemes. Automated underwriting systems can help with that, but it still costs money to run scans, especially if databases are being queried. That makes it much harder and more expensive for payments companies to run persistent defense than it is for bad guys to play persistent offense.

What Does Agentic Asymmetry Mean for the Future of Payments Fraud Prevention?

1. Fraud Defense Must Become Universally Persistent and Highly Adaptable

Agentic fraud will be both persistent and recursively adaptable, and in this case, the only way to fight fire is with fire. AI-powered anti-fraud tools, which today are still considered a premium value-added service (VAS), not only need to get better, but they must also become the baseline norm in all aspects of payments.

Every merchant will need to be on the most advanced real-time risk scoring and decisioning tools or they will see both successful fraud and false positives spike. Every merchant will need the most advanced dispute management systems or they risk getting buried in chargebacks. Payment providers themselves will need highly automated, persistent underwriting systems to stop the tidal wave of merchant account fraud that is already building. These tools will no longer be a question of efficiency or optimization; they will need to be the baseline layer if the industry has any hope of keeping up with the unparalleled volume and sophistication of agent-driven fraud that is years away at most.

2. Investment in Fraud Prevention Needs to Go Way Up at a Time When Merchants are Starting to Tighten Their Belts

In its 2026 Global eCommerce Payments and Fraud Report, the Merchant Risk Council found that merchants are starting to prioritize cost-minimization in their fraud management over improvements in outcome, including reducing attacks and improving the customer experience. The MRC data shows that, while over half of merchants still intend to spend more on anti-fraud tools over the next two years, the number is down seven percentage points over the prior year, and planned spending on staff/talent is way down.

Faced with rises in the cost of everything, merchants are starting to pull back from the fight against fraud at the exact time they need to be upgrading their defenses. This signals a wider cost problem and it means that providers looking to get better tools into the hands of merchants need to do one of two things: invest in making AI/ML-powered fraud prevention more affordable, or accept thinner or zero margins on advanced anti-fraud VAS.

3. There May be a Brief, But Unavoidable Golden Age for Fraudsters

There is a real possibility that the proliferation of asymmetric agentic fraud will, at least for a time, simply overwhelm the ability of merchants and payment providers to fight back. That could result in either a golden age or dark age of payments fraud, depending on which side of the line you’re on, with big impacts on the behavior of both consumers and merchants.

We already know that younger consumers are drifting back to brick-and-mortar, preferring the experiential aspects of in-store shopping. If the ecommerce fraud arena gets hostile enough, things like elevated risk of data breaches and transaction decline rates could result in a big migration away from ecommerce toward in-store environments perceived as less risky. On the merchant side, if the costs of fraud losses and the battle against them gets too high, it’s not difficult to imagine omnichannel sellers starting to deprioritize or even disincentivize web sales.

4. Companies Should Carefully Consider the Role of Consumer and Merchant Trust in Future Tech

Proliferation of agent-powered fraud will push both merchants and consumers towards payment methods they perceive as high-trust and high-safety. That could create an additional barrier to the adoption of agentic commerce. In addition to the issue of asymmetric reliability mentioned above, agentic commerce is currently in a low-to-no trust zone, with the complete absence of any guidance or regulation on questions like how consumers will be protected and who is liable for glitches and misaligned or rogue transactions.

Payment companies, up to and including the big card networks like Visa and Mastercard, understandably don’t want to get left behind if agentic commerce changes the way we shop to the same degree that ecommerce did. But, in a world where agents are going to benefit fraud and cybercrime far faster and far more extensively than they will consumers, trust could be at an even bigger premium and agents themselves may turn out to have a branding problem. Companies should consider this when forecasting how near agentic commerce adoption really is, because big investments that are too early can have the same consequences as big investments that are wrong.

Subscribe now

Merchant Underwriting in an Age of Bad Agents | DPIntel

12.8MB ∙ PDF file

Download

Download

Price: Free for subscribers

Length: 24 pages

Artificial intelligence has been used to fight payments fraud for many years, but the industry may not be ready for the scale of the threat it represents in the hands of bad actors. With the ubiquity of powerful large language models (LLMs) like ChatGPT, Gemini, and Claude, fraudsters and cybercriminals are already enjoying benefits in cost, speed and scale. But the introduction of highly autonomous AI agents has the potential to change the game and introduce a volume and complexity of fraud the industry has never before had to grapple with — the Age of Bad Agents.

