1st Party Fraud

1st Party Fraud refers to any fraud committed against a financial institution or merchant by one of its own customers.


2FA (Two-Factor Authentication)

2FA or Two-Factor Authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. Two-Factor Authentication gives users an extra layer of security when accessing their online accounts. In addition to a typical combination of username and password, a second 'factor' is added, such as a numeric code displayed on a trusted device, to heighten the certainty that you are the one attempting to access your account. 2FA is a method of determining a user's identity by confirming two factors among 1) something the user knows (i.e. mother's maiden name), 2) something the user has (i.e. mobile phone) and 3) something the user is (i.e fingerprint). 2FA is a subset of the broader multi-factor authentication (MFA)


3DS (3D Secure)

3D Secure is an authentication method designed to reduce fraud and increase security for online card transactions. Originally sponsored by Visa under the 'Verified by Visa' brand, Mastercard and other networks adopted the '3D Secure' protocol and offer it to merchants worldwide. The name derives from the use of 3 domains (the acquiring bank domain, the issuing bank and an infrastructure domain) to provide greater security to online payments, although the extra validation and related consumer friction remains a topic of debate among merchants and security experts.


3rd Party Fraud

3rd Party Fraud refers to any fraud committed against an financial institution or merchant by an unrelated or unknown third-party.


419 Fraud

419 Fraud is a type of advance-fee fraud in which individuals or companies receive unsolicited emails or letters promising a percentage of a large sum of money in return for allowing funds to pass through the victim's bank account. Also referred to as 'Nigerian Letter Fraud, these schemes often originate from West Africa and is named after section '419' of the Nigerian penal code under which this offence would be prosecuted.


A/B testing

A/B testing is a research method in which two groups, a control group (representing the current strategy) and an alternate group (representing a hypothesis for an improved strategy), are tested against one another in order to scientifically select the optimal final strategy.


Acquirer (Acquiring Bank)

The Acquiring Bank, also known as the merchant acquirer or the merchant bank) is the bank that is responsible for settling credit and debit card transactions on behalf of the merchant. Its counterpart is the issuing bank which settles card transactions for the purchaser or card holder. Acquirers enable merchants to accept credit cards, often provide merchants with necessary hardware and software to accept card transactions, and for their role in the card payment process, receive an acquirer fee or markup in addition to the interchange and other fees in a credit card and debit card payment.


Active Authentication

Active Authentication a security and authentication method in which the user is challenged with questions about what he/she knows (knowledge-based), has (possession-based) or is (biometric-based).


Advance-Fee Fraud

Advance-Fee Fraud is a common fraud scheme generally involving a criminal tricking a victim into paying an up-front fee with the promise of a larger reward paid out later.


AI (Artificial Intelligence)

AI or Artificial Intelligence is broadly used to describe the simulation of the processes of human intelligence by computer systems. The processes simulate human learning in that the systems start with the acquisition of information, creating rules for using the information, reasoning by using the rules to reach conclusions, and self-correction by evaluating outcomes and compensating for incorrect predictions or errors. Artificial intelligence is generally categorized into one of three types: 1) Weak AI or Narrow AI, in which the systems and algorithms are trained to perform narrowly focused tasks, 2. Strong AI or General Intelligence, the theoretical goal of having a system apply intelligence to solve any problem much like a human would, and 3) Superintelligence, in which a system could far outperform human intelligence through rapid, recursive self-improvement. Although general intelligence and superintelligence are frequently discussed in media and entertainment, neither has been achieved and neither seems to be achievable in the near future. Artificial intelligence is often used interchangeably (but incorrectly) with machine learning and deep learning. AI is the science and approach to developing technology that mimics human intelligence. Machine learning, a subset of AI, involves the application of statistical techniques and modelling to create algorithms that improve with experience. Deep learning, a subset of machine learning, involves the creation of algorithms using multilayered neural networks trained on vast amounts of data.


AML (Anti-Money Laundering)

AML or Anti-Money Laundering refers to set of procedures, laws or regulations designed to stop the practice of generating income through illegal activities. 'Money laundering' is the process in which criminals undertake a series of steps that make it look like money made from illegal or unethical activities were earned legitimately and can enter the traditional banking system. Most anti-money laundering programs focus on the source of funds as opposed to anti-terrorism and similar programs which focus on the destination of funds. In modern finance, a typical anti-money laundering program would be run by the financial institutions to analyze customer data and detect suspicious transactions.


