3DS (3D Secure)

3D Secure is an authentication method designed to reduce fraud and increase security for online card transactions. Originally sponsored by Visa under the 'Verified by Visa' brand, Mastercard and other networks adopted the '3D Secure' protocol and offer it to merchants worldwide. The name derives from the use of 3 domains (the acquiring bank domain, the issuing bank and an infrastructure domain) to provide greater security to online payments, although the extra validation and related consumer friction remains a topic of debate among merchants and security experts.


3rd Party Fraud

3rd Party Fraud

Refers to any fraud committed against a financial institution or merchant by an unrelated or unknown third-party.

While there are many different kinds of fraud, there are 3 primary classifications, which are listed below. A most common instance is third party fraud. It occurs to victims as if out of the blue and often comes with a large economic impact.

Differentiation  

Third Party Fraud Infographic Fraud.net 3rd Party Fraud Definition

  1. 1st Party Fraud refers to any fraud committed against a financial institution or merchant by one of its own customers.
  2. Second party fraud, or money mules, is where a person allows another to use their identity or personal information to perform fraud. Businesses may find second party fraud difficult to detect and challenge since the identity of the person that is used to carry out fraud has largely allowed it to take place.
  3. 3rd Party Fraud refers to any fraud committed against a financial institution or merchant by an unrelated or unknown third-party, and has a multitude of classifications.

Common Types of 3rd Party Fraud

  1. Account takeover fraud (ATO) – a form of identity theft in which a criminal gains control of a consumer’s account. In doing so, the perpetrator gains access to confidential information such as the consumer’s PIN. This enables them to change account settings, such as addresses or passwords, and can even allow unauthorized withdrawals. ATO can involve one or many of a victim’s accounts. This includes bank, brokerage, phone, utility, social media, travel or online shopping accounts. Financial account takeover usually removing funds from victim’s accounts. This is done either by direct debit, payments or transfers being set up for fraud without the victim’s knowledge or consent.
  2. Synthetic Identity Creationrepresents the process of creating a false identity. Synthetic Identity Creation (SIC) is a generic term. Consequently, it shows how fraudsters collect information about real people and manipulate their identities. With false and fabricated information, a new identity is assigned to no actual real-life person. A great deal of fraud stems from this process.
  3. False Identity Fraud a situation where a person creates a fake identity to commit criminal activities. Actions that are examples of identity fraud are making a credit card, submitting for a loan, or opening bank accounts.
  4. Credit Card Fraud – refers generally to any fraudulent transaction using a credit card as a source of funds. Credit card fraud may occur simultaneously with identity theft, but can also occur when a legitimate consumer makes a purchase with no intention of paying for the goods or services, sometimes referred to as chargeback fraud or friendly fraud.
  5. New Application Fraud, in which a perpetrator applies for a credit card in a victim’s name, then uses the card to purchase goods and services illegally. 

Protecting Your Business

At Fraud.net, our mission is to make every digital transaction safe. Our award-winning fraud detection platform helps digital businesses to quickly identify 3rd party fraud using artificial intelligence, big data and visualizations, and combat hard-to-detect fraud at digital enterprises. Its unified algorithmic architecture combines: 1) cognitive computing/deep learning, 2) collective intelligence, 3) rules-based decision engines, and 4) streaming analytics to detect fraud in real-time, at scale.


419 Fraud

419 Fraud is a type of advance-fee fraud in which individuals or companies receive unsolicited emails or letters promising a percentage of a large sum of money in return for allowing funds to pass through the victim's bank account. Also referred to as 'Nigerian Letter Fraud, these schemes often originate from West Africa and is named after section '419' of the Nigerian penal code under which this offence would be prosecuted.


A/B testing

A/B testing is a research method in which two groups, a control group (representing the current strategy) and an alternate group (representing a hypothesis for an improved strategy), are tested against one another in order to scientifically select the optimal final strategy.


Acquirer (Acquiring Bank)

The Acquiring Bank, also known as the merchant acquirer or the merchant bank, is the bank that is responsible for settling credit and debit card transactions on behalf of the merchant. Its counterpart is the issuing bank which settles card transactions for the purchaser or card holder. Acquirers enable merchants to accept credit cards, often provide merchants with necessary hardware and software to accept card transactions, and for their role in the card payment process, receive an acquirer fee or markup in addition to the interchange and other fees in a credit card and debit card payment.


Active Authentication

Active Authentication is a security and authentication method in which the user is challenged with questions about what he/she knows (knowledge-based), has (possession-based) or is (biometric-based).


Advance-Fee Fraud

Advance-Fee Fraud is a common fraud scheme generally involving a criminal tricking a victim into paying an up-front fee with the promise of a larger reward paid out later.


AI (Artificial Intelligence)

AI or Artificial Intelligence is broadly used to describe the simulation of the processes of human intelligence by computer systems. The processes simulate human learning in that the systems start with the acquisition of information, creating rules for using the information, reasoning by using the rules to reach conclusions, and self-correction by evaluating outcomes and compensating for incorrect predictions or errors. Artificial intelligence is generally categorized into one of three types: 1) Weak AI or Narrow AI, in which the systems and algorithms are trained to perform narrowly focused tasks, 2. Strong AI or General Intelligence, the theoretical goal of having a system apply intelligence to solve any problem much like a human would, and 3) Superintelligence, in which a system could far outperform human intelligence through rapid, recursive self-improvement. Although general intelligence and superintelligence are frequently discussed in media and entertainment, neither has been achieved and neither seems to be achievable in the near future. Artificial intelligence is often used interchangeably (but incorrectly) with machine learning and deep learning. AI is the science and approach to developing technology that mimics human intelligence. Machine learning, a subset of AI, involves the application of statistical techniques and modelling to create algorithms that improve with experience. Deep learning, a subset of machine learning, involves the creation of algorithms using multilayered neural networks trained on vast amounts of data.


AML (Anti-Money Laundering)

AML or Anti-Money Laundering refers to a set of procedures, laws or regulations designed to stop the practice of generating income through illegal activities. 'Money laundering' is the process in which criminals undertake a series of steps that make it look like money made from illegal or unethical activities were earned legitimately and can enter the traditional banking system. Most anti-money laundering programs focus on the source of funds as opposed to anti-terrorism and similar programs which focus on the destination of funds. In modern finance, a typical anti-money laundering program would be run by the financial institutions to analyze customer data and detect suspicious transactions.


Arbers

In the world of online betting and gambling, an arber is a person who takes advantage of discrepancies in gambling sites odds, so as to ensure that no matter what party wins a contest (i.e. a race), the arber will always win money/cannot lose money. An arber essentially takes advantage of situations where it is mathematically guaranteed they will win money by betting on every single contender of a contest.


ATO (Account Takeover)

ATO Fraud or Account Takeover Fraud is a form of identity theft in which a criminal gains control of a consumer’s account. In doing so, the perpetrator gains access to confidential information such as the consumer's PIN, enabling them to change account settings, such as the statement mailing address or passwords, and/or enabling them to make unauthorized withdrawals. ATO can involve one or many of a victim's accounts -- including, but limited to, bank, brokerage, phone, utility, social media, travel or online shopping accounts -- and then used for a variety of unlawful activities. Financial account takeover usually involves funds being removed from victim;s accounts either by direct debit, payments or transfers being set up for fraud without the victim's knowledge or consent. With account takeover of mobile phones, often the perpetrator's intent is to gain control of the phone-based security authentication factor, usually a code or security token which sent via SMS or authentication software to the phone, which once acquired by the criminal, can grant him/her access to the victim's bank, brokerage, bitcoin and other financial accounts. The credentials to commit account takeover are usually obtained by criminals indirectly through data breach marketplaces on the dark web or directly from the consumer using malware or via phishing. Once a fraudster gains access to a victim's account, they often update the account credentials and contact information so the victim no longer no has control over the account no longer will be informed about changes to the account. In most cases, the victims are unaware that their account has been compromised until the damage is done and the perpetrators have covered their tracks.


AVS (Address Verification System)

AVS or Address Verification System is a payment processing system comparison of the numerical portions of billing and shipping addresses with the addresses on file at the credit card-issuing bank. A single-digit code is returned that represents a match, a partial match, or a number of errors or alerts. The original concept contemplated that the transaction could then be subsequently approved, declined or set aside for manual review. AVS is one of only a few metrics provided to merchants by the issuing banks to assist in the merchants' risk assessment, but AVS responses are also one of the biggest reasons legitimate orders are declined.


B2B (Business-to-Business)

B2B or Business-to-Business refers to a business that sells products or provides services to other businesses.


B2C (Business-to-Consumer)

B2C or Business-to-Consumer refers to a business that sells products or provides services to the end-user consumers. Another variation of this concept is D2C (direct to consumer) in which a manufacturer sells directly to consumers with little to no intermediation.


Back Door

A route through which legitimate users or criminals can bypass security systems in order to access the data they’re after. Contrasts with a front door attack, where a virus or attack is done with help from the user, for instance by downloading an infected email attachment.


Baiting

Baiting describes the situation where a fraudster leaves something out like a USB drive, enticing somebody to pick it up and see what content is on it. The fraudster loads the USB drive up with things like malware and keyloggers, which attack a computer system when plugged in. This scheme is designed to take advantage of people’s curiosity.


Bank Identification Number (BIN Number)

A BIN Number or Bank Identification Number is assigned to a bank for its own credit card issuance.

The first six digits on a credit card constitute the Bank Identification Number, otherwise known as the BIN number. A BIN identifies the institution that issues the credit or debit card. The American Bankers Association manages the ISO Register of BINs and Issuer Identification Numbers(IINs) for US banks. Online merchants use BINs (Bank Identification Numbers) as an extra measure to confirm the geographic area where the cardholder is located. For instance, they compare it to the geographic area identified by the unique BIN number. Occasionally, some refer to BIN Numbers as an IIN or Issuer Identification Number.

BIN (Bank Identification Number)

BIN Attack Fraud

One way fraudsters use BIN numbers is in scams known as BIN Attack Fraud. The fraudster obtains a BIN and uses software to generate the remaining numbers. They then test the numbers using small transactions through online retailers until they find a valid and active card number. 

Common signs of a BIN attack:

  • Multiple low-value transactions that are unusual for your business
  • Multiple declines
  • Unusually high volumes of international cards
  • Large quantity of transactions being processed or attempted in a short period of time
  • Card numbers being used repeatedly with variations in the security features
  • Unusual transaction times

Protect Against Fraud

Businesses and institutions can protect themselves against fraudsters using techniques like BIN attacks with an adaptive and responsive fraud protection platform. 

Fraud.net offers a variety of solutions using AI and machine learning to prevent fraud attacks of all kinds and therefore, your bottom line. We offer dark web monitoring, analytics and reporting, identity protection services, and more.

Contact us for a demo and recommendations for fraud prevention and identity protection.

Learn More

     


    Bitcoin

    The most famous and popular cryptocurrency. While it is often thought of as an anonymous payment method, bitcoin (BTC) is actually pseudonymous, which means it is possible to track someone’s payments if you can tie a real life identity to a BTC wallet.


    Burn(er) Phone

    The term originates from the drug dealing world, and is used to describe inexpensive mobile phones designed for temporary use. It allows fraudsters and criminals to link an account to a disposable phone number, for instance to bypass 2FA.

    Today, phone numbers can be generated via burner phone apps or services. These work like prepaid phone cards, only allowing you to use them for a limited amount of time before being recirculated. Because they go through your phone’s original cellular data, they can be traced.


    Carding

    The general fraudster term for using stolen credit card data. This is whether it’s used for direct purchases, or charging prepaid or gift store cards, which are then resold.


    Catfishing

    A form of social engineering where fraudsters and criminals create fake online identities to lure people into emotional or romantic relationships for personal or financial gain.

    Online seduction and blackmail are used to acquire personal information such as credit card numbers, social security numbers, or home addresses, among others.


    CC

    The fraudster term for stolen credit card data. A full CC contains the original cardholder’s name and address, expiration date, and CCV. It becomes a Fullz when other personal data points are added to the package.


    Certified Fraud Examiner

    The Certified Fraud Examiner (CFE) is a qualification issued by the Association of Certified Fraud Examiners (ACFE). The ACFE organization is a provider of anti-fraud education and training. CFE training includes teaching about information on difficult financial transactions and appreciating forensic approaches, regulation, and deciding on claims of fraud.


    Clickjacking

    What is Clickjacking?

    In summary, clickjacking is when a fraudster targets someone to click a link, either to get them to install malware or to try to 'phish' them, a related term that involves getting a user to enter personal information via a fake website.

    Clickjacking is done by sharing captivating content that misleads the user. Once people click back to the source of the content, the fraudster then tries to attack them. 

    What Is There to Gain?

    A fraudster has multiple ways to use these clicks for their own gain. With clickjacking, fraudsters can gain access to passwords, credit card numbers and any other valuable data that can be exploited. Clickjacking can also turn features in your devices system on and off when malware is installed. This malware has a lot of capabilities, ranging from enabling microphone and camera access or pulling location data from your device. In short, these clicks can cause strife in the moment, and can make crimes easier in the future.

    Clickjacking Inforgraphic

    Clickjacking Examples

    A common example of clickjacking involves fraudsters creating a mirror login page to capture user information on a website. With this method, the user assumes that they're entering information into a usual form on a website they visit. In reality, the users can actually be entering that valuable information into an overlaid field controlled by the fraudster. The fraudster gets access without the user ever knowing there was something wrong.

    An attacker can also redirect clicks from social media or emails to download malware or gain access to vital systems. This spells trouble for any organizations that rely on protecting sensitive data and intellectual property.

    Additionally, links can be hidden under media and trigger a particular action, such as liking a Facebook page or ordering a product on Amazon.

    How can Clickjacking be Prevented?


    Computer Fraud

    Computer Fraud is defined as the action of utilizing a computer to attain or modify the electronic information or to get the illegal usage of a mechanical system or computer. Computer fraud in the United States is particularly forbidden by the Computer Fraud and Abuse Act, which specializes in proscribing this matter, which is considered computer-related under the federal authority.


    Computer System Penetration

    Computer System Penetration, known as a penetration test (or pen test), is an official virtual cyber-attack towards a computer system, executed to assess the security of the system. The test classifies the strengths and weaknesses of the system, as well as how likely it is for someone unauthorized to gain access to the features and data of the system, in order to enable a complete hazard assessment.


    Confirmation Fraud

    Confirmation fraud is a type of fraud that comes in two layers. First, a fraudster falsifies transactional information, like pretending to deposit a certain amount of money in an account (on someone else's behalf). Then, the fraudster creates fake materials that falsely confirm that that first transaction went through, when in reality it didn't. In short, a fake deposit (or other transaction) is falsely confirmed as having gone through by a fake confirmation, so as to cover up the fact that the first transaction was actually fraudulent.


    Conflict of Interest

    Conflict of Interest or COI is a situation where a member of multiple interests, in fulfilling their obligations to one interest, can fail the obligations they have to another. The inability to please multiple interests simultaneously, or even just the possibility of not being able to please them both, is then termed a "conflict of interest."


    Consumer Authentication

    Consumer Authentication is the term used for the devices that are designed to verify that a person making a transaction or any business deal is really the person who is certified to do that action. This term applies to both card-not-present transactions as well as in-person transactions.


    Contract Fraud

    A person commits contract fraud when they make a knowingly false statement that serves to trick or deceive another person into signing a contract. A person also commits contract fraud when, through misrepresentation, they trick an individual who does not believe they are entering into a contract, into signing one.


    Cookie

    A "cookie" is defined as a small amount of information that a Web browser saves on the user’s system. Cookies are a method designed for Web applications to retain the application domain. Cookies are commonly used by websites for verification, saving the user's information/preferences on the website, or browsing system information or any other matters that support the Web browser while it gets into the Web servers.


    Corporate fraud

    Corporate fraud is the purposeful falsification of the financial data of a company or the actions that have been made by the company to deliver fake information to the public, in order to increase the company’s profits. Characteristic cases of corporate fraud are complicated, extremely private, and if exposed consist of the economic indignities and elusions of financial accountabilities that the company has committed.


    Corporate Identity Theft

    Corporate Identity Theft, also known as CIT, is the deceitful and careful falsification of an identity of a company. It is also sometimes called a “white-collar crime” since it is commonly performed in a “cyber setting,” and is not in the field of the conventional criminal.


    Corruption

    The term corruption describes when the integrity of an entity is compromised or put at risk by inner actors who aim to illegally or unethically benefit themselves or that entity. The goal of corruption can be financially-related, but does not need to be in order to be considered corruption.


    Counterfeit Card

    Counterfeit cards are fake credit cards with an actual account's info that can be gained through various methods. A lot of times the victims of these crimes will still have their actual cards and never realize that their information was stolen. These cards might appear to be genuine and even have the issuers’ logos along with the encoded magnetic strips.


    Counterfeiting

    Counterfeiting is defined as the planned attempt to duplicate a real and authentic article such as a symbol, trademark or even money with the purpose to distort and convince the purchaser or the recipient to believe that he or she is really purchasing or receiving the real article itself.


    Crawler

    A web crawler, also known as a web spider or web robot, is a program, software package, or automated script which browses the Global Web in a systematic and automated method. Web crawlers are mostly used to generate a duplicate of all the pages they visit, then processing them throughout a search engine that will file the copied pages to deliver faster search results.


    Credential Stuffing

    Credential stuffing is a form of cyber-attack where a taken account's credentials, usually containing the lists of usernames and/or email ID along with the matching passwords, are stolen and then used to gain illegal access to real user accounts over a large-scale automated login.


    Credentials

    Credentials refer to achievements or titles bestowed upon someone, generally by an authoritative body, that are brought up in order to validate the capabilities and suitability of that person for a certain task.


    Credit Bureau

    A credit bureau is an organization that gathers and also investigates the entirity of credit information from a person and then sells the information to the creditors to get a fee so that they will able to make a decision regarding the permitting of a loan. These organizations usually associate with all kinds of loaning institutions and credit issuers to assist them in making any loan decisions.


    Credit Card

    A credit card is a thin four-sided block of plastic allotted by a financial firm that allows cardholders to borrow some funds to pay for products and services purchases. Credit cards are subject to the condition that cardholders must repay the borrowed cash, sometimes with interest or other charges.


    Credit Card Fraud

    Credit Card Fraud refers generally to any fraudulent transaction using a credit card as a source of funds. The fraudulent transaction may be committed to obtain goods or services or to illegally obtain funds from an account. Credit card fraud may occur simultaneously with identity theft, but can also occur when a legitimate consumer makes a purchase with no intention of paying for the goods or services, sometimes referred to as chargeback fraud or friendly fraud. Credit card fraud is related to debit card fraud, differing primarily in the form of payment. Another form of credit card fraud is new application fraud, in which a perpetrator applies for a credit card in a victim's name, then uses the card to purchase goods and services illegally. A victim’s credit card information can be acquired in a number of ways, by being purchased on the deep/dark web, by using skimmers at retail points of sale or ATMs, or through corporate data breaches.. The true cost of credit card fraud for merchants is more than just the cost of lost merchandise — it also includes lost profits, bank fees and chargeback costs.


    Credit Card Fraud Detection

    Credit Card Fraud Detection is a system for detecting and recognising fraudulent credit card transactions in order to provide the proper information to credit card companies, so that true cardholders are not charged for the reported transactions that they have never actually done.


    Credit Card Number

    A credit card number is the exclusive number printed on a credit card. The first six numbers written on a credit card are the issuer's identification numbers, and the last remaining numbers are exclusive to the specific card. These credit card numbers are typically available in embossed form on the credit card.


    Credit Card Refund Schemes

    Credit Card Refund Schemes are schemes related to when customers try to obtain a return on funds after an item purchased with a credit card is returned. The cashier for the transaction may fake a refund on that transaction so as to take out money, or say that a refund was for more than it should be to pocket the extra money. The retailer reimbursing the customer for their refund may also pocket that cash instead, hoping the customer doesn't notice, as some credit card refunds can take up to 30 days.


    Credit Fraud

    Credit fraud is described as a situation where a customer's personal information has been stolen by a fraudster in order to make a new credit claim using the stolen information. In this case, the customer's name may not be authorized.


    Cryptocurrency

    A cryptocurrency is a virtual or digital currency that applies cryptography for safety purposes. A crypto currency is quite challenging to counterfeit because of the security feature. Many of the crypto currencies are distributed systems built on Blockchain technology, which is a scattered accounting book applied by a dissimilar system of computers.