In this in-depth Payments IQ series report, we’ll examine:

• How agents are changing the nature of fraud and why this represents a novel problem for payments

• Why the agentic AI playing field is not even and heavily favors fraudsters

• How malicious agents will reshape key aspects of merchant fraud, including synthetic identity creation and account takeovers

• The potential business impacts agent-driven attacks could have on payments companies that arenʼt prepared

• The qualities future underwriting must have to combat agentic fraud effectively

By the end, you’ll have an up-to-date understanding of the current state of agentic fraud threats and why it represent such a significant threat to underwriting, merchant management and, ultimately, the bottom line.

Subscribe now

Merchant Underwriting In An Age Of Bad Agents | DPIntel

12.8MB ∙ PDF file

Download

Download

Standard Disclaimer: The “Reflections on my reading” series of this Substack are me using writing as a tool to capture thoughts and mold ideas as I read reports, articles, etc. Writing is a great way to cement what you’ve read and that’s the goal with these. The pieces published in this section are not refined or even really edited. You’ve been warned!

In late February, Stripe co-founders Patrick and John Collison released their annual letter recapping 2025. I finally got around to reading it. A lot of it is corporate back-patting, but there were many parts that jumped out at me surrounding things like Stripe’s ubiquity, the brothers’ view of how the economy is sorting winners and losers, stablecoin progress and, most of all, how they see agentic commerce playing out.

In this piece, I want to focus on Stripe’s “five levels of agentic commerce.” In this section of the letter, the Collisons attempt what seems like a reset in expectations for the current status and ongoing rollout of agent-driven shopping and payments. But, they do it in the most predictably AI-serving way, laying out a five-step hierarchy of agentic commerce that renders the term even more meaningless than it’s already become. I think that’s telling, and worth looking at.

Stripe’s vision of agentic commerce is not particularly agentic

Personal note of annoyance: Substack’s spell checker puts a red line under the word “agentic,” which, at this point, c’mon. But, to be fair, it also puts one under the word “Substack,” so…

On page 9 of Stripe’s letter, the Collison brothers lay out what they see as the “five levels of agentic commerce.” To their credit, they’re trying to be more realistic about the current state of the technology. To their not-so-credit, they’re still very much agent-washing much more basic AI assistance in an attempt to place us further along on the continuum of progress than we really are. But, in any case, I think it’s interesting that we’re seeing a massive company like Stripe trying to pump the brakes on all this agentic commerce talk.

Interesting, but not surprising, especially in light of the recent reporting from The Information that OpenAI Instant Checkout, which Stripe was a high-profile partner in, has been all-but-scrapped because shoppers wouldn’t use it. That system was a key proof-of-concept on the way to agentic commerce that validated whether or not consumers would adopt even the most basic AI-integrated payments. And it failed. Surely Stripe knew this was coming, and it may have influenced the hedging angle to this letter.

In any case, I think we’re in for a long train of these high-profile “well no, not like that” walkbacks from major AI boosting companies. But, anyways, on to the five levels.

Level one: eliminating web forms

Stripe describes level one as follows:

“You research and decide what to buy. But filling out web forms is no one’s favorite way to spend a few minutes. It would be handy if you could simply send the URL to your agent and have it fill out your payment and shipping details, coming back to you with the confirmation.

The system isn’t making any decisions; it’s just typing and clicking “buy” on your behalf.”

What?

First and foremost, there is absolutely nothing agentic about this. It requires a manual prompt and completes a single, simple and well-defined task. This is a perfect example of how just because something involves even slight automation, that doesn’t make it agentic.

But, more importantly…what?

Consider what is being offered here. You still research and decide what to buy. But then, instead of spending two clicks and maybe three seconds checking out using the auto-fill feature provided by Google Wallet or Apple Wallet or Amazon or whatever you‘re running on your device or computer, you instead hand that task off to an AI system, which…clicks buy for you?

Why? What is the value proposition here? It’s true people don’t like filling out forms. Luckily, we’ve had multiple solutions for that, for many years, all of which work exceptionally well and don’t involve AI. Here, Stripe is suggesting level one AI agents as a fix for a problem we haven’t had since like 2015.

But, it’s worth noting that, while involving AI in Stripe’s first level of agentic commerce adds absolutely nothing of value and saves arguably no time, it absolutely does add risk, because AI becomes an unreliable middleman. This is like saying “I already have a perfectly functional system to automatically pay my bills, but I feel like mixing things up, so I’m going to have my mistake-prone child do it instead.”

