GLOSSARY

Definition

1st Party Fraud refers to any fraud committed against a financial institution or merchant by one of its own customers.

Notes

This is usually done when applying for a product or service to receive more favorable rates, or if they have no intention of meeting their commitments. Another example could be if an individual can make a false claim against an insurer to obtain a payment they are not eligible for.

Definition

Second party fraud, or money mules, is where an individual knowingly gives their identity or personal information to another individual to commit fraud.
Source

Notes

Second party fraud is difficult to detect because the person whose identity being used to commit fraud, has knowingly allowed it to happen. This means the usual characteristics associated with fraud aren't so obvious and are harder to uncover. Pipl's ability to uncover hard-to-detect "associations" between people is powerful tool in the fight against 2nd Party Fraud.

Definition

An XML-based protocol designed to be an additional security layer for online credit and debit card transactions
Source

Notes

A customer identity validation protocol originally developed by Arcot Systems (now CA Technologies) and first deployed by Visa to reduce CNP fraud. Shoppers are required to enter a code provided by their card issuer. Its use shifts fraud liability to the credit card issuer but it's been linked to high bounce rates. Many merchants and fraud prevention platforms leverage Pipl data for targeted reductions of customer friction because it provides rich "data stories" about customers on a global scale.

Definition

Third party fraud is where an individual, or group of people, use another person’s identity or personal details to open or takeover an account without the consent, or knowledge, of the person whose identity is being used.
Source

Notes

Third party fraud is a growing trend. One form is manufactured identities (Synthetic Identity Fraud) where an individual creates a new identity from stolen and false information. Up to 50% of third party fraud is seen as part of a fraud ring with activities linked to multiple identifies. Third party fraudsters acquire personal identifiable information and then use the data to take over an identity which is used to establish credit or buying products.

Definition

AML or Anti-Money Laundering refers to a set of procedures, laws or regulations designed to stop the practice of generating income through illegal activities.
Source

Notes

Most anti-money laundering programs focus on the source of funds as opposed to anti-terrorism and similar programs which focus on the destination of funds. Typically anti-money laundering programs are run by the financial institutions to analyze customer data in order to detect suspicious transactions.

Definition

Verification system used to verify the address of a person claiming to own a credit card. The system will check the billing address of the credit card provided by the user with the address on file at the credit card company.
Source

Notes

Other security features for the credit card include the CVV2 number. AVS is used when the merchant verifies credit card data, such as billing address and ZIP code, against the billing information of the cardholder. AVS verifies that the billing address of the credit or debit card matches the address that was given by the customer. Because AVS only verifies the numeric portion of the address, certain anomalies like apartment numbers can cause false declines. Pipl’s unmatched breadth and depth of public identity information (including Address History) lowers risk, lifts approval rates and cuts their losses to fraud and chargebacks.

Definition

A form of payments fraud whereby the fraudster obtains full control over an account and locks the legitimate owner out. Usually done by changing the PIN or password, or changing the statement mailing address.
Source

Notes

Fraudsters use parts of the victim's identity such as an email address to gain access to financial accounts. They then intercept account related communications to keep the victim unaware of any threats. Victims are usually the first to detect account takeover once they discover charges or questionable withdrawals. There has been a increase in account takeovers since the adoption of EMV technology, which makes it more difficult for fraudsters to counterfeit physical credit cards.

Definition

An acquiring financial institution, or acquirer, is a bank that processes and settles a merchant’s daily credit card transactions, and then in turn settles those transactions with the card issuer/association.
Source

Notes

All merchants are required to maintain such an account to receive payment for credit card transactions. Daily card transactions are deposited into the merchant’s account after settlement and fees are deducted. In this way, the financial institution "acquires" or serves as the intermediary to facilitate the credit transaction and pays the merchant, less a fee for the service.

Definition

An adverse action is a decision by a creditor, based on a credit score, that causes the creditor to deny a consumer access to credit, or to offer anything less than the best terms available.
Source

Notes

U.S. Federal rules require lenders to provide consumers detailed explanations of adverse actions. It means if consumers are denied credit or given less than the best terms, the lender must make available a free copy of the credit report that the decision was based on.

Definition

An algorithm is a predetermined, finite set of steps or calculations in which data are rigorously analyzed.
Source

Notes

In many Risk Management scenarios such as credit scoring and fraud detection, algorithms are the complex set of calculations that analyze and surface a person’s past credit oriented behavior to determine the level of risk that person carries for future activity.

Definition

Outputs of technology platforms that are based on the scientific disciplines of artificial intelligence and signal processing.
Source

Notes

Decision Platform encompass machine learning, reasoning, natural language processing, speech recognition, human–computer interaction, dialog and narrative generation, among other technologies. Pipl API helps companies automatically verify and enrich identity records across their decision platforms. These global providers know from testing that Pipl’s unmatched breadth and depth of public identity information lowers risk, lifts their approval rates and cuts their losses to fraud and chargebacks.

Definition

In data mining, anomaly detection (also outlier detection) is the identification of rare items, events or observations which raise suspicions by differing significantly from the majority of the data.
Source

Notes

Typically anomalous items translate to some kind of problem such as fraud. As with all computing applications, the quality and quantity of data inputs such as high quality identity data intelligence is key to successful outcomes.

Definition

Application fraud is a type of banking fraud in which a crook uses a person's personal information to apply for a credit card or other bank account in their name.
Source

Notes

Application is a growing problem for financial institutions across the world. As identity crimes continue to grow, it is increasingly difficult for FIs to determine who they are dealing with in all service channels. These identity crimes are resulting in a number of strategies as FIs make new technology investments to meet both compliance (KYC) and fraud challenges. Pipl’s deep identity profiles help you accept “thin file” applicants while detecting growing schemes like synthetic identities so you stop fraudsters from establishing, then nurturing, fake profiles and accounts.

Definition

The term "artificial intelligence" is often used to describe machines (or computers) that mimic "cognitive" functions that humans associate with the human mind, such as "learning" and "problem solving".
Source

Notes

Reported by Gartner as one of the top 10 strategic technology trends in 2019. AI is heavily leveraged by the fraud management industry. Pipl’s unmatched breadth and depth of public identity information powers AI which helps reduce risk, lift approval rates and cut losses to fraud and chargebacks. All while giving their customers a friendly, frictionless, and instantly gratifying experience.

Definition

An attack vector is a path or means by which a hacker can gain access to a computer or network server in order to deliver a payload or malicious outcome.
Source

Notes

The term is increasingly used to describe a path or means by which a fraudster finds a way to commit theft, such as Identity Theft, Synthetic Identity or an Insider Attack. Our digital world runs on trusting who is behind an online identity. But the very concept of identity has fractured into hundreds of data points that fraudsters constantly seek to exploit. That’s why Pipl is the first choice whenever companies must confirm if a person is who they claim to be.

Definition

Authentication is the process of assuring that a credit card transaction has been initiated by an authorized user of that card.
Source

Notes

From the merchant’s standpoint, authentication means getting the right information from the consumer, and having it verified by the transaction network. In recent years, authentication has been stepped up by means including security codes on credit cards. Pipl offers uniquely powerful identity data for verification tools so you can confidently approve, deny or escalate transactions.

Definition

An authenticator is the means used to confirm the identity of a user, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. In the simplest case, the authenticator is a common password.
Source

Notes

More modern Authenticator services give an extra layer of protection to customers by confirming a customer’s identity during the log-in or checkout process. Two common ways to do this are Challenge Questions and Biometrics. Because Pipl data provides such a rich cluster of data points it is especially useful for Challenge Questions. Users may be asked a series of security challenge questions contained in the profile and that only they know the answer to. If the challenge questions are correctly answered, users can continue signing in to a site.

Definition

An authorized transaction is a debit or credit card purchase for which the merchant has received approval from the bank that issued the customer’s payment card. Authorized transactions are a component of the electronic payment process.This involves the cardholder and numerous other entities working together to complete an electronic transaction.
Source

Notes

This process helps prevent credit card fraud. Our digital world runs on trusting who is behind an online identity. But the very concept of identity has fractured into hundreds of data points that fraudsters constantly seek to exploit. That’s why Pipl is the first choice whenever companies must confirm if a person is who they claim to be.

Definition

The BIN number is primarily a card identifier and does not directly identify the bank account number/s to which the card is/are linked by the issuing entity.
Source

Notes

The leading six or eight digits of the card number comprise the issuer identification number (IIN) sometimes referred to as the "bank identification number (BIN)". The remaining numbers on the card, except the last digit, are the individual account identification number. The last digit is the Luhn check digit. IINs and PANs have a certain level of internal structure and share a common numbering scheme set by ISO/IEC 7812. Payment card numbers are composed of 8 to 19 digits.

Definition

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router).
Source

Notes

Backdoors are used for securing remote access to a computer to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

Definition

A term associated with Bounty Hunters and refers to the act of locating and apprehending bail-secured defendants who have jumped bail or have violated an agreement with a bail bondsman to present themselves in court for a crime of which they have been accused.
Source

Notes

It’s critical that investigators cut the time spent developing new leads, filling information gaps, unmasking tipsters and finding known associates. Pipl lets you follow hunches and speeds your investigation tasks. It quickly exposes new directions to 1) quickly locate persons of interest 2) uncover associations between people, addresses, phones and social handles 3) determine the credibility of sources, witnesses or suspects 4) track changes in historical online and offline identity information 5) connect personal, professional, and social information.

Definition

Behavioral analytics is a recent advancement in business analytics that reveals new insights into the behavior of consumers on eCommerce platforms, online games, web and mobile applications, and IoT.
Source

Notes

The rapid increase in the volume of raw event data generated by the digital world enables methods that go beyond typical analysis by merging these data points with demographics (such as those provided by Pipl) and other traditional metrics that show what kind of people took what actions in the past and understanding how consumers act and why, to enable accurate predictions about how they are likely to act in the future.