ATO (Account Takeover)

ATO or Account Takeover is a form of identity theft in which a criminal gains control of a consumer’s account. In doing so, the perpetrator gains access to confidential information such as the consumer's PIN, enabling them to change account settings, such as the statement mailing address or passwords, and/or enabling them to make unauthorized withdrawals. ATO can involve one or many of a victim's accounts -- including, but limited to, bank, brokerage, phone, utility, social media, travel or online shopping accounts -- and then used for a variety of unlawful activities. Financial account takeover usually involves funds being removed from victim;s accounts either by direct debit, payments or transfers being set up for fraud without the victim's knowledge or consent. With account takeover of mobile phones, often the perpetrator's intent is to gain control of the phone-based security authentication factor, usually a code or security token which sent via SMS or authentication software to the phone, which once acquired by the criminal, can grant him/her access to the victim's bank, brokerage, bitcoin and other financial accounts. The credentials to commit account takeover are usually obtained by criminals indirectly through data breach marketplaces on the dark web or directly from the consumer using malware or via phishing. Once a fraudster gains access to a victim's account, they often update the account credentials and contact information so the victim no longer no has control over the account no longer will be informed about changes to the account. In most cases, the victims are unaware that their account has been compromised until the damage is done and the perpetrators have covered their tracks.


AVS (Address Verification System)

AVS or Address Verification System is a payment processing system comparison of the numerical portions of billing and shipping addresses with the addresses on file at the credit card-issuing bank. A single-digit code is returned that represents a match, a partial match, or a number of errors or alerts. The original concept contemplated that the transaction could then be subsequently approved, declined or set aside for manual review. AVS is one of only a few metrics provided to merchants by the issuing banks to assist in the merchants' risk assessment, but AVS responses are also one of the biggest reasons legitimate orders are declined.


B2B (Business-to-Business)

B2B or Business-to-Business refers to a business that sells products or provides services to other businesses.


B2C (Business-to-Consumer)

B2C or Business-to-Consumer refers to a business that sells products or provides services to the end-user consumers. Another variation of this concept is D2C (direct to consumer) in which a manufacturer sells directly to consumers with little to no intermediation.


BIN (Bank Identification Number)

A BIN or Bank Identification Number, also referred to as an IIN or Issuer Identification Number, is assigned to a bank for its own credit card issuance. The first six digits on a credit card is the BIN and can be used to identify the issuing bank that issued the card. The ISO Register of BINs/IINs for US banks is managed by the American Bankers Association. BINs can be used by online merchants as an extra measure to confirm the geographic area where the cardholder is located to the geographic area identified by the BIN.


Credit Card Fraud

Credit Card Fraud refers generally to any fraudulent transaction using a credit card as a source of funds. The fraudulent transaction may be committed to obtain goods or services or to illegally obtain funds from an account. Credit card fraud may occur simultaneously with identity theft, but can also occur when a legitimate consumer makes a purchase with no intention of paying for the goods or services, sometimes referred to as chargeback fraud or friendly fraud. Credit card fraud is related to debit card fraud, differing primarily in the form of payment. Another form of credit card fraud is new application fraud, in which a perpetrator applies for a credit card in a victim's name, then uses the card to purchase goods and services illegally. A victim’s credit card information can be acquired in a number of ways, by being purchased on the deep/dark web, by using skimmers at retail points of sale or ATMs, or through corporate data breaches.. The true cost of credit card fraud for merchants is more than just the cost of lost merchandise — it also includes lost profits, bank fees and chargeback costs.


CVV (Card verification value)

Machine learning (ML) refers to the development of computer algorithms and statistical models to perform predictions and specific tasks without explicit instructions, rather using inferences and patterns instead. Machine learning is a subset of artificial intelligence and generally falls into two main categories: 1) supervised learning, in which the outcomes are known and labelled in training data sets and 2) unsupervised learning, in which no outcome is known and the goal is to have items self-organized into clusters based on common characteristics or features. Supervised learning uses techniques like neural networks, bayesian models, regression models, statistical models, or a combination thereof. Unsupervised learning uses techniques like k-means clustering and is often used for anomaly detection. Some computer systems have the ability to “learn” or make progressive improvements on a task based on algorithms and subsequent outcomes. As an example, machine learning in fraud prevention allows algorithms to make immediate decisions on new transaction decisions, but over time to "learn' from the outcomes of the purchases and from that new data, self-correct to make increasingly accurate predictions going forward. The fastest and most reliable path towards the learning component relies on analysts’ insights, assisted by machine-learned predictions, to make well-informed decisions.


