Pagejacking is the process of illegally copying legitimate website content (usually, in the form of source code) to another website designed to replicate the original website. A pagejacker's intention is to illegally direct traffic from the original site to cloned Web pages. Pagejackers rely on search engines to index bogus site content to enable search result ranking and display with the original site.

Pass-Along Rate

A pass-along rate represents the percentage of people who pass on a message or file. Indeed, pass-along rates are a measure of word-of-mouth marketing. Objects typically passed include email messages, Web pages and multimedia files. Content typically passed includes humor and entertainment, late-breaking news, shopping specials, and technical gizmos.

Passive Authentication

In a passive authentication scenario a user is directed to a login page, and after logging in, the site directs the user back to the URL and allow the user to be authenticated on that site. The passive authentication can be achieved by using WS-Federation protocol or SAML 2.0.

Payables Fraud

Payable fraud, also known as AP fraud, is among the most ubiquitous and damaging of frauds that affect businesses of all sizes. It's also among the easiest frauds to perpetrate, since most of the money leaving a company legitimately goes through the accounts payable function.

Paying Personal Expenses

Paying personal expenses refers to the expenses of an individual that are not related to business or investment purposes. Personal expenses are not deductible unless specifically allowed under the tax law. Two examples of deductible personal expenses are medical expenses and personal property tax paid on personal-use property. Deductible expenses are returned when an employee creates and sends an invoice to the company, and in return the company will give them the money to pay those personal expenses.

Payment Application Data Security Standard

Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors to develop secure payment applications that support PCI DSS compliance.

Payment Fraud

Payment fraud is a blanket term for a variety of different frauds that all center around using false information or unauthorized means to make a purchase. This type of fraud can roughly be categorized into three kinds of situations; relating to fraudulent or illegal transactions, misplaced or stolen goods, and false requests for reimbursements or returns on goods.

Payment Gateway

A Payment Gateway processes credit card and debit card payments, as well as other forms of electronic payments, primarily on behalf of e-commerce and brick-and-mortar merchants. The Payment Gateway is responsible for authenticating, standardizing and relaying transaction data between the merchants and the payment processors. The payment gateway responsibilities include securing payment data according to PCI DSS standards, securely sending transaction data to the payment processor, and storing the transaction and subsequent settlement, refund and other financial event data for later access by the merchant. Banks often own the payment gateways, but payment service providers (PSPs) like PayPal, Square or Stripe can also create their own Payment Gateway software.

Payment Threshold

A payment threshold defines a situation in online marketing where an associate has to meet a certain criteria, generally a number of sales, before being paid by the affiliate company for their services.

Payment Verification

Payment Verification describes the set of procedures that allow customers to verify or confirm the payment they have made after purchasing any product or service. This set of procedures can usually be conducted through the Internet by the customer itself.


PayPal Holdings, Inc. is an American company that operates a universal online payment method that supports online money transfers and also serves as an electrical substitute for the usual paper-based methods such as cheques and money orders. The company functions as a payment mainframe for online vendors, auction sites, and numerous other business users, who are charged an interbank fee for profits such as one-click transactions and password memory.

Paypal Fraud

PayPal fraud is fraud related to using the paypal payment system. It can be initiated or performed through emails, phishing sites, malevolent ads, doubtful links, and many more. These scams try to appear authentic in order to trick users into releasing personal information, such as usernames and passwords, or to illegally obtain payments and payment info.

Payroll Fraud

Payroll Fraud is a category of accounting fraud typically carried out by people who have access to employee information, their incomes or their wages. Companies that have not applied the accurate controls in their financial section – particularly in times of financial distress – will face more complex fraud risks than other companies.

PCI Compliance

What is PCI Compliance?

Payment card industry (PCI) compliance refers to the practical and operational principles that companies need to follow to ensure that credit card information provided by cardholders is secure. PCI compliance is prescribed by the PCI Standards Council, and all companies that automatically store, process or convey credit card data are required to follow these procedures. Created in 2004, PCI compliance aims to secure credit and debit card transactions against data theft and fraud.

PCI Compliance Infographic

Compliance is validated on an annual or quarterly basis and evaluated by a PCI auditor. The system is divided into four levels. Methods range depending on the volume of transactions handled:

  1. Highest Level (1): Applies to companies who process more than 6 million credit or debit card transactions annually. These merchants must have an internal audit once a year. Additionally, merchants must submit to a PCI scan by an Approved Scanning Vendor (ASV) each quarter.
  2. Level 2: Applies to companies processing between 1 and 6 million annual credit or debit card transactions. Requirements include a yearly Self-Assessment Questionnaire (SAQ). A quarterly PCI scan may also be required.
  3. Level 3: Applies to companies processing between 20,000 and 1 million transactions annually. They must complete a yearly SAQ. A quarterly PCI scan may also be required.
  4. Level 4: Applies to sellers processing less than 20,000 transactions annually. These merchants must complete a yearly SAQ. A quarterly PCI scan may also be required.

Basics Needed for PCI Compliance

  1. A Secure network with original passwords.
  2. Secure and encrypted cardholder data.
  3. Vulnerability management.
  4. Anti-virus software that is used and regularly updated.
  5. Secure systems and applications for users.
  6. Restricted and controlled access to cardholder information.
  7. Consistent network monitoring and testing.
  8. Information security policy and maintenance of that policy.

PCI Compliance and Digital Payments

With the rise in new payment technologies, such as contactless payments and digital wallets, payment fraud has never been more sophisticated Likewise, the financial rewards for the perpetrators have never been greater.

These new changes will affect all industries, from banking to e-commerce. Experts believe these new technologies will soon represent the majority of all transactions.