    Cryptogram

    A cryptogram is a form of puzzle that contains a small part of encrypted text. Usually the code used to encrypt the text is quite simple so that the cryptogram can be resolved manually. Often the cryptogram is used for exchange codes where each letter is exchanged for a different number or letter. 


    Cryptography

    Cryptography is the study (as well as the practice) of methods for secure communication in the presence of malicious third parties. Generally, cryptography is centered around creating and investigating procedures that prevent the public from reading confidential messages. A number of data security features such as data privacy, data truthfulness, verification, and even non-refutation are essential for contemporary cryptography.


    Cryptomining

    Cryptocurrencies require large amounts of computer power to be created, or “mined”. Some legitimate companies specialize in mass cryptomining through dedicated mining farms.

    Cyber criminals and fraudsters, however, like to deploy cryptomining viruses or bots on unsuspecting users’ computers, or even organizations’ servers. This allows them to mine at scale, without spending extra money on equipment or resources like electricity.


    Current Address Fraud

    Current address fraud occurs when a fraudster changes the known address of somebody to a new one, thus re-routing their mail to somewhere the fraudster can likely access it.


    Customer Due Diligence

    Customer Due Diligence, also known as CDD, is defined as the method by which appropriate data or information regarding the customer is gathered as well as assessed for any possible threat for the business, money laundering, or even terrorist financing actions.


    Customer Identity and Access Management

    Customer Identity and Access Management, also known as CIAM, could be defined as a subsection of the broader Identity Access Management or IAM, and it specifically focuses on dealing with or handling personalities, access, and the security designed for software applications.


    CVV (Card verification value)

    A card verification value is a 3 or 4 digit number on your credit or debit card. This number is often asked for when making purchases online, so as to prove that the physical card is in the possession of the person making the transaction. Other qualities of a card can be stolen or copied through methods like using a card skimmer, but the CVV won't be recorded through those methods, making the CVV a useful and important authenticator in online card transactions.


    Cyber Fraud

    Cyber fraud is described as a situation in which a fraudster uses the Internet to earn money, products, or some other interest on things which they obtained illegally from people, generally through deceiving or tricking them.


    Dark Web

    The Dark Web, What is it?

    The entirety of the web that is not accessible by search engines. Regular browsers, like Google and Bing, search the so-called “surface web", defined by public links, and the search stops there. The "Deep Web" and "Dark Web" are more in-depth, allow for privacy, and serve different purposes. When discussing them, it is important to remember their distinctions, as there are many. 

    The "deep" portion of the web is just like it sounds — below the surface and not completely dark. For instance, online banking pages, legal and government documents, or scientific reports have no reason to be indexed. Personal emails and secure information, like bank statements, can also not be searched.  

    The dark web, however, represents a sliver of the deep web. While many of its websites are generally harmless, it is often associated with illegal activities, and this can lead to serious consequences. Like the keep web, this portion of the web is unindexed. However, the websites are also encrypted, and this level of anonymity is why it is often dedicated to criminal activities. These sites are hosted on special domains, and you need special software to access them, such as the Freenet or TOR browser. 

    Dark Web vs. Deep Web Inforgraphic


    Data Breaches

    A data breach, also known as a data leak or data spill, is an event that includes the illegal inspection, access or retrievial of data by a person, an application or otherwise a service. It is a form of security breach that is intended to steal or broadcast the data to an unsafe or illicit site.


    Data Capture

    Data capture, or electronic data capture, is the process of extracting information from a document and converting it into data readable by a computer.


    Data Enrichment

    Data enrichment is defined as the merging of third-party data from an external authoritative source with an existing database of first-party customer data. Brands do this to enhance the data they already possess so they can make more informed decisions with a larger pool of higher quality data.


    Data Points

    A data point is defined as a distinct component of data. In a broad common sense, every single detail is considered as a data point. In an arithmetical or systematic framework, a data point is typically imitative in terms of size or investigation and can also be exemplified in an arithmetic and/or detailed manner.


    Data Protection Act

    The Data Protection Act (DPA) is a United Kingdom law passed in 1988. It was established to manage how individual or consumer data could be used by any organizations or government organizations. It protects the public and also provide some instructions on how to use the data people's data.


    Data Provider

    The term data provider is used to describe the process of retrieving data from relational data sources in non-real time applications. The data provider manages the data at each stage by mapping the logical column definitions in the application view to physical table columns in the customer database.


    Data Science

    Data science is a multi- disciplinary area that practices scientific techniques, procedures, systems and even algorithms to excerpt data and visions from arranged and unarranged data. Data science intends to combine the digits, data analysis, mechanism knowledge and their associated approaches, to recognize and investigate real events within the data itself.


    Data Security Standard

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely recognized set of rules and policies proposed to improve the security of cash, debit and credit card transactions and also to protect credit cardholders, to prevent the mismanagement of their private data. The PCI DSS was formed in association with four major credit-card companies: Visa, MasterCard, Discover and American Express in 2004.


    Data Set

    Data set is an assortment of data. Usually a data set match up to the subjects of a distinct database table, or otherwise a particular arithmetical data matrix, where each single column of the table indicates a specific variable, and each row match up to a set of affiliates of the query data set.


    Day of the Jackal Fraud

    Day of the Jackal Fraud is an identity fraud tecnique in which the birth certificate of a dead child is used to obtain a passport or some other certified identity document. This kind of fraud is entitled based on the book which has the same name/title, written by Fredrick Forsyth.


    Debit Card

    A debit card, also known as a bank card, plastic card, or check card is a payment card that can be used as an alternative to cash when making any purchase transactions. Physically, it looks quite similar to a credit card, however, unlike a credit card, the money is transferred directly from the bank account of cardholders when making a purchase transaction.


    Debit Card Fraud

    Debit card fraud is any kind of fraud where debit card accounts are accessed by fraudsters without the account owner's authorization in order to manipulate or usually drain their funds. Debit card fraud is quiet easy to commit due to the fact that a debit card's information can be gained with ease.


    Dedicated Hosting

    A dedicated hosting service, also known as a dedicated server or a managed hosting service, is basically an Internet hosting structure where the customer leases an entire server not shared with anyone else. This is even more flexible when compared to shared hosting, since with dedicated hosting organizations have full access and control over the server(s) and all hardware involved with them.


    Dedicated IP

    A dedicated IP address is defined as an exclusive Internet address which is exclusively and completely assigned to a distinct hosting account. Only corporate hosting accounts are qualified for dedicated IP addresses. Shared hosting accounts that share the server's IP address cannot have a dedicated IP.


    Deep Fake

    A technology that overlays a video with different audio or video, in order to make a real-looking video of somebody saying or doing something. A famous example could be a deepfake of Nancy Pelosi (in May 2019) that caught a lot of news attention before being recognized as an authentic-seeming deepfake.


    Deep Learning

    Deep learning is an artificial intelligence function that imitates the workings of the human brain in processing data and creating patterns for use in decision making. Deep learning is a subset of machine learning in artificial intelligence (AI) that has networks capable of learning unsupervised from data that is unstructured or unlabeled.


    Deep Web

    The Deep Web, What is it?

    The entirety of the web that is not accessible by search engines. Regular browsers, like Google and Bing, search the so-called “surface web", defined by public links, and the search stops there. The "Deep Web" and "Dark Web" are more in-depth, allow for privacy, and serve different purposes. When discussing them, it is important to remember their distinctions, as there are many. 

    The "deep" portion of the web is just like it sounds — below the surface and not completely dark. For instance, online banking pages, legal and government documents, or scientific reports have no reason to be indexed. Personal emails and secure information, like bank statements, can also not be searched.  

    The dark web represents a sliver of the deep web, and while many of its websites are generally harmless, it is often associated with illegal activities, only accessible via the Tor browser, and such sites can lead to serious consequences.Dark Web vs. Deep Web Inforgraphic


    Definition - Data Mining

    Data mining is the process of investigating concealed configurations of data rendering at different viewpoints for classifying valuable data, which is gathered and collected in standard zones, such as data warehouses, for effective investigation, data mining systems, assisting the corporate decision-making process plus further data needs in order to finally reduce costs and raise revenue.


    Definition - Email Verification

    Email verification is a popular method of authentication that will ask a consumer to verify that it is really them trying to make a purchase by sending them an email with a link attached. Clicking on the link allows a business to see that the person making the purchase is someone who can access that email address.


    Definition - Gaming

    Gaming is defined as the act of playing electronic games, whether by the use of consoles, PCs, cell phones or other intermediate tools. Although gaming is usually an introverted recreation, multiplayer online video games have become a popular hobby.


    Definition - Government

    The word government refers to a group of people that governs a community or unit. A government sets and administers public policy and exercises executive, political and sovereign power through customs, institutions, and laws within a state.


    Definition - ISP Monitoring

    ISP monitoring is the practice through which ISPs record information about your online connections and activities. That means that everything from your search history to your email conversations are monitored and logged by your Internet service provider.


    Definition - Nonrepudiation

    Nonrepudiation is the assurance that somebody can't deny something. Typically, nonrepudiation refers to the ability to ensure that a party of a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message that they originated. To repudiate means to deny.


    Definition - Phone Verification

    It is the process of identifying if a number used by a user is valid or not, as well as if a phone number being used is the phone number of the person trying to use it. Phone number verification is used in different forms of multi-factor authentication.


    Definition - Return Fraud

    Return fraud is actually an online scam which is committed when a person purchases an item from a retail store without even wanting to use it. For instance, if a person is buying an item just to return it back then it is return fraud and it even expands to the use of duplicate receipts for obtaining money back. It is the act of defrauding a retail store via the return process. There are various ways in which this crime is committed. For example, the offender may return stolen merchandise to secure cash, or steal receipts or receipt tape to enable a falsified return, or to use somebody else's receipt to try to return an item picked up from a store shelf.


    Definition - Social Media Intelligence

    Social media intelligence refers to the collective tools and solutions that allow organizations to begin conversations, respond to social signals and synthesize social data points into meaningful trends and analysis based on the user's needs.


    Definition - Telecommunications

    Telecommunications refers to the exchange of information by electronic and electrical means over a significant distance. A complete telecommunication arrangement is made up of two or more stations equipped with transmitter and receiver devices.


    Denial of Service Attack (DDoS)

    A denial-of-service or DoS is any category of attack in which hackers or attackers endeavor to prevent authentic users from retrieving the service. Within a DoS attack, the hacker or attacker typically sends extreme messages requesting the network or server to validate the requirements that actually have unacceptable arrival addresses, which can overload a system and block even authentic users from being validated to access the service.


    Derived Identification

    Derived Identification is the term for a unique verification device that is stored within your phone, and is used to identify that a person logging into something or making a purchase has access that phone at that moment. Its primary purpose is simply for authorization purposes, like a kind of multi-factor authentication.


    Device Cloning

    Device cloning is the practice of producing an accurate copy of any application driver. The term can be used to indicate a body, software design or an application that has roles and behavior related to another body or application driver, however, it does not comprise the real source code of body or the apprehensive program.


    Device Emulator

    A device emulator is defined as a software or hardware that allows a computer system (named host) to perform as a different computer system (named guest). A device emulator generally allows the host system to use the software or peripheral devices intended for the guest system. This system allows fraudsters to repeat multiple attempts at login, signup or payment with with different parameters so they don’t get blocked, as they make it seem as if a different computer is continuing to attempt the log-ins.


    Device fingerprinting

    Device fingerprinting is described as a method that is used to forensically recognize an electronical device on the Internet. Device fingerprinting is also able to identify exclusive mobile devices as well as computer devices through their different features with a rational grade of conviction. The device's fingerprints are built with using the collected data on software and hardware used by a website visitor.


    Device ID

    A device ID or device identification is a unique number related to a cell phone or to the handheld device itself. Device IDs are separate from the hardware serial numbers. It could be a mixture of a number of elements and it is also able to include an inception to allow incomplete advancements.


    Device Intelligence

    An intelligent device is basically any type of equipment, instrument, or machine that has its own computing capability. The existing grade of intelligent devices is quite wide-ranging, and in addition to personal and handheld computers, the almost infinite list of possible intelligent devices includes cars, medical instruments, geological equipment, and home appliances.


    Digital Identity

    A digital identity is a network or an online identity that has been approved or applied for in cyberspace by a person, business or also electronic device. These mentioned users may also progress above a single digital identity and do so with various groups. In terms of digital identity management, the main areas of focus are security and confidentiality.


    Digital Signature

    A digital signature, also known as an electronic signature, proves the legitimacy of an electric file or text in digital communication and uses encryption methods to keep the content of the file secure. Digital signatures are used in e-commerce, software dissemination, economic dealings and other circumstances where counterfeiting or interfering may otherwise be possible.


    Digital Wallets

    A digital wallet is basically a software-based structure designed for building e-commerce transactions. With the use of a digital portfolio, online acquisitions can be made simply by using computers or smartphones. Generally, users’ bank accounts are linked to their digital wallet as well. In a digital wallet system, user identifications are securely saved and approved in all transactions.


    Disintermediation

    In finance, disintermediation is described as the withdrawal of cash from intermediate financial associations, like banks, investments and loan relatives, to endow them openly. In general, disintermediation is the procedure of eradicating the trader or intermediary from the forthcoming transactions. Disintermediation is generally completed to invest in implements that produce higher profits.


    Dispute

    A credit card dispute refers to the process of denying charges to a credit card for whatever reason. Billing errors may consist of custodies for products which you have ordered but never received, charges for products that you have returned, or charges that you never authorized.


    Diverting funds

    Diverting funds is defined as the use of funds by the debtor in defiance of the authorized terms of the moneylender, in a number of circumstances such as the extension of the credit facility, shifting the funds to its subsidiaries or other companies, and various other circumstances which are not in compliance with the authorized terms.


    Domain Name

    A domain name is a tag that recognizes a network domain: a discrete cluster of computers under a fundamental management or authority. Within the Internet, domain names are designed by the guidelines as well as the procedures included in the Domain Name System (DNS). Any name listed and registered in the DNS is considered as a domain name.


    Door to Door Magazine Sales Fraud

    Magazine sales fraud usually starts with a simple knock on the door with a person trying to sell a magazines to “increase the money” intended for a donations, charity, or other superficial earnest reasons. The customers who pay to sign up every so often report that they do not receive anything in return.


    Doorway Domain

    Doorway domains are created so that they positionate well in search engines results aimed at specific keywords, and then are used as an entry point over which visitors must pass to reach to the main domain. By matching a certain number of pages to a site designed for search engine optimization determinations, a different site is set aside to be totally improved.


    Doorway Page

    Doorway pages are web pages created in order to measure the influence of search engine indexes (spamdexing). A doorway page influences the index of a search engine by introducing results for specific sentences and at the same time directing the visitors to a dissimilar page.


    Drop Address

    "Drop Address" - What is it?

    A "drop address" is the address where fraudsters send goods purchased illegally (for instance with a stolen card).

    While having a secondary address or P.O. box is entirely legal, the distinction for "drop addresses" falls under the purpose of the address, and the means by which the goods shipped there were purchased.

    This kind of scheme is often well planned and executed. Some will go as far as making an abandoned house look lived in. Examples of this could be mowing the lawn, plugging in electricity generator to make the property seem lived in. 

    Accomplices in drop address scams are often unaware they are helping fraudsters. They are often recruited through online job offers. The fraudster pretends to be in a different country, and offers to pay the hired person to forward them the stolen goods.

    Legal Concerns

    Legally, this kind of fraud often falls under the classification of "access device fraud", which is a serious sentence due to the severe risks it can pose to other citizens

    Under New York law, for example, an access device can be a card, plate, account number, or any other means of account access. Essentially, information that can be used to obtain money, goods, or services or initiate a transfer of funds. In New York State, it is a Class A misdemeanor, punishable by 1 year in prison and/or a fine of more than $1,000.

    Criminal Use of an access device in the first degree offers worse consequences. It applies when a person knowingly uses an access device, without the owner’s consent. The consequences surmount when the fraudster uses this device to unlawfully obtain telecommunications services with a value more than one thousand dollars. This is considered a Class E felony that can result in up to 4 years in prison and/or a $5,000 fine.

    We've provided a brief breakdown below.

    Drop Address Information Infographic

    Despite the risks, this occurs more frequently than you might think. Contact Fraud.net to schedule a demo of our anti-fraud prevention system. Our system also includes extensive address and identity verification, to combat drop addresses and access device fraud.


    Dumpster Diving

    The practice of rummaging through someone’s garbage bins to find personal information (account numbers, PINs, passwords). Fraudsters often combine digital attacks and real-life information gathering. This is why it is recommended to shared important documents before discarding them.


    Duplicate Payment Schemes

    Duplicate Payment schemes are types of fraud where the fraudster will attempt to have someone pay a second time for goods or services already paid for a first time.


    E-Commerce

    E-commerce or electronic commerce refers to all transactions that occur on an electronic device between customers and businesses. It can be divided into consumer-to-consumer, business to consumer and business -to-business.


    E-Commerce Apps

    E-commerce applications are apps that allow consumers to choose the product they want purchase on the Internet. These applications are supported both by mobile phones and personal computers, and their functioning is quite similar to that of a retail website.


    E-commerce Fraud

    Sometimes, consumers don’t get the product that they order using an e-commerce application or website, which is referred to as e-commerce fraud. For instance, if a person orders an iPhone and gets an android phone instead, it would be an e-commerce fraud. It is a fairly common issue that most e-commerce users face.


    E-Commerce Platform

    An e-commerce platform is a type of software technology that provides merchants or e-commerce businesses an online store or shop from which customers can easily purchase what they want. An example of this is Shopify.


    EID Services

    eID services are used to identify users on a specific platform and are often used by key systems to ensure the security of the central building blocks of a Digital Single Market and cross-boarder electronic transactions. It allows owners of a given platform to identify the user who is visiting a specific platform.


    Electronic Data Interchange

    Electronic Data Interchange is an electronic communication method that provides standards for exchanging data. By adhering to the same standard, companies using EDI can transfer data from one branch to another across the world.


    Email Address

    An email address is a unique measure or identifier for a specific email account. It is used by people-- both to receive and send e-mail using the Internet. To send messages effectively, you need an address for both the recipient and the sender.


    Email Fraud

    Email fraud is a rather popular and inexpensive way to commit fraud. Fraudsters distribute fraudulent emails or messages to a variety of victims, generally with the goal of attaining their passwords, usernames, or other personal information, which they can then use to commit fraud schemes.


    Email Spam

    Email spam, also known as junk mail, is an unsolicited email that is sent to many people. Generally, there is no meaning to this mail and is generally meant to bring the receiver to a certain website.


    Email Tumbling

    Email Tumbling - What is It?

    Email tumbling is a way of filtering incoming emails using variations of a specific gmail address. For tumbling an email, users only have to insert a "+" or "." into the pre-section of their email before adding other text. While this might be helpful to consumers in some regards, it could allow vehement abuse from fraudsters also. For example, a consumer can tag an email for a specified site as JohnSmith+1122233OnlineRetailerName@gmail.com, which would allow them to know that they had shopped online with a specified merchant on that day. However, this also becomes a benefit to fraudsters, as it allows them to commit fraud over and over on one account multiple times.  Using this method, a fraudster can submit forms or transactions multiple times with the same email.

    Email tumbling can also refer to the use of sequential email addresses when it comes to fraud. For example, organized fraud transactions can go through multiple emails with sequential numbering.  A fraudster automatically generating email addresses can often look like johnsmith01@, johndsmith02@, johnsmith03@, dealing multiple transactions to these emails. 

    Email Tumbling Infographic

    What are Some Solutions?

    One way to prevent such scams from happening is identity and address verification. To prevent multiple transactions from occurring, Fraud.net incorporates dozens of data attributes on shipping and billing addresses, phone numbers and email addresses. IP address verification, as well as data mining. Preventing fraudsters from taking advantage of email tumbling can be automated into your business's fraud prevention services. 

     


    Employment Scam

    Employment scams refers to when advertising scammers create fake job listings in order to collect personal information of applicants, such as payment credentials and other types of information that can be used for blackmailing the applicants.


    Emulator

    An emulator is a special kind of robot that copies human activity when it comes to purchasing a service or product. Examples of emulators include targeted scripts which are aimed at buying a limited-quantity of items or at gaining an advantage in a time-limited sales event.


