Gal Dadon
Welcome to our essential Fraud Dictionary, an invaluable tool for anyone interested in the realm of fraud prevention and financial crime. Whether you’re an aspiring student, an industry professional, or someone simply keen on understanding the intricacies of fraud, this compendium offers a deep dive into over 500 crucial fraud-related terms and concepts. From basic terminology like “Fraud Alert” and “Fraud Prevention” to specialized jargon such as “Fraud Triangle” and “Follow-the-Money Techniques,” our dictionary encompasses a wide array of topics essential for understanding fraud and its countermeasures.
Each entry is meticulously defined and expounded upon, offering clarity on its significance in the framework of fraud prevention protocols and regulations. The terms are carefully arranged and displayed in alphabetical order, ensuring effortless navigation. This is more than just a glossary; it’s a thorough guide crafted to arm you with the language and insights required to traverse the complicated terrain of fraud prevention and associated financial crimes.
So, whether your goal is to become an expert in the field or to familiarize yourself with the basics, our Fraud Dictionary is your ultimate reference for precise, comprehensive, and current information.
A
Account Reconciliation: The act of confirming that the balance in one’s records of transactions aligns with the balance reported by the bank. This is an essential anti-fraud measure.
Account Takeover: The unauthorized access and use of someone else’s account, usually for financial gain.
Accounting Fraud: Manipulation or falsification of accounting records to present a false picture of a company’s financial condition.
Address Verification Service (AVS): A service that verifies the user-provided billing address against the address on file with the credit card company, commonly used to prevent fraud in credit card transactions.
Ad Fraud: The practice of fraudulently representing online advertisement impressions, clicks, or conversions to generate revenue.
Advance Fee Fraud: A scam in which the victim pays money upfront in the promise of receiving a large sum later, which never materializes.
Adaptive Authentication: Dynamic authentication processes that adjust based on the risk profile of a network or transaction.
Affinity Fraud: Investment scams that target members of identifiable groups, such as religious or ethnic communities.
Alert: A warning, often automated, of suspicious activity that may be fraudulent.
Anti-Fraud Controls: Specific activities or procedures implemented to minimize fraud risk.
Anti-Phishing: Measures implemented to prevent phishing attacks.
Anti-Tampering: Measures put in place to detect or deter unauthorized alteration of physical or digital information.
Anonymous Transaction: A transaction where the identity of the participant(s) is unknown or concealed.
Application Fraud: Fraud that occurs when someone provides false information to obtain some form of official documentation or approval.
Application Layer Security: Security measures aimed at protecting the application layer of a network where much of the sensitive data might be stored or processed.
Asset Forfeiture: Legal process that allows law enforcement agencies to seize assets that have been involved in illegal activity, often related to fraud or financial crime.
Asset Misappropriation: The act of abusing one’s position to take assets from an employer or business partner.
Attack Vector: The means by which unauthorized access is gained to a device or a network to deliver a payload or malicious outcome.
Attribution: The process of establishing who has committed a fraud, often as part of an investigation.
Audit Trail: A record or log that allows a transaction to be traced back to its source.
Auditability: The ability to conduct an independent evaluation of data or processes, often essential for legal compliance and fraud prevention.
Authentication: The process of verifying the identity of a person or entity.
Authorization: The granting of rights, which includes the process of verification and authentication.
Automated Clearing House (ACH): A network for batch processing of electronic transactions, commonly used for payments and fund transfers, and sometimes used for fraud.
B
Backtrace: The act of tracing the origin of something, such as a cyber-attack or fraud attempt, back to its source.
Bait and Switch: A deceptive practice where an item or service is advertised at a low price to attract customers, but then the advertised item is not actually available, and the customer is steered towards a more expensive option.
Bank Identification Number (BIN): The initial four to six numbers on a credit card that identify the issuing bank. Checking the BIN can be a method to prevent fraudulent transactions.
Bank Secrecy Act (BSA): U.S. legislation that requires financial institutions to assist government agencies in detecting and preventing money laundering and fraud.
Bearer Instrument: A financial instrument such as a check or bond that is payable to whoever is in possession, making it susceptible to fraud if stolen or manipulated.
Behavioral Analytics: The use of data analytics techniques to understand the behavior of users, often employed to identify anomalous or potentially fraudulent activities.
Bid Rigging: A fraudulent scheme in which businesses collude so that a competing business can secure a contract for goods or services at a pre-determined price.
Billing Fraud: A type of fraud where false or inflated invoices are submitted for payment or reimbursement.
Bioencryption: Combining biometric data with encryption methods to enhance the security of data and communications, often used in fraud prevention.
Biometric Spoofing: The act of tricking a biometric security system into granting unauthorized access using fake biological data.
Biometric Verification: The use of physiological or behavioral characteristics such as fingerprints, facial recognition, or voice patterns to confirm an individual’s identity, commonly used in fraud prevention.
Bitcoin Tumbling: The act of using a third-party service to mix potentially identifiable or ‘tainted’ cryptocurrency funds with others, so as to obscure the trail back to the original source.
Black Hat: An individual who conducts illegal or unethical hacking activities, often for the purpose of fraud or financial gain.
Blacklist: A list of individuals or entities that have been identified as risky or unwelcome, often used to screen out potentially fraudulent transactions.
Blind Drop: A location where merchandise purchased fraudulently is received by a third party, thereby making it more difficult for authorities to trace.
Blinding: A technique in cryptography that allows data to be transformed in a way that conceals its original content, used for privacy and fraud prevention.
Blockchain: A digital ledger that provides a secure way of making and recording transactions, often used in fraud prevention within cryptocurrencies.
Bogus Invoice Scheme: A type of fraud where fake invoices are created for goods or services that were not actually delivered or rendered.
Bot: An automated software program that can carry out tasks on the Internet, sometimes used for fraudulent purposes like web scraping or automated account creation.
Botnet: A collection of internet-connected devices that are infected and controlled by a common type of malware. Botnets are often used to conduct various types of fraud, including Distributed Denial of Service (DDoS) attacks.
Breadcrumbs: Pieces of data that are left behind during online activity, which can be pieced together to track or identify fraudulent behavior.
Bridge Attack: Also known as a relaying attack, this is where an attacker relays communication between parties making each believe they are directly communicating with each other. Often used in payment or identity fraud schemes.
Brick-and-Mortar Fraud: Fraudulent activities conducted in a physical business location, as opposed to online.
Brandjacking: The act of assuming the online identity of a brand or individual, often for the purpose of deceiving people or defrauding them.
Browser Fingerprinting: The practice of collecting data about a user’s browser settings to uniquely identify them. Sometimes used fraudulently to track users without their consent.
Brute Force Attack: A hacking method that involves systematically guessing passwords or encryption keys until the correct one is found. It’s a common method used in various types of fraud.
Bucket Shop: An illegitimate brokerage firm that conducts fraudulent or deceptive trading activities.
Bulk Purchase Scam: A type of scam where the fraudster makes a large purchase with stolen credit card information and then attempts to resell the purchased goods.
Burner Phone: A disposable mobile phone, often used in fraudulent activities due to its anonymity.
Business Continuity Plan: A plan for how to continue business operations in the case of adverse events like cyberattacks or fraud.
Business Email Compromise (BEC): A type of scam targeting companies who conduct wire transfers, often tricking employees into transferring money into fraudulent accounts.
Business Identity Theft: When a fraudster poses as a business to defraud suppliers, creditors, or financial institutions.
Business Logic Attack: An attack that takes advantage of the application’s functionality, often related to e-commerce fraud.
Business Risk Assessment: The process of identifying and evaluating risks, including fraud risks, that could affect the achievement of business objectives.
Business Rules Engine: Software that provides a way to execute complex decision trees, often used in fraud detection algorithms.
C
Caller ID Spoofing – A technique used to mask the identity of a caller by displaying a different phone number than the one from which the call was placed, often used in phishing scams and fraud.
Captcha – A Completely Automated Public Turing test to tell Computers and Humans Apart. It’s often used to prevent bots from automating tasks on websites.
Card Not Present (CNP) Transaction – A type of transaction where the cardholder does not physically present the card for a merchant’s visual examination, making it susceptible to fraud.
