Every time a robot or assistant tries to buy in your store, Trusteed checks these rules in milliseconds. Hit "See it in action" on any rule to watch it work.
Rules that verify the agent's identity before anything else.
If a robot or assistant wants to buy in your store it must show its 'digital ID'. No identification, no purchase. That simple.
Example: An anonymous bot tries to add 3 shirts to the cart → Trusteed stops it before payment.
The agent's digital ID has a cryptographic 'signature' that proves it is real. If someone tries to use a fake or tampered ID, the purchase is stopped instantly.
Example: An attacker tampers with the agent token → invalid signature → blocked.
When a user lets an assistant buy for them, they set a limit ('no more than €100'). If the cart goes over that limit the purchase is stopped.
Example: User authorised up to €100 and the cart reaches €250 → blocked.
If the agent's 'digital ID' was created less than 24 hours ago, an extra check is added. New keys are a warning sign.
Example: Agent uses a key created 2 hours ago → extra check before payment.
If Trusteed has cancelled an agent's access — for abuse, fraud or any other reason — that agent cannot buy in any connected store.
Example: An agent marked as fraudulent tries to buy → blocked immediately.
Not all systems that 'verify' agents are equally reliable. If the verification source has low confidence, the purchase is stopped.
Example: Agent verified by a low-confidence system (40%) → blocked.
If an agent has been blocked in 2 or more Trusteed stores in the last 30 days, your store blocks it too. Shared protection between merchants.
Example: A bot blocked in 3 clothing stores → also blocked in your shoe store.
The user gives the assistant specific permissions ('search only', 'add to cart only'). If the assistant tries to do something more — like pay without permission — it is stopped.
Example: Assistant with 'search' permission tries to process payment → blocked.
Rules that detect unusual behaviour, abuse patterns, and high-risk transactions.
On automated payment routes, the agent must always identify itself. No exceptions at checkout.
Example: Agentic checkout with no agent token → blocked before processing.
Agents that have never bought in your store go through an extra check. Like asking for references the first time.
Example: New agent with no history in your store → review before approving.
If an agent fails payment more than 3 times in 5 minutes, something is wrong. Could be an error, could be an attack. Stopped for investigation.
Example: 5 failed payment attempts in 3 minutes → temporarily blocked.
Some products (gift cards, expensive electronics, etc.) have higher fraud risk. The merchant can flag categories and require extra review for them.
Example: Agent tries to buy 10 gift cards → blocked (flagged category).
If you sell non-returnable products (digital items, unique sizes) and the agent has not confirmed it understands, the purchase is stopped to avoid disputes.
Example: Agent buys a digital course without confirming it has no return → blocked.
Blocks deliveries to restricted countries (North Korea, Iran, Syria, Cuba) and agents that cancel too many orders after shipping.
Example: Order with shipping to Iran → blocked automatically by legal restrictions.
If a product's price changed significantly since the agent found it, the purchase is stopped. The agent would be buying something different from what the user authorised.
Example: Product cost €50 when the agent found it, now costs €58 → extra check.
If the product has very low or uncertain stock, the purchase is stopped to avoid selling something that may not be available.
Example: Last pair of trainers in stock, warehouse not confirmed → extra check.
If an agent tries more than 5 discount codes in a row, it is running a brute-force attack to find valid coupons. Stopped immediately.
Example: Bot tries 12 discount codes in 30 seconds → blocked.
If the cart is 5 times larger than your store's average order, something does not add up. Could be an error, could be fraud. Reviewed before processing.
Example: Store with €50 average order, cart of €600 → review triggered.
Rules around geography, payment methods, post-purchase behaviour, and product types.
The merchant can restrict which countries they sell to. If an order comes from an unauthorised country, it is blocked automatically.
Example: Store that only sells in Spain receives an order billed in Mexico → blocked.
Some merchants — especially B2B — only accept agent orders during working hours. If an agent tries to buy at 3 AM it is paused until the next business day.
Example: B2B store only accepts orders 9–18h and one arrives at 23h → paused.
Even if the agent is well-known in other stores, its first purchase with you always goes through an extra check. First time — reasonable to verify.
Example: Veteran agent with 500 global purchases, but first time in your store → review.
The merchant can decide which payment methods to accept for agent purchases. If the agent tries to pay with an unauthorised method, it is stopped.
Example: Merchant does not accept BNPL for agents and assistant tries to pay with Klarna → blocked.
If an agent returns more than 50% of everything it buys, there is an abnormal pattern. It may be testing products at the merchant's expense.
Example: Agent with 70% of orders returned in the last 90 days → blocked.
Chargebacks cost the merchant money. If an agent has opened more than 2 disputes in 30 days, it is blocked to protect the merchant.
Example: Agent with 4 chargebacks in the last month → blocked.
PO boxes and freight forwarders are signs of package re-routing — a common pattern in fraud. The merchant can block these addresses.
Example: Delivery to 'Package Forwarder LLC, Miami' → re-routing signal → review.
Agents cannot subscribe the user to recurring payments without the user explicitly approving it. No written consent, no subscription.
Example: Assistant tries to activate annual subscription without user confirmation → blocked.
Gift cards are hard to trace and widely used in fraud. By default, agents cannot buy them unless the merchant explicitly allows it.
Example: Agent tries to buy €500 in gift cards → blocked by default.
In business-to-business sales there must always be an official purchase order. If the agent places a B2B order without one, it is stopped.
Example: Company buys office supplies through agent with no PO number → blocked.
Simple catch-all controls that every store can configure in minutes.
The merchant chooses their security level: Open, Balanced, Strict or Regulated. Each level requires different evidence. Without the right evidence, the purchase is stopped.
Example: Merchant in Regulated mode: agent without regulatory evidence → blocked.
The merchant can set simple rules: maximum order amount, allowed countries. The easiest rules to configure and the ones most small stores use.
Example: Merchant sets max €100 per agent order; cart of €180 → blocked.