90%+ of firms struggle separating bots, with large enterprises facing 3.3% false positives and a $100B yearly friction cost, per a PYMNTS/Trulioo report.
A foundational premise of online security has collapsed. The internet was designed for humans at the keyboard, yet automated traffic now makes up the majority of online activity. A new PYMNTS Intelligence and Trulioo report, “How Enterprises Can Build a ‘Know Your Agent’ Defense,” finds that over 90% of organizations now struggle to manage bot traffic. Not all bots are malicious. Many are legitimate software agents handling travel bookings, subscription management, and purchases on behalf of users. The authentication systems built to verify a single human at a login screen are triggering false positives as high as 3.3% for large enterprises, destroying legitimate transactions. The aggregate cost reaches nearly $100 billion annually in direct fraud losses and missed revenue, according to the report.
This is a structural risk event for any business that relies on static identity verification. For decades, the internet’s security stack assumed a person, not an agent, was initiating each session. The arrival of the agent economy–software acting with delegated authority–decouples identity from action. Enterprises face a continuous stream of automated requests, many helpful, many adversarial. The distinction cannot be drawn with a one-time credential check. The shift forces a redesign of trust from a checkpoint to a real-time governance system.
Large enterprises operating across multiple jurisdictions and product lines see false-positive rates as high as 3.3% . That means roughly one in thirty legitimate interactions is wrongly flagged as suspicious, blocking the transaction and eroding revenue.
The $100 billion annual figure is not just a fraud loss; it is the combined cost of actual fraud plus the opportunity value of transactions halted by misidentification. Every false positive represents a customer who may abandon the platform, a travel booking that never completes, or a subscription that lapses without renewal. The PYMNTS/Trulioo report frames this as an identity-verification failure, where systems optimized for a human-only internet now misclassify an entire class of valid automated activity.
Larger organizations bear a disproportionate burden. Their systems handle higher transaction volumes across diverse geographies, regulations, and user types. Multinationals with hundreds of microservices and third-party integrations compound the problem: each integration point, each new agent type, and each additional jurisdiction adds another layer where static identity checks fail. Scale, once a source of resilience through pooled data, now acts as a risk multiplier. A false-positive rate that is manageable at a regional level compounds into a material financial drag when multiplied across global operations. The result is a growing, measurable leak that many executive teams have not yet surfaced to the board.
In the traditional model, a user logs in and performs actions directly. The agent economy loosens that coupling. Users grant permissions to software agents, which then operate within defined constraints. The authentication system is no longer verifying a human in front of a screen; it must verify the principal who authorized the agent, the scope of the agent’s authority, and the propriety of each action in real time.
A static identity check that authenticates a user at login provides no assurance about the agent acting later. The system must now answer three separate questions: Is the principal–the person or entity that delegated the authority–legitimate? Are the authorizations specific, bounded, and still valid? Are the agent’s actions consistent with the granted permission and the expected behavioral pattern? Missing any one of these creates an exploitable gap that both fraudsters and error-prone automation can exploit.
A concrete example illustrates the gap. A user authorizes a subscription management bot to update payment details. If that bot later attempts to change the shipping address, a checkpoint-based system may not intervene because the bot still holds a valid session token. A continuous trust architecture would detect the deviation in real time and block the action, limiting exposure.
With the agent economy, credentials alone are inadequate. The system must continuously assess whether an agent’s actions align with expected patterns derived from the principal’s history, the agent’s stated purpose, and peer group behavior. Trust evolves from a binary yes/no at the gate to a probabilistic score updated in real time. This convergence of security, product design, and user experience means authentication is no longer a separate layer but a property embedded in every interaction.
The PYMNTS/Trulioo report describes a shift from know-your-customer (KYC) to know your agent (KYA) . This is not a compliance slogan; it is a defense architecture that embeds continuous validation into every step of the agent lifecycle. The framework includes four layers:
The KYA model treats identity as a continuous, multilayered system of governance. A login event becomes just one data point among many. Real-time validation continuously assesses the agent’s actions against the authorized scope. If a travel-booking bot suddenly attempts a funds transfer, the system flags the deviation immediately–even if the initial credential check passed. This model is essential because the same bot that executes a legitimate booking at 9:00 a.m. may, at 10:00 a.m., operate under a stolen session if the scope is not continuously enforced. Session tokens and static API keys become vulnerabilities the moment trust stops adapting.
Every enterprise with a digital platform, payment flow, or user account management system faces exposure. The severity scales with operational complexity and the share of agentic traffic. Sectors with concentrated risk include:
As agents handle more transactions, the liability question becomes acute. If a legitimate agent exceeds its mandate and executes a fraudulent transaction because the identity system failed to detect the scope breach, responsibility is unclear. Enterprises that cannot demonstrate a multilayered, real-time verification process will face regulatory scrutiny and contractual disputes. The report’s emphasis on granular, real-time permissions maps directly to the evidentiary standard that auditors and regulators will increasingly demand. Payment networks and insurers may begin requiring agent-level authentication, turning the KYA framework into a de facto market-access requirement.
The $100 billion annual drag and 3.3% false-positive rates confirm that the risk is already material. Several forward-looking indicators would signal that the problem is intensifying faster than enterprises can adapt.
Enterprises that deploy continuous, behavior-based trust models earlier than peers can convert a threat into a competitive advantage. Reducing false-positive rates by even one percentage point would unlock substantial revenue recovery and lower operational costs. The report’s four-layer stack provides a concrete roadmap. Organizations that treat identity as a real-time system of governance, rather than a one-time checkpoint, can differentiate the majority of legitimate bot traffic from malicious activity. That decision preserves the efficiency gains of automated commerce while containing the associated identity risks.
The enterprise security posture that worked for a human-only internet is now a liability. Agentic commerce is not a future possibility; it is the present, measured in traffic that already constitutes the majority of online activity. The shift from static identity verification to continuous trust governance will separate the firms that absorb a growing $100 billion drag from those that turn bot management into a durable moat.
Key insight: The $100 billion figure is a measure of how much revenue existing identity systems destroy by treating legitimate automation as a threat, not just a fraud cost.
Drafted by the AlphaScala research model and grounded in primary market data – live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.