Essential Industry Terms Explained

One-time Password is a password that is valid for only one login session or transaction, on a computer system or other digital device. This means that a potential intruder who manages to record an...

Open Authorization, sometimes called OAuth, is an open standard for access allocation, usually used as a method for Internet users to give websites or applications access to their information on...

OpenID is an open standard and decentralized authentication protocol in which a user can create their own account by selecting an open ID identity provider, then after that, this account can be used...

Out of band authentication (OOBA) is a term for a process where authentication requires two different signals from two different networks or channels. These kinds of more sophisticated authentication...

What is PCI Compliance? Payment card industry (PCI) compliance refers to the practical and operational principles that companies need to follow to ensure that credit card information provided by...

The Payment Card Industry Data Security Standard, also known as PCI DSS, is an IT security standard for companies that handle branded credit cards from the major card providers. The PCI Standard is...

Pagejacking is the process of illegally copying legitimate website content (usually, in the form of source code) to another website designed to replicate the original website. A pagejacker's...

A pass-along rate represents the percentage of people who pass on a message or file. Indeed, pass-along rates are a measure of word-of-mouth marketing. Objects typically passed include email...

In a passive authentication scenario a user is directed to a login page, and after logging in, the site directs the user back to the URL and allow the user to be authenticated on that site. The...

PayPal Holdings, Inc. is an American company that operates a universal online payment method that supports online money transfers. It also serves as an electrical substitute for the usual paper-based...

Payable fraud, also known as AP fraud, is among the most ubiquitous and damaging of frauds that affect businesses of all sizes. It's also among the easiest frauds to perpetrate, since most of the...

Paying personal expenses refers to the expenses of an individual that are not related to business or investment purposes. Personal expenses are not deductible unless specifically allowed under the...

Payment Application Data Security Standard (PA-DSS) is a set of requirements that are intended to help software vendors to develop secure payment applications that support PCI DSS compliance.

Payment fraud refers to the unauthorized or deceptive use of payment methods, including credit cards, online payment platforms, or bank transfers, to steal funds, goods, or services. Typically, these schemes target businesses, consumers...

A Payment Gateway processes credit card and debit card payments, as well as other forms of electronic payments, primarily on behalf of e-commerce and brick-and-mortar merchants. The Payment Gateway...

A payment threshold defines a situation in online marketing where an associate has to meet a certain criteria, generally a number of sales, before being paid by the affiliate company for their...

What is Payment Verification? Payment verification is a crucial process that helps safeguard financial transactions from fraudulent activities. It involves the thorough examination and validation of...

What is PayPal Fraud? PayPal fraud is fraud related to using the paypal payment system. It can be initiated or performed through emails, phishing sites, malevolent ads, doubtful links, and many more....

Payroll Fraud is a category of accounting fraud typically carried out by people who have access to employee information, their incomes or their wages. Companies that have not applied the accurate...

A persona is an artificial profile for a type of customer, created on certain identifying criteria. Personas are generally used in marketing efforts as a way of figuring out how to best target...

Personal Details Compromise, also known as a data breach, is the planned or unplanned relief of protected or confidential data in an unreliable environment. Other types of this occurrence include...

Personal Information can be described as any accurate or personal information, whether documented or not, about a recognizable person. Personal Information can include name, e-mail, address,...

Personally identifiable information is any data that could potentially identify a specific individual. Any information that can be used to distinguish one person from another and can be used for...

Phantom debt collection fraud appears in many variants, but the most common component among them is the claim that a customer is indebted and has to pay it, or else they will incur heavy...

Pharming is a cyber-attack aimed at exchanging traffic from an official website to a different website. The second website is usually a copy of the original, designed to gather personal information...

The phishing kit can be described as a collection of several software programs that allows an individual to manage and launch specific types of campaigns and phishing scams. The phishing kit makes it...

Phishing schemes involve getting a user to enter a website and input their personal information for the fraudster to then steal and take advantage of. This website often times emulates the design of...

Phishing and Pharming are two methods of cyberattacks to lure a victim to false websites in order to send them malware or get his/her personal information. Phishing involves getting a user to enter...

It is the process of identifying if a number used by a user is valid or not, as well as if a phone number being used is the phone number of the person trying to use it. Phone number verification is...

Plagiarism refers to the illegal act of copying someone’s work and presenting it as one’s own original work. This act may include the stealing of handwriting, online drawings, or any other online...

On the internet, a platform refers to a virtual space where a company, a person, or a community can create its own page or website, or even a network that can serve the people who come to visit. This...