Carding – A fraudulent practice where stolen credit card information is used to make small online purchases to check the validity of the card.
Cash Advance Scam – A type of fraud where individuals are tricked into forwarding a “cash advance” under the pretense of future rewards or compensation.
Cashback Fraud – A scheme in which a purchaser uses a debit card to make a purchase and requests cashback, only to dispute the transaction later.
Catfishing – Creating a fake online profile to deceive people, commonly used in online dating fraud or identity theft.
Certificate Authority (CA) – An entity that issues digital certificates, often used in the encryption and secure identification of people and resources.
Chain Letter Scam – A form of pyramid scheme in digital or physical letters, often promising huge profits for forwarding the letter to others.
Chain of Custody – The process of maintaining and documenting the handling of evidence, which is crucial in cases of fraud investigations.
Challenge-Response Authentication – A method used to prove the identity of someone by challenging them to provide a valid response to a question or a set of questions.
Check Fraud – A type of fraud that involves the unlawful use of checks to illegally acquire or borrow funds.
Checksum – A computed value based on the data set, used to verify the integrity of data during transmission.
Chief Security Officer (CSO) – A corporate executive responsible for the security of personnel, physical assets, and digital assets.
Cipher – An algorithm for performing encryption and decryption.
Click Fraud – The practice of repeatedly clicking on an advertisement hosted on a website with the intention of generating revenue for the host site or draining revenue from the advertiser.
Clickjacking – Deceptive techniques that trick users into clicking on something different from what they think they are clicking on, leading to unauthorized actions or data exposure.
Cloning – Copying the identity or essential data from one entity to another, often used in card fraud or identity theft.
Code Injection – The introduction of code into an application or system, often malicious in intent, to manipulate the system for data theft, fraud, or other unauthorized activities.
Cold Boot Attack – An attack that involves rebooting a computer without following the shutdown process, sometimes used to recover encryption keys or other sensitive data.
Collateral Fraud – A type of fraud where false or misleading information is provided concerning the value or existence of collateral to secure a loan.
Collusion – When two or more entities work together to deceive or commit fraud.
Common Criteria – A set of guidelines used to evaluate the information security of a product or system.
Confidentiality – The principle of preventing unauthorized disclosure of information.
Confirmation Fraud – Occurs when someone unauthorized intercepts and either alters or fraudulently creates a confirmation response to the requesting party.
Consumer Fraud – Fraud committed against consumers, often involving deceptive, unfair, or false business practices.
Content Spoofing – A technique used to trick a user into thinking that content appearing on a website is legitimate when it is not, often used for phishing or fraud.
Contingency-Based Fraud – A type of fraud where the fraudster attempts to receive funds or benefits under the contingency of a certain event, often falsified, happening.
Continuous Monitoring – Ongoing scrutiny of a system or network to detect unauthorized changes or activities that may indicate fraud.
Corporate Account Takeover – Unauthorized access and manipulation of a business’s bank accounts, often for transferring funds fraudulently.
Corporate Fraud – Fraudulent activities perpetrated by individuals within a corporation, often high-level executives, to benefit themselves at the expense of the shareholders.
Counterfeit – A fraudulent imitation of something else, such as currency, designer goods, or identification cards.
Counterfeit Card Fraud – The creation and use of a fake credit or debit card, often with stolen card data.
Covert Channel – A communication channel that allows two cooperating processes to transfer information in a way that violates the system’s security policies.
Credential Harvesting – Collecting user IDs, passwords, or other authentication features for unauthorized use.
Credential Stuffing – The automated injection of breached username/password pairs to gain access to user accounts.
Crimeware – Software designed to facilitate illegal activity, including fraud.
Crimeware-as-a-Service (CaaS) – Platforms that offer services such as selling, renting, or distributing crimeware, often used in fraud schemes.
Cross-Channel Fraud – Fraud that involves the use of multiple channels (e.g., online, in-store, mobile) to execute a single fraudulent activity.
Cross-Site Request Forgery (CSRF) – An attack that tricks the victim into submitting a malicious request, often used in web application attacks.
Cryptography – The practice of secure communication techniques, often used to protect against fraud.
Cybersecurity Framework – A set of guidelines and best practices to manage cybersecurity risks.
Cyberstalking – The use of electronic communication to stalk or harass an individual, sometimes associated with identity theft or other forms of fraud.
Cyber Threat Intelligence – Information used by an organization to understand and defend against the cybersecurity threats it is facing.
Customer Identification Program (CIP) – Policies in place to verify the identities of customers, often part of an organization’s anti-fraud and anti-money laundering efforts.
D
Decoy Systems – Also known as “honeypots,” these are fake systems designed to lure attackers away from real targets.
Deepfake – Media, often video or audio, that has been altered using artificial intelligence, sometimes used in fraud schemes.
Demographic Analysis – The use of demographic data to better understand categories of people, which can help in identifying fraudulent activity.
Device Fingerprinting – Gathering information about a device for the purposes of identification, often used in fraud detection systems.
Device ID Spoofing – Changing the identifiers of a device to impersonate another, often used in mobile fraud schemes.
Digital Certificate – A digital credential used to verify the identity of individuals or systems, often used in secure communications.
Digital Footprint – The information about a particular individual that exists online as a result of their online activities, which could be used in identity theft.
Digital Forensics – The practice of collecting, analyzing, and preserving electronic evidence in order to investigate and prevent cybercrime, including fraud.
Digital Identity – The digital representation of an entity used for identification in electronic transactions.
Digital Signature – A cryptographic signature that verifies the document has not been altered, often used for fraud prevention in digital transactions.
Digital Wallet – A system that securely stores users’ payment information and passwords for numerous payment methods, vulnerable to certain types of fraud if not secured properly.
Disposable Email Address – An email address used and discarded after a short period of time or after use, often used in online fraud schemes.
Document Fraud – The forgery or alteration of a document with the intent to deceive or defraud.
Dormant Account – An account that has been inactive for an extended period, sometimes targeted for fraud due to lower levels of monitoring.
Doxing – Publicly releasing private or sensitive information about an individual without their consent, often used in various forms of online harassment and fraud.
Dropper – A type of malware designed to install other types of malware, sometimes used in multi-stage fraud schemes.
Dummy Account – A fake account set up to cover the transaction trail, often used in money laundering or other fraudulent activities.
Dumps – Slang term used to describe a string of information that is pulled (typically by malicious software) from a credit card’s magnetic stripe.
Due Diligence – Comprehensive research or investigation to confirm facts or details, typically before entering into an agreement or transaction with another party.
Duty of Care – A legal or ethical obligation to act in the best interests of an individual or group, often considered in cases involving negligence or fraud.
Dwell Time – The amount of time that a threat remains undetected or active within an environment, which can be crucial in fraud detection and prevention.
Dwell Time Metrics – Metrics related to the time between the first evidence of a compromise and the time it is discovered, important for understanding and improving fraud detection capabilities.
Dynamic Analysis – In the context of cybersecurity, this refers to the evaluation of a program’s behavior during runtime, often used to identify potential fraudulent or malicious activities.
Dynamic Encryption – The use of changing encryption algorithms or keys to secure a data stream or communication channel.
Dynamic Risk Assessment – Continuously assessing and updating risk levels based on real-time data and metrics, often used to quickly identify fraud attempts.
Dynamic Threat Intelligence – Real-time or near-real-time information that helps organizations identify risks and vulnerabilities, often used to update fraud prevention measures.
Dynamic Verification – A security process that requires verification through multiple methods that change over time, often employed in secure financial transactions to minimize the risk of fraud.
E
Early Fraud Warning – A system that alerts financial institutions and account holders to potentially fraudulent activity before substantial damage occurs.
Electronic Fund Transfer Act (EFTA) – U.S. law established to protect consumers engaging in electronic fund transfers, including guidelines on what is considered unauthorized use and potential fraud.
Email Filtering – The use of software to sort incoming emails based on specific criteria, often used to filter out phishing emails or other malicious communications.
Email Spoofing – The practice of changing the sender’s address in an email to make it appear as though it comes from another source, commonly used in phishing attacks.
Email Verification Service – A service that verifies the authenticity of an email address, often used in account creation to prevent fraud.
