Understanding Financial Fraud Terms

These Are The Financial Fraud Terms Used By Fraud Fighters Worldwide

Please note: this is not a comprehensive list of all scam terms.

The fraud-fighting community uses standardized terms to describe financial fraud for several reasons:

• Clarity and Consistency: Standardized terms help to ensure that everyone involved in fraud prevention and detection is speaking the same language. This reduces confusion and misunderstandings, which can be a significant barrier to effective communication and collaboration.
• Accuracy: Standardized terms help to ensure that the right type of fraud is being identified and reported. Using consistent terminology makes it easier for investigators to accurately identify and classify different types of fraud, which is essential for effective fraud prevention and detection.
• Benchmarking: Standardized terms enable organizations to compare their fraud detection and prevention efforts to industry benchmarks. This allows organizations to identify areas where they may be falling behind or excelling, which can help them improve their fraud prevention strategies.
• Training: Standardized terms make it easier to train new employees and educate stakeholders on different types of fraud. By using consistent terminology, organizations can ensure that everyone is on the same page when it comes to understanding the different types of financial fraud and how to detect and prevent them.
• Collaboration: Standardized terms help to facilitate collaboration between different organizations and agencies involved in fraud prevention and detection. By using consistent terminology, investigators and analysts can more easily share information and work together to identify and track down fraudsters.

The use of standardized terms is essential for effective fraud prevention and detection. By using consistent terminology, organizations can ensure that everyone involved in fraud prevention and detection is on the same page, which is essential for effective communication, collaboration, and accurate reporting of financial fraud.

Many of the following have been provided by About-Fraud.com – a SCARS Partner

Financial Fraud Terms: Technology

3DS

3DS is a security protocol used to authenticate users. The objective of 3DS is to provide an extra layer of protection for payment card transactions in card-not-present scenarios.

Artificial Intelligence (AI)

Artificial intelligence (AI) is a wide-ranging branch of computer science concerned with building smart machines capable of performing tasks that typically require human intelligence. Machine learning is a subset of Artificial Intelligence.

AVS

AVS stands for Address Verification Service. AVS is one of the most widely used fraud prevention tools in card-not-present transactions. The way AVS works is it compares the numerical portion of the billing address on file at the bank with the numerical portion of the billing address provided by the customer. Due to inconsistencies in numerical address formatting, AVS results in a large number of false positives.

Behavioral Biometrics

Behavioral biometrics is the analysis of how an individual interacts with a given device, whether that be a desktop browser, mobile browser or a mobile app. Behavioral biometrics include interactions such as keystrokes, scrolling patterns, tap pressure and many more.

CVV

CVV stands for Card Verification Value. CVV is a combination of features used in credit, debit and automated teller machine (ATM) cards for the purpose of establishing the owner’s identity and minimizing the risk of fraud. It often appears as a 3 digit code on the back of credit and debit cards. CVV is also known as the card verification code (CVC) or card security code (CSC).

Device ID

Device ID refers to a group of unique identifiers that a specific device contains. One of the primary signals is a DI Print (Device Fingerprint). These unique identifiers can be used to link fraud amongst different devices and are valuable within a consortium of data.

IP & Geolocation

IP & Geolocation is the utilization of an IP address, along with other device signals, to determine geographical location.

Physical Biometrics

Physical Biometrics is the use of distinctive, measurable physiological characteristics to verify an individual’s identity. Physical biometrics includes techniques such as retinal scans, fingerprints, and voice prints.

Machine Learning

Machine learning is a subset of artificial intelligence. Machine learning has the capacity to learn over time without being explicitly programmed. It can ingest a large amount of data and detect patterns and anomalies at scale. Supervised machine learning models are trained on a set of labels, while unsupervised machine learning does not require labeled data.

Rules

Rules are algorithms that use specific attributes and parameters. A rules engine allows for the creation and management of these fraud rules in order to make risk decisions and/or generate a risk score. While not self-learning in nature, analysts can test, modify and improve rule performance.

Risk-Based Authentication (RBA)

Risk-based authentication is the process of assessing user trust and access based on varying levels of risk-based analysis. Risk-based authentication can leverage analysis in a variety of forms such as behavioral profiling on multiple data inputs. The output of risk-based analysis could be approving, declining or step-ing up authentication to a different form of verification.

Financial Fraud Terms: Fraud, Abuse & Risk Types

Account Takeover (ATO)

Account Takeovers are the unauthorized access of a user’s account in order to steal identity credentials, execute a fraudulent transaction or engage in varying types of abuse.

Application Fraud (New account Fraud)

Application fraud is the unauthorized opening of a new account leveraging compromised identity information. This can be for a variety of accounts, including credit cards, retail bank accounts, consumer lending and much more.

Authorized Push Payment Fraud (Scams)

Authorized push payment fraud occurs when a fraudster manipulates a genuine customer into making a payment to an account they control. There are a variety of types of authorized push payment fraud, including romance scams, invoice scams and a handful of others.

Affiliate fraud

Affiliate fraud refers to any false or unscrupulous activity conducted to generate commissions from an affiliate marketing program. Affiliate fraud also encompasses any activities that are explicitly forbidden under the terms and conditions of an affiliate marketing program.

