Cross-Merchant Agent Reputation: The Fraud No Single Store Can See

The short version

Cross-merchant agent reputation is the behavioral history of an autonomous agent, assembled across every merchant it touches rather than only the one watching. It is the difference between seeing a single clean order and seeing an agent that is orderly at your counter and predatory across the market.

A single merchant sees its own slice. Agent fraud lives in the space between slices. The reputation layer is what stitches the slices together into a signal one store can actually act on.

Why one merchant is blind

Agent fraud does not look like fraud. It arrives as clean, fast, successful transactions, not the noisy, error-prone behavior legacy fraud models were tuned to catch. An agent that has been taken over, or that is operating outside the authority its principal granted, completes the order without tripping a single rule.

To the merchant on the receiving end, that is one well-behaved transaction. The abuse only becomes visible across many orders, many customers, and many verticals at once. Signifyd, one of the larger fraud networks in commerce, says it plainly: no single merchant has enough data on its own to define what normal agent behavior even looks like.

That is the structural problem. The information needed to judge an agent does not exist inside any one merchant. It exists in the aggregate, and the aggregate is exactly what a single store cannot see.

The market already agrees

This is not a FLINT theory. The largest fraud platforms in commerce have already conceded the point by building cross-merchant networks of their own.

Forter runs its decisions against a dataset of more than 1.2 billion identities pooled across its merchant network, and publishes anonymized insight on agent behavior that no member could produce alone. Riskified describes its product as a layer that augments a merchant's own customer history with intelligence from its multi-merchant network. Signifyd frames the entire agentic problem around establishing baselines from global commerce data rather than local data.

Read together, these are three independent admissions of the same fact: in agentic commerce, the unit of trust is the agent's behavior across the market, and no single merchant owns enough of that market to see it.

Why what exists does not close the gap

If the networks already exist, why is this still open ground? Because the cross-merchant data that exists today is trapped in two kinds of silo, and neither produces reputation that travels.

The first silo is the fraud vendor. Forter, Riskified, and Signifyd each pool data, but the output is a private score for that vendor's own customers. The agent's history lives inside the vendor and leaves as a number. You cannot carry it, verify it, or present it as evidence. You rent access to a verdict you are not allowed to inspect.

The second silo is the payment network. Visa Intelligent Commerce, Mastercard Agent Pay, and American Express ACE each certify agents and record intent inside their own rails. That is real, but it is per-network. An agent's standing on one network does not cross to another, and none of it is tied to a portable identity a merchant on a different rail can check.

So the data is real and the need is acknowledged, but reputation today belongs to whoever scored it. There is no neutral, portable, verifiable reputation that follows the agent across vendors, rails, and domains. That is the missing layer.

What cross-merchant agent reputation actually requires

A reputation layer that closes the gap has to satisfy four conditions. Miss any one and you are back to a private score.

• A verifiable agent identity Reputation has to attach to a stable, verifiable identity that is the same agent across every merchant, not a session, cookie, or API key that resets at each door.
• Portable, signed records The history has to leave as evidence you can hold and verify, a signed verification record, not an opaque score you rent and cannot read.
• Neutrality The layer has to sit between enterprises rather than inside one fraud vendor or one payment rail, or it simply becomes another silo with a wider moat.
• Compounding It has to get stronger with every transaction it sees, so the network's judgment improves precisely where a single merchant's never can.

What it catches that you cannot

Concretely, cross-merchant agent reputation is what surfaces the agent that is inside its authorized scope at your store while exceeding it everywhere else. It catches velocity and structuring spread thin across many merchants to stay under each one's threshold. It flags the agent whose principal was compromised at another merchant an hour ago, before the loss reaches you. It turns a clean-looking first transaction into a decision you can actually make.

Identity tells you who the agent is. Reputation tells you whether the thing carrying that identity has been behaving. The first question a single merchant can answer. The second only the network can.