It makes no sense.

Alright, moving on.

Level two: descriptive search

Stripe describes level two of agentic commerce as follows:

“You stop searching for products or specific attributes and start describing situations.

I need back-to-school supplies for a third grader in Chicago, including clothes (nothing too itchy or tight!), pencils, notebooks, and a lunch box. My son likes KPop Demon Hunters and tennis. School starts in late August.

The system reasons across weather, materials, sizes, durability, taste, reviews, and delivery timelines. Specialized and long-tail products become easier to find. Annoyingly blunt keyword search is no longer a thing.”

This is pure agent-washing. This is not agentic at all and there isn’t even any commerce involved. Presumably, Stripe imagines that after getting the product recommendations, you then use the head-scratching checkout from level one. At least in this case you can argue that it allows you to buy from within the LLM (although, we now know consumers don’t want to do that). But, still, this is just describing LLM search. Which is very useful, mind you. But there is no autonomy here. There is no recursion here. If this is level two of agentic commerce, then telling ChatGPT what ingredients you have in your cupboard and getting back a list of potential recipes is level two of “agentic cooking.”

Even in a letter that aims to dial back expectations for agentic commerce, these big companies can’t help but try to launder it to make it seem like it’s closer than it is.

Level three: persistence

You stop reintroducing yourself.

Find me options for back-to-school clothes for Bobby.

The system already knows your preferences and remembers any requirements, inferred from your previous conversations and purchases. You’re still deciding what to buy, but you are choosing from a set of options that already reflects your taste and budget .

Still requires a manual prompt to begin each task, still requires manual selection, still requires a manual payment authorization. All we’ve added at this level is better memory. This is still not agentic and the value proposition here is still just the same LLM-enabled search we’ve all been using for years now.

Please note that we are now at level three of the five stages of agentic commerce and we’ve yet to see anything notably…agentic. It invokes Ian Malcolm leaning into the CCTV camera and saying “now you do eventually intend to have some dinosaurs on your dinosaur tour, right?”

Level four: delegation

“You stop choosing altogether.

Get the back-to-school shopping done. Keep it under $ 400.

The system handles the search, the evaluation process, and the purchases on your behalf. You trust it will weigh trade- offs as you would and choose things your son will like. All you do is determine the budget. (This is what most people mean today when they talk about agentic commerce.”

At level four, we’ve arrived at a point where the agent actually performs an autonomous task — in this case, making the product selection on its own and authorizing the purchase without requiring direct user sign-off. As Stripe correctly points out, this is starting to look more like the promise of agentic commerce as a technology that actually adds real value.

Level five: anticipation

“There is no prompt.

The system already knows the school calendar, your son’s preferences, and your typical budget. All you do is receive a notification: here’s the back-to-school list of everything that’s been purchased. This is the most futuristic vision, where the things you need show up right before you need them, without you having to ask.”

This level is truly autonomous, truly agentic commerce. Finally.

So, having now taken the journey all the way to the ultimate promise of the technology as something truly useful, what can we take away from Stripe’s five level model?

First, it spends the first three levels attributing basic LLM functions like conversational search to agents. It also fails to introduce any kind of autonomy into the equation until level four. And autonomy is sort of the whole point of agents. The company also aptly notes that, “today, the industry is hovering on the edge of levels 1 and 2.” I.e., we are nowhere near agentic commerce in any meaningful form that creates real value for consumers and actually has a chance of being adopted.

Levels four and five on Stripe’s hierarchy introduce so much risk, at so many levels, for so many stakeholders, and offers so little incentive for merchants, that far from being right around the corner, level four is probably five to ten years away at a minimum, if it ever happens at all, and level five is probably a fantasy.

Stripe calls level five “futuristic,” which is an apt term considering Merriam-Webster uses space elevators, space rangers and the action of Bladerunner as examples under the definition. All of those things also could happen. I’d love to hear where we are on the five levels of Bladerunner.

In all seriousness though, by tacitly admitting that the industry is currently between two levels of near-zero agentic impact, the company is giving away the game. They try to soften the blow by setting the bar for the first three levels of agentic commerce so low that they can be pointed to as progress already behind us, but it’s just more hype and agent-washing in a letter that goes out of its way to say that agentic commerce has been overhyped.