Business Email Compromise

Business email compromise (BEC)—also known as email account compromise (EAC)—is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional.

In a BEC scam, criminals send an email message that appears to come from a known source making a legitimate request

Call Center Fraud

Call center fraud is the process of exploiting call centers as a channel in which to launch fraud attacks, spanning varying forms of fraud and abuse. Account takeover is a common fraud type associated with call center fraud.

Card Fraud

Card Fraud is one of the most commonly referenced fraud definitions. It occurs when a fraudster uses a card (debit or credit) to make a purchase without the authorization of the cardholder. Card fraud can occur in-person or through digital channels.

Card-Not-Present Fraud (CNP)

Card-not-present fraud is fraud that occurs through any channel in which the customer does not have to present the physical credit card to the merchant. Card-not-present fraud includes fraud placed through a mobile device, online, over the phone and through the mail.

Content Abuse

Content abuse is abusive or malicious user-generated content. Content abuse can include account takeover and/or new account fraud. Spam falls under this layer of content abuse.

Counterfeiting

Counterfeiting is defined as the planned attempt to duplicate a real and authentic article such as a symbol, trademark or even money with the purpose to distort and convince the purchaser or the recipient to believe that he or she is really purchasing or receiving the real article itself. In the ecommerce and financial services industry, this often refers to counterfeit cards and checks.

Crypto Scam

Crypto Scam or cryptocurrency scam is a type of investment fraud where criminals steal money from people hoping to invest in the new world of digital currency.

Most crypto assets and associated services aren’t regulated by the Financial Conduct Authority (FCA) for more than money-laundering purposes, which means they’re not protected by the Financial Services Compensation Scheme.

Device Takeover (DTO) fraud

Device Takeover is unauthorized access to a user’s device in order to manually or automatically control the device and its apps. Devices can become fully compromised when the user installs an innocent-looking app that contains malware, or by installing a Remote Access Tool (RAT). Once the device is taken over, attackers can engage in various types of abuse, including credential theft, acquiring 2FA tokens using screen/keystroke capturing, or executing a fraudulent transaction.

First Party Fraud

First-party fraud refers to fraud committed against an institution by one of its own customers. First-party fraud can extend from transaction fraud to application fraud with the core element being the actual customer engaging in the fraudulent activity.

Fraud Fams

Fraud Farms or click farms are groups that work on fraud attacks at scale. Normally they have limited resources used for large-scale fraud schemes and they get paid by carrying out the same action several times.

Friendly Fraud

Friendly fraud is a type of first-party fraud. Friendly fraud can take many forms, but typically involves an actual consumer obtaining goods or services from a merchant, then claiming they did not make the purchase, did not receive the goods, or only received a fraction of items, in order to keep the goods or services without paying for them.

Hybrid fraud

Hybrid fraud is a generic term for sophisticated fraud that is based on the combination of two or more fraud variants.

Job Scam

A job scam occurs when a scammer poses as an employer or recruiter and offers attractive employment opportunities, which require the job seeker to pay some money in advance. This is usually under the guise of work visas, travel expenses, or credit checks that are required for the job. The scammer promises you a job, but what they want is your money and your personal information.

Investment fraud

Investment fraud involves the illegal sale or purported sale of financial instruments. The typical investment fraud schemes are characterized by offers of low- or no-risk investments, guaranteed returns, overly-consistent returns, complex strategies, or unregistered securities. Examples of investment fraud include advance fee fraud, Ponzi schemes, pyramid schemes, and market manipulation fraud.

Insurance Fraud

Insurance fraud is any act committed to defraud an insurance process and/or institution. Insurance fraud occurs when a claimant attempts to obtain some benefit or advantage they are not entitled to, or when an insurer knowingly denies some benefit that is due.

Money Mules

Money mules are a type of money laundering where a person transfers illicit funds through a medium (such as a bank account) to obfuscate where the money came from. There are different types of money mules including witting, unwitting, and complicit.

Invoice Scams

They are bogus invoices generated by cyber crooks all to separate you from your personal information or money. First type of fake invoice scam is the click bait. The email seemingly has an invoice attached. But when you click on it, malware is downloaded onto your system and this can lead to ID theft.

Money Laundering

Money laundering is the illegal process of concealing the origins of money obtained illegally by passing it through a complex sequence of banking transfers or commercial transactions. Money laundering can be done through various mediums, leveraging a variety of payment vehicles, people and institutions.

Loyalty Abuse

Loyalty abuse occurs when someone abuses the loyalty program terms of service (TOS) to obtain significant discounts or sell for a profit. This evolves into Loyalty Fraud when a fraudster takes over an account to steal loyalty points and sell them/use them for profit.

Online Shopping Scams

Online shopping scams happen when scammers pretend to be online sellers with a fake website. They can also use a genuine retailer name on their accounts. They offer, in general, brands and luxurious products with cheaper prices, and the buyer after paying never gets the purchase delivered.

Payment Fraud

Payment fraud occurs when someone steals another person’s payment information and uses it to make unauthorized transactions or purchases. The actual cardholder or owner of the payment information then notices their account being used for transactions or purchases they did not authorize, and raises a dispute.

Payment Fraud (Non-Plastic)

The fraud definitions for payment fraud are confusing unless you specify “non-plastic”. Payment Fraud (non-plastic) refers to payments made outside of card networks, via payment rails that send funds from one bank account to another. When making this type of payment, fraud occurs when a payment is sent to an account that the fraudster controls. Payment fraud can be unauthorized, which is commonly executed as an account takeover. Payment fraud can also be authorized, which is commonly executed through authorized push payment fraud (scams).

Phishing

The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Promo Abuse

Promo abuse is the abuse of promotional offers by circumventing the terms of service (TOS) in order to obtain significant discounts.

Ransomware

Ransomware is malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, these malware places organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files.

Refund Fraud

Refund fraud occurs when bad actors take advantage of a merchant’s return policy in order to profit or get goods for free. Refunding fraud is a twist on friendly fraud that is particularly challenging for merchants because there are no associated chargebacks, yes the losses are significant.

Reseller Abuse

Reseller abuse includes purchasing large quantities of products in an effort to resell the items for profit. While reselling is a common practice, abuse can damage a client’s brand, deplete product availability for other customers, and violate terms of service (TOS).

Romance Scam

A romance scam is a confidence trick involving feigning romantic intentions towards a victim, gaining their affection, and then using that goodwill to get the victim to send money to the scammer under false pretenses or to commit fraud against the victim.

Social Engineering

Social engineering is the psychological manipulation of another person by preying on emotions and vulnerabilities in order to extract information or convince he/she to take a desired action. Social engineering can be the initial layer of other fraud types such as account takeovers and authorized push payment fraud (scams).

Synthetic Identity Fraud

Is the use of a combination of personally identifiable information (PII) to fabricate a person or entity in order to commit a dishonest act for personal or financial gain.

Telephone-Oriented Attack Delivery

Telephone Oriented Attack Delivery is an initial access tactic where fraudsters mimic a bank (or other known institute) and convince the victim to install a Remote Access Tool (RAT) or app that contains malware. At a later stage, the now fully compromised user device can be used by the attacker to commit Device Takeover (DTO) fraud or Identity fraud.

Third-Party Fraud

Third-party fraud is when a fraudster leverages stolen information (PII, payment, etc.) to commit fraud (application, payment, card, etc) without the authorization of the owner of that information.

Transaction Fraud

Transaction fraud is the unauthorized execution of any monetary transaction. Transaction fraud can include different payment types including cards (debit and credit), non-plastic forms of payment (ACH, Zelle, Wire, Faster Payments, etc.) and other payment methods.

Financial Fraud Terms: Miscellaneous

Authentication

Authentication is a process that determines or recognizes a user’s identity. It’s a technology focused on bringing accurate information about people’s identity in order to confirm that the right person is trying to access a system, website, software, etc.

Breach Sites

A “breach” is an incident where data is inadvertently exposed in a vulnerable system, usually due to insufficient access controls or security weaknesses in the software. HIBP aggregates breaches and enables people to assess where their personal data has been exposed.

Cybercrime / Cyber-fraud

Cyber fraud is the crime committed via a computer with the intent to corrupt another individual’s personal and financial information stored online. Fraudsters can use the information they gather to then financially fund themselves, or worryingly they might use this money to fund terrorism.

Chargebacks

Chargebacks are a forced payment reversal process where consumers can contact their bank and dispute a transaction for a refund. Banks typically review the transaction and issue provisional credit in the consumer’s favor.

Cybersecurity

Computer security, cybersecurity, or information technology security (IT security) is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide

Fraudsters

A fraudster is someone who commits fraud and/or abuse, often to achieve monetary gain. Fraudster is often a blanket term used to refer to many different types of fraud, money laundering, and nefarious activity committed by criminals.

KYC

The know your customer or know your client guidelines in financial services require that professionals make an effort to verify the identity, suitability, and risks involved with maintaining a business relationship. The procedures fit within the broader scope of a bank’s anti-money laundering policy.

Malicious Domain

These are websites or URLs that fraudster creates to induce users to visit and input personal information. Usually, the websites are very similar to the original URLs.

PSD2

PSD2 is an EU Directive, administered by the European Commission to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA). Two of the large focuses of PSD2 center around open banking and SCA (Stronger Customer Authentication).

Scammers

Scammers can come in many forms, but their main purpose is to gain the trust of someone in order to convince them to take the desired action. This can include clicking on links, divulging sensitive information or sending a payment to an account they control.

SCA (Stronger Customer Authentication)

SCA is a requirement of PSD2 on payment service providers within the European Economic Area. The requirement ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments.

UBO

The Ultimate Beneficial Owner, shortly known as UBO, defines the company’s beneficiary’s legal entity. According to the regulator, banks, investment, insurance, and other financial companies must disclose the UBO for various reasons. One of the reasons for this is to prevent serious crimes such as money laundering and terrorist financing. The lack of disclosure of UBOs paves the way for people to launder money through companies. Therefore, countries should pay attention to UBO in the fight against money laundering and terrorist financing.

PLEASE SHARE SO OTHERS WILL KNOW