    EMV

    Europay Mastercard Visa or EMV is an international standard for debit and credit cards which are based on chip card technology. EMV cards are able to make in-person transactions safer than before, but the risk of card-not-present transactions has increased with it.


    Encryption

    A method of coding data, using an algorithm, to protect it from unauthorized access. There are many types of data encryption, which are the basis of network security. Encryption is the process of converting data into cipher text to prevent it from being understood by an unauthorized party. When e-commerce merchants need to securely transmit transaction data, including credit card information, they rely on encryption coding data so that only authorized parties can access it. Converting this regular data into ciphered (encrypted) data makes it difficult for an unauthorized third person to intercept the data and use it for illegal purposes. And even if the encrypted data is intercepted by a hacker, they’ll be unable to decode the information without the decryption key. The major data breaches of 2017 — including the exposure of the personal data of 143 million Americans — illustrate the importance of merchants encrypting customers’ sensitive information and protecting it from falling into fraudsters’ hands.


    End-to-End Encryption

    End-to-End Encryption refers to the protection of confidentiality and integrity which is not interrupted in terms of data by encoding them at the time of sending and decoding them at the end of the transaction. This method ensures that data is kept confidential no matter what.


    Endpoint Authentication

    Endpoint Authentication refers to a security system that aims to verify the identities of devices which are remotely connected along with their users like PDAs or personal digital assistant or a laptop before giving access to corporate network resources. It helps the user to know all the connected devices.


    Endpoint Protection

    Endpoint protection refers to a variety of solutions that are used to protect and detect a compromise of the last user's computer device linked to the mobile device and laptop, etc. Generally, endpoint protection solutions use one or more technique for protection.


    EV SSL

    The certification of EV SSL is actually the symbol of the highest level of trust for a virtual business. All modern browsers support a completely new technology, known as EV or Extended Validation which offers color-coded alerts which are used to inform about the website validity.


    Exclusivity

    Exclusivity refers to a contractual clause in which one party grants another party a right to use a specific business function. It means that the other party can now use the function as it likes.


    Facebook

    Facebook is a social media or networking platform that uses the internet for its operation. It allows people to connect with others by creating an account and chatting with them over the internet. Facebook is supported by a variety of devices like mobiles, tablets, and personal computers.


    Facial Recognition

    Facial Recognition is a type of biometric check used to identify the person and unlock the system. It focuses on the facial structure of a person and identifies whether the person has the necessary authorization or not. Normally, it is used in phones and other security systems.


    Fake check

    A fake check is normally used by a fraudster with either a duplicate signature or writing for withdrawing cash from bank. This is a fairly common type of scam that is done by obtaining the necessary information from the real member of the bank to create a fake check and cash it later.


    Fake merchandise

    Fake merchandise includes products and services that are not authorized by the original company, but are sold with the name of the company. Fake merchandise is often used on the Internet through e-commerce websites where buyers cannot actually control the product.


    False Account Entries

    Fake Account Entries refer to the input of wrong or misleading information in terms of financial statements. It is ethically wrong to include fake account entries in software or in a book that has to be submitted to a financial manager.


    False Data

    False data refers to information which is not accurate, especially the information which, in a specific context, differs directly from the required information.


    False Declines

    False declines are generally referred to as false positives that occur when an actual transaction is apparently flagged by a protection system of a merchant and it is declined inadvertently. Often, it occurs when a cardholder trips into a merchant's fraud detection system.


    False Documents

    False documents are documents created with incorrect information that cannot be used for their required purposes because the document does not contain the necessary data. These documents are created for the purpose of deceiving others.


    False Expense Claims

    False Expense Claims are created when staff who are authorized to be reimbursed for a certain number of expenses incurred while carrying out their work duties, submit a claim for those reimbursements when they don't actually deserve them.


    False Expense Reimbursements

    False Expense Reimbursements occur when an employee falsely inflates costs associated with their work, so that when they ask for reimbursements they will be given more money than they should.


    False Financial Statements

    False Financial Statements describe when a person falsifies income reports, balance sheets, and/or creates fake cash-flow statements to deceive the people who receive them. The purpose of this activity is generally personal profit.


    False Front Merchants

    False Front Merchants is when a company appears to have valid businesses, but actually, all are just fronts for a number of various fraud schemes. The ability of some fraudsters to make fake companies is growing with the new ways digital payment systems perform in a business, which give the opportunities for the fraudsters to set up sophisticated, deceptive schemes of false front merchants.


    False Identity Fraud

    False Identity Fraud is a situation where a person creates a fake identity to commit criminal activities. Actions that are examples of identity fraud are making a credit card, submitting for a loan, or opening bank accounts.


    False Invoices

    False Invoices could be described as the situation where a person makes an invoice that does not relate to a real sale or payment and is used to get money dishonestly and undeservedly.


    False Negative

    A false negative is when a fraudulent transaction fails  to be flagged as fraudulent, and gets through a system's fraud detection. It is the opposite of a false positive.


    False Positive

    False Positives, also known as “false declines” or “sales insults” appear when financial organizations or merchants decline valid orders. False positives are primarily caused by a businesses anti-fraud system incorrectly marking a transaction as likely to be fraud, when in truth the order is legitimate.


    False Report

    A false report is created when somebody knowingly reports a crime that did not occur, or knowingly reports details of a crime incorrectly.


    False Reporting

    False Reporting is when someone creates documents with false financial information and submits this information as legitimate.


    False Sales Invoices

    A contractor or supplier may commit fraud by knowingly submitting false, inflated or duplicated invoices with the intent to defraud the company they have been hired by. The contractor may act alone, or collude with payroll staff to keep the fraud going. The expression “false invoices” refers to invoices for goods or services that were never actually provided.


    False Travel Claim

    A false travel claim is when a person falsely claims they traveled by a certain method, and then asks to be reimbursed for paying for that method. An example would be if an employee said they had to take public transport to get somewhere, when in reality they simply walked or biked, and just want to make the money they say they spent.


    False Vendors

    False Vendors refer to any scheme that is completed by creating fake vendors. This can have multiple uses for fraud; for one, the fraudster can send invoices to companies asking for payments on a service or good that was never actually provided. Another example is when a fraudster will create a duplicate payment system, causing consumers to have to pay twice to buy a good, one payment going to the fraudster.


    Falsified Hours

    Falsified Hours is the term for when an employee records themselves as having worked more hours than they truly have in order to be paid for work they have not done.


    Familiar Fraud

    Familiar fraud describes when a customer asks for a chargeback instead of pursuing a refund from the merchant they made the purchase with, with the purpose of keeping their funds while also getting the product they bought.


    Federated Identity

    A federated identity in information technology refers to process of linking a person's electronic identity and attributes across multiple distinct identity management systems. Federated identity is related to single sign-on (SSO), in which a user's single authentication ticket or token, is trusted across multiple IT systems or even organizations. SSO is a subset of federated identity management, as it relates only to authentication and is understood on the level of technical interoperability and it would not be possible without some sort of federation.


    Fictitious Refunds

    In a fictitious refund scheme, an employee processes a transaction as if a customer were returning merchandise, even though there is no actual return. Since the transaction is fictitious, no merchandise is actually returned. The result is that the company's inventory is overstated.


    FIDO

    Fast Identity Online is a set of open technical specifications for mechanisms of authenticating users to online services that do not depend on passwords. FIDO authentication seeks to use the native security capabilities of the user device to enable strong user authentication and reduce the reliance on passwords.


    Financial Crime

    Financial Crime is a category of crime that is performed against property, comprising of the illegal conversion of the property rights to the personal use and benefits of the fraudster. Financial crime may involve fraud types such as securities fraud, credit card fraud, bank fraud, and more.


    Fingerprint Recognition

    Fingerprint Recognition is one of the most popularly used biometrics, and so far it is considered the most secure authentication method. Fingerprint Recognition refers to the automatic process of identifying or approving the identity of a person built on the comparison of two fingerprints.


    Fintech Fraud

    Fintech fraud refers to any fraud that takes place that is related to fintech in some way. Fintech fraud scandals can involve peer-to-peer financing platforms as well as crowd funding platforms, and have served as stark reminders of the risks from the use of Fintech where the proper rules or regulations on transactions are not present.


    Firewall

    A firewall is a system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized internet users from accessing private networks connected to the internet, especially intranets.


    Food Fraud

    Food fraud is the activity of changing, perverting, mislabeling, replacing or interfering with any food product at any theme alongside the farm–to–table food supply–chain. The fraud may appear within the fresh material, inside the ingredient, in the finishing product or maybe in the wrapping or packaging of the food.


    Forged Signatures

    Forged signatures are signatures created to look like very similar or the same as another's signature, but that was not created/signed by the signature's original creator. This is done to provide false authentication on documents; for example, a fraudster could "forge" a signature on a check to take money from someone without permission.


    Fortune Teller Scam

    Fortune teller scam, also known as the “bujo”, is a type of confidence game. The basic feature of the scam involves diagnosing the victim (the "mark") with some sort of secret problem that only the grifter can detect or diagnose, and then charging the mark for ineffectual treatments.


    Fraud

    Fraud can be described as a consciously dishonest and/or illegal act done generally for personal gain, or to afflict another. Fraud can violate civil law, and cause the loss of cash, property, or other legal rights.


    Fraud Analyst

    A fraud analyst is someone who investigates forgery and theft within customers' accounts and transactions on behalf of a bank or a financial institution. They track and monitor the bank's transactions and activity that comes through the customers' accounts.


    Fraud Definition

    Fraud is defined generally as the wrongful or criminal act to deceive someone for one's own financial or personal gain. Legal definitions of fraud vary across countries, at the federal and state levels in the US, and even among states, but most have, at their core, the use of deception to make a gain by unlawful or unfair means. Many types of fraud exist, including occupational, operational, investor, accounting, credit card and insurance fraud, but all forms share the fact that the perpetrator knowingly receives a benefit to which they're not rightfully entitled. The purpose of fraud may be financial gain but also covers the acquisition of other benefits, such as obtaining a driver's license, a passport or other travel documents, or qualifying for a mortgage by using falsified documents or making false statements.


    Fraud Department

    Insurance corporations, banks, shops, and a mass of other companies employ fraud analysts to identify and prevent fraudulent activities, and if an organization dedicates a group of their employees to this task, they are known as a company's "fraud department". 


    Fraud Detection

    Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses. Fraud detection is applied to many industries such as banking or insurance. In banking, fraud may include forging checks or using stolen credit cards.


    Fraud Examiner

    A fraud examiner is a highly qualified professional who investigates cases of criminal and civil fraud. Fraud examiners can be certified to prove their expertise within the field of fraud and fraud prevention.


    Fraud Filter

    A fraud filter is a tool you can add to your e-commerce shop to prevent potentially fraudulent orders from processing in your store. Depending on how you set up the fraud filters, it will either warn you of a potentially fraudulent transaction or cancel an order entirely.


    Fraud Guidelines

    Fraud Guidelines are the practical guidelines put in place to help prevent, detect, and investigate any type of fraud that may occur within a business's dealings.


    Fraud Jobs

    Fraud jobs are the category of jobs that work in the fraud field, such as a fraud specialist, forensic accountant, forensic audit manager, forensic director, senior auditor, risk assurance and risk analyst, audit consultant, forensic service manager or a forensic auditor.


    Fraud Lawyers

    Fraud Lawyers are lawyers who practice law in the criminal fraud and civil areas. These lawyers assist companies who have been affected by fraud performed by their employees or other party by performing internal investigations, collecting proof, and communicating with the authorities as well.


    Fraud Managed Services

    Fraud Management Services are defined as the associations that provide support in reviewing and resolving all potential fraudulent operations of a company, assisting the company in the immediate cancellation and then refunding of illicit purchases. These associations conduct ongoing anti-fraud investigations to create innovative fraudulent policies to increase controls.


    Fraud Prevention

    Fraud prevention refers to the practices, processes, and tools which are utilized in the prevention of fraud and that may occur in different online transactions, exchange of services, and input of information. In order to prevent fraud, a third-party solution can also be utilized. Preventing fraud is an important task for both organizations and online users.


    Fraud Prevention Software

    A number of merchants incorporate fraud protection software within their loss-prevention approaches. These automatic software programs support the companies to identify hazardous transactions in real time and decrease the amount of consumer fraud that occurs. Through an algorithm, the fraud protection software scans transactions, and uses previous transactional facts to uncover any potential risks and then marks the transactions to be further investigated.


    Fraud Prevention Specialist

    A Fraud Prevention Specialist is a person in a company who has the responsibility of taking care of certain assets and ensuring they remain protected from any potentially fraudulent actions. Their goal is both to detect any fraud occurring and then to also stop it.


    Fraud Response Plan

    A Fraud Response Plan is a policy aimed at ensuring that effective and timely action is taken in the event of fraud occurring. A Fraud Response Plan gives employees the details of the entire procedure for reporting any suspected fraud, defines the actions that the company needs to take and also defines authority levels, responsibilities for action, and reporting lines in the event of a suspected fraud or irregularity.


    Fraud Ring

    Fraud Ring

    A Fraud Ring could be described as an organization which performs activities with the intention to defraud or take advantage of other people. This organization might be involved in any kind of forgery. Actions can range from creating fake claims, stealing a private identity, or even counterfeiting checks and currency. Some rings are devoted to committing fraud against ecommerce websites. Others are devoted to defrauding charities, businesses or government agencies. These organizations can consist of 10 criminals or 10,000. Most are devoted to committing specific types of fraud. 

    With the rise of the internet, online fraud is rampant. Millions of consumers are filling out online forms that require them to submit personal information, including as credit card numbers, SSIDs, street addresses, etc. Consequently, identity theft is the most popular type of Internet fraud.

    Methods Used by Fraud Rings

    There are many known cases of organizations that have carried out insurance fraud. For example, in 2017 a small scale ring of 26 individuals was prosecuted for staging traffic accidents to file false claims. This smaller group collected more than $100,000 in payouts from 12 auto insurance providers.

    Payouts can be much larger. In 2012, a federal court in Minneapolis sentenced a California man and a New York man for their roles in a $50-million bank fraud conspiracy that operated in six states. This gargantuan scheme involved a network of bank employees and victimized more than 500 individuals around the world by stealing their personal and financial information. Bank fraud rings like this one may steal large quantities of checks and forge signatures. They may complete false loan applications or use stolen credit card numbers. Additionally, identity thieves steal personal information to apply for bank accounts or debit cards.

    Protection Against Organized Fraud

    The Association of Certified Fraud Examiners estimates that total global fraud losses total nearly $5 trillion, and fraud rings are a large part of this. A large group working towards organized fraud can do more financial damage than any individual fraudster ever will. The more individuals added, the more complex the issue becomes.

    With that said, complex problems require sophisticated solutions. Many companies thus integrate a digital risk management platform into their workflow to combat fraud at minimal costs. This enables your company to extract immediate value and gain transparency, confidence, and clarity. Make the effort to prevent this type of fraud from affecting your business.Fraud Rings Breakdown

     

     


    Fraud Risk Assessment

    A fraud risk assessment is a tool used by business management to identify and understand risks to their business and weaknesses in controls that present a fraud risk to the organization. Once a risk is identified, a plan can be developed to mitigate those risks by instituting controls or procedures and assigning individuals to monitor and effectuate the plan of mitigation.


    Fraud Risk Profile

    There are two types of Fraud Risk Profiles: that of employees who abuse company assets to obtain personal benefits, and that of people who create the fraud plan in order to give the impression that will make the company look more profitable than it really is.


    Fraud Schemes

    Fraud Schemes are schemes that fraudsters have created to execute a criminal or fraudulent scenario, in order to obtain the personal benefits derived from it. Corruption, money laundering, skimming cash, and more are all fraud schemes.


    Fraud Score

    Fraud Score

    A Fraud Score is an informational tool that helps you gauge risk involved with orders before processing. This is done by identifying traits and historical trends associated with suspicious behavior and fraudulent orders. This process is commonly used across businesses, as they try to detect fraud in their transactions to avoid major profit losses. Fraud detection is applied to many industries like banking, insurance, and e-commerce. With so much at stake and so many variables changing, it's vital to have a real-time monitoring system for fraud. 

    The Score Model

    At Fraud.net, we build custom machine learning models, leveraging patent-pending methodologies. In other words, we are determined to solve the unique and nuanced problems of each client, and develop a unique fraud score for each transaction.


    Fraud Score Infographic Fraud.net

    • The Score Model provides a risk score of 1-99 to every event or transaction. In short, this score indicates the relative risk of fraud.
    • Based on the score, each event is segmented into one of 5 risk levels:
      • Very Low Risk (0 - 9): Lowest possibility of fraud. 
      • Low Risk (10 - 49): Low possibility of fraud, but may include false negatives (risk). 
      • Medium Risk (50 - 69): No strong indication of positive or negative outcome. 
      • High Risk (70 - 89): High possibility of fraud, but may include false positives. 
      • Very High Risk (90 - 99): Highest possibility of fraud. 

    Using this method, clients are able to prioritize reviews of transactions based on risk. Thus, businesses can take real action based on risk group to reduce queue size and optimize investigator or review agents’ time.

    Assess Risks Quickly and Efficiently

    Deep in the terabytes of data your organization produces every day lie hidden, potentially game-changing, insights.

    Using modern technology, unifying data and extracting intelligence is now possible. Consequently, assessing risks and saving businesses money has never been easier with the rise of AI.

    Above all else, making sure your business is protected at all times is paramount.

    Contact Fraud.net to schedule a demo of our end-to-end anti-fraud prevention system or a free fraud analysis. Start mitigating insider fraud risks today.


    Fraud Screening

    Fraud Screening generally refers to a checking system that identifies potentially fraudulent transactions. Fraud screening helps reduce fraudulent credit card transactions, reduce the number of manual reviews, minimizes risky sales, and improves a company’s bottom line.


    Fraud Statistics

    Fraud Statistics are reports produced by companies and organizations that detail things like the numbers of fraudulent transactions that have occurred in a period, what kinds of fraud took place, and anything else related to data on fraud. These fraud statistics are used to figure out how much and what kind of fraud occurs, so that a better preventative plan can be created to mitigate the impacts of fraud.


    Fraud Triangle

    The Fraud Triangle is a simple framework that is useful to understand a worker's decision to commit workplace or occupational fraud. The fraud triangle consists of three components (sides) which, together, lead to the workplace fraud, and are: 1) a financial need, 2) a perceived opportunity, and 3) a way to rationalize the fraud as not being inconsistent with their own values. The Fraud Triangle is a common teaching aide and metaphor that has been used for decades.


    Fraud Upon The Court

    Fraud on the court occurs when the judicial machinery itself has been tainted, such as when an attorney, who is an officer of the court, is involved in the perpetration of a fraud or makes material misrepresentations to the court. Fraud upon the court makes void the orders and judgments of that court.


    Fraud vs Abuse

    Fraud is defined as an intentional deception or misrepresentation made by a person with the knowledge that the deception could result in some unauthorized benefit to himself or some other person. Abuse is defined as provider practices that are inconsistent with sound fiscal, business, or medical practices. It is the actual intention behind these actions that truly differs fraud and abuse.


    Fraud vs Forgery

    In today’s world, the rapid development of technology can make it difficult to fight fraud and forgery, especially for legal authorities. Knowing what charges come with each, and primarily how to prevent them, is vital to saving your business significant costs per year.

    Fraud versus Forgery Information infographic

    Essentially, Fraud denotes any kind of practice of dishonesty of a person or a company for financial advantage. It is generally considered a well-thought-out crime by the law. On the other hand, forgery is essentially concerned with a produced or altered object. Fraud is the crime of deceiving another, which may be performed through the use of objects obtained through forgery. Forgery is a common technique in fraud schemes, where the fraudster uses forged documents in order to gain access to information or materials they should not truly have access to. The legalities and sentencing for each is extremely nuanced, but can provide insights for your business on which steps to take to both prevent and combat existing fraud.

    Acts of fraud can be legally classified up to a Class I Felony , with fines up to $10,000 and a prison sentence of up to 3.5 years, and is an overarching term for many different federal charges. The average imprisonment time for counterfeiting (or forgery) is roughly 16 months.

     

    Contact Fraud.net to schedule a demo of our end-to-end anti-fraud prevention system or a free fraud analysis, and start mitigating both forgery and fraud risks today.