Emergency Response Plan – A set of instructions aimed at handling emergency situations, including data breaches or fraud attempts, effectively and swiftly.
Enterprise Fraud Management (EFM) – A technology solution that uses various data analytics techniques to detect potentially fraudulent transactions across a variety of systems and applications within an enterprise.
Enterprise Risk Management (ERM) – A business strategy aimed at identifying, assessing, and preparing for any dangers, hazards, and other potentials for disaster that may interfere with an organization’s operations and objectives.
Entity Behavior Analytics – Monitoring the normal behavior of entities within a network (which could be user accounts, devices, or other nodes) and flagging unusual behavior that could indicate fraud.
Entity Link Analysis – A process used to evaluate relations and connections between multiple entities (like individuals or organizations), commonly used in advanced fraud detection and investigation.
Escrow Fraud – A fraudulent scheme involving the manipulation or fraudulent use of an escrow service.
Escrow Service – A service where a trusted third party holds onto money or goods until all terms of a transaction are met, often used to prevent fraud in online transactions.
Event Correlation – Linking related records and identifying patterns that might indicate a security issue, such as multiple failed login attempts, which might indicate a brute force attack.
Event Logging – The process of recording events taking place in the operating system or software, often used for reviewing system behavior and detecting signs of fraud.
Event Triggers – Specific conditions or thresholds that, when met, initiate a particular response, like generating an alert for potential fraud.
Evidence-based Risk Management – Making risk management decisions based on empirical evidence rather than assumptions or gut feeling.
Exception Monitoring – The practice of flagging and investigating anomalies or irregularities in systems or transaction data that could be indicative of fraud.
Exclusion List – A list of entities that are denied a particular privilege, service, mobility, access, or recognition, commonly used in fraud prevention to block known malicious IP addresses or user accounts.
Exfiltration – The unauthorized copying, transfer, or retrieval of data.
Exposure Assessment – An analysis to identify the vulnerabilities and risks that an organization faces, often as a step in developing a fraud prevention strategy.
External Audit – An independent examination of a company’s financial statements and related operations to confirm accuracy and compliance with accounting standards and regulations.
External Threats – Risks or dangers that originate from outside an organization or network.
Extrinsic Fraud – Fraud that deceives the court to obtain an unjust decision, as opposed to intrinsic fraud, which involves deceiving an opposing party.
Exponential Backoff – An algorithmic strategy that increases the time interval between successive attempts at a task, often employed in network protocols to manage contention and used in fraud detection to identify automated attacks.
Eyeballing – Manual inspection of data, logs, or systems for suspicious activity as part of a fraud detection or cybersecurity strategy.
F
Fair and Accurate Credit Transactions Act (FACTA) – U.S. federal law aimed at the prevention and penalization of consumer fraud and identity theft.
Fair Credit Billing Act – A U.S. federal law that details the rights and responsibilities of credit card companies and consumers in cases of billing errors, including fraudulent charges.
Fair Credit Reporting Act (FCRA) – U.S. federal legislation that promotes the accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies, including those that report on consumer creditworthiness.
False Authorization – A situation where someone gains permission to execute a transaction by deceit or without proper consent, leading to unauthorized or fraudulent activities.
False Identification Crime Control Act – A U.S. federal law that makes it illegal to manufacture or possess false identification documents.
False Negative – A situation where a security tool fails to detect a real threat, such as an actual case of fraud.
False Positive – An alert generated by a security tool that inaccurately indicates a threat, such as a fraudulent transaction, where none exists.
Federated Identity – A form of identity management where the same credentials can be used to access multiple services, making authentication more convenient but also needing to be secured to prevent fraud.
File Integrity Monitoring – A security measure where files are automatically checked for any unauthorized changes.
Filter Rules – Criteria set in fraud prevention systems to flag or automatically deny suspicious transactions based on specific parameters.
Financial Action Task Force (FATF) – An intergovernmental organization to combat money laundering, terrorist financing, and other related threats to the international financial system.
Financial Crime Compliance – Policies, procedures, and systems implemented by financial institutions to detect and prevent illegal activities, including fraud.
First-party Fraud – Fraud committed by an individual using their own identity but with no intention of paying back the money borrowed or services rendered.
Fishing – A lesser-known term than “Phishing,” it refers to the practice of setting ‘bait’ to catch potential fraudsters in the act. Unlike phishing, fishing is often done by security teams to identify vulnerabilities and potential fraud risks.
Financial Identity Theft – The fraudulent acquisition and use of a person’s private financial information, usually for monetary gain.
Flagging – The action of marking an item, such as a transaction, for further review due to suspicious characteristics.
Follow-the-Money Techniques – Investigation techniques used to trace the movement of money in order to discover the source and beneficiaries, often used in fraud and money laundering investigations.
Footprinting – The process of collecting as much information as possible about a target system to find ways to penetrate it, which in some cases may be a precursor to fraud or cyberattack.
Forensic Accounting – A specialized area of accounting that focuses on detecting and analyzing financial discrepancies, often used in fraud investigations.
Forgery – The act of falsely making or altering a document with the intent to defraud.
Fraud Alert – A warning added to a credit report to alert potential creditors that the individual may be a victim of identity theft or fraud.
Fraud Analytics – The application of data analytics methods for detecting and preventing fraudulent activities.
Fraud Chain – A series of related fraudulent activities, often involving multiple fraudsters or fraudulent transactions linked to a single source or methodology.
Fraud Detection System – A set of processes and solutions that monitor transactions for signs of fraudulent activity.
Fraud Investigation – The process of examining and evaluating evidence to identify and prove fraudulent activity.
Fraud Management Lifecycle – The stages of managing fraud, from prevention and detection to investigation and resolution.
Fraud Prevention – Measures taken to detect and ward off fraudulent activities before they can cause harm.
Fraud Risk Assessment – An analysis to identify and evaluate the potential risk areas that could expose an organization to fraudulent activities.
Fraud Ring – A group of collaborators who engage in fraudulent activities, often more sophisticated and harder to detect than individual fraudsters.
Fraud Score – A numerical value representing the likelihood that a given transaction or activity is fraudulent, usually generated by automated systems.
Fraud Triangle – A model for explaining the factors that cause someone to commit occupational fraud, including opportunity, pressure, and rationalization.
Fraudster – An individual who engages in fraudulent activities for personal gain.
Fraudulent Disbursement – A type of fraud where an employee or fraudster causes the company to issue a payment for a false or inflated invoice or other invalid financial request.
Frequency Analysis – In fraud prevention, it refers to the study of how frequently certain activities or patterns occur within a dataset to identify anomalies or possible instances of fraud.
Friendly Fraud – A type of fraud in which a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services.
Front Company – A business that exists only on paper and has no office or employees, often used to conceal fraudulent or illegal activities.
Frozen Account – An account through which no transaction can be made, often a measure taken when fraudulent activity is suspected.
Fuzz Testing – A quality assurance technique used to discover coding errors and security vulnerabilities in software, sometimes used to find weaknesses that could be exploited for fraud.
Fuzzy Logic – In the context of fraud prevention, it refers to the use of mathematical algorithms that accept imprecise
G
Gaming the System – Manipulating rules, terms, or conditions to get undeserved benefits, often considered a form of fraud.
Gang Fraud – When multiple individuals work together in a coordinated effort to commit fraud. This can be more challenging to detect and prosecute than fraud committed by a single individual.
Generic Scams – Fraudulent schemes that are not targeted to specific sectors or individuals, but are rather broad-based in their appeal and approach.
Geo-Blocking – The practice of restricting access to content based upon the user’s geographical location, sometimes used as a fraud prevention measure.
Geo-Fencing – Creating a virtual boundary around a physical area that triggers a response when a mobile device enters or leaves the area, often used in fraud prevention to detect suspicious activity.
Geo-IP Filtering – Blocking or allowing traffic based on geographical IP addresses, often used to restrict access from locations associated with high rates of fraud.
Geo-Spoofing – The act of faking one’s geographical location using various technologies like VPNs or GPS spoofing, often to commit fraud or circumvent geo-restrictions.
Geo-Tagging – The act of marking a video, photo, or other media with geographical information. This can sometimes be manipulated in fraudulent activities.
