Skip to content

Three of the biggest fraud trends from MRC Vegas 2026

Chimera readability score 0.4522 out of 100, reading level.

Earlier this week, more than 2,000 payments leaders gathered at the Merchant Risk Council (MRC) Vegas 2026 conference to discuss new fraud patterns, authentication strategies, and agentic commerce. One theme emerged: fraud has become more automated and increasingly difficult to detect with traditional tools.
The most sophisticated fraud teams are responding by shifting from one-size-fits-all fraud approaches to more dynamic, tailored interventions. They are removing friction for trusted users, embedding fraud detection directly into agentic transactions, and investing in multilayered identity verification to combat deepfakes.
Here’s how leading enterprises are evolving their fraud strategy.
1. Successful fraud teams are dynamically authenticating users based on intent
Many businesses add authentication requirements universally to all customers or businesses, to increase the likelihood of finding every bad actor. The cost of this approach is often underestimated, said Roberta Del Monte Radford, payment risk operations lead, strategy and innovation at Airbnb, during her session on connecting refund fraud and reseller fraud. A false positive leads to a declined transaction and losing the potential lifetime value of a legitimate customer.
Her proposed alternative is to build a behavioral picture of each user over time and use it to understand intent—what she calls high-trust velocity. And if you can gauge intent with precision, you can strategically introduce authentication requirements to some users, but not all.
“If we have high-trust velocity, why would we put that entity through friction? We don’t need to; we know they’re good, so they don’t need any friction whatsoever. We’ll reserve the friction package to the 1% of the traffic that actually is proven to be risky,” said Del Monte Radford.
Stripe is building with this principle in mind. Stripe Radar’s adaptive 3DS applies friction dynamically, using AI to assess risk level and only triggering an authentication challenge when something looks unusual. Businesses on Stripe have seen an over 30% reduction in fraud on eligible transactions, representing one of our largest ever improvements.
2. Agentic commerce is challenging rules-based fraud detection
Ashley Furniture has built a sophisticated rules-based fraud operation. The company handles both products that ship within a few days alongside custom orders that take more than 30 days to manufacture; each type of order requires a different authorization cycle. That infrastructure works when humans are managing the process, but Ashley Furniture’s team realized its fraud strategy needed to evolve when it launched its agentic commerce offering.
“Rule-based fraud detection was not going to be sufficient,” said Kyle Dorcas, head of product management at Ashley Global Retail, during his session on building payments and fraud infrastructure for AI agents. “We firmly believe that in order to combat fraud, [detection] really has to be in the payment fabric.”
When agents are making purchases across channels, fraud detection can’t evaluate transactions after the fact. Instead, fraud detection has to be embedded in the payment infrastructure itself, adapting in real time to patterns that static rules can’t anticipate.
Stripe’s Shared Payment Tokens allow AI agents to initiate payments using a buyer’s saved payment method without exposing payment credentials. When used with Stripe Radar, they also relay underlying risk signals in real time—including likelihood of fraudulent dispute, card testing, stolen card use, and issuer declines—helping differentiate between high-intent agents and low-trust automated bots.
3. Deepfakes and synthetic identities require new fraud tactics
Producing a convincing fake identity used to require criminal infrastructure, specialist knowledge, and meaningful effort. That barrier is largely gone. Bad actors now have easy access to templates for driver’s licenses, bank statements, utility bills, and government IDs. Generative AI has also accelerated impersonation capabilities. Gordon Sheppard, head of fraud operations at H&R Block, demonstrated this during his session on strengthening identity verification to combat ecommerce fraud. Using a single still photo, a 30-second audio clip, and about 20 minutes of work, he generated a convincing video of himself speaking fluent Mandarin, Italian, and Russian. The same tools are available to anyone.
Gordon says identity verification now depends on finding the anomalies fraudulent actors can’t get perfectly right every time, such as an incorrect signature or a mirror-image headshot. He shared an example where everything on a fraudulent license was flawless except one detail: the expiration date didn’t match what the authoritative data source had on file for that license. The implication, Gordon argued, is that no single check is sufficient because a convincing forgery will fail somewhere.
With Stripe Identity, businesses can programmatically confirm the identity of global customers to prevent attacks from bad actors. We can detect fake IDs and spoofed photos with AI, match the ID photo with selfies of the document holder, and validate SSN and addresses against global databases.
To learn more about how Stripe can help your business fight fraud, contact us or sign up for an account.

Facts Only

* The Merchant Risk Council Vegas 2026 conference focused on fraud trends.
* Over 2,000 payments leaders attended.
* Fraud is becoming more automated.
* Teams are shifting to dynamic, tailored interventions.
* Friction is being removed for trusted users.
* Fraud detection is being embedded into agentic transactions.
* Multilayered identity verification is being invested in.
* Dynamic authentication based on intent is being implemented.
* Stripe Radar’s adaptive 3DS reduces fraud by over 30%.
* Ashley Furniture is adapting fraud strategies for agentic commerce.
* Generative AI is enabling the creation of convincing fake identities.
* H&R Block demonstrates the ease of generating fake IDs with AI.
* Stripe Identity is being used to confirm global customer identities.

Executive Summary

The Merchant Risk Council 2026 conference highlighted a significant shift in fraud trends, primarily driven by increased automation and sophistication. Businesses are moving away from broad-based authentication strategies, recognizing their cost and potential for negatively impacting legitimate customers. A key trend is the adoption of dynamic authentication based on user intent, exemplified by Stripe's adaptive 3DS, which utilizes AI to assess risk in real-time. Simultaneously, the rise of agentic commerce is challenging traditional rules-based fraud detection, necessitating embedded fraud solutions within payment infrastructure. Finally, the accessibility of generative AI tools is creating new challenges related to deepfake identity verification, requiring a layered approach to anomaly detection and verification. While specific companies like Ashley Furniture and H&R Block are pioneering these approaches, the overall picture reveals a complex and evolving fraud landscape demanding more adaptive and nuanced strategies. The data indicates a move toward proactive, real-time risk assessment rather than reactive rule-based systems.

Full Take

The article paints a picture of a fraud landscape undergoing a fundamental destabilization, largely due to the democratization of sophisticated tools. The “one-size-fits-all” approach to authentication, a common and seemingly rational tactic, is being exposed as fundamentally wasteful and potentially damaging – Roberta Del Monte Radford’s “high-trust velocity” concept is a clever maneuver to avoid the trap of the Motte-and-Bailey fallacy, arguing for a more nuanced assessment (ARC-0043). Ashley Furniture’s experience perfectly illustrates this – their reliance on rules-based systems was simply incapable of handling the complexities introduced by agentic commerce (ARC-0024). The shift isn’t merely about technology; it’s about fundamentally re-framing the relationship between the merchant and the customer – moving from a model of suspicion to one of confident trust, conditional on demonstrated intent. Gordon Sheppard’s anecdote about the fabricated Mandarin voice with readily available AI is chilling; it highlights a transition where the *cost* of creating a fraudulent identity has effectively vanished. The use of Stripe Identity speaks to a desperate attempt to regain control of an increasingly unmanageable situation, using algorithmic scrutiny to attempt to detect anomalies. However, the fundamental problem remains: the adversary is now operating on a level playing field, wielding the same tools—and arguably, the same operational economy—as the defender. The reliance on anomaly detection risks a constant game of chasing shadows, a defensive posture that inevitably cedes strategic ground to an increasingly agile and adaptable opponent (ARC-0018). The article’s focus on Stripe’s solutions feels like a carefully crafted sales pitch, layering technology onto a pre-existing vulnerability. The true risk isn’t necessarily the technology itself, but the assumption that technology can solve a fundamentally human problem—the capacity for deception. The potential for coordinated influence campaigns leveraging these generative AI tools to create targeted disinformation is concerning; if the content matches a hypothetical campaign – using fabricated credentials and exploits—it represents a significant escalation (ARC-0007).