Since then, fraudsters have taken advantage of businesses ' limited ability to adapt. Even among well-funded organizations, resources may not be used properly. For example, key resources and critical forensic data, investigative expertise, and data science capabilities are broadly scattered. Actions occur across cybersecurity, accounting, fraud, compliance, legal, and IT departments. With this comes little coordination or sharing in between departments. This is where PCI compliance is vital, and also where fraudsters have opportunities.

PCI Compliance and Beyond

Combat fraud leveraging data science and analytics, gradually moving away from a narrow focus on false positives and loss prevention. Harness’s capabilities to reduce losses, detect and prevent emerging fraud, and enhance the customer experience. Get in touch with us today to learn more.


The Payment Card Industry Data Security Standard, also known as PCI DSS, is an IT security standard for companies that handle branded credit cards from the major card providers. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud.


A persona is an artificial profile for a type of customer, created on certain identifying criteria. Personas are generally used in marketing efforts as a way of figuring out how to best target different segmented audiences.

Personal Details Compromise

Personal Details Compromise, also known as a data breach, is the planned or unplanned relief of protected or confidential data in an unreliable environment. Other types of this occurrence include unplanned data revelation, data leaks and data spills. A data breach is basically a security occurrence in which delicate, secured or confidential data is imitated, conveyed, observed, taken or used by a person who is not entitled to do so.

Personal Information

Personal Information can be described as any accurate or personal information, whether documented or not, about a recognizable person. Personal Information can include name, e-mail, address, civilization, race, identification number, occupation history, and other more related information.

Personally Identifiable Information

Personally identifiable information is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for de-anonymizing anonymous data can be considered PII.

Phantom Debt

Phantom debt collection fraud appears in many variants, but the most common component among them is the claim that a customer is indebted and has to pay it, or else they will incur heavy penalties. Regardless of whether the customer really took out a loan or not, they may accept a call later during which they will be asked to pay the money of the loan.


Pharming is a cyber-attack aimed at exchanging traffic from an official website to a different website. The second website is usually a copy of the original, designed to gather personal information such as credit card numbers. Pharming could be performed either by varying the hosts folder on a victim's computer or by misusing a weakness in DNS server software. Pharming involves undefended access to a target computer, such as a customer's home computer, rather than a corporate server.

Phishing and Pharming

Phishing and Pharming are two methods of cyberattacks to lure a victim to false websites in order to send them malware or get his/her personal information. Phishing involves getting a user to enter personal information via a fake website. Pharming involves modifying DNS entries, which causes users to be directed to the wrong website when they visit a certain Web address.

Phishing Kit

The phishing kit can be described as a collection of several software programs that allows an individual to manage and launch specific types of campaigns and phishing scams. The phishing kit makes it easy for those with even few technical skills to launch some kind of phishing exploit.

Phishing Schemes

Phishing schemes involve getting a user to enter a website and input their personal information for the fraudster to then steal and take advantage of. This website often times emulates the design of a legitimate business's website, in the hopes of tricking people into entering their information on a site they think is real and trustworthy. Phishing is usually performed through deceptive emails or phone calls, but other methods exist.


Plagiarism refers to the illegal act of copying someone’s work and presenting it as one’s own original work. This act may include the stealing of handwriting, online drawings, or any other online aspect that can be stolen and presented as original. Plagiarism is believed to be a crime in almost all the countries over the world.


On the internet, a platform refers to a virtual space where a company, a person, or a community can create its own page or website, or even a network that can serve the people who come to visit. This type of business is referred to an e-commerce and most international organizations have their own online platforms.

Point-To-Point Encryption

P2PE, or point-to-point encryption, refers to all the processes and tools involved in protecting different online procedures and actions throughout all steps of the process. It is usually provided by a third-party, and often when an organization purchases this solution from an outside party, that party will then help the company in setting up the encryption.

Policy Violation

A policy violation occurs when a user records an expense with details violating the company's expensing policies. There are different types of sanctions which are put in place in the event of a breach of policy, and some of these sanctions are set by the authorities. Policies and sanctions can differ across fields and organizations, based on many different factors.


Privacy is the practice or idea of keeping certain information a secret from a certain group. It also describes the capability of the individual to protect the information he or she considers personal.

Processing Unauthorized Payroll

The processing of unauthorized payroll refers to the act of identifying whether payroll has been calculated for an unauthorized person in the organization's list. This process is done to prevent payroll fraud, where a payroll manager knowingly approves fraudulent payroll transactions, generally with the purpose of taking that money for themselves.


Proofing refers to the act of verifying and authenticating the identity of legitimate customers. Identity proofing is required when a person wants to withdraw money or take any other confidential information from online resources.

Proxy Piercing

Proxy piercing refers to a technology that enables hosts to determine whether a person is making a proxy purchase or not. A proxy purchase describes a transaction made where the original IP of a customer is disguised via the use of a proxy server. Proxy piercing allows one to see if there is a proxy being used by a customer attempting a transaction, and then depending on the level of the piercing program, will "pierce" the proxy server and determine the original IP of the transaction. At an even higher level, proxy piercing can also determine the physical location of that user.

Purchase Amount Filter

A purchase amount filter is a technology, method, or practice that allows e-commerce website hosts to identify or prevent scams that occur with ease by setting up limitations on the amount of a product that can be purchased at one time.

Pyramid Schemes

A pyramid scheme is a fraudulent business model where an initial group of people recruit others to join their company, but charge them an upfront-fee in order to become an employee, and then urges those new employees to recruit others and get up-front fees from them as well. As new recruits join, their upfront fees go towards paying earlier members of the pyramid scheme, and so the goal of the business is really just to trick people into joining the company and paying this fee; the company may have an actual product to sell, but selling the product is often not the focus of this business.