Geo-Velocity Checks – Analyzing the geographical locations from which consecutive logins or transactions are made within a certain timeframe to detect potentially fraudulent activities.
Ghost Account – An account that is set up but not actively used, often for fraudulent or deceptive purposes.
Ghost Terminal – A point-of-sale terminal or virtual terminal where transactions are processed without the merchant’s knowledge, often part of a larger fraudulent scheme.
Gift Card Fraud – The unauthorized use, tampering, or generation of a gift card or its numbers, often with the intent of making unauthorized purchases.
Global Fraud Index – A comprehensive measure or report that tracks fraud attempts and actual fraud incidents across different regions and industries.
Global Positioning System (GPS) Fraud – Manipulating GPS data to give false locations, sometimes used in various types of frauds like shipping or transportation fraud.
Golden Record – A comprehensive, well-maintained database or file that serves as a reliable source for the cleanest, most accurate, and most complete data available, often used in fraud detection systems for cross-referencing.
Goods Not Received (GNR) – A common type of online shopping fraud where the buyer pays for goods that are never delivered.
Government Accountability Office (GAO) – In the U.S., a government agency that provides auditing, evaluation, and investigative services for Congress. It often investigates cases related to fraud, waste, and abuse of government funds.
Government Impersonation Scams – Scams where fraudsters pose as government officials to collect personal information or money from victims.
Graph Analysis – In the context of fraud prevention, a method for visually representing data to show relationships that may indicate fraudulent activities.
Graphical Password – A password system that uses images, shapes, or colors instead of letters and numbers, providing an alternative to traditional passwords that can be more secure against certain types of fraud.
Grayware – Software that is not overtly malicious but may perform actions that are unwanted or risky, potentially leading to fraud or security vulnerabilities.
Greed Attacks – A form of attack in which an attacker exploits human greed to gain access to information or resources, often used in social engineering and phishing attempts.
Greenscreen Fraud – A type of fraud involving the manipulation of video or photo evidence, usually by using a greenscreen to alter the background or circumstances in the image.
Genuine Presence Assurance – A technology or methodology used to ensure that a real human is present during a digital transaction or authentication process, reducing the risk of bots or automated fraud.
Group Policy – In the context of Windows operating systems, a set of rules that controls the working environment, often used to implement security settings that can help in fraud prevention.
Grooming – The act of building trust with a person over a period of time in order to exploit them later, commonly seen in online fraud and scams.
Guaranteed Transaction – A transaction that a party guarantees will be completed as agreed. The term is often exploited in fraudulent schemes to create a false sense of security.
Guarantor Fraud – A fraud that involves an individual providing false or deceptive information when agreeing to be a guarantor for someone else’s loan or credit application.
Guerrilla Marketing Fraud – Deceptive practices that involve fake viral campaigns or endorsements, usually done without the knowledge or consent of the featured individuals or brands.
Guilty Knowledge Test – A type of lie detector test aimed at revealing whether the subject knows details that only a guilty person would know, sometimes used in fraud investigations.
Guiltware – Software that uses moral pressure to encourage users to pay for it, not inherently fraudulent but can be manipulated for deceptive practices.
H
Harvesting – The collection of large amounts of data, often personal or confidential, for the purpose of using or selling it in fraudulent activities.
Healthcare Fraud – Fraudulent activities aimed at cheating or defrauding healthcare systems, often by submitting false claims or providing counterfeit or unnecessary treatments.
Heatmaps – Graphical representations of data where individual values are represented as colors. In fraud prevention, heatmaps can be used to visualize activity patterns that may indicate fraudulent behavior.
Heuristic Analysis – A method used to detect malicious activities or fraud by examining code behavior or data patterns, rather than relying on known signatures of fraud.
Heuristic-based Detection – A method of detecting viruses and malicious activities based on the behavior of files rather than known virus signatures, often used in fraud prevention software.
High Carding – A fraudulent practice where a criminal tests the validity of stolen credit card data by making small online purchases that are less likely to trigger fraud alerts.
High Interaction Honeypots – Honeypots that emulate the activities of the production systems that host a variety of services and are able to capture extensive information, often used to attract more experienced fraudsters.
High-Pressure Tactics – Methods used to aggressively coerce or manipulate individuals into making quick decisions, often used in various fraud schemes.
High-Risk Indicators – Factors or signs that increase the likelihood of fraudulent activity, often used in fraud prevention algorithms.
Hidden Markov Models – In the context of fraud prevention, these statistical models can be used to predict the likelihood of a certain event occurring, such as fraudulent transactions.
Hill Climbing Attacks – A form of attack where an attacker tries multiple inputs to find the one that gives a desired output, used in cracking encrypted data for fraud.
History Sniffing – A tactic where websites can determine which other sites the user has visited, potentially exploiting this data for fraudulent purposes.
Honeypot – A decoy computer system set up to attract and trap people attempting unauthorized use, often used to study hacking techniques and for fraud prevention.
HTTP Cookies – Small pieces of data stored by websites on the user’s computer that can sometimes be exploited for tracking behavior and potentially for fraud.
Human Verification – A process used to determine whether a user is human or an automated bot, often through CAPTCHA tests, to prevent automated fraud attempts.
Hybrid Attack – A type of cyberattack that uses a combination of methods to commit fraud or gain unauthorized access, making it harder to defend against.
Hybrid Fraud – A complex fraud scheme that combines different types of fraud or employs multiple tactics to avoid detection.
Hygiene Factors – In cybersecurity, basic elements or protocols that must be in place for securing a system, such as strong passwords and regular software updates, which contribute to reducing the risk of fraud.
I
Identity Fraud – The act of using a stolen or fictitious identity to commit fraud.
Identity Score – A numerical representation of the risk associated with a particular identity, based on various data points and behavioral factors, often used in real-time fraud prevention.
Identity Theft – The fraudulent acquisition and use of another person’s personal information, often for financial gain.
Image Forgery Detection – Techniques used to determine if an image has been manipulated or altered, often used in the context of document fraud.
Impact Assessment – An evaluation of the adverse effects that a breach or fraud could have on an organization, usually part of a broader risk assessment.
IMAP Protocol Attacks – Attacks exploiting vulnerabilities in the Internet Message Access Protocol (IMAP), often for gaining unauthorized access to emails for fraudulent activities.
Immutable Logs – Secure, write-once log files that cannot be altered. They are often used in security-sensitive applications for fraud detection and forensic analysis.
Impersonation – The act of pretending to be someone else to deceive or defraud.
Ingress Filtering – A technique used to ensure that incoming packets are actually from the networks from which they claim to originate, often used to prevent IP spoofing and related types of fraud.
Incident Forensics – The practice of collecting, analyzing, and interpreting electronic evidence to reconstruct a security incident such as fraud or data breach.
Indicators of Compromise (IoC) – Pieces of information used to detect malicious activities. In the context of fraud prevention, IoCs can be used to identify potentially fraudulent actions.
Indicators of Compromise (IoC) – Pieces of information used to detect malicious activities. In the context of fraud prevention, IoCs can be used to identify potentially fraudulent actions.
Information Harvesting – The gathering of significant amounts of information from various sources, often illegally, for purposes such as fraud or identity theft.
Inheritance Scams – A type of financial scam where the fraudster convinces the victim that they have inherited money but must first pay taxes or fees in order to claim it.
Input Validation – The practice of ensuring that all input data is valid before it is used, helping to prevent a wide range of security issues including many types of fraud.
Instant Payment Fraud – Fraud committed by making quick transfers or transactions that are hard to reverse, usually using compromised or stolen financial details.
Insider Threat – A security threat that originates from within the organization, often perpetrated by employees, former employees, or business affiliates.
Insurance Fraud – False or exaggerated claims made to an insurance company for the purpose of financial gain.
Interactive Voice Response (IVR) Fraud – Fraudulent activities involving the use of automated voice systems, often used in financial institutions, to extract sensitive information.
Internal Controls – Procedures and policies implemented within an organization to ensure the integrity of financial and accounting information, prevent fraud, and produce reliable financial reports.
Inventory Fraud – The act of intentionally misrepresenting the value or quantity of a business’s inventory to make the business appear more profitable and thereby defraud investors, auditors, or regulatory bodies.