P2PE, or point-to-point encryption, refers to all the processes and tools involved in protecting different online procedures and actions throughout all steps of the process. It is usually provided by...

A policy violation occurs when a user records an expense with details violating the company's expensing policies. There are different types of sanctions which are put in place in the event of a...

Privacy is the practice or idea of keeping certain information a secret from a certain group. It also describes the capability of the individual to protect the information he or she considers...

The processing of unauthorized payroll refers to the act of identifying whether payroll has been calculated for an unauthorized person in the organization's list. This process is done to prevent...

Proofing refers to the act of verifying and authenticating the identity of legitimate customers. Identity proofing is required when a person wants to withdraw money or take any other confidential...

What is Proxy Piercing? Proxy piercing refers to a technology that enables hosts to determine whether a person is making a proxy purchase or not. A proxy purchase describes a transaction made where a...

A purchase amount filter is a technology, method, or practice that allows e-commerce website hosts to identify or prevent scams that occur with ease by setting up limitations on the amount of a...

A pyramid scheme is a fraudulent business model where an initial group of people recruit others to join their company, but charge them an upfront-fee in order to become an employee, and then urges...

Malware that blackmails the user in order to have the program be removed. It is a virus that blocks access to a computer via encryption, unless a certain sum is paid (generally through...

Real-time risk management is a process which enables a person to handle risks associated with payments as the payment happens. It allows the person to effectively ensure that all the transactions are...

Record destruction refers to the process of illegally destroying information stored in the form of documents. This is an ethically wrong practice and if spotted within an organization can lead to the...

Relying party or third party is a computer term used to refer to a server providing access to a secure software application. Claims-based applications, where a claim is a statement an entity makes...

What is Remittance Fraud? Remittance fraud involves the fraudulent manipulation of funds when transferring money from one party to another across borders. This can occur through various channels,...

In a reshipping scam, the criminals purchase high-value products with stolen credit cards and recruit willing or unsuspecting people (reshipping mules) to receive and forward the packages on behalf...

Retail loss prevention is actually a set of practices and methods which are employed by retail companies to preserve profit, so to ensure that there are as few scams associated with transactions as...

What is Return Fraud? Return fraud is an online scam that occurs when a person purchases an item from a retail store with the intent to return it immediately or use duplicate receipts to get money...

Return on investment (ROI) is a performance measure used to evaluate the efficiency of an investment or compare the efficiency of a number of different investments. ROI tries to directly measure the...

Risk assessment is the systematic process of evaluating the potential risks that may be involved in a projected activity or undertaking. To assess the risks, different tools and methods can be...

Risk management describes the process and practices of companies in attempting to prevent malicious or fraudulent activity from occurring within their systems, as well as addressing any other issues...

What is risk-based authentication? Risk-based authentication (RBA) is a non-static authentication system that takes into account the profile (IP address, User-Agent HTTP header, time of access, and...

How to Avoid Losing Money to a Romance Scammer Millions of people fall victim to romance scams, or fraudsters portraying themselves as potential romantic partners only to trick their mark into...

A rules engine is a software system or a program that is capable of executing one or more than one business rules in an environment of run time production. The rules might be coming from a company...

Rules-based fraud detection identifies fraud based on a set of unusual attributes, including unusual time stamps, account numbers, transaction types, and amounts, among other criteria. How...

Run of Network, or RON, is actually a form of internet marketing where an online advertising campaign is applied to a wide collection of websites without the ability to choose specific sites. In...

SCA is defined as “an authentication based on the use of two or more elements categorized as knowledge (something only the user knows), possession (something only the user possesses) and inherence...

SEO is an abbreviation for Search Engine Optimization, which is the art of having your website optimized, or attractive, to the major search engines for optimal indexing. It refers to the process of...

Search Engine Results Pages (SERP) are the pages displayed by search engines in response to a query by a searcher. The main component of the SERP is the listing of results that are returned by the...

SIM cloning is the procedure through which a genuine SIM card is reproduced. When the cloning is accomplished, the cloned SIM card’s classifying information is transported onto a separate, secondary...

SMishing is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile device. SMiShing is short for "SMS...

A suspicious transaction report (STR) refers to the information demanded by the Internal Revenue Service (IRS) from banks and other financial institutions regarding suspicious transactions. It...

Sales scams are a type of crime associated with online retailing, where money is snatched from the users without delivering the products. On the other hand, a scammer solicits payment and delivers...