    Fraud vs Theft

    Fraud can be defined as when a person deceives others in order to personally benefit themselves. The main objective of fraud is to get money or other valuable items from somebody without their permission. On the other hand, theft occurs when a person or entity takes money or property without permission, or uses them in an illicit manner, with the intent to gain a benefit from it. Performing a fraudulent scheme is generally a step taken to steal something from another.


    Fraud Waste and Abuse

    Fraud Waste and Abuse is typically a term most commonly used in government and healthcare and refers to several types of negligent and possibly criminal behavior. As defined by United States Code 1347, Fraud is “knowingly and willfully executing, or attempting to execute, a scheme or artifice to defraud any health care benefit program; or to obtain, by means of false or fraudulent pretenses, representations, or promises, any of the money or property owned by, or under the custody or control of, any health care benefit program.” It is illegal to knowingly submit false information in order to receive a monetary or other benefit, the definition of fraud. Waste and abuse, on the other hand, do not require intent and knowledge of wrongdoing. Abuse might take the form of a payment for items or services that have no substantiated basis for payment and/or for which the provider has not knowingly or intentionally tried to get paid. Waste usually refers to the inefficient use of services and is generally not the result of criminal negligence.


    Fraud Waste and Abuse Policy

    Fraud Waste and Abuse Policy is the set of policies that a business or organization likely have in place so that if fraud or waste occurs within that entity, it has a set of procedures in place to deal with the effects of that fraud or abuse.


    Fraud Waste and Abuse Training

    Fraud Waste and Abuse Training is training that helps you to understand the definitions of fraud, waste and abuse, identify the principles underlying state and federal laws associated with fraud, waste and abuse, and understand the importance of responsibility for preventing fraud, waste and abuse.


    Fraudulent Apps

    Fraudulent apps are apps that say they provide some kind of service or entertainment, but their actual purpose is to download malware onto a device, or to discretely attain sensitive information. Some fraudulent apps completely emulate authentic apps, with the intention of tricking people into thinking they are using the real application.


    Friendly Fraud

    Friendly Fraud can take many forms, but typically involves an actual consumer obtaining goods or services from a merchant, then claiming they did not make the purchase, did not receive the goods, or only received a fraction of items, in order to keep the goods or services without paying for them. Customers commiting friendly fraud make the purchase on a credit card, receive the product or service, and then demand a refund for a lost or short-shipped order, or file a chargeback through their credit card issuing bank, with the intention of receiving a full refund of purchase amount. Also referred to as chargeback fraud, it is estimated that $4.8 billion was lost by US businesses last year to friendly/chargeback fraud. It is also estimated that as much as 80% of all chargebacks are fraudulent.

    Learn More


    Front Companies

    Front companies could be defined as fictious companies which have been set up and organized by criminals or fraudsters, with the main purpose of using them to perform fraudulent activities. The company may be used to carry out any transaction process on fraudulently collected products.


    Fullz

    "Fullz" is fraudster slang for an information package containing a person’s real name, address, and form of ID,  or their "full information." Fullz can be considered a component of 3rd party fraud, as the person whose credentials are sold is not complicit. Fraudsters use these credentials to steal identities and commit financial fraud.

    Fullz usually contains a person’s name, address, SSN, driver’s license, bank account credentials, and medical records, among other details. Fraudsters use the victim’s financial reputation for identity theft and fraud, resulting in low credit scores and financial insecurity for the victims. For example, they apply for a loan or credit card with the victim's good credit. The fraudster applies for the card and uses it, while the victim cannot pay it off and/or attempts to cancel it, harming their credit score.

    Fullz

    Fraudsters acquire and sell these information packages through the dark web. They access the dark web using TOR, a system that scrambles users’ virtual trails so they cannot be traced. Identities sell for various prices, depending on the accuracy and viability of the information. Sellers frequently offer discounts for bulk amounts of fullz.

    How Are Businesses Affected By Fullz?

    Often, fraudsters obtain fullz through corporate and institutional data breaches. Insurance companies, commercial, and financial institutions fall victim due to the sensitivity of the information they possess. These breaches are often triggered by an accidental download of malware by an employee, but there are several causes. Also, businesses and institutions often make themselves vulnerable with poor quality internet security or lack thereof.

    As a result, customers find themselves with affected financial reputations and loss of their hard-earned money from account takeovers and cash withdrawal. Businesses face a loss in reputation and if their own financial information is not protected, a loss in revenue. Furthermore, they face legal damages and the cost of damage control for the breach, often in the millions.

    How Can You Prevent Fraud?

    Businesses and institutions can prevent such breaches with high-quality security solutions to protect purchases and sensitive customer information. With proper web security, institutions avoid the financial and reputational toll of data breaches.

    Fraud.net offers a variety of solutions using AI and machine learning to prevent theft of your customer’s information and therefore, your bottom line. We offer dark web monitoring, analytics and reporting, identity protection services, and more.

    Contact us for a demo and recommendations for fullz fraud prevention and identity protection.


    Gaming Fraud

    Gaming fraud occurs when a fraudster deliberately misinforms somebody about information on a game, so that when that person makes a wager on the results of that game, they are doing so with incorrect information, generally making them more likely to lose. Sports tampering and claiming false bets are two examples of gaming fraud.


    Geographical IP Detector

    A geographical IP detector is software that allows you to trace where an IP address is located on the globe. By mapping the IP address geographically you can easily get information on a person's country, city, longitude, state, ISP, area code, and other pieces of data.


    Geolocation Detection

    Geolocation refers to the identification of the geographic location of a user or computing device via a variety of data collection mechanisms. Typically, most geolocation services use network routing addresses or internal GPS devices to determine this location.


    Ghost Employee

    A ghost employee is a common ploy used in payroll fraud. A ghost employee is a person who is on an employer's payroll, but who does not actually work for the company, and perhaps does not exist at all. Someone in the payroll department creates and maintains a ghost employee in the payroll system, and then intercepts and cashes the paychecks intended for this person for themselves.


    Ghost terminal

    Ghost terminal, used in recent reports of skimming crimes, are electronic devices tailored to copy a credit card’s magnetic strip and Personal Identification Number in order to steal money from an account. They are manufactured devices that appear to be real ATM touch pads or credit-card readers. They are often placed over a legitimate ATM or other card-reading device, often in a manner that is unnoticeable to most consumers.


    Gift Card Scammer Numbers

    Gift cards are a popular way for scammers to steal money from you. This is because gift cards are like cash: if you buy a gift card and someone uses it, you probably cannot get your money back. Anyone who demands payment by gift card is likely a scammer.

    Learn More


    Global Address Verification Directories

    Address validation is the process of checking a mailing address against an authoritative database to see if the address is valid. If the address in question matches an address in the official database, the address "validates", meaning it's a real address. Addresses that do not match any addresses in the database are marked as "invalid", meaning the address either doesn't exist or isn't registered with the official postal service. Most countries around the world have their own respective databases against which addresses can be validated.


    Government Fraud

    Government fraud refers to when an individual purposefully deceives the government so as to benefit from this deception. Examples of government fraud include tax evasion, welfare fraud, and counterfeit currency.


    GPS Spoofer

    A GPS spoofer allows a device to pretend it is at a different location than its current location. This can be used to deceive services that attempt to track where you are located.


    Grandparent Scam

    In a typical grandparent scam, a con artist calls or emails the victim posing as a relative in distress or someone claiming to represent the relative (such as a lawyer or law enforcement agent). The "relative" of the grandparent explains she is in trouble and needs their grandparent to wire them funds that will be used for bail money, lawyer’s fees, hospital bills, or another fictitious expense.


    Hacking

    In a computer system, hacking generally refers to any unauthorized intrusion into a computer or network. The person engaged in hacking activities is known as a hacker. A hacker may alter system or security features to accomplish a goal that differs from the original purpose of the system.


    Hash

    A Hash or hash function is a function that can be used to transform digital data of an arbitrary size to digital data of a fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or most commonly, hashes. A cryptographic hash function takes input data, like an address or a credit card number, and transforms it into a compact string of seemingly random characters that generally renders the data useless in the event of a breach.


    Healthcare Fraud

    Healthcare fraud is a type of white-collar crime that involves the filing of dishonest health care claims in order to turn a profit. Fraudulent health care schemes come in many forms, such as individuals obtaining subsidized or fully-covered prescription pills that are actually unneeded and then selling them on the black market for a profit, or billing by practitioners for care that they never rendered and filing duplicate claims for the same service rendered.


    High-Risk Industry

    A high-risk industry describes when a type of business proves to have higher rates of failure than others. If businesses in a certain sector, like beer production, have higher rates of failure over other business types, then beer production would be considered a "high-risk industry".


    Honeypot

    A Honeypot is decoy computer system designed to identify and/or trap hackers and other malicious actors. A honeypot sometimes offers a tempting set of data to attract fraudsters and counteracts their attempts to hack into or otherwise compromise an information system. A honeypot acts as bait by appearing to be a legitimate part of a website, database, or computer system, but is being monitored by IT and security professionals seeking insights into new methods of attack.


    Hospitality

    Hospitality is a term used to describe how well a certain location or entity accommodates somebody. If a person is well accommodated for when they visit somewhere, it would likely be said that that place provided good hospitality.


    Host Card Emulation

    In device technology, host card emulation is the software architecture that provides exact virtual representation of various electronic identity (access, transit and banking) cards using only software. Prior to the HCE architecture, near field communication (NFC) transactions were mainly carried out using secure elements. HCE enables mobile applications running on supported operating systems to offer payment card and access card solutions independently of third parties while leveraging cryptographic processes traditionally used by hardware-based secure elements without the need for a physical secure element.


    Hybrid Detection System

    A hybrid intrusion detection system is used to provide increased detection capabilities. HNID integrates a neural network detection component with a basic pattern matching engine to detect anomalies in the network traffic. This approach efficiently detects known classes of attacks, and also the unknown ones. Both of the detection solutions run simultaneously so that one can provide a method to filter and group the security alerts to reduce the number of alerts which will be sent to the network administrator.


    I2P Anonymous Proxy

    The Invisible Internet Project (I2P) anonymous network layer that allows for censorship-resistant, peer to peer communication. Anonymous connections are achieved by encrypting the user's traffic (by using end-to-end encryption), and sending it through a volunteer-run network of roughly 55,000 computers distributed around the world.


    Identification (ID)

    Identification is the process by which something denotes another object as being a part of a certain category. A human could simply be identified as a human, or could be identified as their role or profession, or by their name; an object could have multiple identifications. In the world of fraud, identificarion is a term brought up often, as people have their identity "stolen", which is when others pretend to be you in for malicious purposes.


    Identity and Access Management

    Identity and access management (IAM) is a framework for business processes, policies and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations.


    Identity Fraud

    Identity fraud is the situation where a fraudster uses the personal information of a victim, without any approval, to perform a criminal action or to mislead or defraud the other person. Most identity fraud is dedicated to the use of financial benefit, such as access to a credit card, a bank account, or even a victim's loan accounts.


    Identity Provider

    An identity provider is a federation partner that vouches for the identity of a user. The identity provider authenticates the user and provides an authentication token (that is, information that verifies the authenticity of the user) to the service provider.


    Identity Spoofing

    Identity spoofing occurs when a scammer assumes the identity of another person/entity and uses that identity to commit fraud. Spoofers steal credentials from people or businesses through password attacks and credential capture processes.

    Identity Spoofing

    They use those credentials to facilitate phishing, pharming, identity theft, and business email compromise (BEC) by relying on the trustworthiness of the original identity. Identity spoofing differs from content spoofing, in that the spoofer attempts to "change" the identity of the sender rather than the content being sent. Often these spoofs lead to business email compromise and identity theft, causing organizations millions in losses and/or damages.

    Most common forms of identity spoofing

    It can be hard to determine whether you face an identity spoofing threat. Users often trust familiar names and addresses despite the possibility that they may be compromised. Familiarize yourself with several forms of spoofing in order to spot them in the future.

    ARP Spoofing

    ARP spoofing occurs by binding the spoofer’s MAC address (their Media Access Control address) to a legitimate IP address’s default local access network (LAN) gateway. Essentially, a spoofer takes the place of the destination IP and through that spoofing, gains access to their local network. With this access, they capture sensitive information and access unrestricted information on the network. They also manipulate information before it reaches the legitimate IP address. Spoofers then carry out phishing and pharming attacks and assume new identities based on the information they receive. Additionally, ARP spoofers attempt a distributed denial-of-service attack (DDoS) which overwhelms existing security systems by dramatically increasing the number of users it must authenticate.

    MAC Spoofing

    Each device should have a unique Media Access Control address (MAC) that should not be encountered elsewhere. However, spoofers take advantage of vulnerabilities and imperfections in hardware to spoof the MAC address. As a result, the local network recognizes the MAC address and bypasses certain security protocols. Because spoofers operate with a trusted address, other users fall victim to business email compromise fraud, data breaches, and more. In addition, with trusted access, a spoofed address can deposit malware on a local network. Spoofers then prey on vulnerabilities and steal sensitive information.

    IP Spoofing

    The source or destination of a virtual message traces back to an IP address associated with a physical location. However, spoofers mask themselves with a legitimate IP address or assume the IP address of someone in that low-risk geolocation. Because many systems do not implement authentication protocols, the masked IP address takes the place of the legitimate source without the legitimate sender or recipient’s knowledge. With this IP spoof, a spoofer can deploy a man-in-the-middle attack within a network, allowing them to steal sensitive information and inform themselves for future fraud attempts. IP spoofing relates to geolocation spoofing:

    Geolocation Spoofing

    One can spoof their geolocation using a Verified Protected Network (VPN). Some companies offer this direct-to-consumers to protect their information as well as access location-restricted content. Fraudsters use VPNs to place themselves in low-risk locations to avoid their sender information being flagged as an anomaly. Additionally, they use them to mislead security efforts and mask their location to avoid being traced.

    Fraudsters also use geolocation spoofing to place themselves in particular states or countries to take advantage of lessened restrictions in the new geolocation. For example, a user in California spoofed their geolocation to play online poker in New Jersey, taking advantage of New Jersey gambling laws. State law in both states prohibits this, so both states located and apprehended the user. The user forfeited about $90,000 in winnings.

    DNS Spoofing

    Spoofers assume a Domain Name Server (DNS) identity by piggybacking on DNS server caching flaws. As a result, users click on a domain name they trust, but end up on a replica page that leads to phishing or pharming attacks against the user. They click on links within that page and expose themselves to these attacks because they trust the original domain. DNS spoofs, just like many other identity spoofs, often lead to a loss in reputation for the business due to users’ trust being violated by the replica site.

    This relates to website spoofing, the use of a replica site in order to steal user information. Spoofers target websites that employees use routinely for their work and construct an almost exact replica. Users click on the link to a trusted website, not knowing that the URL is spoofed. They interact with the website, unknowingly entering sensitive credentials or providing backdoor access to their local network. These spoofs are usually most effective when combined with phishing emails.

    Caller ID Spoofing

    Spoofers forge caller ID information, presenting false names or numbers and assuming the identity of particular people or organizations. Public networks and Voice over IP (VoIP) networks make this more possible. Callers answer these, believing their legitimacy, and often share credentials or bank account information due to their trust in the legitimate identity. These calls tend to originate in foreign countries where certain protections may not apply to the caller if they find out that they have been scammed.

    Email Spoofing

    Sender information in the “From” section of an email can be spoofed to hide the origin of fraudulent emails. As long as an email fits the protocols needed by the Simple Mail Transfer Protocol (SMTP) Server, a spoofer easily sends from a falsified email address. The consequences resemble those of IP spoofing and Caller ID spoofing. Spoofers either leverage a man-in-the-middle attack or receive sensitive information, relying on the trustworthiness of the legitimate entity.

    GPS Spoofing

    Although this is a relatively new form of spoofing, it poses an especially dangerous threat. Identity-based GPS spoofing takes the form of a rebroadcast of a genuine signal, or broadcasting fake signals that very closely represent legitimate signals. A spoofer takes on the identity of the trusted GPS satellites, sending falsified or genuine information with malicious intent.

    What Are the Consequences?

    The results of a spoofing attack are harmful and detrimental to both compromised identities and those exposed to the spoofer. Several attacks are carried out with various forms of spoofing:

    1. Man-in-the-middle attacks

    In a man-in-the-middle attack, a spoofer reroutes traditional virtual traffic using a spoofed IP to view the information being sent or manipulate the message on its way to its legitimate destination. Man-in-the-middle attacks are also caused by ARP spoofing and MAC spoofing, both similar to IP spoofing.

    2. Phishing

    Spoofing often leads to phishing, as it weaponizes the trustworthiness of a recognizable entity. Phishing attacks attempt to capture sensitive information by asking users to click compromised links. Once a user clicks the link, they make themselves vulnerable to back door attacks, where scammers then load malware onto their computer or network to capture more sensitive information.

    3. Pharming

    Pharming relates to phishing. It often directly results from DNS or Website spoofing. Spoofers send an email from a “trusted” entity and ask a user to click on the link to a website and enter credentials. Those credentials are sensitive data like name, date of birth, address, credit card information, bank information, and more, leading to identity theft and financial reputation destruction.

    4. Business Email Compromise

    Business email compromise (BEC) directly results from spoofing. Scammers use spoofed email addresses from trusted entities to deceive users into sending money or identity information. They use an organization's name to steal material goods, while the organization gets billed for items they do not receive. Much like other results of spoofing, users trust particular senders and organizations, so they input their information without verifying identity.

    Is There a Way to Combat it?

    Despite the attack-on-all-fronts that spoofing seems to be, there are ways to mitigate risks. When emails request sensitive information, users should follow up with the sender through another form of communication. Verifying by phone call to make sure that the request is legitimate frequently reveals a compromised identity, saving both the recipient and the spoofing victim.

    Another form of protection is multi-factor authentication (MFA), much like the previous method of verifying a request. When entering credentials into an email server or an in-network computer, a user must verify their identity through a separate method. This takes the form of a phone call, text message, email, or push notification to an MFA application.

    In addition, you can track how information moves within your network, screen senders based on a set of attributes, and ensure the validity of every source and destination address in your network.

    Fraud.net offers a variety of products to combat spoofing, powered by artificial intelligence and machine learning. Even as attacks get more sophisticated, the product evolves with them and learns new ways to combat them.

    Contact us for a demo and product recommendations today.


    Identity Theft

    Identity theft refers to the act of accessing and acquiring elements of another person's identity (i.e. name, date of birth, billing address, etc.) in order to commit identity fraud. Identity theft can take place whether the victim is alive or deceased. Once a person’s identity data is obtained, the data can be monetized by gaining access to their accounts, stealing their resources or obtaining their credit and other benefits. Identity theft (in combination with, and often used interchangeably with, identity fraud) is one of the fastest-growing crimes globally. A criminal can also use stolen identity information to hijack a consumer accounts, commonly referred to as "account takeover".


    Improper Disclosures

    Improper disclosure refers to when information is mistakenly shown to somebody that has not been authorized by the appropriate people to see it. The term usually relates to medical disclosure, when a persons personal health information is improperly disclosed to somebody.


    InfoSec (Information Security)

    InfoSec, short for Information Security, refers to the discipline of defending information from unauthorized access, use, disclosure, disruption, modi cation, perusal, inspection, recording or destruction.


    Insider Threat

    An insider threat can happen when someone close to an organization with authorized access misuses that access to negatively impact the organization’s critical information or systems. This person does not necessarily need to be an employee – third party vendors, contractors, and partners could pose a threat as well.


    Instagram scammer

    An Instagram scam could be described a scheme fraudsters perform through the use of social media, such as Instagram, or other related applications in the smartphone, in order to gain access to confidential and private information, money or encrypted monetary data with the use of high-level social engineering.


    Insurance Fraud

    Insurance fraud is any act committed to defraud an insurance process. This occurs when a claimant attempts to obtain some benefit or advantage they are not entitled to, or when an insurer knowingly denies some benefit that is due. There are two types of insurance fraud: hard fraud, which occurs when someone deliberately fakes an accident, injury, theft, arson or other loss to collect money illegally from insurance companies, or soft fraud, in which normally honest people often tell "little white lies" to their insurance company for the purposes of filing or maximizing a claim.


    Intellectual Property

    Intellectual property, also known as IP, describes an item or idea that has been credited as belonging to somebody in some way. Common types of IPs would be patented or copyrighted materials.


    Intelligence

    Fraud Intelligence is the leading practical resource for the counter-fraud professional; it provides applied insight, analysis and tools to combat fraud and corruption, whether in the corporate or non-commercial sector, together with coverage of relevant statute and case law.


    Intelligence Augmention

    Intelligence Augmentation, or IA, is an alternative conceptualization of artificial intelligence that focuses on AI's assistive role, emphasizing the fact that cognitive technology is designed to enhance human intelligence rather than replace it. The choice of the word augmented, which means "to improve," reinforces the role human intelligence plays when using machine learning and deep learning algorithms to discover relationships and solve problems.


    Internal Fraud (Insider Fraud)

    Internal fraud occurs when an employee makes a false representation, fails to disclose information, or abuses a position of trust either for personal gain or to cause losses to others. Internal fraud can range from compromising customer or payroll data to inflating expenses to petty theft. Often referred to as occupational fraud, these schemes can be planned or unplanned and opportunistic or linked to organized criminal networks. When more than one employee is involved in the scheme, it is referred to as collusion and the average losses to the organization are greater.


    Interoperability

    Interoperability describes the ability of computer systems or software to exchange and make use of information. Interoperability requires mechanical compatibility among the systems, and it is only able to take results from where profitable contracts have been settled among the systems.


    Inventory Fraud

    Inventory fraud involves the theft of physical inventory items and the misstatement of inventory records on a company's financial statements. A small business may be a victim of fraud perpetrated by one of its employees, or the business itself may engage in fraudulent activities to trick shareholders and tax agencies. Inventory contains rare materials and uncompleted or completed items that are normally stored in a storage room.

    Inventory is one of the biggest assets on a manufacturer’s balance sheet. It’s also one of the hardest assets to measure and track. Therefore, protecting it becomes essential for direct growth. Timely fraud detection and prevention can save your business essential time and money.Inventory Fraud Infographic

    Inventory Fraud: Warning Signs

    Telling signs of fraud include missing packing slips and sales receipts, complaints from customers about lost goods, spikes in the number of damaged goods and sharp drops in sales, even during normally busy periods. These events can happen on a digital or physical level. Falsifying orders online, or purchasing orders for resale, is another way company employees might try to benefit.

    In a June 2001 article for Journal of Accountancy, Joseph T. Wells, founder and chairman of the Association of Certified Fraud Examiners, wrote about several risk factors for what he called "phantom inventories". To clarify, The term refers to companies who falsify their information to trick tax agencies or shareholders. Attempts to fool company investors may include bogus purchase orders, fabricated shipping and receiving reports, and inflated inventory counts. Fraudsters might even stack empty packing boxes in the company warehouse to feign inventory.

    Protect Your Business

     To prevent theft in physical warehouses and in offices, make sure to lock storage areas, install video monitoring and alarm systems. Likewise, consider running background checks on employees and conducting physical audits of your inventory at a random interval. As businesses digitize, it's important to have a system in place to assess the risk of customers and their purchases. A system like Fraud.net performs real-time assessments, sometimes hundreds of times per second, of payments, identities, and other data to determine risk even before the point of purchase. Online fraud systems identify and halt anomalous and problematic flare-ups as they happen to help you get in front of potential fraud.

    You can prevent inventory fraud by building an environment with the right controls. Learn more about Fraud.net’s end-to-end anti-fraud solution and other tools you can leverage to mitigate threats.


    Investment Fraud

    Investment fraud is any scheme or deception relating to investments that affect a person or company. Investment fraud includes illegal insider trading, fraudulent stock manipulation, prime bank investment schemes and hundreds of other types of financial scams.


    Invisible Web

    The Invisible Web is the part of the World Wide Web, which is not indexable by search engines and is therefore invisible. In contrast to the Surface Web, the Invisible Web consists of data and information that cannot be searched with search engines for various reasons.


    IOD - Impersonation of the Deceased fraud

    IOD or Impersonation of the Deceased fraud is defined as a type of identity theft that occurs when an individual utilizes the information and personal data of a deceased person in an attempt to fraudulently obtain credit, financial details, or other identity related criminal acts.


    IoT Botnet

    Also known as a zombie army, a botnet is a collection of internet-connected devices that an attacker has compromised. These botnets can try to infect more computers or spread spam for affiliate fraud, amongst other reasons. They can also act as a proxy to mask a criminal’s original IP address. Botnets mainly act as a force multiplier for individual attackers, cyber-criminal groups and nation-states looking to disrupt or break into their targets’ systems. Commonly used in distributed denial of service (DDoS) attacks, botnets can also take advantage of their collective computing power to send large volumes of spam, steal credentials at scale, or spy on people and organizations.


    IP Address

    An Internet Protocol address (IP address) is a rational numeric address that is assigned to each computer, printer, or some other device that is considered to be a part of a TCP/IP-based network. An IP address is the main element on which the network structure design is built, and there is no network that could ever exist without any IP address.


    IP Address Verification

    Internet Protocol or IP Address Verification could be defined as a set of processes and procedures that ensure that everything you produce, buy, or sell on the Internet will have a legal and registered IP address.


    Issuer (Issuing Bank)

    The Issuing Bank is the financial institution which issues individuals with credit cards or debit cards and extends short-term lines of credit to purchase goods and services. Familiar issues include Bank of America, Wells Fargo, Citibank and The issuer settles card transactions for the purchaser or card holder whereas its counterpart the acquiring bank or merchant acquirer, is the bank that is responsible for settling credit and debit card transactions on behalf of the merchant. Issuers generally manage the credit and debit card programs on behalf of the card networks, such as Visa and Mastercard, and for their role in the card payment process, receive the majority of the interchange and other fees in a credit card and debit card transaction. Discover and American Express are both issuers and card networks.


    Jitter

    Jitter is an anti-skimming method that alters the information on the magnetic stripe by changing the bustle or gesture of the card while it is swiped or dragged into a card reader or ATM. Jitter is intended to make unreadable any type of information that has been copied from a skimmer, and therefore the information will be unusable.


    Keylogging

    A keylogging program logs the keypresses on a device. Fraudsters covertly download these onto devices through various methods, and then read the keys recorded in order to discover things like the victim’s passwords or bank details.


    Keystroke Dynamics

    Keystroke dynamics or typing dynamics refers to the automated method of identifying or confirming the identity of an individual based on the manner and the rhythm of typing on a keyboard. Keystroke dynamics is a behavioral biometric, which means that the biometric factor is 'something you do'.


    Keystroke Logger

    A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard. Keylogger software is also available for use on smartphones, such as Apple's iPhone and Android devices. Keyloggers are often used as a spyware tool by cybercriminals to steal personally identifiable information (PII), login credentials and sensitive enterprise data.


    Kickbacks

    A kickback is an illegal payment intended as compensation for favorable treatment or other improper services. The kickback may be money, a gift, credit, or anything of value. Paying or receiving kickbacks is a corrupt practice that interferes with an employee's or a public official’s ability to make unbiased decisions. It is often referred to as a bribe.


    KYC (Know Your Customer)

    Know Your Customer (KYC) refers to due diligence that banks and other financial institutions must perform on their customers before doing business with them. Know your customer policies are usually required by governments and enforced by bank regulators to prevent corruption, identity theft, financial fraud, money laundering and terrorism financing. Most Know Your Customer frameworks are based on four components: 1) customer identification, 2) customer acceptance, 3) transaction monitoring and 4) ongoing risk management. Requirements vary by country, but the collection of basic identity documents, comparison against certain name lists ('politically exposed persons' or PEP lists, for example), and analysis of transaction behaviors are most common.


    Law Enforcement

    Law enforcement could be described as a system where a number of members of society act in a systematic way to enforce the law, determining, discouraging, assimilating or even punishing those who break the rules and regulations that are known and governed by that society.


    Lending

    Lending (also known as "financing") in its most general sense is the temporary giving of money or property to another person with the expectation that it will be repaid. In a business and financial context, lending includes many different types of commercial loans. Lenders are businesses or financial institutions that lend money, with the expectation that it will be paid back, generally with some type of interest. The lender is paid interest on the loan as the cost of receiving the loan. The higher the risk of not being paid back, the higher the interest rate.


    Level of Assurance

    A Level of Assurance, as defined by the by ISO/IEC 29115 Standard, describes the degree of confidence in the processes leading up to and including an authentication. It provides assurance that the entity claiming a particular identity, is the entity to which that identity was assigned.


    Liability Shift

    Liability shift generally refers to the responsibility of covering the losses from fraudulent transactions moving from the merchant to the issuing bank when the merchant has authenticated the transaction using any of the 3D Secure (3DS) protocols. If the merchant does not authenticate the credit card transaction with a 3D Secure method, the merchant remains liable for chargebacks and fraud losses.


    Log File

    A log file is a file that keeps a registry of events, processes, messages and communication between various communicating software applications and the operating system. Log files are present in executable software, operating systems and programs whereby all the messages and process details are recorded. Every executable file produces a log file where all activities are noted.


    Login

    A login is a set of identifications used to validate a user: this generally involves a username and password that allows a person to log in to a computer system, network, mobile device, or user account. A login might contain further information, such as a PIN number, passcode, or passphrase. Logins are usually used by websites, computer applications, and mobile apps to verify a customer's identity. They are a safety measure aimed to avoid illegal access to private data or assets.


    Login Authentication

    The process that recognizes and validates a user's identity is known as login authentication. A common example is having to enter both a username and password into a website in order to gain access to an account.


    Lottery Scam

    A lottery scam is a type of advance-fee fraud which begins with an unexpected email notification, phone call, or mail-letter (sometimes including a large check) explaining that "You have won!" a large sum of money in a lottery. The recipient of the message—the target of the scam—is usually told to keep the notice secret, and is then solicited for some amount of money in order to "confirm" the prize they have won.


    Loyalty Points Fraud

    Loyalty points fraud occurs when a fraudster gains access to somebody else's loyalty rewards points account, and then redeems these points for products that will benefit the fraudster. This type of fraud is becoming more popular as card fraud becomes harder, and because loyalty point accounts aren't checked for malicious behavior very often, allowing this fraud to go undiscovered for long periods.


    Machine Learning

    Machine learning (ML) refers to the development of computer algorithms and statistical models to perform predictions and specific tasks without explicit instructions, rather using inferences and patterns instead. Machine learning is a subset of artificial intelligence and generally falls into two main categories: 1) supervised learning, in which the outcomes are known and labelled in training data sets and 2) unsupervised learning, in which no outcome is known and the goal is to have items self-organized into clusters based on common characteristics or features. Supervised learning uses techniques like neural networks, bayesian models, regression models, statistical models, or a combination thereof. Unsupervised learning uses techniques like k-means clustering and is often used for anomaly detection. Some computer systems have the ability to “learn” or make progressive improvements on a task based on algorithms and subsequent outcomes. As an example, machine learning in fraud prevention allows algorithms to make immediate decisions on new transaction decisions, but over time "learn' from the outcomes of the purchases and from that new data, self-correct to make increasingly accurate predictions going forward. The fastest and most reliable path towards the learning component relies on analysts’ insights, assisted by machine-learned predictions, to make well-informed decisions.


    Mail Fraud and Wire Faud

    Mail fraud and wire fraud are federal crimes in the United States that involve mailing or electronically transmitting something associated with fraud. Jurisdiction is claimed by the federal government if the illegal activity crosses interstate or international borders.


    Mail Order Telephone Order (MOTO)

    Mail Order Telephone Order (MOTO) is a type of card-not-present (CNP) transaction in which services are paid and delivered via telephone, mail, fax, or internet communication. With the introduction of chip technology on most cards, there has been reduced fraud in “card present” transactions, but a corresponding increase in fraud in CNP transactions. The word stands for “mail order telephone order,” although those types of financial transactions are increasingly rare. MOTO has, therefore, become synonymous with any financial transaction where the entity taking payment does not physically see the card used to make the purchase.


    Malware

    Malware is software that is intentionally designed to cause damage to a computer, client, server or the network of a computer. Hostile, intrusive, and intentionally nasty, malware seeks to invade, damage, or disable computers, often by taking partial control over a device’s operations.


    Man-In-The-Browser

    A man-in-the-browser is a type of online threat, where a hacker uses a trojan horse virus to gain access to your computer. From there, the hacker manipulates the content you see within your web browser, which can allow them to record your personal information and passwords, as well as manipulate your transactions so that the money you think you are spending on an online product actually goes to the hacker, without anything looking any different from normal on that webpage.


    Man-In-The-Middle

    Man-in-the-middle (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.


    Manpower Direct and Indirect Costs

    Manpower Direct Costs include wages for the employees that produce a product, including workers on an assembly line, while indirect costs are associated with support labor, such as employees who maintain factory equipment.


    Manual Review

    Manual review is a technique that can be performed in-house or may be outsourced to or managed by a third party vendor. In either case, staff members perform manual checks on orders to determine the authenticity of an identity and transaction to establish which orders are fraudulent.


    Manual Submission

    Manual submission describes when somebody adds URLs to a search engine manually, filling out the form fields individually. This differs from automatic submissions, which involve filling out information only one time; the necessary information is then used by a software program to submit to many search engines.


    Marketplace

    A marketplace is the real, virtual or metaphorical space in which a market operates. The term is also used in the trademark law context to denote the actual consumer environment, i.e. the 'real world' in which goods and services are provided and consumed.


    Marketplace Fraud

    What is Marketplace Fraud?

    Marketplace fraud is the illegal practice of making false or misleading claims through a company. This includes exaggerating the qualities of a product or service in advertising, selling imitations as the genuine article, or hiding negative aspects or side effects. False advertising is a type of the marketplace fraud.

    An online marketplace creates a streamlined process for buyers and sellers to find one another. The first wave
    of digital marketplaces came about with eBay’s launch in 1995. More product-focused marketplaces like these followed swiftly, from Amazon to WALMART's Jet.com.

    Since then, online marketplaces have evolved to combine products and services. Whether it’s to buy something, rent a living space or get a ride, these marketplaces have spanned across various market segments from food to crowdfunding.

    Marketplace Fraud Inforgraphic

    Types of Marketplace Fraud

    1. Fake Profile or Product Fraud - Common on marketplaces like Wish.com or Alibaba, a fraudulent seller copies the profile of a legitimate seller in order to deceive victims and turn a profit. This is damaging to the original sellers as well, as business is stolen. A potential customer is lost, and in some cases may never even receive a product.
    2. False Advertising - Misleading representation of goods or services through false or fraudulent claims or statements.
    3. Fake Buyer and Seller Closed Loop Account Fraud - A fraudster creates multiple fake buyer and seller accounts created. The fake buyers pay the fake seller for nonexistent items or services using stolen credit cards.

    How to Stop Marketplace Fraud

    Stopping marketplace fraud can be difficult for businesses. Keeping an important eye on marketplaces with similar products is vital to deter product fraud. Additionally, keeping an eye on your own customers, and those who purchase with fraudulent information, might indicate further resellers. Keeping tabs not only on public marketplaces, but the needs of those who are trying to manipulate the deep web, is another practice that will keep you ahead on the latest fraud trends.

    The best way you can improve your fraud prevention on either sides of the market is by relying on ecommerce fraud prevention softwareMachine learning fraud detection leverages billions of consortium transactions and outcomes to detect fraud.  This is done at every stage of the customer life cycle, in real-time to detect unusual transaction patterns. AI crawlers that scan the deep and dark web keep the system up to date without the need to constantly set new rules in the software. 

    Fraud.net addresses these problems with a comprehensive and flexible fraud prevention platform, including AI / Deep Learning models, consortium fraud data, highly customizable case management and advanced analytics.

    Learn More


    Medical Fraud

    Medical fraud is a type of white-collar crime that involves the filing of dishonest health care claims in order to turn a profit. Health care fraud influences insurance rates every day, causing premiums individuals pay to rise to cover the insurance companies’ losses.


    Medical Identity Theft

    Medical identity theft occurs when somebody illegally accesses and uses a patient's personally identifiable information (PII) to obtain medical treatment, services or goods. The stolen information may be used to open credit card accounts or obtain medical services such as treatment at an emergency medical crisis location.


    Merchant Account

    A merchant account is a type of bank account that allows businesses to accept payments made by debit or credit cards.


    Merchant Account Provider

    Merchant account providers give businesses the opportunity to accept debit and credit cards for the payment of goods and services. This can be conducted face-to-face, over the phone, or even over the Internet.


    Merchant Chargeback Insurance Provider

    Is 3D Secure a better alternative to Chargeback Insurance?  We think so.
    Contact us to learn why.

    Chargeback insurance is an insurance product that protects merchants who accept credit card payments. The insurance protects the merchant against fraud in transactions where the use of the credit card was unauthorized, and covers claims arising out of the merchant’s liability to the service bank.


    MFA (Multi-Factor Authentication)

    What is Multi-Factor Authentication (MFA)?

    MFA or Multi-Factor Authentication, also called Step-Up Authentication, is an approach to security authentication, in which the user of a system provides more than one form of verification to prove their identity and be granted access. Multi-factor authentication is so named because it leverages a combination of two or more factors of authentication. In the field of cybersecurity, the three major factors of authentication and verification are: 1) something a user knows (such as a password or the answer to a question), 2) something the user has (such as a smart card, a mobile phone or a security token), and something the user is (such as a unique biometric marker like a fingerprint).

    Multi-Factor Authentication Infographic

    Why is MFA Important?

    Reducing risks is key for businesses organizations, no matter the size. As further organizations cultivate a digital workspace, credential harvesting is increasing.  According to a report from Verizon, for example, over 80 percent of hacking-related breaches are caused by stolen or weak passwords.  With this in mind, MFA becomes essential.

    Multi-Factor Authentication Example

    Fraud.net offers Multi-Factor Authentication as a feature within our Fraud Prevention Suite.   

    Here's how it works:

    Fraud.net's multi-factor authentication feature gives fraud analysts the ability to send a verification text message to the phone number of a transaction. The purpose of this is to authenticate that the phone number within the transaction is owned by the person who actually placed the transaction. A Yes/No question will be sent to a phone and then based on the response the transaction, it can be auto-cancelled, auto-approved or sent to a queue for further review.

    1. When a fraud analyst is reviewing a transaction, they can select the option to authenticate the transaction (Send MFA) from the dropdown menu in the top right corner:

    Multi-Factor Authentication Example

     

    2.  The fraud analyst will then confirm that they would like that message sent:

    Multi-Factor Authentication Example

     

    3. The admin, from the business profile page, can manage what the message says and what action occurs based on the reply. The admin can also manage what happens when no reply is received and the time frame for the reply. The default question reads as "$business name$ here. We received a transaction from $firstname$ $lastname$ for $amount$ on $orderdate$. Was this you?"
    Reply Yes or No"

     

    4. The transaction remains in a pending authentication queue until there is a response or it expires.

     

     

    Interested in learning more or enabling Multi-Factor Authentication within your Fraud Prevention Solution?

    Speak with a Specialist Now


    Misrepresentation

    Misrepresentation is a concept of English law, which describes when a party uses misleading statements or facts in negotiations to induce the other party to take certain actions.


    Mobile

    A "mobile" is a term used for phones, stemming from the term "mobile phones", which differs from their predecessor, wired or immobile phones. A mobile phone is a portable device whose primary use is to "call" other phones, allowing for a conversation to be had from pretty much any two places in the world between these two devices.


    Mobile Device Analysis

    Mobile device analysis is a branch of digital analysis that refers to the recovery of digital evidence or data from different mobile devices under the analysis of a sound condition. Mobile devices are used to save different types of personal information such as contacts, notes, calendars, and to communicate with others.


    Mobile Phone Fraud

    Mobile phone fraud is simply any fraud that involves the use of mobile phones. One type of this fraud is call-forwarding fraud, where a fraudster tricks a victim into mistakenly forwarding their phone calls to another number.


    Money Laundering

    Money laundering is the process of concealing the origins of illegally obtained money by going through a complex sequence of bank transfers to make the money look as if it came from a legitimate source or business transactions.


    Money Mules

    People who receive money into their account and transfer it elsewhere for a fee. It is usually done for money laundering, which makes money mules complicit in illegal crimes. 

    Like with address drop scams, money mules are often unaware they are helping criminals. They are commonly found via fake job posts, and hired under false pretenses, for instance forwarding money to a charity in a foreign country.


    Monitoring

    The term monitoring refers to the observing and checking of the progress or quality of something over a period of time. Monitoring services generally ensure the security and authenticity of something over time.


