One of the most frustrating aspects of fraud is just how expansive it is. Fraudsters are growing increasingly creative in their schemes and tend to evolve faster than financial institutions, making it difficult to keep up and protect against the breadth and depth of their tactics. According to Justin Davis, CFE, the sheer magnitude and complexity of the problem leads to FIs inaccurately defining the type of fraud they are experiencing, which inhibits them from being able to properly address it.
As a result, we put together this “fraud dictionary,” in hopes of helping FIs better understand the many layers of the fraud world. And since we have no doubt fraudsters will continue to evolve, we’ll treat this document as a living resource, updating it as new trends and regulations emerge.
Did we miss a term, or do you have a question on fraud in the credit union space? Let us know at email@example.com.
- Anti-money laundering: refers to the laws, regulations and procedures intended to prevent criminals from disguising illegally obtained funds as legitimate income.
- Account Takeover: see Identity Fraud.
- Bank Secrecy Act: the Bank Secrecy Act of 1970, also known as the Currency and Foreign Transactions Reporting Act, is a U.S. law requiring financial institutions in the United States to assist U.S. government agencies in detecting and preventing money laundering.
- Counterfeit credit cards are fakes that have real account information stolen from victims. Often, the victims still have their real cards, so they don’t know a crime has occurred. The cards appear legitimate, with issuers’ logos and encoded magnetic strips.
- Card-not-present fraud occurs in fraudulent transactions where a cardholder does not present a card to a merchant in person. It includes internet, phone and mail-order transactions. In most cases, this type of fraud happens after a crook steals card information such as a card number via hacking, skimming or phishing techniques.
- A credit card skimming device reads the magnetic stripe on your credit or debit card when you slide it into a card reader at an ATM, gas pump or other point of sale. The skimmer then stores the card number, expiration date and cardholder’s name. These stripes even appear on chip-enabled cards.
- Phishing fraud
- Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss.
- Certified Fraud Examiner. The Certified Fraud Examiner is a credential awarded by the Association of Certified Fraud Examiners.
- A chargeback is a charge that is returned to a payment card after a customer successfully disputes an item on their account statement or transactions report. A chargeback may occur on debit cards (and the underlying bank account) or on credit cards.
- Customer Due Diligence: With CDD, you must identify and understand your customers’ activities. Then, you can use the information you find to assess how risky they are to your business. Customer due diligence can be broken down into two categories:
- Simplified Due Diligence (SDD) is used in situations where risk is very low and full CDD is not necessary.
- Enhanced Due Diligence (EDD) is when you collect additional CDD information about a customer. Typically, you will do EDD for higher-risk clients to get a deeper understanding of their business activity.
- Customer Identification Program: The USA Patriot Act has several provisions “intended to facilitate the prevention, detection, and prosecution of international money laundering and the financing of terrorism.”
- A CIP prescribes “the minimum standards for financial institutions and their customers regarding the identity of the customer that shall apply in connection with the opening of an account at a financial institution.”
- An institution’s CIP procedures should be “appropriate for its size and type of business” and must enable it “to form a reasonable belief that it knows the true identity of each customer.”
- Credit washing is the systematic disputing of tradelines on a consumer’s credit report as identity theft, even if the tradeline is legitimate. This scheme is perpetrated by both criminal fraudsters trying to reuse identities, as well as normal consumers attempting to look more creditworthy.
- Device reputation tracking is a method of fraud mitigation that gathers device fingerprints — a series of device characteristics – and assembles a view of that device’s previous association with fraudulent activity.
- Identification is the act of indicating a person or thing’s identity.
- Authentication is the act of proving the identity of a computer system user (for example, by comparing the password entered with the password stored in the database).
- Authorization is the function of specifying access rights/privileges to resources.
- Synthetic identity fraud involves manufacturing an identity using a mix of both real and fake information in order to obtain fraudulent loans and accounts.
- Identity theft involves the unauthorized use of personal identifiable information (PII) by a third party.
- Account Takeover Fraud is when a third party gains access to one or more accounts without the knowledge or permission of the account holder.
- The Know Your Customer or Know Your Client (KYC) guidelines in financial services require that professionals make an effort to verify the identity, suitability, and risks involved with maintaining a business relationship. The procedures fit within the broader scope of a bank’s Anti-Money Laundering (AML) policy.
- Multi-factor authentication is an electronic authentication method in which a device user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is).
- MFA protects the user from an unknown person trying to access their data such as personal ID details or financial assets.
- Also known as a one-time passcode or dynamic password, a OTP (one-time passcode) is a password that is valid for only one login session or transaction, on a computer system or other digital device. One Time Passcodes (or passwords) allow institutions to verify that consumers are associated with the phone number provided and issue a one-time SMS code to effortlessly authenticate identities.
- Wire transfer fraud involves money transfers through companies like Western Union and MoneyGram. Scammers pressure people to use money transfers so they can get the money before their victims realize they’ve been cheated.
- ACH fraud: An ACH transaction is a type of wire transfer performed through the Automated Clearing House. ACH fraud involves any unauthorized funds transfer that occurs in a bank account. Oftentimes, these attacks originate from phishing attacks with malware or ransomware that result in fraudulent entry to a secure system with secure data.
Check out more content from our fraud series below:
- Interview with Justin Davis of Point Predictive, CFE (video)
- How Project Finance Fights Fraud
- TransUnion Weighs in on Credit Unions’ Battle Against Fraud