According to Deloitte’s latest report on AI enabled fraud in retail, only 3% of retailers feel well prepared to address AI-enabled fraud risks.
As retailers embrace AI-driven innovation, fraudsters are using the same technology to launch more complex, scalable attacks. In just one quarter, retailers with high AI adoption saw a 37% spike in fraudulent traffic. Additionally, 69% of retailers experienced AI-enabled fraud in the past year, and 87% expect fraud to keep rising.
Kevin Luh, a partner responsible for fraud strategy and transformation at Deloitte, explained that the problem isn’t about awareness, as most retail leaders do recognize the importance of AI-enabled fraud.
The gaps are in the execution. The 97% of retailers struggle in three areas, he noted:
- Funding Constraints – fraud initiatives are deprioritized over other growth initiatives
- Resource Limitation – limited or no specialized fraud and AI skillsets to implement or operationalize the strategy to mitigate AI-enabled fraud
- Technology Effectiveness – limitations of the legacy technology that wasn’t built for the new world of AI-enabled, high-velocity attacks
“In short, retailers aren’t ignoring the risk, but they face the agility challenges to implement changes,” said Luh.
He said the 37% spike isn’t about retailers adopting AI, but rather it is tied to LLM(Large Language Models)-referred shopping traffic.
“When a consumer uses tools like ChatGPT to browse, compare, and make a payment, those transactions are 1.7 times more likely to be fraudulent than a consumer visiting the eCommerce site directly. The elevated fraud risk includes the use of stolen credit cards, abuse of customer-friendly return policies, and promotional loopholes,” said Luh.
“The blind spot is that LLM-referred traffic masks many signals that retailers rely on to identify fraud, such as device fingerprints, digital behavioural telemetry, and session patterns, making the fraudulent behaviours indistinguishable from legitimate consumers.”
Traditional fraud controls were implemented for a world where attack patterns change slowly and over time. In an AI-driven environment, he noted:
- Tuning cycles are too slow – Fraudsters can generate different sorts of attacks quickly and change their attack pattern to evade known detection, but retailers often need hours, days, or weeks to manually tune the systems to ensure limited or no disruption to legitimate consumers.
- Limitation of detecting bot-like behaviours – Retailers rely on identifying bot-like behaviours as they are more prone to being fraudulent; however, with more consumers using LLM agents for online shopping, those digital telemetry and device fingerprint signals have become unreliable.
“Customer trust is foundational and difficult to rebuild once lost. As retailers pursue growth opportunities enabled by agentic AI, fraud and security needs should be treated as design inputs rather than an afterthought,” added Luh.
“For many leading organizations, security and fraud risk considerations are already embedded in the design rather than being retrofitted after incidents occur to achieve balanced growth, customer experience, and brand reputation”.
For retailers facing budget and talent constraints, what are the first two or three high-impact actions they should take now to modernize their fraud strategy and reduce risk within the next 12 months? Luh said there are two highest-impact actions that retailers can consider:
- Conduct a focused fraud-risk assessment to prioritize near-term investment areas – identify and estimate potential exposure to new and emerging fraud risks, evaluate existing capabilities, and highlight critical gaps to address. This ensures funding priority to focus on immediate-term initiatives.
- Expand external intelligence and partnership – acknowledge retailers cannot out-innovate the fraudster alone. In addition to upskilling the internal staff, augment defences with the expanded use of external consortium intelligence from solution providers, networks, and payment partners.
More from Retail Insider:
