Even for seasoned fraud fighters, understanding definitions across the various technologies, fraud types and industries can be challenging. Therefore, we assembled the most relevant fraud definitions to keep our community up to speed!
3DS is a security protocol used to authenticate users. The objective of 3DS is to provide an extra layer of protection for payment card transactions in card-not-present scenarios.
Artificial intelligence (AI) is wide-ranging branch of computer science concerned with building smart machines capable of performing tasks that typically require human intelligence. Machine learning is a subset of Artificial Intelligence.
AVS stands for Address Verification Service. AVS is one of the most widely used fraud prevention tools in card-not-present transactions. The way AVS works is it compares the numerical portion of the billing address on file at the bank with the numerical portion of the billing address provided by the customer. Due to inconsistencies in numerical address formatting, AVS results in a large number of false-positives.
Behavioral biometrics is the analysis of how an individual interacts with a given device, whether that be a desktop browser, mobile browser or a mobile app. Behavioral biometrics include interactions such as keystrokes, scrolling patterns, tap pressure and many more.
CVV stands for Card Verification Value. CVV is a combination of features used in credit, debit and automated teller machine (ATM) cards for the purpose of establishing the owner’s identity and minimizing the risk of fraud. It often appears as a 3 digit code on the back of credit and debit cards. CVV is also known as the card verification code (CVC) or card security code (CSC).
Device ID refers to a group of unique identifiers that a specific device contains. One of the primary signals is a DI Print (Device Fingerprint). These unique identifiers can be used to link fraud amongst different devices and are valuable within a consortium of data.
IP & Geolocation is the utilization of an IP address, along with other device signals, to determine geographical location.
Machine learning is a subset of artificial intelligence. Machine learning has the capacity to learn over time without being explicitly programmed. It can ingest a large amount of data and detect patterns and anomalies at scale. Supervised machine learning models are trained on a set of labels, while unsupervised machine learning does not require labeled data.
Physical Biometrics is the use of distinctive, measurable physiological characteristics to verify an individual’s identity. Physical biometrics includes techniques such as retinal scans, fingerprints and voice prints.
Risk-based authentication is the process of assessing user trust and access based on varying levels of risk-based analysis. Risk-based authentication can leverage analysis in a variety of forms such as behavioral profiling on multiple data inputs. The output of risk-based analysis could be approving, declining or step-ing up authentication to a different form of verification.
Rules are algorithms that use specific attributes and parameters. A rules engine allows for the creation and management of these fraud rules in order to make risk decisions and/or generate a risk score. While not self-learning in nature, analysts can test, modify and improve rule performance.
Fraud, Abuse & Risk Types
Account Takeovers are the unauthorized access of a user’s account in order to steal identity credentials, execute a fraudulent transaction or engage in varying types of abuse.
Application fraud is the unauthorized opening of a new account leveraging compromised identity information. This can be for a variety of accounts, including credit cards, retail bank accounts, consumer lending and much more.
Authorized push payment fraud occurs when a fraudster manipulates a genuine customer into making a payment to an account they control. There are a variety of types of authorized push payment fraud, including romance scams, invoice scams and a handful of others.
Call center fraud is the process of exploiting call centers as a channel in which to launch fraud attacks, spanning varying forms of fraud and abuse. Account takeover is a common fraud type associated with call center fraud.
Card Fraud is one of the most commonly referenced fraud definitions. It occurs when a fraudster uses a card (debit or credit) to make a purchase without the authorization of the cardholder. Card fraud can occur in-person or through digital channels.
Card-not-present-fraud is fraud that occurs through any channel in which the customer does not have to present the physical credit card to the merchant. Card-not-present fraud includes fraud placed through a mobile device, online, over the phone and through the mail.
Content abuse is abusive or malicious user-generated content. Content abuse can include account takeover and/or new account fraud. Spam falls under this layer of content abuse.
Counterfeiting is defined as the planned attempt to duplicate a real and authentic article such as a symbol, trademark or even money with the purpose to distort and convince the purchaser or the recipient to believe that he or she is really purchasing or receiving the real article itself. In the ecommerce and financial services industry, this often refers to counterfeit cards and checks.
First party fraud refers to fraud committed against an institution by one of its own customers. First party fraud can extend from transaction fraud to application fraud with the core element being the actual customer engaging in the fraudulent activity.
Friendly fraud is a type of first party fraud. Friendly fraud can take many forms, but typically involves an actual consumer obtaining goods or services from a merchant, then claiming they did not make the purchase, did not receive the goods, or only received a fraction of items, in order to keep the goods or services without paying for them.
Insurance fraud is any act committed to defraud an insurance process and/or institution. Insurance fraud occurs when a claimant attempts to obtain some benefit or advantage they are not entitled to, or when an insurer knowingly denies some benefit that is due.
Loyalty abuse occurs when someone abuses the loyalty program terms of service (TOS) to obtain significant discounts or sell for a profit. This evolves into Loyalty Fraud when a fraudsters takes over an account to steal loyalty points and sell them/use them for profit.
Money laundering is the illegal process of concealing the origins of money obtained illegally by passing it through a complex sequence of banking transfers or commercial transactions. Money laundering can be done through various mediums, leveraging a variety of payment vehicles, people and institutions.
Money mules are a type of money laundering where a person transfers illicit funds through a medium (such as a bank account) to obfuscate where the money came from. There are different types of money mules including witting, unwitting, and complicit.
The fraud definitions for payment fraud are confusing unless you specify “non-plastic”. Payment Fraud (non-plastic) refers to payments made outside of card networks, via payments rails that send funds from one bank account to another. When making this type of payment, fraud occurs when a payments is sent to an account that the fraudster controls. Payment fraud can be unauthorized, which is commonly executed as an account takeover. Payment fraud can also be authorized, which is commonly executed through authorized push payment fraud (scams).
Promo abuse is the abuse of promotional offers by circumventing the terms of service (TOS) in order to obtain significant discounts.
Refund fraud occurs when bad actors take advantage of a merchant’s return policy in order to profit or get goods for free. Refunding fraud is a twist on friendly fraud that is particularly challenging for merchants because there are no associated chargebacks, yes the losses are significant.
Reseller abuse includes purchasing large quantities of products in an effort to resell the items for a profit. While reselling is a common practice, abuse can damage a client’s brand, deplete product availability for other customers, and violate terms of service (TOS).
Social engineering is the psychological manipulation of another person by preying on emotions and vulnerabilities in order to extract information or convince he/she to take a desired action. Social engineering can be the initial layer of other fraud types such as account takeovers and authorized push payment fraud (scams).
Synthetic identity fraud is the use of a combination of personally identifiable information to fabricate a person or entity in order to commit a dishonest act for personal or financial gain.
Third party fraud is when a fraudster leverages stolen information (PII, payment, etc.) to commit fraud (application, payment, card, etc) without the authorization of the owner of that information.
Transaction fraud is the unauthorized execution of any monetary transaction. Transaction fraud can include different payment types including cards (debit and credit), non-plastic forms of payment (ACH, Zelle, Wire, Faster Payments, etc.) and other payment methods.
Chargebacks are a forced payment reversal process where consumers can contact their bank and dispute a transaction for a refund. Banks typically review the transaction and issue provisional credit in the consumer’s favor.
PSD2 is an EU Directive, administered by the European Commission to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA). Two of the large focuses of PSD2 center around open banking and SCA (Stronger Customer Authentication).
SCA is a requirement of PSD2 on payment service providers within the European Economic Area. The requirement ensures that electronic payments are performed with multi-factor authentication, to increase the security of electronic payments.