    Mortgage fraud

    Mortgage fraud is a crime in which the fraudster omits information on an application for a mortgage loan to obtain to greater loan than they would likely normally be eligible to recieve.


    Mousetrapping

    Mousetrapping is a technique used by websites to keep its visitors on the website for longer, and also to force visitors to engage with their website. It may occur from a website launching pop-up ads to delay the user from exiting the page.


    Multichannel Merchanting

    Multichannel merchanting describes the process of trying to sell products to both current and potential users through a variety of channels.


    Near-Field Communication

    Near-Field Communication, also known as NFC, is the set of communication protocols that allow two electronic devices to share information with one another based on their proximity to each other. NFC devices are used in contactless payment systems, allowing mobile phones to act as or supplement a credit or debit card in a transaction.


    Network Effect

    Network Effect, is a phenomenon in which a good or service gains additional value as more consumers use it. Technically, the term refers to the effect that one individual user of a product or service has on the value of that product or service to other people. The value of a product or service increases as more people use the product.


    Neural Network

    A neural network is a progression of algorithms that attempt to copy the manner in which the human cerebrum works in order to draw connections between different pieces of information. Neural systems can adapt to the evolution of inputs; in this way the system produces the most ideal outcome even when dealing with not-before-seen information.


    Omnichannel

    Omnichannel is a cross-channel content approach that companies use to improve their user experience. Instead of working in comparable communication channels, communication channels and their support resources are planned and organized to collaborate. Omnichannel indicates the combination and also the arrangement of the channels so that the experience will be attractive across all channels.


    On-Premise Software

    On-premises software (also known as on-premise, and shortened "on-prem") is implemented and activates on computers on the premises of the individual or company using the software, rather than at a distant facility such as a server farm or cloud. On-premises software is occasionally referred to as “shrinkwrap” software, and off-premises software is usually named “software as a service” ("SaaS") or “cloud computing”.


    One-time Password

    One-time Password is a password that is valid for only one login session or transaction, on a computer system or other digital device. This means that a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction will not be able to abuse it, since it will no longer be valid.


    Open Authorization

    Open Authorization, sometimes called OAuth, is an open standard for access allocation, usually used as a method for Internet users to give websites or applications access to their information on different websites but without providing them with the passwords. This method is used by some companies such as Amazon, Google, Facebook, Microsoft and Twitter to allow the users to share their account information with third parties, such as applications or websites.


    OpenID

    OpenID is an open standard and decentralized authentication protocol in which a user can create their own account by selecting an open ID identity provider, then after that, this account can be used to sign onto other websites. It allows users to be authenticated by co-operating sites using a third-party service, eliminating the need for webmasters to provide their own ad hoc login systems.


    Out-of-band Authentication

    Out of band authentication (OOBA) is a term for a process where authentication requires two different signals from two different networks or channels. These kinds of more sophisticated authentication prevent many kinds of fraud and hacking. Out-of-band authentication will effectively block many of the most common kinds of hacking and identity theft in online banking.


    Pagejacking

    Pagejacking is the process of illegally copying legitimate website content (usually, in the form of source code) to another website designed to replicate the original website. A pagejacker's intention is to illegally direct traffic from the original site to cloned Web pages. Pagejackers rely on search engines to index bogus site content to enable search result ranking and display with the original site.


    Pass-Along Rate

    A pass-along rate represents the percentage of people who pass on a message or file. Indeed, pass-along rates are a measure of word-of-mouth marketing. Objects typically passed include email messages, Web pages and multimedia files. Content typically passed includes humor and entertainment, late-breaking news, shopping specials, and technical gizmos.


    Passive Authentication

    In a passive authentication scenario a user is directed to a login page, and after logging in, the site directs the user back to the URL and allow the user to be authenticated on that site. The passive authentication can be achieved by using WS-Federation protocol or SAML 2.0.


    Payables Fraud

    Payable fraud, also known as AP fraud, is among the most ubiquitous and damaging of frauds that affect businesses of all sizes. It's also among the easiest frauds to perpetrate, since most of the money leaving a company legitimately goes through the accounts payable function.


    Paying Personal Expenses

    Paying personal expenses refers to the expenses of an individual that are not related to business or investment purposes. Personal expenses are not deductible unless specifically allowed under the tax law. Two examples of deductible personal expenses are medical expenses and personal property tax paid on personal-use property. Deductible expenses are returned when an employee creates and sends an invoice to the company, and in return the company will give them the money to pay those personal expenses.


    Payment Application Data Security Standard

    Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors to develop secure payment applications that support PCI DSS compliance.


    Payment Fraud

    Payment fraud is a blanket term for a variety of different frauds that all center around using false information or unauthorized means to make a purchase. This type of fraud can roughly be categorized into three kinds of situations; relating to fraudulent or illegal transactions, misplaced or stolen goods, and false requests for reimbursements or returns on goods.


    Payment Gateway

    A Payment Gateway processes credit card and debit card payments, as well as other forms of electronic payments, primarily on behalf of e-commerce and brick-and-mortar merchants. The Payment Gateway is responsible for authenticating, standardizing and relaying transaction data between the merchants and the payment processors. The payment gateway responsibilities include securing payment data according to PCI DSS standards, securely sending transaction data to the payment processor, and storing the transaction and subsequent settlement, refund and other financial event data for later access by the merchant. Banks often own the payment gateways, but payment service providers (PSPs) like PayPal, Square or Stripe can also create their own Payment Gateway software.


    Payment Threshold

    A payment threshold defines a situation in online marketing where an associate has to meet a certain criteria, generally a number of sales, before being paid by the affiliate company for their services.


    Payment Verification

    Payment Verification describes the set of procedures that allow customers to verify or confirm the payment they have made after purchasing any product or service. This set of procedures can usually be conducted through the Internet by the customer itself.


    Paypal Fraud

    PayPal fraud is fraud related to using the paypal payment system. It can be initiated or performed through emails, phishing sites, malevolent ads, doubtful links, and many more. These scams try to appear authentic in order to trick users into releasing personal information, such as usernames and passwords, or to illegally obtain payments and payment info.


    Payroll Fraud

    Payroll Fraud is a category of accounting fraud typically carried out by people who have access to employee information, their incomes or their wages. Companies that have not applied the accurate controls in their financial section – particularly in times of financial distress – will face more complex fraud risks than other companies.


    PCI Compliance

    What is PCI Compliance?

    Payment card industry (PCI) compliance refers to the practical and operational principles that companies need to follow to ensure that credit card information provided by cardholders is secure. PCI compliance is prescribed by the PCI Standards Council, and all companies that automatically store, process or convey credit card data are required to follow these procedures. Created in 2004, PCI compliance aims to secure credit and debit card transactions against data theft and fraud.

    PCI Compliance Infographic

    Compliance is validated on an annual or quarterly basis and evaluated by a PCI auditor. The system is divided into four levels. Methods range depending on the volume of transactions handled:

    1. Highest Level (1): Applies to companies who process more than 6 million credit or debit card transactions annually. These merchants must have an internal audit once a year. Additionally, merchants must submit to a PCI scan by an Approved Scanning Vendor (ASV) each quarter.
    2. Level 2: Applies to companies processing between 1 and 6 million annual credit or debit card transactions. Requirements include a yearly Self-Assessment Questionnaire (SAQ). A quarterly PCI scan may also be required.
    3. Level 3: Applies to companies processing between 20,000 and 1 million transactions annually. They must complete a yearly SAQ. A quarterly PCI scan may also be required.
    4. Level 4: Applies to sellers processing less than 20,000 transactions annually. These merchants must complete a yearly SAQ. A quarterly PCI scan may also be required.

    Basics Needed for PCI Compliance

    1. A Secure network with original passwords.
    2. Secure and encrypted cardholder data.
    3. Vulnerability management.
    4. Anti-virus software that is used and regularly updated.
    5. Secure systems and applications for users.
    6. Restricted and controlled access to cardholder information.
    7. Consistent network monitoring and testing.
    8. Information security policy and maintenance of that policy.

    PCI Compliance and Digital Payments

    With the rise in new payment technologies, such as contactless payments and digital wallets, payment fraud has never been more sophisticated Likewise, the financial rewards for the perpetrators have never been greater.

    These new changes will affect all industries, from banking to e-commerce. Experts believe these new technologies will soon represent the majority of all transactions.

    Since then, fraudsters have taken advantage of businesses ' limited ability to adapt. Even among well-funded organizations, resources may not be used properly. For example, key resources and critical forensic data, investigative expertise, and data science capabilities are broadly scattered. Actions occur across cybersecurity, accounting, fraud, compliance, legal, and IT departments. With this comes little coordination or sharing in between departments. This is where PCI compliance is vital, and also where fraudsters have opportunities.

    PCI Compliance and Beyond

    Combat fraud leveraging data science and analytics, gradually moving away from a narrow focus on false positives and loss prevention. Harness Fraud.net’s capabilities to reduce losses, detect and prevent emerging fraud, and enhance the customer experience. Get in touch with us today to learn more.


    PCI DSS

    The Payment Card Industry Data Security Standard, also known as PCI DSS, is an IT security standard for companies that handle branded credit cards from the major card providers. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.


    Persona

    A persona is an artificial profile for a type of customer, created on certain identifying criteria. Personas are generally used in marketing efforts as a way of figuring out how to best target different segmented audiences.


    Personal Details Compromise

    Personal Details Compromise, also known as a data breach, is the planned or unplanned relief of protected or confidential data in an unreliable environment. Other types of this occurrence include unplanned data revelation, data leaks and data spills. A data breach is basically a security occurrence in which delicate, secured or confidential data is imitated, conveyed, observed, taken or used by a person who is not entitled to do so.


    Personal Information

    Personal Information can be described as any accurate or personal information, whether documented or not, about a recognizable person. Personal Information can include name, e-mail, address, civilization, race, identification number, occupation history, and other more related information.


    Personally Identifiable Information

    Personally identifiable information is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.


    Phantom Debt

    Phantom debt collection fraud appears in many variants, but the most common component among them is the claim that a customer is indebted and has to pay it, or else they will incur heavy penalties. Regardless of whether the customer really took out a loan or not, they may accept a call later during which they will be asked to pay the money of the loan.


    Pharming

    Pharming is a cyber-attack aimed at exchanging traffic from an official website to a different website. The second website is usually a copy of the original, designed to gather personal information such as credit card numbers. Pharming could be performed either by varying the hosts folder on a victim's computer or by misusing a weakness in DNS server software. Pharming involves undefended access to a target computer, such as a customer's home computer, rather than a corporate server.


    Phishing and Pharming

    Phishing and Pharming are two methods of cyberattacks to lure a victim to false websites in order to send them malware or get his/her personal information. Phishing involves getting a user to enter personal information via a fake website. Pharming involves modifying DNS entries, which causes users to be directed to the wrong website when they visit a certain Web address.


    Phishing Kit

    The phishing kit can be described as a collection of several software programs that allows an individual to manage and launch specific types of campaigns and phishing scams. The phishing kit makes it easy for those with even few technical skills to launch some kind of phishing exploit.


    Phishing Schemes

    Phishing schemes involve getting a user to enter a website and input their personal information for the fraudster to then steal and take advantage of. This website often times emulates the design of a legitimate business's website, in the hopes of tricking people into entering their information on a site they think is real and trustworthy. Phishing is usually performed through deceptive emails or phone calls, but other methods exist.


    Plagiarism

    Plagiarism refers to the illegal act of copying someone’s work and presenting it as one’s own original work. This act may include the stealing of handwriting, online drawings, or any other online aspect that can be stolen and presented as original. Plagiarism is believed to be a crime in almost all the countries over the world.


    Platform

    On the internet, a platform refers to a virtual space where a company, a person, or a community can create its own page or website, or even a network that can serve the people who come to visit. This type of business is referred to an e-commerce and most international organizations have their own online platforms.


    Point-To-Point Encryption

    P2PE, or point-to-point encryption, refers to all the processes and tools involved in protecting different online procedures and actions throughout all steps of the process. It is usually provided by a third-party, and often when an organization purchases this solution from an outside party, that party will then help the company in setting up the encryption.


    Policy Violation

    A policy violation occurs when a user records an expense with details violating the company's expensing policies. There are different types of sanctions which are put in place in the event of a breach of policy, and some of these sanctions are set by the authorities. Policies and sanctions can differ across fields and organizations, based on many different factors.


    Privacy

    Privacy is the practice or idea of keeping certain information a secret from a certain group. It also describes the capability of the individual to protect the information he or she considers personal.


    Processing Unauthorized Payroll

    The processing of unauthorized payroll refers to the act of identifying whether payroll has been calculated for an unauthorized person in the organization's list. This process is done to prevent payroll fraud, where a payroll manager knowingly approves fraudulent payroll transactions, generally with the purpose of taking that money for themselves.


    Proofing

    Proofing refers to the act of verifying and authenticating the identity of legitimate customers. Identity proofing is required when a person wants to withdraw money or take any other confidential information from online resources.


    Proxy Piercing

    Proxy piercing refers to a technology that enables hosts to determine whether a person is making a proxy purchase or not. A proxy purchase describes a transaction made where the original IP of a customer is disguised via the use of a proxy server. Proxy piercing allows one to see if there is a proxy being used by a customer attempting a transaction, and then depending on the level of the piercing program, will "pierce" the proxy server and determine the original IP of the transaction. At an even higher level, proxy piercing can also determine the physical location of that user.


    Purchase Amount Filter

    A purchase amount filter is a technology, method, or practice that allows e-commerce website hosts to identify or prevent scams that occur with ease by setting up limitations on the amount of a product that can be purchased at one time.


    Pyramid Schemes

    A pyramid scheme is a fraudulent business model where an initial group of people recruit others to join their company, but charge them an upfront-fee in order to become an employee, and then urges those new employees to recruit others and get up-front fees from them as well. As new recruits join, their upfront fees go towards paying earlier members of the pyramid scheme, and so the goal of the business is really just to trick people into joining the company and paying this fee; the company may have an actual product to sell, but selling the product is often not the focus of this business.


    Ransomware

    Malware that blackmails the user in order to have the program be removed. It is a virus that blocks access to a computer via encryption, unless a certain sum is paid (generally through cryptocurrencies to maintain anonymity). The criminals usually threaten to delete important files, or disable the entire computer if the money isn’t paid by a certain deadline.


    Real-Time Risk Management

    Real-time risk management is a process which enables a person to handle risks associated with payments as the payment happens. It allows the person to effectively ensure that all the transactions are being carried out in a proper way, and can be denied at the business owner's discretion in case they believe a purchase to be fraudulent. This solution can be provided by a third-party as well.


    Record Destruction

    Record destruction refers to the process of illegally destroying information stored in the form of documents. This is an ethically wrong practice and if spotted within an organization can lead to the termination of that person's employment.


    Relying Party

    Relying party or third party is a computer term used to refer to a server providing access to a secure software application. Claims-based applications, where a claim is a statement an entity makes about itself in order to establish access, are also called relying party (RP) applications. Actually RP refers to the person who provides services to the customer not directly but just by connecting the customer to the actual seller. Usually, the host or the merchant has to identify the real party that is delivering services to the customers.


    Reshipping Fraud Scheme

    In a reshipping scam, the criminals purchase high-value products with stolen credit cards and recruit willing or unsuspecting people (reshipping mules) to receive and forward the packages on behalf of the criminals. In the package, there will be stolen items and in case of arresting, the re-sender will be arrested first.


    Retail Loss Prevention

    Retail loss prevention is actually a set of practices and methods which are employed by retail companies to preserve profit, so to ensure that there are as few scams associated with transactions as possible. Profit preservation is any business activity specifically designed to reduce preventable losses. Usually, most crimes are related to retail and in order to minimize this risk, these practices are adopted by the retailer, and are known as retail loss prevention methods.


    Return On Investment (ROI)

    Return on investment (ROI) is a performance measure used to evaluate the efficiency of an investment or compare the efficiency of a number of different investments. ROI tries to directly measure the amount of return on a particular investment, relative to the investment’s cost.


    Risk Assessment

    Risk assessment is the systematic process of evaluating the potential risks that may be involved in a projected activity or undertaking. To assess the risks, different tools and methods can be utilized. In addition, risk assessment also involves determining the likelihood of risks that will threat the system in the future.


    Risk Management

    Risk management describes the process and practices of companies in attempting to prevent malicious or fraudulent activity from occurring within their systems, as well as addressing any other issues that would create financial risks. It can be more simply defined as the practice of forecasting and evaluating potential financial risks alongside identification procedures that aim to avoid or minimize their impact.


    Risk-Based Authentication

    Risk-based authentication is a non-static authentication system which takes into account the profile(IP address, User-Agent HTTP header, time of access, and so on) of the agent requesting access to the system to determine the risk profile associated with that transaction. False insurance claims are insurance claims filed with an intent to defraud an insurance provider.


    Rules Engine

    A rules engine is a software system or a program that is capable of executing one or more than one business rules in an environment of run time production. The rules might be coming from a company policy, legal regulation, or some other sources. Most organizations tend to them.


    Rules-Based Fraud Detection

    Rules-based fraud detection identifies fraud based on a set of unusual attributes, including unusual time stamps, account numbers, transaction types, and amounts, among other criteria.

    How Rules-Based Fraud Detection Works

    This methodology of fraud detection operates on a set of "rules", or a set of conditions that when detected, signify potentially fraudulent transactions.

    rules based fraud detection

    Rules commonly include:

    • Location - if a transaction occurs outside of the usual location of the user. For example, if a user whose purchases commonly occur in Santa Fe suddenly has a transaction appear in rural Ohio, or Eastern Europe.
    • Frequency - If a user rarely uses an account that suddenly lights up with transaction activity. Further, if an account number is used in a variety of transactions with little to no connection, or if there is an unusually high amount of small transactions for the user.
    • Sender/Receiver - If a user receives payments in large amounts from multiple newly created accounts. On the other hand, if someone from the same IP address is creating multiple credit card accounts in a short period of time and sending money.

    The Gatekeeper

    If a transaction does not fulfill any of these rules that define a fraudulent transaction, it goes through as a non-fraudulent transaction. The system serves as a gatekeeper - it lets some transactions through, but flags or denies others based on what rules they satisfy. Unfortunately, this gatekeeper fails sometimes, with false positives and negatives.

    Strengths and Vulnerabilities

    Rules-based systems effectively detect fraud based on a set of rules, cutting human intervention down, therefore lowering overhead security costs for businesses. Despite this, there are some weak spots that rules-based systems could address.

    Vulnerabilities

    1. Blind Spots

      These systems contain blind spots, areas which rules do not cover. In these situations, fraudsters spoof transactions or circumvent existing rules. Traditional systems rely on rules set by human security officers, and must manually be updated in response to threats. Between the updates, fraudsters take advantage of blind spots.

    2. Lack of Data

      Rules-based systems work best with a large aggregation of data, to better address all vulnerabilities that institutions face. If an institution is limited to a small data pool, it cannot accurately and effectively identify fraudulent transactions. This is also true in machine-learning systems.

    3. Incorrect Data

      A rules-based system works best when the human security officer sets useful and effective rules. Incorrect or badly defined rules lead to lower fraud detection and false positives.

    Strengths

    1. It Works Quickly

      The benefit of rules-based systems is their low complexity. They scan through all transactions and identify fraud based on rules, allowing for more transactions to be screened quickly. This, combined with machine-learning systems for more sophisticated attempts, provides great security for transactions.

    2. Transparency

      Because rules-based systems operate based on what rules are satisfied, they are easy to interpret, or "transparent". If an issue arises in reporting, such as a false positive or negative, human intervention can quickly identify and correct it.

    3. Simplicity

      In some cases, keeping it simple is actually better - this holds for rules-based system implementation. Rules-based fraud detection systems are easy to develop and validate, and they work rather quickly in operation. While rules-based systems are not necessarily a "set it and forget it" solution, their simplicity offers quick and easy implementation.

    Rules-Based Fraud Detection and Machine Learning

    Algorithmic fraud detection, better known as machine-learning-based fraud detection, operates similarly to rules-based fraud detection. However, instead of relying on human intervention to quality check and update rules as it gathers more information, these systems do this work automatically. Algorithmic systems change their rules and responses based on both past and emerging threats. The human intervention occurs mostly at the data input stage and the quality assurance stage at the end of the process. In any case, algorithmic models cut the necessity for human intervention down significantly, saving institutions money in overhead and labor.

    Rules-Based Fraud Detection and Protection with Fraud.net

    Fraud.net has a large suite of products that operate using a combination of rules-based processes, artificial intelligence, and machine learning. These products offer top-of-the-line security against fraud attempts, and self-regulate based on both your and your consumers' transaction behavior.

    Learn More


      Run of network (RON)

      Run of Network, or RON, is actually a form of internet marketing where an online advertising campaign is applied to a wide collection of websites without the ability to choose specific sites. In run-of-network advertising, advertisers generally give up say over placement in return for low rates and broad reach. Ads may be placed randomly in unsold, less valuable portions of sites within an ad network.


      Sales Scam

      Sales scams are a type of crime associated with online retailing, where money is snatched from the users without delivering the products. On the other hand, a scammer solicits payment and delivers counterfeit goods. Sales scams are also known as “consumer scams” or “business fraud”. Scammers use a variety of e-commerce fraud methods to commit crimes and fool customers:

      sales scam definition

      Types of Sales Scams

      Classified Scam

      In a classified scam, an online retailer lists merchandise on classified websites like Craigslist, eBay, or Backpage without actually possessing that merchandise. A scammer lists photos, details, and “reviews” to fool a customer into purchasing, but steal information from legitimate listings. They often advertise a lower price compared to similar items in that category, further enticing a customer to buy it.

      However, once the buyer shows interest, the scammer dodges face-to-face interaction. They claim to have moved and that a friend or agent will deliver following payment. The customer pays, never receives the goods, and cannot contact the seller or the “agent” for a refund.

      Scammers take these same steps when listing cars or rental properties, making excuses as to why the customer cannot inspect them. They increase the urgency of the purchase by saying that they’re being deployed or have to leave their property soon. They ask for payments as a “deposit” for interest, but the customer never receives keys to the rental properties or for the car.

      Health and Medical Product Scam

      This type of fraud takes advantage of both the trustworthiness of health professionals and distrust of common medical practices. In some cases, a scammer builds a fake online pharmacy with listings that resemble legitimate items found at recognizable retailers. On this website, they list wellness products, medicines, and drugs at cheap prices without prescription requirements.

      When the customer pays the retailer for these goods, they never deliver them. If the customer does receive the products, they are likely counterfeit and filled with dangerous chemicals that damage their health.

      Furthermore, scammers offer “miracle cures”, quick and easy remedies for a health issue or medical condition. These scams weaponize alternative medicine, advertising as cure-alls for serious conditions. They claim to be able to treat AIDS, cancer, the common cold, and many other diseases, but are not backed by reputable doctors or studies.

      Scammers deflect criticism by claiming a “medical industry conspiracy” to silence them, and some customers believe them and buy their products. However, these products are usually not proven safe for human consumption, lack reputable research, and interact with current medications, all potentially harming the customer.

      Cosmetic and Skincare Product Scam

      Scammers list counterfeit cosmetics, often manufactured using cheap and harmful materials, on several online retailers or sell them in street stalls in major cities. They advertise products as reputable legitimate goods, label them with benefits such as “anti-aging”, and sell them at a major discount compared to the real product. Unfortunately, counterfeit products contain cheap or dangerous ingredients like arsenic and cadmium, high levels of abrasive metals, and bacteria from urine or feces. These products cause adverse skin reactions such as eye infections, acne, and rashes. They may also cause various forms of cancer due to the highly carcinogenic materials.

      Psychic/Clairvoyant Scam

      Most people recognize this type of scam. Scammers claim a customer is in some sort of trouble or “see” a positive event in their future. They offer a solution or help through “winning” lottery numbers, removing a jinx, or offering protection. If the customer refuses to bite, some scammers threaten to invoke a curse or bad luck charm on them. When a customer does pay, the scammer sends them a worthless item or absolutely nothing, or warns of a future event and promises to protect them for ongoing payment. Often, clairvoyant scams lead to a customer being added to a victim list, leading to more scam approaches like lottery or inheritance scams.

      Lottery/Sweepstakes Scam

      In these, scammers tell victims that they can access lottery winnings or inheritance if they pay a fee. They say a customer has been “selected” as part of a sweepstakes or to use an offer. If they send the message through email or text, they often ask the customer to click a link leading them to a fake web page and pharming their information. Also, that link may be corrupted and make the customer vulnerable to a phishing attack. On the other hand, if they call, they often ask for a credit card or identity information to then use for fraudulent purchases and identity theft.

      Auction Scam

      Scammers advertise on auction sites like eBay, misrepresenting the product, shipping a low-quality counterfeit, or delivering nothing at all upon sale. They often relist the item with the same information to scam another customer. These scams tend to reap a high reward for scammers due to the nature of online auctions. In addition, foreign auction websites prevent domestic customers from rectifying issues if they don’t receive the product they bid for.

      Affiliate Scam

      Scammers pose as international companies willing to ship goods to domestic sellers for commerce. They contact individuals, offering a chance to sell high-end items at reduced prices but fail to deliver once the individual makes the sale. Consequently, the buyer at the end of the chain pays for something they never receive, and the seller (if they’re not in on it) loses their reputation and/or profits.

      Ticket Scams/Scalping

      Scammers advertise tickets to a show whose seats are in high demand or sold out. They sell fake, or “scalped” tickets that often do not work. Scammers may also solicit money from a customer but never deliver tickets.

      The variety of sales scams seems daunting, but there are steps customers (and businesses) can take to protect themselves.

      Methods to Avoid Sales Scams

      Pay Attention to Warning Signs

      Scammers use similar methods to commit sales scams - look out for a few signs:

      • Listing the product at an unbelievably low price, or advertising amazing benefits and features.
      • Insistence on immediate payment or payment through gift cards, money orders, or wiring funds. Scammers want customers to pay quickly and will make excuses as to why they should pay immediately.
      • The store is new and selling items at low prices, with limited information about the seller or their policies.
      • Retailers that do not provide information about privacy, dispute resolution, or ways to contact.
      • Contact information that cannot be verified or is false.
      • Resistance to accepting payment through more secure means like credit cards or third-party services like PayPal.
      Scam-Specific Warning Signs
      • Lottery, sweepstakes, or inheritance scam: insistence on paying upfront to access deals or rewards.
      • Health and medical product scam: emails offering pills or treatments that are hard to get or only available through prescription. Moreover, the pharmacy is based overseas or lacks contact information, and/or the product lacks scientific evidence.
      • Cosmetic and skincare scams: advertising as "secret formulas" or "breakthroughs", and without any sort of unbiased approval process.
      • Classified scams: Sellers who refuse to meet in person or let the buyer physically inspect the merchandise.
      • Ticket scams: charging prices much higher than face value. Also, tickets printed with imperfect English or unusual phrases, with the wrong date and time, or with seat numbers or sections that do not exist. Sellers have unverifiable or false addresses, negative reviews, and insist on money orders or gift cards as payment.

      Be Proactive

      Every time customers shop, they can take a variety of steps to avoid being scammed:

      Verify, Verify, Verify
      • Verify the identity and contact information of the seller, the product information, and the sales and return policies. Scammers often have addresses or phone numbers that don't exist or don't match their identity, and often have no refund or return policy. If purchasing a used or secondhand item, ask for proof of the original purchase when possible. 
      • For classifieds, avoid sellers who refuse to meet in person or allow inspection of the product before purchase. If purchasing a vehicle, look up the vehicle identification number (VIN) and the license plate. Look up the name of the last owner to verify, too.
      • Avoid doing business with international sellers - these sellers are not beholden to domestic laws if an issue arises. Look up the contents of the product (if purchasing health and wellness products or skincare). Avoid products with ingredients not backed by reputable doctors or studies, or domestically banned.
      • If the name of the seller looks like one that you recognize, look up the original seller and verify that they sent you a message. Scammers send emails or promotions that may differ from the legitimate seller's behavior, so keep an eye out for strange wording or behavior. A promotion that the legitimate seller doesn't advertise is most likely a scam.
      Use Secure Transaction Methods
      • Instead of money or gift cards, money orders, wire transfers, and other forms of payment that are not secure, pay with a credit card. Disputing charges on a credit card is much easier if a customer receives a counterfeit good or nothing at all.
      Avoid Unfamiliar Sellers
      • When dealing with a new seller, do not make any payments until you verify the seller's identity and reputation. Scam sellers often have little to no reviews or overwhelmingly negative reviews.
      • Do not open unfamiliar texts or emails or click links from non-trusted senders. Block unfamiliar senders and do not click on unsubscribe links for clearly fraudulent senders. Clicking the unsubscribe link may be a phishing or pharming ploy.

      How Do I Protect My Business?

      Fraud.net offers a variety of products to assist with securing online retail sites and preventing fraud. Fraud.net's product offerings are powered by AI and machine learning, to detect and block scammers in real-time. By taking actions to secure online storefronts, fraud becomes less daunting to conquer.

      Contact us for a demo or product recommendations today.


      SCA (Strong Customer Authentication)

      SCA is defined as “an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence (something the user is).The process considers national identity of the customer, tracking of the position, analysis of interest and information of the services. Strong customer authentication is required before any type of business transaction in order to have full access to customer accounts in case of fraud.


      Scammer

      The term scam refers to fraudulent schemes in which goods and money are taken from unsuspecting persons, generally through the deceit of the victim.


      Scams

      A fraudulent scheme performed by a dishonest individual, group, or company in an attempt to obtain money or something else of value. Scams traditionally resided in confidence tricks, where an individual would misrepresent themselves as someone with skill or authority, i.e. a doctor, lawyer, investor.


      Scareware

      Malicious software, messages or threats designed to scare people into installing malware and software. A website popup that claims your “computer may be infected with harmful spyware” will send you to a download link for a real malware program.


      Scholarship Scam

      Scholarship scam is described as a situation where fraudsters offer a fraudulent scholarship to attract the victims. Sometimes the seminars do provide some useful information, but actually they are disguised sales pitches for financial aid consulting services (e.g., maximize your eligibility for financial aid), investment products, scholarship matching services and overpriced student loans.


      Scraper

      A site scraper can be defined as a kind of software that duplicates content from a website. Site scrapers work similarly to web crawlers, which essentially perform the same function for the purposes of indexing websites. Web crawlers cover the whole Web, however, unlike site scrapers, which target user-specified websites.


      Script Kiddie

      A script kiddie is an offensive term used to refer to non-serious hackers who use existing computer scripts or code to hack into computers, rather than them creating their own due to them lacking the skills or expertise to write their own.


      Second Party Fraud

      Second party fraud, or money mules, is where a person allows another to use their identity or personal information to perform fraud. Businesses may find second party fraud difficult to detect and challenge since the identity of the person that is used to carry out fraud has largely allowed it to take place.


      Secure Element

      A Secure Element (SE) is a microprocessor chip which can store sensitive data and run secure apps such as payment. It acts as a vault, protecting what's inside the SE (applications and data) from malware attacks that are typical in the host (i.e. the device operating system).


      Security Protocol

      Security protocol, also called cryptographic protocol, could be described as a sequence of operations that ensure the protection of data. Used with a communications protocol, it provides secure delivery of data between two parties.


      Security Threat and Risk Assessment

      Security Threat and Risk Assessment can be defined as a technique that classifies the overall business and security risks with the aim of defining the competence of security controls, together with the service, in order to reduce the set of risks that appear for the business.


      Security token

      A security token is a physical device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to access something. Some tokens may store cryptographic keys that may be used to generate a digital signature, or biometric data, such as fingerprint details.


      Sensitive data

      Sensitive data is defined as information that is protected against unwarranted disclosure. Access to sensitive data must be safeguarded. Protection of sensitive data may be required for legal or ethical reasons, for issues pertaining to personal privacy, or for proprietary considerations.


      SEO

      SEO is an abbreviation for Search Engine Optimization, which is the art of having your website optimized, or attractive, to the major search engines for optimal indexing. It refers to the process of increasing the quality and quantity of the traffic of the website and this process is used to increase the visibility of web pages for search engine users.


      Serious Fraud Office (SFO)

      The Serious Fraud Office (SFO) is a non-ministerial government department of the Government of the United Kingdom that investigates and prosecutes serious or complex fraud and corruption in England, Wales and Northern Ireland.


      SERP

      Search Engine Results Pages (SERP) are the pages displayed by search engines in response to a query by a searcher. The main component of the SERP is the listing of results that are returned by the search engine in response to a keyword query, although the pages may also contain other results such as advertisements.


      Shopping Cart

      A shopping cart is a feature in online shopping that works as a temporary record of items selected for eventual purchase from the online vendor's website.


      Shoulder Surfing

      Shoulder surfing is the practice of spying on the user of an ATM, computer, or other electronic device in order to obtain their personal access information. This is generally done by looking over someone's shoulder at the information on screen, hence its name.


      SIM Cloning

      SIM cloning is the procedure through which a genuine SIM card is reproduced. When the cloning is accomplished, the cloned SIM card’s classifying information is transported onto a separate, secondary SIM card. The secondary card can then be used in a different phone while consuming all the calls and related charges credited to the original SIM card.


      Single sign-on

      Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. SSO can be used by enterprises, smaller organizations, and individuals to mitigate the management of various usernames and passwords. In a basic web SSO service, an agent module on the application server retrieves the specific authentication credentials for an individual user from a dedicated SSO policy server, while authenticating the user against a user repository such as a lightweight directory access protocol (LDAP). The service authenticates the end user for all the applications the user has been given rights to and eliminates future password prompts for individual applications during the same session.


      Skimmer

      Skimmers are essentially malicious card readers attached to real payment terminals so that they can harvest data from every person that swipes their cards. The typical ATM skimmer is a small device that fits over an existing card reader.


      Skimming

      Skimming is considered a type of white-collar crime,and is described as the theft of cash from a business prior to its entry into the accounting system for that company. Although skimming is one of the smallest frauds that can occur, it is also the most difficult to detect.


      Skimming cash receipts

      Skimming is slang for taking cash "off the top" of the daily receipts of a business (or from any cash transaction involving a third interested party) and officially reporting a lower total. The formal legal term is defalcation. Even though skimming is one of the smallest frauds that could appear, they are considered as the most difficult fraud to detect.


      Smart Card

      A smart card is a physical card that has an embedded integrated chip that acts as a security token. Smart cards are typically the same size as a driver's license or credit card and can be made out of metal or plastic. They connect to a reader either by direct physical contact (also known as chip and dip) or through a short-range wireless connectivity standard such as radio-frequency identification (RFID) or near-field communication (NFC).


      SMishing

      SMishing is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile device. SMiShing is short for "SMS phishing."


      Smurfing/Structuring

      The process of laundering money by breaking up large funds into multiple bank accounts to operate under the radar of law enforcement agencies. 

      In the gaming industry, the term refers to players who create multiple accounts, so that what they do on an alternate account (cheating, losing) will not affect their main account.


      Sniffing

      Sniffing is the process of monitoring and capturing all data packets passing through given network, and is illegal to be done by an unauthorized party. This stolen information can be used for fraud and obtaining other significant data from users. Sniffers are used by network/system administrators to monitor and troubleshoot network traffic. Attackers use sniffers to capture data packets containing sensitive information such as password, account information etc.


      Social Engineering

      Psychological manipulation done through human interaction that gets people to reveal personal information for fraudulent purposes. It can happen in one or multiple steps, and can range from basic to complex methods, like attackers impersonating co-workers or officials to solicit information.


      Social Media

      Social media is a large platform where people entertain, communicate, and connect with the world. It consists of different social networking sites which can be used by hackers and fraudsters to steal personal information of users. This information includes credit card numbers and other personally identifiable information, which are often solicited through "phishing" attacks done on social media sites.


      Social media tracking

      Social media tracking or monitoring is a process of using social media channels to track, gather and mine the information and data of certain individuals or groups, usually companies or organizations, to assess their reputation and discern how they are perceived online.


      Social Security fraud

      Social Security fraud usually occurs when an unauthorized third-party gains access to an individual's Social Security number and exploits it for their own financial benefit.


      Social security number (SSN)

      A Social Security number (SSN) is a nine-digit number that the U.S. government issues to all U.S. citizens and eligible U.S. residents who apply for one. The government uses this number to keep track of your lifetime earnings and the number of years worked. Using a social security number, personal data can be obtained, and can let a criminal use the information for purposes of defrauding the owner of that social security number. Often this involves stealing money or the identity of that SSN owner.


      Software Piracy

      Software piracy is the illegal copying, distribution, or use of software. It is such a profitable "business" that it has caught the attention of organized crime groups in a number of countries. According to the Business Software Alliance (BSA), about 36% of all software in current use is stolen.


      Spam

      Spam refers to an irrelevant or inappropriate message sent on the Internet to a large number of recipients. These messages are often used by scammers to trick people into providing their personal data so that they can be used to blackmail the person. Normally, spam offers an advertisement which is not validated under the actual name of organization.


      Spear Phishing

      Spear phishing describes when phishing is done with specific targets in mind; this allows messages to these people to appear more legitimate, or as if they are being sent by a legitimate user. For example, a person may get an offer from an organization that he knows. He might click on it and provide confidential information, perhaps to log-in to the website. In reality, the message is not from the actual organization, and he has given his credentials to the actual site to the spear-phisher.


      Spider

      A spider is a program that visits Web sites and reads their pages and other information in order to create entries for a search engine index. All major search engines on the Web have these kinds of programs, which are also known as "crawlers" or a "bots". Spiders are usually programmed to visit sites that have been marked by their owners as fresh or modernized.


      Spoofs

      A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls.


      Spyware

      Spyware is software that can be installed on a computer system or computer device without the device user's knowledge. The software allows the installer to directly obtain or convert information from a computer and to transmit all that data to their own hard drive.


      Statute of Limitations

      A statute of limitations is a law that sets the maximum time the parties involved have to initiate legal proceedings from the date of an alleged offense, whether civil or criminal. However, cases involving serious crimes, like murder, typically have no maximum period under a statute of limitations.


      Stealing

      Stealing is the action that occurs when someone takes possession of another person's identity, posessions, or information without any legal rights and without any permission, without any intention of returning it. In computer system the stealing means the unauthorized or illegal copying, sharing or usage of copyright-protected software programs. Software theft may be carried out by individuals, groups or, in some cases, organizations who then distribute the unauthorized software copies to users.


      Stealing or providing business secrets

      Stealing business secrets is the act of accessing a business's confidential information and revealing it to people who are not properly authorized to see that information. Intellectual property theft is a kind of stealing of business secrets.


      STR (Suspicious Transaction Report)

      A suspicious transaction report (STR) refers to the information demanded by the Internal Revenue Service (IRS) from banks and other financial institutions regarding suspicious transactions. It provides a report of the financial flows and other information related to the money flows in a regulated private sector.


      Supervised Machine Learning

      Supervised machine learning is the machine learning task of learning a function that maps an input to an output based on example input-output pairs. It infers a function from labeled training data consisting of a set of training examples.


      Sweepstakes Scam

      Sweepstakes scams are when a company or fraudster tells someone they have won a sweepstakes prize, but that as the winner they must first pay a fee to insure delivery of their prize. The winner may pay and then never recieve anything.


      Sweetheart scam

      A sweetheart scam is a situation where a scammer will pretend to be romantically interested in somebody, with the intention of learning their personal information so that they may commit fraud with it.


      Synthetic identity

      A synthetic identity is created by using a combination of fabricated credentials, leading to a fake identity that is not associated with an actual, real person. Fraudsters may create synthetic identities using potentially valid social security numbers (SSNs) with accompanying false personally identifiable information (PII).


      Synthetic Identity Creation

      Synthetic Identity Creation (SIC) represent the process of creating a false identity. Synthetic Identity Creation (SIC) as a generic term shows how fraudsters collect information about real people and manipulate their identities with false and fabricated information to ensure the creation of a new identity, which is assigned to no actual real-life person.


      System integrator

      A systems integrator (or system integrator) is a person or company that specializes in bringing together component subsystems into a whole and ensuring that those subsystems function together, a practice known as system integration. They also solve problems of automation.


      Tax Identity Theft

      The term "tax identity theft" represents fraud made by someone to get advantages in tax returns and tax payments. Tax-related identity theft occurs when someone uses your stolen Social Security Number to file a tax return claiming a fraudulent refund. People create false identity by using the personal information of another person to demand a fraudulent tax return. The only way to detect this kind of fraud is a notice from IRS (The Internal Revenue Service).


      Tech Support Scams

      A technical support scam refers to a type of telephone fraud, where a scammer claims to be able to provide a legitimate technical support service, frequently through cold calls to innocent users, with the hopes of eliciting a payment without completing the services requested. These calls are mostly targeted at Microsoft Windows users, with the caller often claiming to represent a Microsoft technical support department.


      Technology Theft

      High technology crimes (or cybercrimes) are generally defined as any type of illegal activity that makes use of the internet, a private or public network, or an in-house computer system. Technology theft can be described as a scheme where different activities are conducted by one or more thieves, in order to steal techniques, resources, or devices, with the aim of obtaining personal benefits from those actions.


      Telecommunication fraud

      Telecommunication fraud is the theft of telecommunication services (such astelephones, cell phones, computers and so on) or the use of telecommunication service to commit other forms of fraud. Victims of the fraud include consumers, businesses and communication service providers.


      Theft of Assets

      Theft of assets refers to the actual theft of a person or entity's assets. Causing an organization to pay for goods and services not actually received (for example fictitious vendors or employees) or using an organization's assets for personal use are types of theft of assets.


      Theft of Checks

      Check theft involves stealing, and usually cashing, the check of another. Check theft may also refer to receiving goods or services by passing a bad check which is noncollectable due to insufficient funds or closed account. Penalties for this fraud vary by state.


      Threat

      A threat is any condition or event that may negatively influence managerial operations (include assignment, purpose, picture, or status), organizational resources, or individuals through an information scheme by using illegal access, devastation, confession, alteration of information, and/or rejection of service.


      Timecard Tampering

      Timecard Tampering, also known as time sheet or time card fraud, is when an employee puts down hours they did not work and collects payment for them. There are rules and laws in place against it but some employees still try to game the system to get more pay and commit time theft.


      Token

      A token is a unique frame that is approved from node to node about a ring system, it is a sequence of bits passed continuously between nodes in a fixed order and enables a node to transmit information. When it gets to a node that requires transmitting data, the node modifies the token into a data frame and transfers it to the receiver. A token is fundamental to the internal workings of a token ring network.


      Tokenization

      Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security. Tokenization, which seeks to minimize the amount of data a business needs to keep on hand, has become a popular way for small and mid-sized businesses to bolster the security of credit card and e-commerce transactions while minimizing the cost and complexity of compliance with industry standards and government regulations.


      TOR

      TOR is a free and open-source software that allows anonymous web surfing and protecting against traffic analysis. The name comes from an acronym for a software project named "The Onion Router." The browser uses exit relays and encrypted tunnels to hide user traffic within the network.


      Transaction Authentication Number (TAN)

      A transaction authentication number (TAN) is a one-time use code involved in processing online transactions. It offers additional security on top of a password to log in to an account or make transactions. To decrease chances of fraud in transactions, some companies may require a TAN as a form of multi-factor authentication (MFA), in addition to a PIN number or CVV. New TANs may be provided with each interaction, or a list of trusted TANs may be provided to an individual that they can choose from when conducting business.

      If the document or token containing a TAN is stolen, it is useless without the original password. Conversely, if one logged in without a valid TAN, they would not be able to gain access.

      Types of Transaction Authentication Numbers

      Institutions offer a variety of forms of delivering TANs to users. Each institution has its own preference based on what it requires and what its users desire. Below are several types of TANs, and the vulnerabilities they each have.

      transaction authentication number

      Classic TAN

      Financial institutions provide a list of about 50 TANs, usually enough to last about half a year for each user. These TANs comprise of six- to eight-digit unique codes for a user to enter to verify online transaction activity and identity. Users obtain this list at their financial institution or receive it by mail, separate from their login credentials. When a user logs into their account and verifies a transaction, the TAN they use becomes defunct and unusable for future transactions. If someone steals a TAN list or disposes of it by accident, the user can obtain a new list from their institution. All codes on the old list are unusable for that particular user.

      Unfortunately, scammers successfully engage in phishing attacks with these TANs. A scammer prompts users to enter both their PIN and TAN (or several TANs) into fraudulent login pages. They then use those credentials to authorize fraudulent transactions. Further, TANS provide little to no protection against man-in-the-middle attacks (MitM). In these, scammers intercept the TAN and use it for their own purposes, especially in compromised or vulnerable systems.

      Indexed TAN (iTAN) and iTAN with CAPTCHA (iTANplus)

      Users enter a specific tan identified with a sequence number, or "index". These are randomly chosen by the bank, so if a scammer obtains a TAN, it is worthless without the index. However, scammers are still able to conduct MitM attacks, including phishing and man-in-the-browser (MitB) attacks. Scammers conduct these attacks by swapping transaction details in the background and concealing fraudulent transactions in account overviews.

      Some organizations combat this with the use of CAPTCHA. Users complete a challenge before, after, or during entry of their TAN. If they cannot complete it, the page denies access. CAPTCHA provides further protection through embedding transaction information, so scammers spoofing this would have their transactions flagged. Despite added protection, scammers still successfully conduct automated attacks like distributed denial-of-service (DDoS).

      Mobile TAN (mTAN)

      These TANs are more recognizable to common users than TAN lists. Users conducting transactions enter a code sent by SMS or phone call to access the service and verify transactions. Sometimes, the SMS itself includes transaction data so users can verify details before the transaction transmits to the bank.

      This form of authentication is also vulnerable to fraud. Scammers use SIM Swap Fraud to obtain TAN numbers for fraudulent transactions. In SIM Swap, scammers impersonate victims, asking for replacement SIMs from their network operator. When the scammer logs in using the user's credentials, obtained through other means, they receive the TAN message and gain access to the account. The victim often realizes too late, when they discover their phone has stopped working or see their accounts compromised.

      Further, as smartphones act as mobile computers, attackers can more easily attack both the computer and phone. This leaves them both vulnerable to spoofing and phishing attempts.

      TAN Generators

      These provide a one-time use code through a token or keychain device. The token displays the TAN after a user logs in, or when a smart card is inserted. Unfortunately, these TANs do not contain specific transaction details, so scammers easily conduct phishing and MitM attacks.

      pushTAN

      Similarly to mTAN, when users log in to their accounts, they receive a single-use TAN from a third-party multi-factor authentication app like Duo Mobile. It does not incur text message charges. Therefore, it protects against SIM Swap Fraud, since messages are encrypted and do not rely on phone numbers. As an added precaution, the pushTAN app stops functioning if it detects a "rooted" or jailbroken phone.

      ChipTAN/SmartTAN/CardTAN

      One of the strongest forms of TAN generation, this type of TAN is generated when users insert their bank card into a handheld device. Each generated TAN is specific to that bank card and current transaction details. Nowadays, these devices generate TANs through verification of a flashing barcode on the computer screen. Users must then confirm the transaction on their TAN device.

      Because the generator consists of independent hardware provided by tech companies and banks, this method protects against computer attacks. The generated TAN works only for transactions confirmed by the user on the generator screen itself. Furthermore, in case of device loss or theft, users can request new ones without worrying about fraud - specific TANs can only be obtained with a bank card. Despite added protections, scammers successfully persuade users to authorize "test transfers" or "return of falsely transferred money", posing as a bank or company.

      How Do I Prevent Banking Fraud?

      Despite the added security of TANs, businesses and financial institutions commonly find themselves vulnerable to banking fraud attempts. To protect customers and institutions, implementing the strongest TAN methods and cybersecurity solutions will only prove beneficial.

      Fraud.net offers a variety of cybersecurity solutions specifically engineered to protect commercial and financial institutions. Our products, powered by artificial intelligence and machine learning, keep your systems protected from phishing and spoofing attacks. With the automation that AI and machine learning provide, these products evolve with you, learning from previous attacks to suit your needs down the line. By protecting your transactions, you protect your customers, your business, and your bottom line.

      To learn more about Fraud.net's product offerings and request a demo, contact us today.


      Travel

      Travel is defined as the progress of people between two distant locations. Travel could be done by foot, bicycle, vehicle, train, boat, bus, airplane, ship or further means, with or without baggage, and could be one way or round trip.


      Triangulation Fraud

      What is Triangulation Fraud?

      Triangulation fraud is when a customer makes a genuine purchase on a third-party marketplace (for example Amazon or Sears.com), but the product they receive was fraudulently purchased from a different retailer's website. This practice harms businesses of all kinds.  Customers usually aren't aware.

      Triangulation fraud denotes that there are three individuals who play a role in the order.

      1. An unsuspecting customer who places an order on an auction or marketplace using some form of credit, debit, or PayPal tender.
      2. A fraudulent seller who receives that order and then places the order for the actual product with a legitimate eCommerce website using a stolen credit card.
      3. A legitimate eCommerce website that then processes the criminal’s order.

      Triangulation Fraud Infographic

      The illegitimate purchase is made using stolen card information from someone else, but the shipping information of the original customer. So the customer is shipped the product, and fraudster keeps his money. Meanwhile, the fraudster charges the legitimate retailer with other credit card information, further boosting net profit.

      Often, the person with the stolen credit card details will dispute this charge, causing the original retailer to refund the purchase. The customer at the beginning of the transaction has no idea. Consequently, the fraudster in the middle wins big.

      The Costs

      These chargebacks indefinitely hurt the merchant most. Studies show that these fraudsters will cost merchants upwards of $30 billion a year by 2020. Even at the scale of medium to small size businesses, the losses can be detrimental. A brief look at any third party marketplace forum will show hundreds of disputed transactions and mystified sellers. These losses can add up to hundreds of thousands of dollars for even the smallest enterprises. The numbers will continue to grow with the rise of eCommerce.

      Protect Your Business

      However, triangulation Fraud can be stopped. Address and location verification that matches the customer are just some examples of how Fraud.net's software combats fraud. With insights from user behavior, location, and fraud scoring, Fraud.net can stop transactions in place. Advanced AI technology keeps an eye on fraudsters, card information, and more. Dark web monitoring and continuous testing allow fraud prevention to develop with the fraudsters.

      Above all, eCommerce will only expand. And so should your solution. With a powerful portfolio of solutions, Fraud.net can meet your unique needs to quickly and cost-effectively. Contact us for a free demo.

       


      Trojan

      A trojan, or trojan horse virus, is a computer program that seems legitimate, but adds malware to a device once downloaded. It’s name comes from a famous Greek tale.


      True Negative

      True negative, also known as specificity, is the ratio of correctly identified non-fraud cases to total non-fraud cases. A true negative test result is one that does not detect the condition when the condition is absent. It is an outcome where the model correctly predicts the negative class, for example if a disease test correctly identifies a healthy person as not having that disease.


      True Positive

      A “true positive” occurs when something innocent is wrongly deemed suspicious. Card issuers have developed sophisticated, automated fraud detection systems that work by detecting activities and patterns associated with fraud, but these systems don't work perfectly.This differs from false positives, which are negative results that a system incorrectly marks as positive.


      Trust

      A trust is a fiduciary connection where one person places some type of trust, confidence, or reliance on another person. The person who is delegated that trust and confidence would then have a fiduciary duty to act for the benefit and interest of the other party. The party who owes a duty to act for the best interest of the other party is called the fiduciary. The party to whom the duty is owed are called principal. The main purpose for fiduciary connection is to establish an honest and trusted relationship between two parties where one party can rely and be confident that the other person is working for their interest and are not using their power for their own interest or the interest of a third party.


      Trusted Third-Party

      In cryptography, a Trusted Third-Party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; the Third Party reviews all the critical transaction communications between the parties. TTPs are ordinary in profitable transactions, cryptographic digital transactions, and in cryptographic protocols.


      Two tier affiliate program

      In a two-tier affiliate program, or a multi-tier program (two or more levels), the first tier of commission is the same as in a regular affiliate program. The only difference is the additional tier(s), whereby marketers also earn a commission on sales generated by people they referred to the program.


      Two-Factor Authentication (2FA)

      2FA or Two-Factor Authentication, also called Step-Up Authentication, is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. Two-Factor Authentication gives users an extra layer of security when accessing their online accounts. In addition to a typical combination of username and password, a second 'factor' is added, such as a numeric code displayed on a trusted device, to heighten the certainty that you are the one attempting to access your account. 2FA is a method of determining a user's identity by confirming two factors among 1) something the user knows (i.e. mother's maiden name), 2) something the user has (i.e. mobile phone) and 3) something the user is (i.e fingerprint). 2FA is a subset of the broader multi-factor authentication (MFA).

      Fraud.net offers Two-Factor Authentication as a feature within our Fraud Prevention Suite.   

      Here's how it works:

      Fraud.net's 2FA feature gives fraud analysts the ability to send a verification text message to the phone number of a transaction. The purpose of this is to authenticate that the phone number within the transaction is owned by the person who actually placed the transaction. A Yes/No question will be sent to a phone and then based on the response the transaction, it can be auto-cancelled, auto-approved or sent to a queue for further review.

      1. When a fraud analyst is reviewing a transaction, they can select the option to authenticate the transaction (Send MFA) from the dropdown menu in the top right corner:

       

      2.  The fraud analyst will then confirm that they would like that message sent:

       

       

      3. The admin, from the business profile page, can manage what the message says and what action occurs based on the reply. The admin can also manage what happens when no reply is received and the time frame for the reply. The default question reads as "$business name$ here. We received a transaction from $firstname$ $lastname$ for $amount$ on $orderdate$. Was this you?"
      Reply Yes or No"

       

      4. The transaction remains in a pending authentication queue until there is a response or it expires.

      Interested in learning more or enabling 2FA within your Fraud Prevention Solution?

      Speak with a Specialist Now


      U2F (Universal 2 Factor)

      U2F or Universal 2-Factor Authentication is a form of 2-factor authentication, in which the user completes a login process using a physical device as one form of verification to prove their identity and be granted access. U2F devices are physical security keys in and are usually combined with one of the other two major authentication factors: 1) something a user knows (such as a password or the answer to a question) or something the user is (such as a unique biometric marker like a fingerprint) - in order to grant access to a system. The benefit of a physical key over its counterparts, usually software-based keys, is that software keys, which generate one-time passwords delivered by phone or email, are known to be vulnerable to phishing attacks.


      Unauthorized Disbursements

      A disbursement is a payment made on behalf of another person for which reimbursement in the future is expected. An unauthorized disbursements could be defined as an amount of disbursements or expenditures made without any authorized approval. Unauthorized disbursements include five type of categories which are; check tampering, billing schemes, payroll schemes, register disbursements, and also expense reimbursement schemes.


      Unauthorized use of assets

      Unauthorized use of assets describes the intentional, illegal use of the property or funds of another person for one's own use or other unauthorized purpose, particularly by a public official, a trustee of a trust, an executor or administrator of a deceased person's estate, or by any person with a responsibility to care for and protect another's assets.


      Unauthorized Withdrawals

      Unauthorized Withdrawal refers to the withdrawal or transfer of funds from an individual's banking account without proper authorization or consent by the individual.


      Underdelivery

      It is the delivery of less impressions, visitors, or conversions than contracted for a specified period of time. Underdelivery can occur for a variety of reasons. A site or network may experience an unexpected drop in traffic. Low CPM campaigns may be bumped for high CPM campaigns. Pay-for-performance may be bumped for any CPM campaigns, plus there is the added risk that the creative units fail to generate the anticipated level of response.


      Unique Identity

      A unique identifier (UID) is a numeric or alphanumeric string that is associated with a single entity within a given system. Unique identifiers can be assigned to anything that needs to be distinguished from other entities, such as individual users, companies, machines or websites.


      Unsupervised Machine Learning

      Unsupervised machine learning algorithms infer patterns from a data set without reference to known, or labeled, outcomes. Unlike supervised machine learning, unsupervised machine learning methods cannot be directly applied to a regression or a classification problem because you have no idea what the values for the output data might be, making it impossible for you to train the algorithm the way you normally would. Unsupervised learning can instead be used to discover the underlying structure of the data.


      URL

      URL stands for Uniform Resource Locator, and is used to specify addresses on the World Wide Web. A URL is the fundamental network identification for any resource connected to the web (e.g., hypertext pages, images, and sound files). The domain name is the computer on which the resource is located.


      URL spoofing

      URL spoofing is the process of creating false or fake URLs which pose as another website. The spoofed URL or website address appear to be very similar to the original, actual URL, but in reality redirects the user to a 'booby trapped' website.


      Utility fraud

      Utility fraud is when a person fraudulently uses someone else's name or identity to order water, gas, cable or other types of services. Cable fraud is the most commonly committed utility scam.


      Validation

      Validation describes the process of ensuring that something is being completed in the way it is meant to be completed, and by somebody who is meant to be doing that action. There are many kinds of validation involved in fraud prevention and cybersecurity, most generally in the context of log-in information being confirmed (or rather, validated) as accurate.


      Velocity Filters

      Velocity filters are a critical tool in fraud prevention efforts. Their function is to observe the precise information parts (such as e-mail address, telephone number, billing number and even shipping addresses) and to limit the number of transactions that a website could process in a given period of time (one hour, one day) using this information.


      Velocity of Money

      The velocity of money is a measurement of the rate at which money is exchanged in an economy. It is the number of times that money moves from one entity to another. It also refers to how much a unit of currency is used in a given period of time. Simply put, it's the rate at which consumers and businesses in an economy collectively spend money.


      Verified by Visa (VBV)

      Verified by Visa (VBV) is a free program offered by Visa that gives you an added level of protection and offers ease of mind intended for online shoppers. It is a password-protected authentication scheme intended to verify the identity of the cardholder once a Visa card is used online. By requesting a password which is recognized only by the cardholder, the bank can verify that the authentic cardholder is inflowing their card details into an e-commerce website.


      Virus

      A computer virus is a kind of malevolent software or a piece of code that, when executed, is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data. When this replication succeeds, the areas are then said to be "infected" with a computer virus.


      Vishing

      Vishing, which stands for "voice-phishing", describes the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers. The fraudster may even utilize deepfake technology to synthetically recreate another's voice in order to pull the scheme off. Vishing attacks are generally intended to scare the victim into acting quickly, and therefore can happen within short time frames.


      Voice Authorization

      Voice Authorization is a security measure used by the credit card industry to ensure that a particular purchase is being authorized by the actual card-holding customer and not someone else. Merchants only incur this fee if a Voice Authorization is initiated, and for most merchants it is a rare occurrence.


      Voice Over IP

      Voice over Internet Protocol (VoIP), also called IP telephony, is a method and set of technologies for the transfer of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. The terms Internet telephony, broadband telephony, and broadband phone service specially submit to the provisioning of communications services (voice, fax, SMS, voice-messaging) over the public Internet, rather than through the public switched telephone network (PSTN).


      Web Browser

      A web browser is a software program that allows a user to locate, access, and display web pages. Browsers are used primarily for displaying and accessing websites on the internet, as well as other content created using languages such as Hypertext Markup Language (HTML) and Extensible Markup Language (XML).


      Whois

      WHOIS (pronounced "who is") is an Internet service used to look up information about a domain name. Whenever an individual or organization registers a new domain name, the registrar is required to make the registration information publicly available.


      Wire Fraud

      Wire fraud can be defined as an online fraud based on promises. In this fraud a person conducts a plan or scheme to attain a sum of money by blackmailing the other person, or by otherwise convincing them to send the fraudster money. The main communication methods used for this purpose are phone call, fax, email, text , or any social media source used to contact any other person.


      Work-from-home scam

      A work-from-home scheme describes when a fraudster makes an offer to a victim to work from home for a very good amount of money. The fraud truly takes place when the fraudster attempts to illicit money from the victim, generally to pay something like an up-front fee to get the job in the first place.


      Workers' Compensation Fraud

      Workers’ Compensation fraud occurs when someone willfully makes a false statement or conceals information in order to receive workers' compensation benefits or prevents someone from receiving benefits to which they might be entitled.


      Workflows

      Workflow is the definition, execution and automation of business processes, where tasks, information and documents are passed from one person to another for actions according to a set of procedural rules. It involves work by one or more people, and transforms materials, information or services. Fruad.net’s workflow queue manager sends suspicious transactions to review agents to deliver appropriate transaction resolutions.


      Write-Off Schemes

      A write-off is an accounting action that reduces the value of an asset while simultaneously debiting a liabilities account without having proper approval. It is primarily used in its most literal sense by businesses seeking to account for unpaid loan obligations, unpaid receivables, or losses on stored inventory. Generally it can also be referred to broadly as something that helps to lower an annual tax bill.