But, the fact Stripe felt the need to publish this attempted re-set of agentic commerce expectations is telling in and of itself. Stripe has invested heavily in this and so it can’t just say “whoops, it turns out it was mostly all bullshit.” So this kind of gentle reframing is probably about as strong a message as we’re going to get. Combine Stripe’s newly moderated outlook with OpenAI’s recent admission that nobody wanted to checkout through its LLM, and it’s becoming clear that AI-powered checkout and payment is not the slam dunk a lot of people seemed to think it would be.

And why? Simple. Trust. We all know this intuitively. It’s common sense.

Everyone is happy to use AI of all types when it’s for low-to-no-risk tasks. Making meme images, writing the first drafts of emails, and yes, even purchase research, all require little to no trust. But AI-driven purchases, and especially autonomous agentic commerce, require a mountain of trust. And it just isn’t there. And it isn’t just around the corner either. It may as well be light years away because LLMs will never stop hallucinating, which means they may never be reliable enough for consumers to trust with their hard-earned money. And if consumers don’t want to use agentic AI, there is no incentive for merchants to adopt it. And if merchants aren’t incentivized to adopt agentic AI, there is no incentive for consumers to use it. It will be a technology without a user base, and bajillions of dollars will have been wasted.

The world is getting smaller thanks to rapid and wide-scale digitization, and payments of all types are increasingly moving between different countries. Now, frictionless cross-border payments are becoming a major concern for both governments and private industry, as everyone from big corporations to mom-and-pop businesses to individual consumers find themselves sending money internationally more often.

In this three part series on why money moves across borders, we’ll look at all the key types of cross-border payments and the main use cases that drive volume within each one. In part one of three, we’re examining business-to-business (B2B) and business-to-consumer (B2C) transactions.

By the end, you’ll have a clear picture of all the most common ways cross-border payments flow from business users, and an understanding of why business-driven transactions are by far the most critical and high-value category of cross-border payments.

B2B: The Most Significant Cross-Border Payment Flows in a Shrinking World

In a globalized world, business-to-business transactions are the key driver of cross-border payments. In 2023, B2B cross-border payments grew by just 5%, but exceeded $158 trillion in volume. By comparison, B2C and C2B cross-border payments combined for a “mere” $4.7 trillion.

B2B will continue to be the most critical category going forward, with international supply relationships becoming more and more common. After the global pandemic, when an alarming number of small businesses found their supply chains disrupted or choked off, diversifying suppliers became a critical way to manage risk. Now, half of small and medium-sized enterprises are doing more business internationally than in 2021, and 75% are planning to increase their international business in the future.

Why the Money Moves

International Supply Chains: Trade in physical products, components, and inputs is a huge driver of B2B cross-border payments. Everything from crude oil to critical minerals to food, industrial equipment and consumer goods moves between countries and requires cross-border payments to be made to suppliers.

Cross-Border Service Procurement: Services are increasingly sourced internationally, particularly in the technology industry. “Digitally enabled services,” like cloud computing and software licenses, are the fastest growing category of global trade, and knowledge work, like coding and technical support, is now regularly outsourced to overseas suppliers.

Intra-Company Payments: Multinational corporations regularly make payments between subsidiaries and affiliates in other countries. Profit transfers, revenue sharing and intra-company loans and investments all fall under B2B flows, and are common reasons companies move money across borders.

International Licensing and Royalties: Companies regularly license intellectual property, like patents, owned by other companies abroad. The use of that IP requires either revenue sharing or the payment of regular royalties, which must either be remitted directly using cross-border payments, or paid to a local subsidiary, which will then use an intra-company payment to repatriate the money.

Subscribe now

B2C: A Small, But Growing Cross-Border Use Case

B2C cross-border payments accounted for roughly $1.6 trillion of total cross-border flows in 2023. Much like small businesses, the rapid digitization of the world has made it much easier for consumers to engage with businesses in other countries. That naturally increases B2C flows, but it also creates opportunities for money to flow back to consumers as well. Since 2019, B2C cross-border payment flows have increased by roughly 33%, second only to C2B growth at 40%.