Fraud Definition

Fraud is defined generally as the wrongful or criminal act to deceive someone for one's own financial or personal gain. Legal definitions of fraud vary across countries, at the federal and state levels in the US, and even among states, but most have, at their core, the use of deception to make a gain by unlawful or unfair means. Many types of fraud exist, including occupational, operational, investor, accounting, credit card and insurance fraud, but all forms share the fact that the perpetrator knowingly receives a benefit to which they're not rightfully entitled. The purpose of fraud may be financial gain but also covers the acquisition of other benefits, such as obtaining a driver's license, a passport or other travel documents, or qualifying for a mortgage by using falsified documents or making false statements.


Fraud Screening

Fraud Screening generally refers to a checking system that identifies potentially fraudulent transactions. Fraud screening helps reduce fraudulent credit card transactions, reduce the number of manual reviews, minimizes risky sales, and improves a company’s bottom line.


Fraud Triangle

The Fraud Triangle is a simple framework that is useful to understand a worker's decision to commit workplace or occupational fraud. The fraud triangle consists of three components (sides) which, together, lead to the workplace fraud, and are: 1) a financial need, 2) a perceived opportunity, and 3) a way to rationalize the fraud as not being inconsistent with their own values. The Fraud Triangle is a common teaching aide and metaphor that has been used for decades.


Fraud Waste and Abuse

Fraud Waste and Abuse is typically a term most commonly used in government and healthcare and refers to several types of negligent and possibly criminal behavior. As defined by United States Code 1347, Fraud is “knowingly and willfully executing, or attempting to execute, a scheme or artifice to defraud any health care benefit program; or to obtain, by means of false or fraudulent pretenses, representations, or promises, any of the money or property owned by, or under the custody or control of, any health care benefit program.” It is illegal to knowingly submit false information in order to receive a monetary or other benefit, the definition of fraud. Waste and abuse, on the other hand, do not require intent and knowledge of wrongdoing. Abuse might take the form of a payment for items or services that have no substantiated basis for payment and/or for which the provider has not knowingly or intentionally tried to get paid. Waste usually refers to the inefficient use of services and is generally not the result of criminal negligence.


Friendly Fraud

Friendly Fraud can take many forms, but typically involves an actual consumer obtaining goods or services from a merchant, then claiming they did not make the purchase, did not receive the goods, or only received a fraction of items, in order to keep the goods or services without paying for them. Customers commiting friendly fraud make the purchase on a credit card, receive the product or service, and then demand a refund for a lost or short-shipped order, or file a chargeback through their credit card issuing bank, with the intention of receiving a full refund of purchase amount. Also referred to as chargeback fraud, it is estimated that $4.8 billion was lost by US businesses last year to friendly/chargeback fraud. It is also estimated that as much as 80% of all chargebacks are fraudulent.


Hash

A Hash or hash function is a function that can be used to transform digital data of an arbitrary size to digital data of a fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or most commonly, hashes. A cryptographic hash function takes input data, like an address or a credit card number, and transforms it into a compact string of seemingly random characters that generally renders the data useless in the event of a breach.


Honeypot

A Honeypot is decoy computer system designed to identify and/or trap hackers and other malicious actors. A honeypot sometimes offers a tempting set of data to attract fraudsters and counteracts their attempts to hack into or otherwise compromise an information system. A honeypot acts as bait by appearing to be a legitimate part of a website, database, or computer system, but is being monitored by IT and security professionals seeking insights into new methods of attack.


Identity Theft

Identity theft refers to the act of accessing and acquiring elements a another person's identity (i.e. name, date of birth, billing address, etc.) in order to commit identity fraud. Identity theft can take place whether the victim is alive or deceased. Once a person’s identity data is obtained, the data can be monetized by gaining access to their accounts, stealing their resources or obtaining their credit and other benefits. Identity theft (in combination with, and often used interchangeably with, identity fraud) is one of the fastest-growing crimes globally. A criminal can also use stolen identity information to hijack a consumer accounts, commonly referred to as "account takeover".


InfoSec (Information Security)

InfoSec, short for Information Security, refers to the discipline of defending information from unauthorized access, use, disclosure, disruption, modi cation, perusal, inspection, recording or destruction.


Internal Fraud (Insider Fraud)

Internal fraud occurs when an employee makes a false representation, fails to disclose information, or abuses a position of trust either for personal gain or to cause losses to others. Internal fraud can range from compromising customer or payroll data to inflating expenses to petty theft. Often referred to as occupational fraud, these schemes can be planned or unplanned and opportunistic or linked to organized criminal networks. When more than one employee is involved in the scheme, it is referred to as collusion and the average losses to the organization are greater.


