The short version
  • The fraud mix flipped: first-party fraud (44%) and fake-account/identity abuse (42%) now outrank stolen cards and account takeover (36%).
  • AI lowered the cost of attacks — tactics are scripted, tested, and shared. Fraud went from high-value and rare to low-value and high-frequency.
  • Agentic commerce industrializes the edge cases. Agent-initiated transactions dispute at roughly 2.4× the human card-not-present rate, and consumers keep chargeback rights.
  • The defense is a layered, real-time system — identity, behavior, transaction scoring, disputes — documented and monitored continuously, because it's the same machinery your sponsor bank examines.

Most early fraud strategies are built to stop the fraud that was common when the founder last worked at a bank or a processor: a stolen card number, an account takeover, a stranger forcing their way in. That model is now defending the wrong perimeter. The 2026 reality is that the most expensive fraud increasingly comes from people the system already trusts — recognized customers, authenticated accounts, verified devices — and from machines acting on their behalf.

This is the framework we use with founders, built from years sitting inside the institutions and networks that run the rails — and from cleaning up the fraud programs that were bolted together too late.

What changed: the fraud mix flipped

Start with the data, because the headline numbers reorder your priorities. In Adyen's 2026 fraud report, first-party fraud is now the most commonly reported type of fraud (44%), closely followed by fake accounts and identity abuse (42%) and policy or promotion abuse (40%). The more traditional threats — stolen cards and account takeovers — were reported by 36% of businesses (Adyen, 2026).

Two structural shifts sit underneath that ranking:

  • Fraud got cheaper to run. Automation and AI have lowered the barrier to entry for bad actors, letting tactics be scripted, tested, and shared across closed networks. Fake and bot accounts are now the second most-encountered fraud type globally (Adyen, 2026).
  • The economics inverted. On Adyen's platform, fraudulent-chargeback losses fell 20% in 2025, but the average value of a fraudulent dispute dropped 23% over the same period — fraud moved from a few high-value hits toward high-frequency, low-value abuse inside trusted environments (Adyen, 2026).

Synthetic identity is the connective tissue. As risk leaders put it at the 2026 Identity & Payments Summit, fraud has moved well beyond the traditional first-party and third-party split: synthetic identities let bad actors build trust with a business over time, then disappear once they have extracted enough value. AI is amplifying synthetic and false identities and accelerating transaction fraud, forcing firms to rethink how they layer risk signals (Secure Technology Alliance, 2026).

The operator's read

If your fraud spend is concentrated on stopping stolen cards at checkout, you're guarding a door that fewer attackers use now. The money is leaking through onboarding (synthetic and fake accounts), through trusted-customer behavior (first-party fraud and abuse), and increasingly through machines. Rebalance the budget toward where the loss actually is.

The new front: agentic commerce breaks the chargeback model

The fraud surface is expanding into autonomous commerce, and it does something genuinely new to the dispute system. When a consumer delegates purchasing to an AI agent, the agent shops, selects, authorizes, and completes the transaction — and the cardholder may never touch the checkout page. Critically, the consumer keeps their chargeback rights: the CFPB's January 2026 advisory on autonomous-agent purchases under Regulation Z was explicit that dispute rights survive the delegation (FraudBeat, 2026).

That creates a transaction type the chargeback regime has no framework for: the consumer genuinely authorized the agent in general, but can plausibly claim they did not authorize the specific purchase. Early data cited in 2026 shows agent-initiated transactions dispute at roughly 2.4× the rate of comparable human-initiated card-not-present transactions (FraudBeat, 2026). Agentic tokens can answer whether an agent is legitimate; they cannot answer whether it acted within the scope the consumer intended.

This is not hypothetical infrastructure. Visa, Mastercard, and OpenAI have live agentic-commerce rails, and the hard problems are authentication (3DS wasn't built for agents), liability assignment, and how risk models treat traffic that looks anomalous by design (PaymentBrief, 2026). With AI agents projected to influence between 5% and 20% of payment volume within five years, 30% of merchants already name AI-platform trust scoring as the most critical new signal they need (Adyen, 2026).

The strategy: four layers, one real-time system

A fraud strategy is not a tool you buy — it's a system you operate. Four layers, each feeding the next, scored in real time rather than in batch.

1. Identity at the front door

The summit consensus is blunt: identity verification is often just a snapshot in time, and that's no longer enough when deepfakes and LLMs can generate high-quality fake documents in minutes (Secure Technology Alliance, 2026). Treat onboarding identity as a continuous trust score, not a one-time pass/fail: combine document and biometric checks with device, network, and consortium signals, and re-evaluate trust as behavior accumulates. The goal is to catch synthetic identities before they spend months building credibility on your platform.