Why the Money Moves

Marketplace Disbursements: Online marketplaces now make it easier than ever for consumers to sell anything and everything. The top marketplace sites, like eBay, Reverb.com and others, use access to a global customer base as a key differentiator over local listing sites, like Craigslist or Kijiji. In most cases, the marketplace makes international transactions easier by acting as an intermediary, accepting the payment directly from the buyer and then issuing a payout to the seller once delivery is complete. That makes marketplace disbursements B2C by nature.

Gig Economy Disbursements: The global gig economy is driven by online platforms that function as marketplaces for services instead of goods. In 2024, the global gig economy was estimated to be $556.7 billion, with over 16% CAGR expected between 2025 and 2032. As with consumer marketplaces, platforms like Fiverr and Upwork, make engaging gig workers in different countries a frictionless process. Buyers pay the platform in their home currency, and the platform sends out a delayed payment to the service provider upon completion of the work in any currency of their choice.

While it can be argued that gig payouts could be considered B2B flows, these payments are still generally considered B2C due to the “side hustle” nature of many gigs.

Consumer Refunds: Increased international C2B commerce inevitably leads to increased international returns and refunds, which fall under B2C cross-border payment flows.

Insurance Disbursements: Cross-border insurance disbursements are one-time payments where the beneficiary of the payout is in a different country to the insurer. Examples of common cross-border insurance payouts include life insurance benefit payments to family abroad, reimbursements for international medical expenses, and more.

Investment Income: Corporations often have to pay dividends or interest to investors in other countries. While these flows are B2B in cases where the payee is a VC firm or angel investor, payouts to retail stockholders fall under the B2C category.

Key Takeaways

• B2B payments dominate cross-border flows, accounting for over $158 trillion in 2023, driven by international supply chains, service procurement, intra-company transfers, and licensing royalties.

• Diversification of international suppliers is a key trend, especially after pandemic-related disruptions, with many small and medium-sized enterprises expanding global business.

• B2C cross-border payments are growing steadily, reaching $1.6 trillion in 2023, fueled by online marketplaces, the gig economy, consumer refunds, insurance payouts, and investment income.

Part Two: Consumer Cross-Border Payments

Business-initiated transactions represent the largest opportunity in cross-border payments, and companies that find ways to serve business users better stand to be the big winners in the cross-border payments revolution.

But with global commerce now just a few clicks away and annual international income remittances on the rise, consumers also play a big part in the cross-border payments ecosystem. In part two of this series we’ll focus on consumers, including how they move money to businesses and fellow consumers in other countries, and why they’re so important to the future of cross-border payments.

Subscribe now

Payments IQ: Cross Border Payments In 2025 And Beyond | DPIntel

8.01MB ∙ PDF file

Download

Download

Price: Free for subscribers

Length: 37 pages

In a shrinking world where international commerce is the norm and work is borderless, the importance of cross-border payments is increasing rapidly. Yet, in many ways, cross-border payments remain one of the least evolved parts of the modern payments industry. That represents a big problem for the businesses and consumers who use them, and a huge opportunity for the companies developing next-generation solutions.

In this in-depth Payments IQ series report, we’ll examine:

• The current state of how cross-border payments are made and who uses them

• The four key ways today’s cross-border payments fall short

• The opportunity cross-border payments present and the major use cases they can serve

• How technology is shaping the future of cross-border payment flow and how consumers and businesses access them

By the end, you’ll have an up-to-date understanding of the current state of cross-border payments, why they represent such a significant opportunity, and where they’re heading in the years to come.

Subscribe now

Payments Iq Cross Border Payments In 2025 And Beyond | DPIntel

8.01MB ∙ PDF file

Download

Download

From small and medium-sized enterprises (SMEs) paying international suppliers, to workers sending remittances to families back home, to powering the gig economy and beyond, cross-border payments make the world go round.

The total value of global cross-border payments is set to hit $290 billion by 2030, and a large chunk of that volume is up for grabs because the options available today…aren’t great. While the modernization and digitization of cross-border payments is already well under way, they still suffer from four major issues that both consumer and business users universally cite:

• Slow movement of funds from point A to point B

• High fraud risk and poor perceived security

• High costs and a lack of fee transparency

• Unnecessary complexity and difficulty of use

In this article, we’ll take a deeper dive into each of those pain points and analyze where the major issues are, how users are impacted, and what the way forward might look like.

Speed: Today’s Cross-Border Payments are Too Slow

The flow of digital payments is complex by nature, but cross-border payments are worse. A traditional cross-border payment can easily touch four different banks between the sender and recipient, and that journey and the potential hangups at each stop contribute to one of the major pain points for users: speed. A cross-border payment moving through banks can take days to arrive at its end point, especially if there’s a weekend involved.