Investment Fraud

Investment fraud is any scheme or deception relating to investments that affect a person or company. Investment fraud includes illegal insider trading, fraudulent stock manipulation, prime bank investment schemes and hundreds of other types of financial scams.


Issuer (Issuing Bank)

The Issuing Bank is the financial institution which issues individuals with credit cards or debit cards and extends short-term lines of credit to purchase goods and services. Familiar issues include Bank of America, Wells Fargo, Citibank and The issuer settles card transactions for the purchaser or card holder whereas its counterpart the acquiring bank or merchant acquirer, is the bank that is responsible for settling credit and debit card transactions on behalf of the merchant. Issuers generally manage the credit and debit card programs on behalf of the card networks, such as Visa and Mastercard, and for their role in the card payment process, receive the majority of the interchange and other fees in a credit card and debit card transaction. Discover and American Express are both issuers and card networks.


KYC (Know Your Customer)

Know Your Customer (KYC) refers to due diligence that banks and other financial institutions must perform on their customers before doing business with them. Know your customer policies are usually required by governments and enforced by bank regulators to prevent corruption, identity theft, financial fraud, money laundering and terrorism financing. Most Know Your Customer frameworks are based on four components: 1) customer identification, 2) customer acceptance, 3) transaction monitoring and 4) ongoing risk management. Requirements vary by country, but the collection of basic identity documents, comparison against certain name lists ('politically exposed persons' or PEP lists, for example), and analysis of transaction behaviors are most common.


Liability Shift

Liability shift generally refers to the responsibility of covering the losses from fraudulent transactions moving from the merchant to the issuing bank when the merchant has authenticated the transaction using any of the 3D Secure (3DS) protocols. If the merchant does not authenticate the credit card transaction with a 3D Secure method, the merchant remains liable for chargebacks and fraud losses.


Machine Learning

Machine learning (ML) refers to the development of computer algorithms and statistical models to perform predictions and specific tasks without explicit instructions, rather using inferences and patterns instead. Machine learning is a subset of artificial intelligence and generally falls into two main categories: 1) supervised learning, in which the outcomes are known and labelled in training data sets and 2) unsupervised learning, in which no outcome is known and the goal is to have items self-organized into clusters based on common characteristics or features. Supervised learning uses techniques like neural networks, bayesian models, regression models, statistical models, or a combination thereof. Unsupervised learning uses techniques like k-means clustering and is often used for anomaly detection. Some computer systems have the ability to “learn” or make progressive improvements on a task based on algorithms and subsequent outcomes. As an example, machine learning in fraud prevention allows algorithms to make immediate decisions on new transaction decisions, but over time "learn' from the outcomes of the purchases and from that new data, self-correct to make increasingly accurate predictions going forward. The fastest and most reliable path towards the learning component relies on analysts’ insights, assisted by machine-learned predictions, to make well-informed decisions.


MFA (Multi-Factor Authentication)

MFA or Multi-Factor Authentication is an approach to security authentication, in which the user of a system provides more than one form of verification to prove their identity and be granted access. Multi-factor authentication is so named because it leverages a combination of two or more factors of authentication. In the field of cybersecurity, the three major factors of authentication and verification are: 1) something a user knows (such as a password or the answer to a question), 2) something the user has (such as a smart card, a mobile phone or a security token), and something the user is (such as a unique biometric marker like a fingerprint).


Payment Gateway

A Payment Gateway processes credit card and debit card payments, as well as other forms of electronic payments, primarily on behalf of e-commerce and brick-and-mortar merchants. The Payment Gateway is responsible for authenticating, standardizing and relaying transaction data between the merchants and the payment processors. The payment gateway responsibilities include securing payment data according to PCI DSS standards, securely sending transaction data to the payment processor, and storing the transaction and subsequent settlement, refund and other financial event data for later access by the merchant. Banks often own the payment gateways, but payment service providers (PSPs) like PayPal, Square or Stripe can also create their own Payment Gateway software.


U2F (Universal 2 Factor)

U2F or Universal 2-Factor Authentication is a form of 2-factor authentication, in which the user completes a login process using a physical device as one form of verification to prove their identity and be granted access. U2F devices are physical security keys in and are usually combined with one of the other two major authentication factors: 1) something a user knows (such as a password or the answer to a question) or something the user is (such as a unique biometric marker like a fingerprint) - in order to grant access to a system. The benefit of a physical key over its counterparts, usually software-based keys, is that software keys, which generate one-time passwords delivered by phone or email, are known to be vulnerable to phishing attacks.