• 3-D Secure Protocol

    An XML-based protocol designed to be an additional security layer for online credit and debit card transactions.


  • Account Takeover Fraud (ATO)

    When a legitimate customer’s account is illegally accessed for the purposes of committing fraud.

  • Acquirer

    A financial institution that processes credit or debit card payments on behalf of a merchant.

  • Address Verification System (AVS)

    System used to check the billing address of credit cards with the address on file at the credit card company. AVS is widely supported by Visa, Mastercard, and American Express in the US, Canada and the UK.

  • Adverse Action

    Under the Equal Credit Opportunity Act, a creditor's refusal to grant credit on the terms requested, termination of an existing account, or an unfavorable change in an existing account.

  • Aggregator

    Single sign on companies. Consumers set up accounts at a single sign on company such as Mint to manage all of their finances.

  • AML
  • Anti-Money Laundering (AML)

    A set of procedures, laws or regulations designed to stop the practice of generating income through illegal actions. In most cases, money launderers hide their actions through a series of steps that make it look like money coming from illegal or unethical sources was earned legitimately.

  • ATO
  • AVS


  • Bank Identification Number (BIN)

    The first six to eight digits on a credit card, which can be used to identify the issuing bank for a card. Used by online merchants as a way to detect fraud by matching the geographic area where the cardholder is located to the geographic area identified in the BIN.

  • BIN
  • Blockchain

    A decentralized network serving as a public ledger for all digital transactions under its management. The most popular application today is cryptocurrency. The transactions are not managed by any central authority.

  • Bust-out

    Type of credit card fraud where an individual establishes a normal usage pattern and solid repayment history, then racks up numerous charges, maxes out the card and defaults.


  • Call Center Fraud

    Fraudsters gather data about customers and then combine high-pressure tactics with spoofing technology to socially engineer agents and take over customer accounts or apply for a new account or line of credit.

  • Card Not Present (CNP)

    Type of fraud generally perpetrated online where the card is not present for the transaction.

  • Chargebacks

    The reduction of unpaid invoices owed to a trade creditor due to fraud, a dispute, return, offset, or any reason other than an account debtor's inability to pay.

  • CNP
  • Collusion

    Two or more parties acting together to defraud.

  • Credential Stuffing

    An attack that tests stolen credentials on website and mobile application API servers, to discover instances of password reuse across those applications and enable large-scale account takeovers.

  • Credit Card Fraud / Credit Write-Off Fraud

    Fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account.

  • Cryptocurrency

    A digital or virtual currency designed to function as a medium of exchange. It uses blockchain technology and the currencies are not managed by any central authority.

  • Customer Insult

    When a legitimate customer’s transaction is mistakenly declined, generally for suspected fraud.


  • Data Security Standard (DSS)

    The Payment Card Industry Data Security Standard (PCI-DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions, and to protect cardholders against misuse of their personal information.

  • DDA
  • Demand Deposit Accounts (DDA)

    Accounts that allow you to retrieve your money immediately, such as checking and savings accounts.

  • DSS


  • EFT
  • Electronic Funds Transfer (EFT)

    Method for payment where payer orders the bank to electronically debit the payer's account and forward funds to payee's account.

  • EMV

    Abbreviation for Europay, MasterCard, Visa. It is the global standard for chip-based Debit and Credit Card transactions.


  • False Decline / False Positive

    When a legitimate customer’s transaction is mistakenly declined, generally for suspected fraud.

  • FDIC
  • Federal Deposit Insurance Corporation (FDIC)

    An independent agency of the US government that insures funds on deposit with FDIC-insured banks and savings associations against the loss if their bank or savings association fails.

  • FI

    Financial Institution

  • FinTech

    Businesses that leverage new technology to create financial services for both consumers and businesses. Includes companies that may operate in personal financial management, insurance, payment, asset management, etc.


  • GDPR
  • General Data Protection Regulation (GDPR)

    Regulations for businesses in the EU or anyone processing transacations from EU end users specifying what personal data can be collected and how it can be used. Also specifies fines for noncompliance.


  • Issuer

    A bank or FI that issues cards to consumers on behalf of the card networks (Visa, Mastercard). The issuer acts as middleman between consumer and the card network by contracting with the cardholders for the terms of the repayment of transactions.


  • Know Your Customer (KYC)

    The process of a business verifying the identity of its clients and assessing potential risks of illegal intentions for the business relationship. The term is also used to refer to the bank regulations and anti-money laundering regulations which govern these activities.

  • KYC


  • Liability Shift

    The liability for chargebacks resulting from fraudulent transactions moves from the merchant to the issuing bank if the merchant has authenticated the transaction using any of the 3-D Secure protocols. Without Consumer Auth, merchants are liable for chargebacks.

  • Loan Stacking or Application Fraud

    Taking out a loan with stolen or synthetic identity, using one loan to pay off another to inflate the loan amount before defaulting.


  • NAF
  • New Account Fraud (NAF)

    Fraudsters use stolen or synthetic identities to create new accounts. They build credit with a series of small transactions, they then apply for – and then max out – new cards and loan products.

  • NYDFS Cybersecurity Regulation (23 NYCRR 500)

    Regulations for all financial institutions covered by New York Department of Financial Services specifying that covered institutions must adopt robust cybersecurity programs.


  • Payment Card Industry Data Security Standard (PCI-DSS)

    A widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions, and protect cardholders against misuse of their personal information.

  • Payment Service Provider (PSP)

    Provides online businesses with services for accepting electronic payments via credit card, direct debit, bank transfer, etc.

  • Payment Services Directive (PSD)/PSD2

    PSD2 is an update to the Payment Services Directive (PSD) that was adopted in 2007 by the European Commission (EC). PSD created the legal foundation for a Single Euro Payments Area (SEPA), essentially establishing a single market for payments (e.g. credit transfers, direct debits, cards) in the European Union.

  • PSD2
  • PSP


  • SCA
  • Social Engineering

    A non-technical method of intrusion used by hackers to commit fraud. It relies on human interaction and often involves tricking people into breaking normal security procedures.

  • STR
  • Strong Customer Authentication (SCA)

    Increased requirement under PSD2 for securing online payments using Strong Customer Authentication (SCA). SCA must use two or more of the following independent factors: Knowledge, Possession, Inherence

  • Suspicious Transaction Reports (STR)

    A report compiled by the regulated private sector (most commonly banks and FIs) reagarding financial flows they have detected that could be related to money laundering or terrorist financing.

  • Synthetic Fraud

    Fraudsters create a false identity using bits of real and fake data combined to form a new fictitious identity, then use it to obtain credit, make purchases or open new accounts.


  • Wire fraud

    Any fraud involving the electronic transfer of funds.