Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Product, fraud, and trust and safety teams at online merchants and marketplaces have been fighting bots for a long time. While there were occasional disagreements about how “bad” bots were (a purchase is a purchase, some might say), the general consensus often ranged from suspicious to block them all. But not anymore. As AI-powered browsers and agents become more commonplace, online merchants have to prepare for a world where agentic commerce is a standard sales channel.

Globally, companies lost an average of 7.7% of their annual revenue to fraud, according to TransUnion’s 2025 Digital Identity Risk Accelerates Fraud Losses report. In the US, companies reported revenue losses of 9.8%, a 46% increase from the previous year. That’s hundreds of billions of dollars heading into the hands of fraudsters. And those stats don’t account for the loss of trust, hit to brand reputation, and time and resources spent on mitigating and resolving the fraud.

An identity mule is someone who is compensated for sharing their identity. They may be asked for pictures of their identification documents and video selfies. Or, instructed to create an account and complete an identity verification flow before handing over the account’s credentials to a bad actor. The fraud cat-and-mouse game is taking a new turn. As organizations get better at detecting deepfakes, some bad actors are using real people’s identities to commit fraud.

Hiding products on Shopify without deleting them is a common requirement when managing storefront visibility. By default, Shopify doesn’t provide a dedicated “hide product” button, but it does offer various visibility controls using product status, sales channels, and newer features like unlisted products.

All over the world, companies are seeing a rise in fake job applicants. You may have experienced it yourself: dozens of near-identical resumes arriving within hours, or candidates who refuse to turn on their camera during video interviews. Remote hiring, global talent pools, AI-generated resumes, and increasingly sophisticated fraud networks have profoundly changed the hiring landscape. Traditional hiring processes were never built to defend against the types of candidate fraud we’re seeing today.

For years, businesses have treated public key infrastructure (PKI) as background plumbing, quietly securing access across enterprise systems and devices, and rarely drawing executive attention unless something failed. New research from the Ponemon Institute suggests that those assumptions no longer hold.