Sanctions and Watch Lists are critical tools used by governments, international organizations, and regulatory bodies to maintain global security, enforce compliance, and deter illegal activities.

The term scam refers to fraudulent schemes in which goods and money are taken from unsuspecting persons, generally through the deceit of the victim.

A fraudulent scheme performed by a dishonest individual, group, or company in an attempt to obtain money or something else of value. Scams traditionally resided in confidence tricks, where an...

Malicious software, messages or threats designed to scare people into installing malware and software. A website popup that claims your “computer may be infected with harmful spyware” will send you...

Scholarship scam is described as a situation where fraudsters offer a fraudulent scholarship to attract the victims. Sometimes the seminars do provide some useful information, but actually they are...

A site scraper can be defined as a kind of software that duplicates content from a website. Site scrapers work similarly to web crawlers, which essentially perform the same function for the purposes...

A script kiddie is an offensive term used to refer to non-serious hackers who use existing computer scripts or code to hack into computers, rather than them creating their own due to them lacking the...

Second party fraud, or money mules, is where a person allows another to use their identity or personal information to perform fraud. Businesses may find second party fraud difficult to detect and...

A Secure Element (SE) is a microprocessor chip which can store sensitive data and run secure apps such as payment. It acts as a vault, protecting what's inside the SE (applications and data) from...

Security protocol, also called cryptographic protocol, could be described as a sequence of operations that ensure the protection of data. Used with a communications protocol, it provides secure...

Security Threat and Risk Assessment can be defined as a technique that classifies the overall business and security risks with the aim of defining the competence of security controls, together with...

A security token is a physical device used to gain access to an electronically restricted resource. The token is used in addition to or in place of a password. It acts like an electronic key to...

Sensitive data is defined as information that is protected against unwarranted disclosure. Access to sensitive data must be safeguarded. Protection of sensitive data may be required for legal or...

The Serious Fraud Office (SFO) is a non-ministerial government department of the Government of the United Kingdom that investigates and prosecutes serious or complex fraud and corruption in England,...

A shopping cart is a feature in online shopping that works as a temporary record of items selected for eventual purchase from the online vendor's website.

Shoulder surfing is the practice of spying on the user of an ATM, computer, or other electronic device in order to obtain their personal access information. This is generally done by looking over...

Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications. SSO can be used by...

Skimmers are essentially malicious card readers attached to real payment terminals so that they can harvest data from every person that swipes their cards. The typical ATM skimmer is a small device...

Skimming is considered a type of white-collar crime,and is described as the theft of cash from a business prior to its entry into the accounting system for that company. Although skimming is one of...

Skimming is slang for taking cash "off the top" of the daily receipts of a business (or from any cash transaction involving a third interested party) and officially reporting a lower total. The...

A smart card is a physical card that has an embedded integrated chip that acts as a security token. Smart cards are typically the same size as a driver's license or credit card and can be made out of...

The process of laundering money by breaking up large funds into multiple bank accounts to operate under the radar of law enforcement agencies.  In the gaming industry, the term refers to players who...

Sniffing is the process of monitoring and capturing all data packets passing through given network, and is illegal to be done by an unauthorized party. This stolen information can be used for fraud...

Psychological manipulation done through human interaction that gets people to reveal personal information for fraudulent purposes. It can happen in one or multiple steps, and can range from basic to...

Social media is a large platform where people entertain, communicate, and connect with the world. It consists of different social networking sites which can be used by hackers and fraudsters to steal...

Social media intelligence refers to the collective tools and solutions that allow organizations to begin conversations, respond to social signals and synthesize social data points into meaningful...

Social Security fraud usually occurs when an unauthorized third-party gains access to an individual's Social Security number and exploits it for their own financial benefit.

Social media tracking or monitoring is a process of using social media channels to track, gather and mine the information and data of certain individuals or groups, usually companies or...

A Social Security number (SSN) is a nine-digit number that the U.S. government issues to all U.S. citizens and eligible U.S. residents who apply for one. The government uses this number to keep track...

Software piracy is the illegal copying, distribution, or use of software. It is such a profitable "business" that it has caught the attention of organized crime groups in a number of countries....

Spam refers to an irrelevant or inappropriate message sent on the Internet to a large number of recipients. These messages are often used by scammers to trick people into providing their personal...

Spear phishing describes when phishing is done with specific targets in mind; this allows messages to these people to appear more legitimate, or as if they are being sent by a legitimate user. For...

A spider is a program that visits Web sites and reads their pages and other information in order to create entries for a search engine index. All major search engines on the Web have these kinds of...

A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls.