Why Retail’s AI Fraud Problem Starts at the Identity Layer

Published: May 27, 2026

Retail has always attracted fraud, but what’s happening now is different in both scale and sophistication.

69% of retailers experienced AI-enabled fraud in the past year. Meanwhile, global ecommerce fraud losses are projected to rise from $56 billion in 2025 to $131 billion by 2030. For every dollar of fraud, retailers lose $4.61 in chargebacks, shipping, restocking and dispute management costs.

Yet there’s a significant gap between the size of the problem and the industry’s readiness to address it: only 3% of retailers feel well prepared to combat AI-enabled fraud risks.

That gap didn’t happen by accident. It happened because most fraud prevention investment has gone into detection solutions that catch fraud only after it enters the transaction flow. AI has now made that approach structurally ineffective. 

The Problem is Moving Upstream

Traditional fraud controls were built around a simple model: monitor transactions, flag anomalies and block suspicious activity. The assumption baked into that model is that the person initiating a transaction is who they say they are, until something in their behavior suggests otherwise.

AI has broken that assumption at scale.

Fraudsters can now use agentic AI to automate credential stuffing, mine personal data and intercept basic multi-factor authentication methods. Advanced AI can mimic human navigation via touchscreen, keyboard and mouse, making behavioral detection increasingly difficult. When it comes to bypassing systems entirely, AI gives threat actors the ability to learn and adapt in real time — avoiding static rules, spoofing devices and rotating IP addresses to stay one step ahead.

In other words, every major layer of the traditional fraud stack now has a known AI-powered workaround. The simple detection model still works in some cases, but it’s increasingly fighting a much faster, more scalable and more advanced adversary than it was designed for.

As a result, deepfake-related fraud has already caused $2.19 billion in losses globally, according to Surfshark research. The U.S. is the most targeted country, suffering $712 million in losses since 2019.

Where the Gap Actually Lives

The retail industry’s instinct has been to layer additional monitoring capabilities on top of existing controls. In fact, the average ecommerce company now uses five fraud detection tools to mitigate risks. Despite these efforts, attacks continue to rise.

Stacking visibility solutions on top of a weak foundation doesn’t fix the problem.

Most retail fraud now happens not because detection failed, but because weak identity verification at the point of entry allows attackers to pose as legitimate customers. By the time behavioral analytics flag something unusual, the damage is done.

Fraud losses are only part of the cost. Retailers that fail to properly address these risks will struggle to satisfy customer expectations for seamless experiences. Tighter friction, more false declines and increasingly aggressive verification requirements all chip away at the experience customers expect. 

Taking a Hardware-Rooted Approach to Retail Identity Security

The retailers that are ahead of this new threat landscape aren’t necessarily running more sophisticated fraud detection. They’re asking a different question: can we verify who a customer actually is before they enter the purchase journey, rather than inferring it from behavior after the fact?

Hardware-rooted authentication changes the game significantly. By binding a user’s SIM or eSIM to their device’s unique hardware ID, it creates a deterministic identity that cannot be swapped, intercepted or spoofed. A synthetic identity that can fool a behavioral model cannot bypass a verification method anchored in cryptographic hardware that the fraudster doesn’t possess — even through AI-driven or SIM swap attacks.

The benefits to this approach extend beyond fraud prevention. Cart abandonment rates hover around 70% globally and spike to 85% on mobile, and one-time password (OTP) or multi-factor authentication (MFA) friction at checkout is one of the main drivers. In contrast, SIM-based verification does not require additional actions from the customer: no code to enter, no app to install, no interruption. The same step that eliminates fraud risk also eliminates the drop-off.

Regulators already are pushing in this direction. Around the world, banks, insurers and government entities are being urged to move away from OTP and MFA-based authentication toward stronger, hardware-rooted verification. 

The Question Retailers Should be Asking

87% of retailers expect fraud to keep rising in the coming years. This will not improve by adding more detection tools for which AI has already learned how to circumvent your security architecture.

The retailers that will be genuinely prepared are the ones treating identity verification as a strategic priority, not a compliance checkbox. That means investing upstream in identity verification methods like hardware-based authentication that block threats before a purchase journey even begins.

AI made fraud scalable. The only response is an identity layer that AI cannot fake. 


Ran Ben-David is the founder and CEO of Unibeam, a digital identity company that uses SIM and eSIM as a hardware-backed trust anchor to combat AI-driven fraud, working with global carriers, governments and enterprises to stop impersonation, account takeover and synthetic identity attacks at scale.

Retail Trendcaster Webinar Series
Retail Strategy & Planning Series
Holiday ThinkTank