CFOtech UK - Technology news for CFOs & financial decision-makers
United Kingdom

Guides

#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
health technologies

Search

Nighttime home desk ai shopping bots fraud shadowy figures skyline
#
Biometrics
#
Fintech
#
MarTech

BioCatch warns AI agents will supercharge online fraud

Fri, 16th Jan 2026
Author image
By Melania Watson, Interview Editor

BioCatch has warned that criminals will use AI agents for online shopping and finance to run fraud attempts at greater scale, and it has urged retailers and financial institutions to improve how they distinguish legitimate automation from malicious activity.

The comments came after Experian's 2026 Future of Fraud Forecast pointed to a "tipping point" as more consumers adopt agentic AI for shopping journeys. BioCatch said the same shift will widen the attack surface for scammers.

Jonathan Frost, Director of Global Advisory for EMEA at BioCatch, said criminals tend to adopt new technology early and iterate quickly. He argued that the next phase of fraud will involve attacks that resemble genuine consumer behaviour because AI agents can browse, compare products and complete transactions.

"As people begin to rely on AI agents, from tools such as OpenAI and Perplexity to retailer-built shopping assistants, to browse, buy and manage their finances, it opens up another opportunity for fraudsters to exploit. Criminals are among the earliest adopters of new technology and will use these tools to attack systems at scale. Unlike legitimate businesses, they operate without fear of failure or ethical constraint, allowing them to test and adapt their attacks at speed.

"For retailers and financial institutions, blocking AI agents outright risks disrupting the future of digital commerce. The challenge is to become more intelligent and flexible, moving beyond simple bot detection to identifying legitimate agents from malicious ones. This requires analysing behaviour over time and examining patterns and sequences of interaction to understand intent. Such behavioural insight enables support for AI-driven experiences while still detecting abuse, fraud, and automation designed to harm," said Jonathan Frost, Director of Global Advisory for EMEA, BioCatch.

Agentic risk

AI agents sit behind a growing set of consumer-facing tools. Some are general assistants that can take actions across websites and apps. Others are retailer-specific shopping assistants that guide customers through product discovery and checkout. Financial services firms also increasingly use digital assistants for servicing and account management.

Fraud teams already contend with credential stuffing, card testing, account takeover and authorised push payment scams. Frost said AI agents could change how these tactics appear in digital channels. He highlighted the potential for more automated trial-and-error, with attackers testing transaction flows and authentication steps repeatedly.

Retailers face exposure across account creation, promotions, loyalty schemes and refund processes. Financial institutions face exposure across onboarding, payments and digital servicing. BioCatch said the growth of agentic behaviour introduces a need to identify whether activity represents a legitimate user operating through an assistant, or an attacker using automation.

Detection shift

Frost argued that firms should not treat all AI-driven interactions as bots. He said that blocking could disrupt commerce as more consumers use agents to shop and manage accounts. He also said simple bot detection would not prove sufficient as attackers use more sophisticated automation.

Instead, he pointed to behavioural detection methods. He described analysis that looks at behaviour over time. He also referenced patterns and sequences of interaction. BioCatch said these signals can indicate intent, which becomes important when legitimate agents and malicious automation may share similar technical characteristics.

That approach aligns with the broader direction of fraud prevention. Firms increasingly combine multiple signals, including transaction context and customer behaviour. They also use risk-based controls that change friction depending on perceived risk. BioCatch's position adds a focus on understanding agent activity as a distinct category of interaction.

Industry background

Frost previously worked in law enforcement on UK fraud reporting infrastructure. He led development of the UK's National Fraud and Cybercrime Reporting system while at the City of London Police.

He has also worked on projects for the Foreign, Commonwealth and Development Office and the Home Office. He later served as Director of Technical Collaborations at Stop Scams UK, where he worked with Meta, Google and BT on fraud and scam reduction efforts.

BioCatch operates in the fraud detection market with technology that analyses behaviour in digital channels. The company's warning places increased attention on how merchants and banks will adapt to agentic AI use by consumers, while maintaining controls that reduce fraud losses and operational burden.

Experian's forecast suggested a step-change in fraud as agentic AI becomes more common in commerce. Frost's comments indicate that fraud prevention strategies will need to evolve in parallel, with a sharper focus on distinguishing intent when automated activity becomes routine in customer journeys.

Related stories
Most Britons baffled by new AI & marketing job titles
Quantexa picks London South Bank for new HQ at Delft
eBPF report shows efficiency, security gains at scale
Manchester firms delay growth plans amid volatility
Synechron earns EcoVadis silver for sustainability

Top stories

London Tech Week 2026 agenda puts sovereign AI centre stage
Sapia.ai unveils Phai, an AI coach for career change
Electric Twin raises USD $14m to scale AI audiences
IT jobs most applied for in UK as salaries outpace rest
Most firms fail to measure real financial returns on AI