And users notice.

52% of consumers say cross-border payments are slower than domestic payments, and business users agree, with 32% of SMEs saying it takes too long for funds to be delivered.

Worse still are failed payments that need to be reissued. A third of consumer respondents have had a cross-border payment fail and half of them cited immediate negative impacts, including to their mental well-being. For businesses, a failed cross-border transaction often means a delay in paying an international supplier. That has potentially significant impacts on relationships and important supply chain connections. Globally, 37% of SMEs have run into failed or late payments, including 40% in the United States.

Security: Cross-Border Payments Have a Reputation for Being Risky

34% of consumer respondents say they’ve avoided using cross-border payments because of concerns about fraud. 42% feel that cross-border payments are a higher fraud risk than domestic payments, even though those same respondents were more likely to have personally been victims of domestic payments fraud.

On the business side, fraud is the most cited pain point for SMEs, with 41% saying it’s a concern. While that number is down slightly from a few years ago, the fact that fraud beats out costs is a clear indicator of the reputation cross-border payments carry.

The concerns aren’t without warrant. It’s hard to pin down the exact value of global losses due to cross-border payment fraud, but we know it’s enormous. According to the European Central Bank, cross-border transactions accounted for 63% of card fraud in the Single Euro Payments Area, despite making up just 11% of total card payments. That’s a huge imbalance. And instant options aren’t necessarily any better at the moment, with authorized push payment (APP) fraud out of control in places like the United Kingdom.

Costs: Cross-Border Payments are (Way) Too Expensive

The costs of cross-border payments are a problem for all user types, but they’re especially concerning for businesses. 40% of SMEs say poor FX rates or high fees are a top pain point. In some extreme cases, sending a cross-border payment can cost SMEs ten times more in fees than they’d pay to send the same amount domestically.

Globally, cross-border payment fees average 6.25%, and a staggering 12.10% through banks. That’s way, way too high – especially with extremely low-cost domestic options coming online, like FedNow and other real-time payments systems already in operation around the globe.

But the fees themselves are only the first half of the problem. The other side is that users often don’t understand what they’re paying for. 57% of consumers and 35% of SMBs cite lack of fee transparency or hidden fees as a problem.

Complexity: Users Find Cross-Border Payments More Difficult Than Domestic Payments

Cross-border payments are seen by many users as being too complex – an especially big problem in a world where new tech is increasingly offering consumers simpler, more convenient payment options. Overall, 46% of consumers say it’s harder to make a cross-border payment than a domestic payment.

The Way Forward

It’s clear that cross-border payment providers need to find ways to speed up transactions, lower costs, simplify and secure systems, and increase overall transparency. Legacy systems like wire transfers are not up to the task, so new payments technologies will have to be tapped to bring cross-border payments into the 21st century.

Note: All statistics without specific in-text citations are from the Mastercard Borderless Payments Report 2023.

Originally published on Digital Payments Intelligence at DPIntel.com

Download the free 40-page report Payments IQ: Cross-Border Payments in 2025 and Beyond.

Subscribe now

Introduction:

Customer payment data is a high-value target that makes cyberattackers salivate. Credit card networks, payment processors and merchants go to great lengths to keep it safe, and the latter two face huge penalties and even huger remediation costs for failing to do so. Today, network tokens are emerging as the industry standard processors and merchants turn to for protecting card data and walling off cyber threats, and adoption is skyrocketing.

Network tokens are exploding because they have a lot to offer over the solutions they’re replacing. They provide better security from cyberattacks and fraud – not just for merchants, but for everyone in the payments chain. They offer better authorization approval rates for merchants, which boosts revenue and improves the customer experience. They offer lower interchange rates in many countries. And they offer a new revenue opportunity for payment service providers (PSPs), both through increased residuals on approved transactions and on the fees that can be charged for providing easy-to-sell token management solutions.

In this article, we’ll take a deeper look at the network token value proposition, the state of their adoption, and the opportunities their rise presents to both merchants and PSPs.

What are Network Tokens and How Are They Different?

Tokenization is the process of replacing sensitive customer data with a randomly generated data string that contains no sensitive information and is useless to bad actors.

The key piece of data the token replaces is the customer’s Primary Account Number (PAN) – without which credit card fraud is not possible. The token provider stores the customer’s payment data on its own servers and creates tokens to represent it that are unique to each combination of cardholder and merchant. So no two merchants will have the same token even if they’re processing the same card. When a merchant needs to access the customer’s card, it can call the token from its database – known as a token vault – and send it through the network for authorization, processing a payment without ever being exposed to the customer’s card information.

Being able to access card-on-file payments without actually having the card on file is a huge boon for merchants. It enables recurring payments for subscriptions and memberships, one-click signed-in checkouts and more, while freeing the merchant from the threat of expensive data breach remediation.

Network Tokens vs. Payment Tokens

Tokenization is not new, but for many years, most merchants only had access to one type of token – payment tokens issued by processors. These large PSPs took responsibility for storing customer card data and issuing their own secure tokens as a value-added service to offer merchants.

Today, the credit card networks themselves are increasingly providing that service – known as network tokenization. Network tokens are issued directly by the network badged on a cardholder’s credit card, the big four being Visa, Mastercard, Discover and American Express. The tokens act in the exact same manner as processor payment tokens, but they skip the middleman altogether, simplifying the process and removing one additional data storage point, reducing the attack surface.

The Current State of Network Token Adoption

Network tokens have technically been around for a while, but they were a slow starter up until recently. Today, network tokens are seeing very strong adoption among both merchants and payment service providers (PSPs). According to research from PYMNTS and Mastercard, 78.2% of merchants currently enable tokenization in general, and network tokens have surpassed processor payment tokens in popularity – 28.2% of merchants have opted to go solely with network tokens, versus 17.3% that only offer payment tokens. 32.7% currently offer both, but there’s a good chance that number is going to drift down as more merchants move to network tokens alone.

Merchant-side network token adoption also demonstrates a skew towards larger sellers. Merchants doing over $1 million in revenue per year are much more likely to use network tokens than smaller merchants, 40% of whom have yet to adopt tokenization at all.

On the provider side, network tokens have been almost universally adopted. 88% of PSPs now support network tokenization, with 75% offering it alongside payment tokens and 13% offering it as their only tokenization solution. Those numbers may also trend towards more providers offering only network tokenization as coverage gaps close up and the need for processor payment tokens lessens.

Why Network Tokens are Better Solutions That Will Soon Dominate Tokenization

Network tokenization is already eating into processor-side tokenization. While a small percentage of merchants may opt to use both to ensure complete coverage, the vast majority will only use one or the other.

Network Tokens Take Transaction Security Directly to the Source

The core value proposition of tokenization is security. By replacing the PAN with a unique and non-sensitive piece of data, tokenization walls off bad actors. A hacker could steal a merchant’s entire token vault and it would be completely useless to them because the tokens are randomly generated and can’t be traced back to a PAN in any way. But that is

Network Tokens Reduce PCI Compliance Burden and Liability

Because the card networks also control the Payment Card Industry Data Security Standard (PCI-DSS), trusting them with tokenization is an ideal way to minimize both PCI compliance burden and potential liability.

Network Tokens Reduce False Positives and Boost Approval Rates

Network tokens offer two big benefits to transaction approval rates: they’re highly trustworthy and they automatically update.

Network Tokens Offer Better Interchange Rates

The major card networks want merchants to use their network tokenization solutions, and they financially incentivize them to do so through interchange rates. In some cases, discounts are offered. Visa, for instance, sets interchange fees as much as 10 basis points (0.1%) lower for network tokenized transactions in certain countries, including the U.S. and Canada.

What It All Means for Payment Service Providers and Merchants

Ultimately, network tokens are likely to become the baseline standard for transaction security and the vast majority of merchants will use them. In the meantime, the availability of this enhanced tokenization solution has some big implications for both merchants and their processing partners.

Better Security and More Money Now Go Hand in Hand

The main selling point for merchants is that network tokens offer them better security

There is No Time for PSPs to Hesitate on Adopting and Offering Network Tokens

For service providers, network tokens offer the same benefits, but from a slightly different angle. On the security side, merchants utilizing network tokens are less susceptible to fraud, the losses from which ultimately impact the service provider. That means PSPs benefit from having their merchants on network tokens. That’s one reason PSPs may choose to pass the savings on interchange through to merchants. But, they don’t have to.

Originally posted on Digital Payments Intelligence, at DPIntel.com.