2. Behavior and device, continuously

Because the threat now comes from authenticated accounts, you need signals that distinguish a real customer from a recognized-but-abusive one: behavioral biometrics, device and session intelligence, velocity and pattern analysis, and dynamic trust-scoring that can validate autonomous intent at scale. The shift the whole industry is making is from static defenses to sophisticated, dynamic trust-scoring (Adyen, 2026). This is also your first line on agent traffic — you want to recognize agent-initiated patterns and route them through appropriate controls rather than let them fail silently or sail through.

3. Transaction-level risk scoring

At authorization, the system should fuse those upstream signals into a single decision — approve, challenge, or decline — in the milliseconds you have. A modern agent workflow can verify identity, assess fraud, authorize payment, and trigger compliance logging before the transaction clears (industry practitioners, 2026). The discipline that matters here is explainability: every decline and every challenge needs a documented rationale, both to tune the model and to answer a sponsor bank or examiner later.

4. Disputes and recovery

The back end is where first-party fraud and agent-initiated disputes are won or lost. Build a disciplined chargeback-representment process with compelling evidence, and decide your posture on agent-initiated disputes now — the practical guidance for operators is to assume merchant liability for agent transactions that lack verified delegation credentials and price that risk accordingly (PaymentBrief, 2026). Feed every dispute outcome back into your scoring layers; a fraud system that doesn't learn from its losses is just an expense.

Tie it to a loss budget

Set an explicit fraud-loss budget by product and channel, then run the four layers against it. Over-tuning toward zero fraud quietly kills good customers and revenue; under-tuning bleeds the P&L. The right answer is a number you choose on purpose — and can defend to your sponsor bank.

Where AI and agents belong — and where they don't

Agentic AI is moving from pilot to infrastructure in fraud and financial crime. FIS and Anthropic launched a Financial Crimes AI Agent that compresses AML investigations from hours to minutes by assembling evidence across core systems, with BMO and Amalgamated first to deploy and general availability targeted for the second half of 2026 (FIS, 2026). The lesson for a founder is the governance pattern, not the vendor: FIS built an agent-first environment where client data stays inside controlled infrastructure and every agent decision is traceable and auditable.

That's the bar. Use AI and agents where they earn their place — triage, evidence assembly, pattern detection, false-positive reduction — with a human in control of consequential decisions, explainability built in, and guardrails that aren't bolted on after the fact. “Verified AI” beats “AI-first” every time a regulator or a sponsor bank asks you to show your work.

Why this is now a diligence issue, not just a loss issue

The same fraud machinery is what your sponsor bank examines. The regulatory direction of travel reinforces it: in 2026, FinCEN and the banking agencies proposed shifting AML/CFT programs away from checkbox compliance toward demonstrated results, tied to your actual products, customers, and delivery channels (Ncontracts, 2026). And responsibility doesn't transfer: in BaaS, third-party relationships are extensions of the bank's BSA/AML obligations, so when onboarding outruns oversight, the gaps are predictable — and they land on the bank's exam, then on you (FinWise, 2026). A fraud strategy that is documented, monitored continuously, and explainable is no longer just good economics; it's table stakes for keeping your banking relationship.

Building or rebuilding your fraud strategy?

Whether you're standing up a fraud program for the first time, rebalancing it toward first-party and synthetic-identity risk, or figuring out how to handle agent-initiated traffic without breaking your approval rates, that's exactly the kind of decision our senior operators — from Fiserv, FICO, Oracle, Citi, and Wells Fargo — work on with founders.

Book a working call

FAQ

What is the most common type of payment fraud for fintechs in 2026?

First-party fraud is now the most commonly reported fraud type, cited by 44% of enterprises in Adyen's 2026 fraud report, closely followed by fake accounts and identity abuse at 42%. The risk has shifted away from strangers forcing their way in and toward recognized customers, authenticated accounts, and verified devices. That means a strategy built only to stop stolen-card and account-takeover attacks is now defending the wrong perimeter.

Why does agentic commerce create new fraud risk?

When a consumer delegates purchasing to an AI agent, they keep their chargeback rights, but the dispute system has no framework for a transaction the consumer authorized in general yet did not authorize specifically. Early data cited in 2026 shows agent-initiated card transactions dispute at roughly 2.4 times the rate of comparable card-not-present purchases. Agentic tokens can prove an agent is legitimate, but they cannot prove the agent acted within the scope the consumer intended.

How should a fintech founder structure a fraud strategy?

Treat fraud as a layered, real-time system rather than a single tool. Combine identity proofing at onboarding, continuous behavioral and device signals, transaction-level risk scoring, and a disciplined dispute and recovery process, all tied to a clear loss budget by product. Because the same controls a sponsor bank examines, the strategy should be documented and monitored continuously, not assembled the week before diligence.