For the global payments industry, the rapid ascent of agentic commerce has sparked an intense race to solve a singular infrastructure problem: ensuring that merchants can fully trust the AI agents appearing at checkout. However, a far more urgent question is currently receiving significantly less industry attention: can consumers trust the underlying merchants that these autonomous AI systems are recommending in the first place?
According to Chris Jones, managing director at payments advisory firm PSE Consulting, this second dilemma is no longer a theoretical risk. Recent testing conducted by UK-based scam-detection service Ask Silver exposed a profound vulnerability in contemporary large language models. The investigation revealed that highly sophisticated fraudulent websites, designed to explicitly impersonate well-known British retail brands, were actively appearing inside ChatGPT shopping recommendations. Users following these AI-generated links believed they were transacting with a recognized brand, when they were actually exposing their financial capital and sensitive payment credentials to a malicious scam site.
The Vacuum of Seller Authentication
This phenomenon highlights a dangerous structural asymmetry currently unfolding across the architecture of AI-driven commerce. While the payments ecosystem has successfully built highly sophisticated protocols to authenticate autonomous buyers, comparatively little infrastructure exists to validate the authenticity of sellers before they are surfaced by an AI assistant.
The mechanics of this new impersonation fraud were highly visible during the Ask Silver investigation. When ChatGPT was prompted to recommend popular consumer bags from Russell & Bromley, the AI seamlessly returned product information, accurate pricing, and direct transactional links. However, several of these links routed directly to scam websites mimicking the retailer. The attack vector was uniquely effective because Russell & Bromley’s broader digital footprint had become structurally ambiguous after the brand entered administration in early 2026 and was subsequently absorbed into another retail conglomerate.
Fraudsters quickly moved to occupy the resulting online vacuum. Security researchers warn that this tactic is spreading rapidly, with bad actors deliberately engineering fraudulent pages to be indexed, interpreted, and surfaced by generative AI tools rather than optimizing for traditional web search engine rankings. Concurrently, Visa has identified a sharp increase in dark-web forum discussions regarding AI-agent tools alongside a rise in malicious, bot-driven transactions.
The Buyer Infrastructure Bias
To its credit, the global financial ecosystem has moved with exceptional speed to resolve the buyer-side authentication problem. Specialized programs—including Visa’s Trusted Agent framework, Mastercard’s Agent Pay initiatives, and American Express’s developer tools—all deploy advanced cryptographic signatures, credential binding, and explicit consent policies to verify that an AI agent holds legitimate customer authorization. Similarly, OpenAI and Stripe have co-developed dedicated agent-to-merchant protocols, while Google’s commerce initiatives alongside partners like Shopify, Walmart, Adyen, and Mastercard utilize signed spending mandates to cap agent liabilities. Even PayPal has leveraged its vast existing merchant base to expand automated AI acceptance.
Yet, all of these developments focus exclusively on the buyer trust equation, leaving the seller trust problem wide open. While some card network initiatives are beginning to touch on the issue—such as Visa’s agentic merchant directory—verifying that a portal possesses the technical capacity to support an AI checkout is entirely different from verifying that the merchant is a legitimate enterprise. Today’s AI platforms rely blindly on established marketplace ecosystems like Shopify or Etsy as a proxy for institutional legitimacy. The standalone fraudulent websites identified by Ask Silver bypassed this scrutiny entirely, requiring nothing more than basic discoverability by the language model’s web-crawlers.
“If AI commerce evolves without a comparable merchant-verification layer, the industry risks recreating the ‘wild west’ marketplace model across the entire web,” warned Chris Jones. “Except this time the shopper may be an autonomous agent with no instinct for a suspicious domain name and no moment of human hesitation before payment is initiated”.
A New Fraud Typology for Acquirers
For merchant acquirers and payment networks, this trend represents a distinct, AI-driven impersonation fraud category rather than a mere extension of legacy retail fraud. The economics of the attack vector have fundamentally changed; a scammer no longer needs to construct a convincing front-end store to trick human visitors. Instead, they simply need to engineer specific digital signals that cause an AI algorithm to rank and recommend the fake store as a trusted provider.
Through a single optimized page, a fraudster can systematically siphon capital from thousands of automated consumers routed by AI platforms. Acquirers exposed to high-velocity consumer sectors like fashion, footwear, electronics, FMCG, and travel face disproportionate balance-sheet risks as autonomous purchasing scales up.
To mitigate this growing exposure, the industry cannot simply wait for a universal global compliance standard to materialize. Acquirers must proactively map their current exposures to impersonation-prone categories and continuously review merchants whose online brand identity remains ambiguous. Legacy merchant website checks, historically concentrated solely during initial onboarding, must transition into continuous, automated monitoring workflows. Simultaneously, networks must contribute real-time risk signals derived from transaction histories, while AI platforms must evolve beyond verifying catalogue feeds to authenticate absolute merchant identity. Ultimately, a durable defense requires collaborative data sharing between acquirers, card networks, and AI providers to dictate exactly which merchants deserve to be trusted in an agentic financial world.
The post The Missing Link in Agentic Commerce and the Threat of AI Merchant Impersonation appeared first on The Fintech Times.