Investment Scams – Fraudulent activities that involve enticing individuals to invest in a scheme, shares, or commodities, where the returns are non-existent, very low, or come from the funds of subsequent investors.
Invoice Fraud – Submission of false, duplicate, or inflated invoices with the intent to defraud either an organization or its customers.
IP Address Spoofing – Creating IP packets with a false source IP address to hide the identity of the sender or impersonate another system.
IP Blacklisting – The practice of blocking specific IP addresses or ranges to prevent them from accessing a particular service, often used to block known fraudsters.
IP Geolocation – The technology used to match a geographical location with an individual’s internet connection, often used to detect potentially fraudulent activities based on inconsistencies in location data.
IP Whitelisting – The practice of pre-approving specific IP addresses to grant them access to a particular service, opposite of IP blacklisting, used to allow only legitimate users or systems.
Irregular Behavior Analysis – The use of analytics to detect patterns of activity that deviate from the norm, which could be indicative of fraudulent actions.
Issuer Authentication – The process by which the issuer of a credit card is authenticated before a transaction is approved, used to reduce the risk of fraud.
J
Jackpotting – A type of attack on Automated Teller Machines (ATMs) where malware or hardware is used to force the machine to dispense large amounts of cash.
Jitter – In security, adding small, random delays to timing-sensitive operations to obfuscate them and prevent timing-based attacks, which could be used in fraud schemes.
Job Scams – Fraudulent job offers or recruitment methods aimed at extracting money or personal information from the job seeker.
Joint Accounts Risk – The risk associated with having financial or other accounts jointly held by more than one person, which could be exploited in fraud schemes, especially in cases of identity theft or insider fraud.
K
K-Anonymity – A privacy model that ensures that data can neither be directly nor indirectly re-identified, helping to prevent data breaches that could lead to fraud.
KBA Dynamic – Another subtype of Knowledge-Based Authentication, where questions are generated in real-time based on known information about the user, making it more resistant to fraud attempts compared to static KBA.
Keyword Stuffing – In the context of fraud, this is a deceptive technique where web pages are filled with keywords to manipulate their ranking in search results, sometimes used in scam or phishing websites.
Kiosk Fraud – Specific form of fraud targeting public computer kiosks, often by installing hardware or software keyloggers to capture user information.
L
Lateral Movement – The techniques used by attackers to move through a network after gaining initial access, potentially leading to more extensive forms of fraud or data theft.
Lawful Interception – Legal surveillance of communications, often performed by governments to detect criminal activities, including fraud.
Layered Authentication – Also known as multi-factor authentication (MFA), this refers to the use of multiple forms of verification to ensure that users are who they say they are, thus reducing the chance of unauthorized access and fraud.
Layered Security – The use of multiple security measures in tandem to create a robust security environment, making it harder for fraudsters to breach systems.
Leakage – Unintended data exposure or loss, often exploited by fraudsters to gain unauthorized access to confidential information.
Learning Algorithms – These are employed in advanced fraud detection systems to improve the detection of fraudulent activities over time by learning from identified patterns of fraud.
Legal Frameworks – Understanding and implementing the legal aspects related to fraud and data protection can help an organization enforce its fraud prevention mechanisms more effectively.
Least Privilege Access Control – An important principle in system security that limits user and system access rights to only what is strictly required for their tasks, reducing the ‘attack surface’ for fraudsters.
Least Privilege Principle – A security concept where a user is given the minimum levels of access necessary to perform their tasks. This minimizes the potential impact of fraudulent internal activities.
Legacy Systems – Older systems that may not have the latest security features, often making them targets for fraudsters exploiting known vulnerabilities.
Legal Frameworks – Understanding and implementing the legal aspects related to fraud and data protection can help an organization enforce its fraud prevention mechanisms more effectively.
License Key Fraud – The illegal distribution or use of software license keys to activate pirated software, often sold fraudulently.
Lifecycle Management – Managing the complete lifecycle of users, accounts, and systems ensures that obsolete or dormant elements are properly deactivated or removed, reducing opportunities for fraud.
Limit Checks – Security controls that impose limits on transactions or activities to mitigate the risks associated with fraud.
Limit Setting – In the context of financial transactions, limits can be set to flag or prevent transactions above a certain value without additional verification, reducing the risk of large-scale fraud.
Link Analysis – A technique used in fraud detection to evaluate relationships between different entities or data points, helping to uncover complex fraud schemes.
Link Manipulation – Altering the content or function of hyperlinks, often to deceive users into visiting fraudulent websites or downloading malicious software.
Live Monitoring – Real-time surveillance of systems and networks to quickly identify and respond to signs of fraudulent activity as it happens.
Location-based Restrictions – Geofencing or IP-based location checks can be employed to block or flag transactions originating from specific locations known for high rates of fraud.
Log Aggregation – The practice of consolidating logs from various sources into a unified data set for easier monitoring and analysis, useful in advanced fraud detection systems.
Log Analysis – The process of reviewing and analyzing computer logs to monitor and detect suspicious activities that may indicate fraud.
Log Monitoring – Automated systems for keeping track of system logs to identify unusual or unauthorized activities that may signify fraud.
Login Credentials – A combination of username and password used to access an account. The theft of these can lead to unauthorized access and fraud.
Longitudinal Analysis – A method of analyzing data over a period of time to identify patterns or trends that could indicate fraudulent activity.
Longline Phishing – A type of phishing attack that targets a large number of users in a less targeted way, often in the hope of catching a few more susceptible individuals.
Look-alike Domains – Domains that closely mimic legitimate websites and are often used for phishing attacks aimed at committing fraud.
Low and Slow Attack – A form of cyber attack that avoids detection by taking actions slowly or with low frequency, often used to commit fraud without triggering security alerts.
Low-value Fraud – Fraudulent activities that are of a lower monetary value but may be conducted on a large scale, making them significant in aggregate.
Luhn Algorithm – A formula used to validate identification numbers; commonly used in the validation of credit card numbers. Circumventing this algorithm can be a component of financial fraud.
Lurking – The practice of silently observing online forums, chat rooms, or networks, sometimes for the purpose of gathering information to commit fraud.
M
Machine Learning Algorithms – Algorithms that allow software to learn from data, commonly used in fraud detection systems to recognize patterns indicative of fraudulent activity.
MAC Address Spoofing – Changing the Media Access Control (MAC) address to impersonate other devices, often to facilitate fraud.
Mail Fraud – A scheme to defraud people through the postal system.
Malware – Malicious software designed to compromise computer systems, often used to facilitate fraud.
Malware Scanning – Part of a broader cybersecurity strategy aimed at identifying and neutralizing malware that might be used to commit fraud.
Man-in-the-Browser Attack (MITB) – A form of Internet fraud that exploits vulnerabilities in a user’s Internet browser, often through a Trojan horse.
Man-in-the-Middle Attack (MITM) – An attack where a fraudster intercepts and possibly alters communication between two parties without their knowledge.
Manual Review – Sometimes, automated systems flag transactions or activities that need to be manually reviewed by human experts to determine if fraud has occurred.
Market Manipulation – Fraudulent practices that involve manipulating financial markets in ways that are deceptive to investors.
Masked Data – A method of protecting sensitive information where certain data within a database is hidden or replaced with characters (masking). This can be especially important for protecting financial information and thereby preventing fraud.
Masking – The practice of hiding part of a user’s personal data to protect it during online transactions.
Masquerading – Pretending to be another entity in order to gain unauthorized access to financial or personal information, often used in email scams.
Merchant Fraud – Fraud committed by merchants, often by delivering lesser or different goods than what was promised to consumers.
Message Queues – These are often used in large-scale systems to handle asynchronous communication between different components. Ensuring the security of message queues is essential for fraud prevention, especially in financial transactions.
Metadata Analysis – Analyzing data about other data, used in fraud prevention to identify unusual or suspicious patterns.
Micro-Deposit Verification – A process often used by banks to verify account ownership by sending small, random deposits to the account and asking the user to confirm the amounts.
Misrepresentation – Presenting false information with the intent to deceive, commonly used in different types of fraud.
Mitigation Strategies – Plans and actions designed to minimize the impact of realized fraud risks.
Mixed Environment – Many organizations use a combination of cloud services and on-premises solutions. Each environment has its own set of fraud risks that must be managed.
