Retail Fraud - Understanding Threats from Agentic AI
Basically, AI can be used by criminals to trick retailers into losing money.
Retailers are facing a surge in fraud risks linked to agentic AI. This technology enables new tactics like gift card theft and returns fraud, threatening profits and customer loyalty. As these threats grow, understanding and defending against them is crucial for the retail industry.
What Happened
In the age of agentic AI, retailers are increasingly vulnerable to fraud. Agentic AI, which automates online shopping, is projected to handle a significant portion of e-commerce by 2030. However, with this technology comes the risk of malicious activities, including gift card theft and returns fraud. Recent discussions at the National Retail Federation (NRF) Big Show highlighted these threats, emphasizing the need for robust defenses against AI-enabled fraud.
During the event, Google introduced the Universal Commerce Protocol (UCP), designed to secure transactions between AI agents and retailers. While this protocol aims to enhance security, experts warn that it could also be exploited by cybercriminals. For instance, a study estimates that by 2028, one in four data breaches may stem from AI agent exploitation, underscoring the urgency of addressing these vulnerabilities.
Who's Being Targeted
Retailers of all sizes are at risk, particularly as Organized Retail Crime (ORC) becomes more prevalent. According to the U.S. Chamber of Commerce, ORC costs retailers an average of $700,000 per $1 billion in sales. With the rise of agentic commerce, threat actors can leverage AI to execute sophisticated fraud schemes, putting not only profits but also customer loyalty at stake.
The potential for fraud is further exacerbated by the ease with which criminals can create fake identities and manipulate AI agents. Returns fraud and gift card theft are two common tactics that can lead to significant financial losses for retailers. As these fraudulent activities become more automated, the scale of the impact could be devastating.
Signs of Infection
Retailers should be vigilant for signs of AI-enabled fraud. Common indicators include:
- Unusual patterns in return requests or gift card purchases.
- Increased chargebacks from customers claiming unauthorized transactions.
- Reports of customers receiving unexpected refunds or gift cards.
These signs can indicate that a retailer's systems may have been compromised by AI-based fraud techniques, such as prompt injection, where malicious commands are embedded in seemingly legitimate transactions.
How to Protect Yourself
To safeguard against these emerging threats, retailers should adopt several proactive measures:
- Implement robust security protocols, such as the Agent Payments Protocol (AP2), to enhance transaction security.
- Train staff to recognize signs of fraud and establish clear procedures for handling suspicious transactions.
- Invest in technologies that validate the identity and behavior of AI agents, such as Know Your Agent (KYA) frameworks.
By staying informed and adapting to the evolving landscape of AI-enabled fraud, retailers can better protect themselves and their customers from these sophisticated threats.
Palo Alto Unit 42