• 3-D Secure Protocol

    An XML-based protocol designed to be an additional security layer for online credit and debit card transactions.

A

  • Account Takeover Fraud (ATO)

    When a legitimate customer’s account is illegally accessed for the purposes of committing fraud.

  • Acquirer

    A financial institution that processes credit or debit card payments on behalf of a merchant.

  • Acquiring Bank or Merchant Bank

    A financial institution that processes credit or debit card payments on behalf of a merchant.

  • Address Verification System (AVS)

    System used to check the billing address of credit cards with the address on file at the credit card company. AVS is widely supported by Visa, Mastercard, and American Express in the US, Canada and the UK.

  • Adverse Action

    Under the Equal Credit Opportunity Act, a creditor's refusal to grant credit on the terms requested, termination of an existing account, or an unfavorable change in an existing account.

  • AML
  • Anti-Money Laundering (AML)

    A set of procedures, laws or regulations designed to stop the practice of generating income through illegal actions. In most cases, money launderers hide their actions through a series of steps that make it look like money coming from illegal or unethical sources was earned legitimately.

  • ATO
  • AVS

B

  • Bank Identification Number (BIN)

    The first six to eight digits on a credit card, which can be used to identify the issuing bank for a card. Used by online merchants as a way to detect fraud by matching the geographic area where the cardholder is located to the geographic area identified in the BIN.

  • BIN
  • Bust-out

    Type of credit card fraud where an individual establishes a normal usage pattern and solid repayment history, then racks up numerous charges, maxes out the card and defaults.

C

  • Call Center Fraud

    Fraudsters gather data about customers and then combine high-pressure tactics with spoofing technology to socially engineer agents and take over customer accounts or apply for a new account or line of credit.

  • Card Not Present (CNP)

    Type of fraud generally perpetrated online where the card is not present for the transaction.

  • Card Testing

    Card testing is a process in which fraudsters visit online stores to make random purchases for the purpose of verifying stolen credit card information, making sure it is not blocked or canceled or has exceeded the credit limit.

  • Card Verification Value (CVV)

    Card verification value (CVV) is a three- or four-digit number printed, not embossed, on a credit card to help verify that a customer possesses the card.

  • Chargebacks

    The reduction of unpaid invoices owed to a trade creditor due to fraud, a dispute, return, offset, or any reason other than an account debtor's inability to pay.

  • CIFAS

    Credit Industry Fraud Avoidance System (CIFAS) is a fraud prevention service in the United Kingdom. It is a not-for-profit membership association representing organisations from across the public, private and voluntary sectors. In 2016, Cifas had over 360 member organisations.

  • CIFAS
  • CNP
  • Collusion

    Two or more parties acting together to defraud.

  • Credential Stuffing

    An attack that tests stolen credentials on website and mobile application API servers, to discover instances of password reuse across those applications and enable large-scale account takeovers.

  • Credit Card Fraud / Credit Write-Off Fraud

    Fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account.

  • Credit Industry Fraud Avoidance System (CIFAS)

    A fraud prevention service in the United Kingdom. It is a not-for-profit membership association representing organisations from across the public, private and voluntary sectors. In 2016, CIFAS had over 360 member organisations.

  • Customer Insult

    When a legitimate customer’s transaction is mistakenly declined, generally for suspected fraud.

  • CVV

D

  • Data Security Standard (DSS)

    The Payment Card Industry Data Security Standard (PCI-DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions, and to protect cardholders against misuse of their personal information.

  • DSS

E

  • EFT
  • Electronic Funds Transfer (EFT)

    Method for payment where payer orders the bank to electronically debit the payer's account and forward funds to payee's account.

  • EMV

    Abbreviation for Europay, MasterCard, Visa. It is the global standard for chip-based Debit and Credit Card transactions.

F

  • False Decline / False Positive

    When a legitimate customer’s transaction is mistakenly declined, generally for suspected fraud.

  • FDIC
  • Federal Deposit Insurance Corporation (FDIC)

    An independent agency of the US government that insures funds on deposit with FDIC-insured banks and savings associations against the loss if their bank or savings association fails.

  • FI

    Financial Institution

  • FinTech

    Businesses that leverage new technology to create financial services for both consumers and businesses. Includes companies that may operate in personal financial management, insurance, payment, asset management, etc.

G

  • GDPR
  • General Data Protection Regulation (GDPR)

    Regulations for businesses in the EU or anyone processing transacations from EU end users specifying what personal data can be collected and how it can be used. Also specifies fines for noncompliance.

I

  • Issuer

    A bank or FI that issues cards to consumers on behalf of the card networks (Visa, Mastercard). The issuer acts as middleman between consumer and the card network by contracting with the cardholders for the terms of the repayment of transactions.

K

  • Know Your Customer (KYC)

    The process of a business verifying the identity of its clients and assessing potential risks of illegal intentions for the business relationship. The term is also used to refer to the bank regulations and anti-money laundering regulations which govern these activities.

  • KYC

L

  • Liability Shift

    The liability for chargebacks resulting from fraudulent transactions moves from the merchant to the issuing bank if the merchant has authenticated the transaction using any of the 3-D Secure protocols. Without Consumer Auth, merchants are liable for chargebacks.

  • Loan Stacking or Application Fraud

    Taking out a loan with stolen or synthetic identity, using one loan to pay off another to inflate the loan amount before defaulting.

N

  • NAF
  • New Account Fraud (NAF)

    Fraudsters use stolen or synthetic identities to create new accounts. They build credit with a series of small transactions, they then apply for – and then max out – new cards and loan products.

O

  • OFAC
  • Office of Foreign Asset Control (OFAC) / AML

    Administers and enforces economic and trade sanctions. All US businesses, as well as many businesses worldwide, (particularly banks), must abide by OFAC regulations. Ties in with Anti-Money Laundering regulations.

P

  • PA DSS
  • Payment Application Data Security Standard (PA DSS)

    PA DSS is a system designed by the Payment Card Industry Security Standards Council and adopted worldwide. The standard aims to prevent developed payment applications for third parties from storing prohibited secure data including magnetic stripe, CVV2, PIN.

  • Payment Card Industry Data Security Standard (PCI-DSS)

    A widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions, and protect cardholders against misuse of their personal information.

  • Payment Services Directive (PSD)/PSD2

    PSD2 is an update to the Payment Services Directive (PSD) that was adopted in 2007 by the European Commission (EC). PSD created the legal foundation for a Single Euro Payments Area (SEPA), essentially establishing a single market for payments (e.g. credit transfers, direct debits, cards) in the European Union.

  • PCI-DSS
  • POS

    Point of Sales

  • PSD2

S

  • SCA
  • Social Engineering

    A non-technical method of intrusion used by hackers to commit fraud. It relies on human interaction and often involves tricking people into breaking normal security procedures.

  • STR
  • Strong Customer Authentication (SCA)

    Increased requirement under PSD2 for securing online payments using Strong Customer Authentication (SCA). SCA must use two or more of the following independent factors: Knowledge, Possession, Inherence

  • Suspicious Transaction Reports (STR)

    A report compiled by the regulated private sector (most commonly banks and FIs) reagarding financial flows they have detected that could be related to money laundering or terrorist financing.

  • Synthetic Fraud

    Fraudsters create a false identity using bits of real and fake data combined to form a new fictitious identity, then use it to obtain credit, make purchases or open new accounts.