Mobile Device Management (MDM) – Security software used by an IT department to monitor, manage, and secure employees’ mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems.
Mobile Fraud – Fraudulent activities specifically targeting mobile devices, such as mobile banking fraud, app fraud, etc.
Model Training – In machine learning, the process of training a model to detect fraud based on a dataset of known outcomes.
Monitoring Thresholds – Pre-set limits in monitoring systems beyond which alerts are generated for potential fraudulent activity.
Mule Accounts – Bank accounts that are used to launder money; these accounts typically belong to individuals who may or may not be aware that their accounts are being used for fraud.
Multi-Channel Fraud – Fraud that involves using multiple channels, like combining online and offline methods, to gather information and conduct fraudulent activities.
Multi-Factor Authentication (MFA) – An authentication process that requires multiple forms of verification, often a combination of something the user knows, has, and is.
Multi-Instance Architecture – In cloud environments, the use of separate instances for different tasks or users can add a layer of security that aids in fraud prevention.
Multi-Tenancy – The architectural principle where a single instance of a software application serves multiple customers. Properly managed multi-tenancy can reduce the risk of data leaks between clients in shared resources, thereby minimizing fraud potential.
Multi-User Environment – An environment where multiple users have access to the same system or network, which requires additional considerations for fraud prevention.
Multi-Vendor Strategy – Some organizations opt to use security and fraud prevention products from multiple vendors to increase the depth of their defense strategies.
Mutual Authentication – A security process in which both the user and the server must prove their identities to each other, enhancing fraud prevention.
N
NACHA (National Automated Clearing House Association) – The organization that manages the development, administration, and governance of the ACH Network, the backbone for the electronic movement of money and data in the United States. Compliance with NACHA rules can be important for fraud prevention in financial transactions.
Natural Language Processing (NLP) – AI technology used to interpret and generate human language. NLP can be applied in fraud detection systems to analyze user communications or to flag fraudulent textual content.
Near-Field Communication (NFC) – A technology that allows two devices to exchange data when near each other. It is often used in secure payment systems and must be securely configured to prevent fraudulent transactions.
Needle in a Haystack – A term often used to describe the process of finding fraudulent activity among vast amounts of legitimate transactions.
Nest Egg Scam – A type of scam where fraudsters promise high returns on investments, but actually run a Ponzi scheme.
Nested Transactions – Transactions that take place within other transactions, often scrutinized for complex fraud schemes.
Network Behavior Anomaly Detection (NBAD) – A method used to continuously monitor, measure, and assess irregularities on a network, often used to detect unfamiliar patterns that may indicate a fraud attempt.
Network Intrusion Detection System (NIDS) – A system used for the detection of unwanted manipulations to systems, mainly unauthorized access.
Network Monitoring – The use of a system that constantly monitors a computer network for slow or failing components and that notifies the network administrator in case of outages. It is commonly used to detect unusual traffic patterns or behaviors that may indicate a network intrusion.
Network Security – A broad term that describes the policies and procedures implemented by a network administrator to avoid and keep track of unauthorized access, exploitation, modification, or denial of the network and network resources.
Network Sniffing – The act of capturing and analyzing network traffic, often for malicious purposes such as fraud.
Neutral Network – Often a machine learning model used in the detection of fraudulent activities by identifying patterns in the data.
Nexus – A connection or link, often used in the context of identifying connections between fraudulent activities or actors.
NIST (National Institute of Standards and Technology) – A U.S. government agency that establishes technology standards, including those for cybersecurity and fraud prevention.
Non-Financial Risk – Risks related to fraud that are not immediately tied to financial loss but may have long-term financial implications, such as reputational damage.
Non-Public Information (NPI) – Information not publicly available and often secured under data protection laws, unauthorized access to which can be considered a form of fraud.
Non-Repudiation – A method to guarantee that the sender of a message cannot later deny the validity of the message sent or the actions performed. Often accomplished through digital signatures.
Normal Behavior Profiling – The process of creating profiles for users or systems based on their typical behavior to identify unusual or suspicious behavior that could signify fraud.
Normalized Data – Data that has been organized within a database in such a way as to reduce redundancy and improve data integrity. Properly normalized data can be more easily monitored for fraudulent activities.
Notary Services – Third-party services that can certify the validity of digital transactions or signatures, adding an extra layer of trust and fraud prevention.
Nonce – A unique, random number that may only be used once. It is often used in authentication protocols to prevent replay attacks.
Numerical Analysis – The use of mathematical techniques to analyze numbers, often used in the context of fraud detection to spot irregularities.
O
OAuth – An open standard for access delegation commonly used for token-based authentication on the internet, often used to prevent fraudulent access to accounts.
OAuth Phishing – A subtype of phishing attack where attackers deceive users into handing over their OAuth tokens instead of traditional login credentials, giving them access to a wide range of data.
Object-Level Security – Security that can be applied to a specific data object, such as a file, database, or data packet, to protect it from unauthorized access or fraud.
Obfuscation – The practice of making data harder to understand or interpret, often used in the coding and encryption of sensitive information to prevent fraud.
Off-Chain Transactions – Transactions that occur outside of a blockchain that can be later reconciled to the main chain; these transactions often require additional fraud checks.
On-Premises Software – Software that is installed and run on computers within the physical premises of an organization, as opposed to a cloud-based service. The on-premises setup can offer more controlled security measures, which can be beneficial for fraud prevention.
On-the-Fly Encryption – The real-time encryption of data as it is written to storage or transmitted over a network, often used to prevent the interception of sensitive information by fraudsters.
Onboarding Checks – The checks done when a user first creates an account or starts using a new service, to ensure they are who they claim to be, thereby reducing the risk of fraud.
Online Fraud – Fraudulent activities that are conducted over the internet, including scams, phishing, identity theft, and financial fraud.
Online Verification Systems – Systems that confirm the identity of a person or the legitimacy of a transaction over the internet, often as part of a broader fraud prevention strategy.
One-Time Password (OTP) – A password that is valid for only one login session or transaction and is commonly used in two-factor authentication systems to improve security.
One-Way Hash Function – A function that transforms data into a fixed-size string of characters, which appears random. These are often used in data structures and algorithms that require a fast and secure way to look up items, including in fraud prevention mechanisms.
Opaque Data Processing – Techniques for securely processing data in a way that it remains opaque or unreadable to the parties involved. This could be beneficial in secure multi-party computations where the risk of fraud is high.
Open Banking – A system where banks can share user financial data with third-party companies or apps securely, requiring robust fraud prevention measures to protect data.
Open Source Intelligence (OSINT) – Information gathered from publicly available sources used for intelligence purposes. In fraud prevention, this could involve gathering information to assess the risks of certain transactions or parties.
Operational Audits – An in-depth examination of the management controls within an organization to check the effectiveness of fraud prevention and other systems.
Operational Resilience – The ability of an organization to continue functioning effectively in the face of disruptive events like cyberattacks or fraud attempts.
Operational Risk – The risk of loss resulting from inadequate or failed internal processes, systems, or from external events like fraud.
Operational Security (OPSEC) – The process of identifying and protecting sensitive information from adversaries, which in the context of a company could include taking steps to identify and prevent fraud.
Opt-in/Opt-out – Systems that require explicit permission to include or exclude an individual from a particular service, often used in the context of sharing personal information, and therefore relevant to fraud prevention.
Optical Character Recognition (OCR) Fraud – Scams that exploit OCR technology to create fake documents or manipulate existing ones for fraudulent purposes.
Orchestration Layer – In a security context, this refers to a centralized software layer that coordinates various security applications, providing an orchestrated approach to detect and prevent fraud.
Organizational Controls – Policies, procedures, and structural measures put in place within an organization to prevent fraudulent activities.
Out-of-Band Verification – A form of multi-factor authentication that requires two separate channels for verification, usually a strong indicator for preventing fraud.
Outbound Filters – Tools that scrutinize outgoing data or transactions to identify potential fraud. For instance, they may flag large money transfers going to high-risk geographical locations.
Outbound Traffic – Data packets that are sent from a local system to external systems on a network or the internet. Monitoring outbound traffic can be essential for detecting malicious or fraudulent activities.
Outlier Analysis – A form of statistical analysis used to identify anomalies or outliers in data sets that could indicate fraudulent activities.
Outlier Detection – Identifying rare items, events or observations which raise suspicions by differing significantly from the majority of the data. Outlier detection is often used in fraud detection systems.
Overdraft Protection Scams – Fraud schemes that exploit overdraft protection features in banking accounts to withdraw funds fraudulently.
Overpayment Scam – A type of fraud where the scammer sends a payment in excess of the agreed-upon amount and then requests a refund of the difference, often utilizing fake or stolen financial instruments.
Oversight – The monitoring and regulation of processes or systems, often implemented to catch and prevent fraudulent activities.
Oversight Committee – A group of individuals within an organization responsible for monitoring various aspects of the organization’s operations, including fraud prevention mechanisms.
Ownership Chain – In blockchain or asset management, this refers to the history of ownership of a particular asset. Verifying the ownership chain can be a crucial part of fraud prevention.
Ownership Verification – Process of confirming that a user or system legitimately owns a particular asset or piece of information, often crucial in preventing fraud.
P
Passive Monitoring – The process of observing system activity without active checks, often used in Intrusion Detection Systems to identify potential fraud.
Password Recovery Scams – A scam where an attacker tricks a user into revealing their password by posing as a legitimate service offering to help the user recover their account.
Pattern Recognition – A machine learning technique used to automatically identify patterns in data, often used in fraud detection algorithms.
Payment Card Skimming – The illegal collection of data from a card’s magnetic stripe, often through a device installed in ATMs or gas station pumps.
Payment Diversion Fraud – A type of fraud where a scammer tricks a business into changing the bank details of a genuine supplier to that of an account controlled by the scammer.
PCI Compliance – Adherence to the Payment Card Industry Data Security Standard, a set of policies and procedures intended to optimize the security of credit, debit, and cash card transactions.
Personal Security Questions – Questions and answers known only to the user that are used as an additional layer of authentication, often for account recovery purposes.
Phantom Withdrawal – A term specifically related to ATM fraud, where money is withdrawn without the account holder’s knowledge.
Phishing – A cybercrime in which targets are contacted by email, telephone, or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data.
Pin Verification – The use of a personal identification number (PIN) to verify a user’s identity, commonly used in debit and credit card transactions.
Piggybacking – Unauthorized access gained via a legitimate user’s login, often due to carelessness like not logging out of a public computer.
Plaintext – Unencrypted information. Storing sensitive information in plaintext is a risk for data breaches and fraud.
Ponzi Scheme – A form of fraud in which belief in the success of a non-existent enterprise is fostered by the payment of quick returns to the first investors from money invested by later investors.
Post-Transaction Verification – A follow-up step to confirm the legitimacy of a recently conducted transaction, often used in banking and online retail as a fraud prevention method.
Predictive Analytics – The use of statistical algorithms and machine learning techniques to identify the likelihood of future outcomes based on historical data, often used in fraud detection systems.
Pretexting – A form of social engineering where a scammer invents a scenario to persuade a targeted individual or organization to release confidential information.
Prevention Controls – Security measures aimed at stopping an incident before it can occur, such as tools to prevent unauthorized access or fraudulent transactions.
Privacy Policy – A legal document that explains how an organization collects, handles, and processes personal data, essential for compliance and fraud prevention.
Probabilistic Risk Assessment – A mathematical approach to understanding risks, including the risks of fraud in various systems or business processes.
Profile Cloning – Creating a fraudulent online profile by using the name, and sometimes the personal information, of another person.
Pseudo-Anonymization – The process of rendering data anonymous where identification of data can no longer occur without additional information.
Pump and Dump – A type of securities fraud involving artificially inflating the price of an owned stock to sell cheaply purchased stock at a higher price.
Quantitative Analysis – The use of statistical and mathematical modeling to understand behavior. In fraud prevention, this is often used to predict fraudulent transactions.
Quantitative Risk Assessment – A numerical evaluation of the likelihood and impact of risks, such as fraud, in an organization or system.
Queue Management – In a fraud detection system, managing the queue of transactions or activities waiting for verification can be crucial to efficient and timely fraud detection.
Quid Pro Quo Attacks – A type of social engineering attack where the attacker offers something in return for information or action from the target, often used in fraud schemes.
R
Rate Limiting – Restricting the number of requests a user can make to a service within a certain time frame to prevent abuse and potential fraudulent activity.
Rate-based Filtering – A security measure that limits the number of requests from a particular IP address or user within a specified time period to prevent abuse or fraud.
Real-Time Monitoring – Continuously analyzing data as it’s generated or processed to detect fraudulent activities as they happen.
Reconciliation – The act of comparing records from different sources to ensure they are accurate and consistent, often as a method of detecting discrepancies that may indicate fraud.
Recourse – Actions that can be taken if fraud is discovered, including legal remedies and other forms of redress.
Red Flag – An indicator or warning sign of potentially fraudulent behavior.
Reference Data – In the context of fraud prevention, this is the data against which transactions or user activities are compared to detect inconsistencies or anomalies.
Regulatory Compliance – Ensuring that a business adheres to laws and regulations designed to prevent fraud and protect consumers.
Reliability Metrics – Statistical measures that assess the effectiveness and reliability of fraud detection systems.
Remote Verification – Verifying the identity or authenticity of a user or transaction remotely, often as a step in multi-factor authentication to prevent fraud.
Remediation – The actions taken to resolve vulnerabilities or mitigate fraud once it has been detected.
Replay Attack – The malicious repetition or delay of a valid data transmission, often carried out to commit fraud.
Response Plan – A predefined plan outlining the steps to be taken when a fraud incident is detected.
Retrospective Analysis – A review of past transactions or data points to identify patterns or anomalies that could indicate fraudulent activity.
Return Fraud – A type of fraud where an individual returns goods for a refund when they are not entitled to do so.
Revocation List – A list of certificates or other credentials that have been revoked and are no longer valid, often used to prevent fraudulent use of outdated or compromised credentials.
Reverse Engineering – Analyzing software for vulnerabilities that can be exploited for fraudulent activities.
Risk Assessment – The process of identifying and evaluating risks, including those related to fraud, in an organization or system.
Role-Based Access Control (RBAC) – Assigning system access based on roles within an organization to minimize the risk of unauthorized or fraudulent activities.
Rogue Employee – An internal staff member who commits fraud or aids in fraudulent activities against the company.
Roles Engine – In fraud prevention, this is a system or software that applies a set of rules to transactions to identify potentially fraudulent activity.
S
Sandboxing – The practice of isolating a program or process in a restricted environment to examine it for potential malicious behavior, including fraud.
Scareware – Software that tricks the user into thinking their computer is infected with malware, often leading to fraudulent transactions.
Scrubbing – The process of cleaning data to remove any elements that could be used for fraudulent activities.
Secret Key – In cryptography, a key that is used for both encryption and decryption, to be kept secret from all but the sender and receiver.
Security Information and Event Management (SIEM) – Solutions that provide real-time analysis of security alerts generated by various hardware and software infrastructure, useful in fraud detection.
Security Operations Center (SOC) – A centralized unit that deals with security issues, often employing various systems and personnel skilled in fraud detection and prevention.
Security Question – A form of authentication where the user is asked to answer a question they have pre-set, commonly used but sometimes targeted in social engineering scams.
Single Sign-On (SSO) – An authentication process that allows a user to access multiple applications with a single set of credentials, which if compromised, could lead to multiple avenues for fraud.
Skimming – The theft of credit card information during a legitimate transaction, often through a compromised payment device.
Smart Card – A card with a microprocessor that can be loaded with data, often used for secure transactions and to prevent fraud.
Social Engineering – The use of psychological manipulation to trick people into revealing confidential information.
Social Security Number (SSN) Theft – The fraudulent acquisition and use of another person’s Social Security number, often for financial gain.
Spam Filter – Software that screens incoming email and filters out unwanted promotional or fraudulent emails.
Spoofing – The act of disguising a communication from an unknown source as being from a known, trusted source.
Strong Authentication – An authentication process that requires two or more verification methods.
Suspicious Activity Report (SAR) – Reports that financial institutions are required to file when they spot behavior that could indicate financial misconduct, including fraud.
Synthetic Identity Fraud – The use of a fictitious identity to commit fraud, often by mixing real and fake identifying information.
T
Tailgating: An attack where an unauthorized person gains access to a restricted area by following an authorized person.
Tag Management: The use of various tags in web analytics to gather data on user behavior, which can be analyzed for fraudulent activity.
Tamper Evident: A feature of security seals or labels that makes unauthorized access to protected items easily detectable.
Temporal Analysis: The practice of analyzing the timing of various activities and transactions to identify suspicious or fraudulent behavior.
Tenant: In a multi-tenant cloud service, a client organization. Ensuring isolation between tenants is crucial for fraud prevention.
Text Analytics: The analysis of unstructured text data to find trends and patterns that could indicate fraud or other security threats.
Third-Party Risk Management: The practice of monitoring and managing the risks presented by third-party vendors, especially those with whom sensitive or confidential information is shared.
Threat Landscape: The collection of threats in a particular environment, including the types of fraud a business or industry is most susceptible to.
Threshold Setting: Establishing predetermined limits or conditions in a system that, when exceeded or met, trigger an alert for potential fraudulent activity.
Throttling: Limiting the rate of requests to a system to prevent abuse or fraud, often applied at the application or network layer.
Time-stamping: Recording the time of any significant event, transaction, or modification in a system. This is crucial for tracking activities and investigating fraud.
Tokenization: The process of replacing sensitive data with unique identification symbols to retain all the essential data without compromising its security.
Track Data: The data encoded in the magnetic stripe or chip on a payment card. Skimming devices often target this data.
Traffic Analysis: The process of intercepting and examining messages to deduce information from patterns in communication, often used in the detection of fraud or cyber threats.
Traffic Shaping: A network feature that can prioritize certain types of data packets over others. Can be used to prioritize security protocols.
Transaction Authentication Number (TAN): A one-time password used to authenticate financial transactions.
Transaction Monitoring: The surveillance of customer transactions to identify unusual patterns that could indicate fraudulent activity.
Transaction Signing: The use of a digital or electronic signature to confirm the authenticity of a transaction.
Trusted Third Party: An entity that provides a trust framework in which it can authenticate the credentials of parties involved in an electronic transaction.
Trust Score: A measure used to determine the likelihood that a new or unauthenticated user might be a fraudster.
Two-Factor Authentication (2FA): An extra layer of security that requires not only a password and username but also something that only the user has on them.
U
Ultimate Beneficial Owner (UBO): The person who ultimately owns or controls a customer and/or the person on whose behalf a transaction is being conducted, essential for AML (Anti-Money Laundering) checks.
Unauthorized Access: Gaining access to a system, data, or resource without permission, which is often a precursor to fraud.
Unauthorized Transaction: Any transaction that was performed without the consent of the owner of the account or the data, a clear indication of fraudulent activity.
Underlying Asset Scam: A type of fraud where the scammer promises high returns based on underlying assets like commodities, when in fact there are no such returns.
Underwriting: The process of evaluating the risk of insuring a person or asset and determining the terms of that insurance. Fraud can be a significant risk factor.
Unified Threat Management (UTM): A security solution that consolidates multiple security and networking functions all on one platform to protect against fraud and other threats.
Universal Second Factor (U2F): An open authentication standard that strengthens two-factor authentication using specialized USB or NFC devices.
Universal Time Coordinated (UTC): A time standard that provides a uniform frame of reference for timekeeping across the globe, often used in logging to trace fraudulent activities.
Unstructured Data Analysis: Analyzing data that is not organized in a pre-defined manner, often used in advanced fraud detection systems to identify unusual patterns.
Unsupervised Machine Learning: A type of machine learning that doesn’t require labeled output data to learn, often used in anomaly detection systems for fraud prevention.
Unusual Activity Reports: Reports generated by fraud detection systems that flag any irregular activities that deviate from established user patterns, important for early fraud detection.
Up-Selling Fraud: A deceptive practice where unnecessary or more expensive services are sold to the customer.
User Account Control (UAC): A feature that helps prevent unauthorized changes to a system by requiring approval for certain actions, adding an extra layer of security.
User Authentication: The process of verifying the identity of a user attempting to gain access to a computer system or network.
User Behavior Analytics (UBA): Technology that tracks user activity to detect any abnormal behavior that might indicate a security breach.
User Identification: The process of recognizing a user by unique characteristics, either physical (like biometrics) or non-physical (like a password).
User Intent Analysis: Evaluating the likely intentions of a user based on their behavior and history, often using machine learning algorithms, to detect potentially fraudulent activity.
User Profile: A set of rules that outline what a particular user can and cannot do within a system, often used in fraud detection to monitor for any unusual activity.
User Rights: The permissions given to a user within a system, which can be adjusted to minimize the risk of fraudulent activities.
User Segmentation: The categorization of users based on certain characteristics or behavior. This is often done to apply different levels or types of fraud checks for different groups of users.
User Session Monitoring: Tracking the actions that a user takes during a single session, often used to detect behavioral anomalies that might indicate fraud.
User Traceability: The ability to trace actions back to a specific user, essential for investigating and preventing fraud.
User-Defined Rules: Custom rules that can be defined within a fraud prevention system to detect specific types of suspicious activity.
Utility Fraud: Fraudulent acts that involve tampering with utility meters or stealing utility services, an area that can benefit from specialized fraud prevention systems.
UUID (Universally Unique Identifier): A string of characters that is guaranteed to be unique across all devices, sometimes used in tracking user behavior for fraud detection.
V
Validation: Similar to verification, it is the process of confirming whether data is accurate and fit for its intended use.
Velocity Checks: A fraud prevention method that involves monitoring the frequency of transactions over a particular period to identify suspicious activity.
Vendor Risk Management: The process of evaluating and managing risks associated with third-party vendors who provide goods or services to an organization, critical in preventing supplier fraud.
Verification: The process of confirming the identity or accuracy of a piece of information.
Virtual Private Network (VPN): A technology that allows for secure, encrypted communication over the internet, often used to enhance security in fraud prevention measures.
Virtual Card Number: A temporary and disposable card number often used for online transactions to protect against fraud.
Vishing (Voice Phishing): A fraudulent activity where scammers use telephone calls to deceive people into providing sensitive data.
Vulnerability Assessment: A systematic review of a system’s potential weaknesses that could be exploited by attackers, often as a first step in a fraud prevention strategy.
W
Wallet: A physical or digital place where money or other assets are stored. Digital wallets are often a target for fraudulent activity.
Watchlist: A list of entities that are considered to be a higher risk for committing fraud or other illegal activities, often used by financial institutions and law enforcement agencies.
Web Service: A standardized way of integrating web-based applications, which can sometimes be exploited for fraudulent purposes if not properly secured.
Weighted Scoring Model: A risk evaluation model often used in fraud prevention systems to assign different levels of importance to various risk factors.
Whale Phishing: A type of phishing attack that targets high-profile individuals within an organization, such as CEOs and CFOs, usually with the aim of tricking them into revealing sensitive information.
Whitelisting: The practice of specifying approved entities in a list so that system resources are only available to those entities. This can be an effective strategy in fraud prevention.
Wire Fraud: A form of fraud involving the use of telecommunications or information technology.
Wire Transfer: A method of transferring money from one person or institution to another. Wire transfer fraud is a significant concern for financial institutions.
Workflow Automation: The use of technology to automate complex business processes and functions, including fraud prevention measures.
Y
Yellow Flag: In the context of fraud prevention, this term is used metaphorically to indicate a cautionary signal. When a certain pattern of behavior or type of transaction triggers a “yellow flag,” it may require closer inspection to determine if it is legitimate or fraudulent.
Young Account: In fraud prevention, the age of an account could be significant. New or “young” accounts might be scrutinized more heavily for potential fraud because they have less of a track record for assessing risk.
Z
Z-Scoring: A statistical method of comparing a data point’s relationship to the mean in terms of standard deviations. In fraud detection, this can be used to identify outliers that might signify fraudulent activity.
Zombie Account: An account that remains active but is not being used by the person who owns it. Zombie accounts can be targets for fraudsters who seek to use them for illegal activity.