Definition

Big data usually describes data sets sized beyond the ability of commonly used software tools to capture, curate, manage, and process data within a tolerable elapsed time. Big data philosophy encompasses unstructured, semi-structured and structured data, however the main focus is on unstructured data.
Source

Notes

E-commerce merchants use this data to gain detailed insights into customer behavior and identify business trends. Pipl’s proprietary technology uses robust statistical models and data-rich algorithms to accurately match any piece of data about a person — name, email address, phone number, or social media username — to a comprehensive profile which includes professional, social, demographic, and contact information.

Definition

A chronological ledger of transactions that is shared on a distributed digital network.
Source

Notes

The network can be public, with unlimited access (as with bitcoin), or private and permission-based.

Definition

A botnet is a number of Internet-connected devices, each of which is running one or more bots.
Source

Notes

Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data, send spam, and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a combination of the words "robot" and "network". The term is usually used with a negative or malicious connotation.

Definition

A "software robot device".
Source

Notes

Short for software robots, this term is used to describe tools designed to carry out repetitive tasks automatically. Tech savvy fraudsters may deploy bots to target eCommerce websites, by creating fake accounts and placing orders using stolen credit card details.

Definition

The term originates from the drug dealing world, and is used to describe inexpensive mobile phones designed for temporary use.
Source

Notes

Fraudsters and other criminals link an account to a disposable phone number to bypass 2FA. Today, phone numbers can be generated via burner phone apps or services. These work like prepaid phone cards, only allowing you to use them for a limited amount of time before being recirculated. Because they go through your phone’s original cellular data, they can be traced.

Definition

1Bust-out is a form of fraud that usually involves credit cards.
Source

Notes

The scheme happens when a person establishes good credit, either under their own name or by identity theft using stolen Social Security numbers. For a period of time the Fraudster continues making on-time payments, building credit, and applying for other card accounts with higher credit limits. After credit is built, the “bust-out” takes place, wherein the fraudster maxes out all the credit accounts and ceases making payments.

Definition

The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States.
Source

Notes

The intentions of the Act are to provide California residents with the right to 1) Know what personal data is being collected about them. 2) Know whether their personal data is sold or disclosed and to whom. Say no to the sale of personal data. 3) Access their personal data. 4) Request a business to delete any personal information about a consumer collected from that consumer. 5) Not be discriminated against for exercising their privacy rights. Pipl takes privacy compliance very seriously, we are certified for the EU-US Privacy Shield to ensure that our services support GDPR compliance and we comply with applicable laws and regulations, including the California Consumer Privacy Act (CCPA).

Definition

The Certified Insurance Fraud Analyst (CIFA) program is an accrediting process that covers all topics that deem an analyst to be well rounded and versed in all aspects of fraud analysis.
Source

Notes

The program has a high standard for admission and testing which includes adherence to IASIU’s code of ethics.

Definition

Customer Name and Address; usually obtained from a phone number.
Source

Notes

CNA is a common and early type of lead followed by an investigator and is the act of connecting a person's name to a accurate Address location. Pipl lets you follow hunches and speeds your investigation tasks. It quickly exposes new directions to 1) quickly locate persons of interest 2) uncover associations between people, addresses, phones and social handles 3) determine the credibility of sources, witnesses or suspects 4) track changes in historical online and offline identity information 5) connect personal, professional, and social information.

Definition

A practice employed by fraudsters to check that stolen credit card details are valid, before attempting a bigger purchase.
Source

Notes

When testing cards, fraudsters make multiple low-value purchases to stealthily avoid having the orders flagged by fraud scoring tools. Not-for-Profit sites are often targeted because giving an online donation does not require a shipping address, and because fraudsters know nonprofits are unlikely to have top notch fraud detection safeguards in place.

Definition

A card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected. It is most commonly used for payments made over Internet, but also mail-order transactions by mail or fax, or over the telephone.
Source

Notes

This payment method is convenient for customers and essential to online retailers — but it’s also vulnerable to fraud. Global Fraud Prevention providers and merchants know from testing that Pipl’s unmatched breadth and depth of public identity information lowers risk, lifts their approval rates and cuts their losses to fraud and chargebacks. All while giving their customers a friendly, frictionless, and instantly gratifying experience.

Definition

Abandonment rate as a marketing metric helps marketers to understand website user behavior. Specifically, abandonment rate is defined as "the percentage of shopping carts that are abandoned" prior to the completion of the purchase.
Source

Notes

The typical shopping cart abandonment rate for online retailers varies between 60% and 80%, with an average of 67.91%. It is claimed that the best optimized checkout process has an abandonment rate of 20%. To achieve such optimization, Pipl data is often used to streamline the Identity Verification process (a major contributor to customer friction) once an order is placed.

Definition

A form of social engineering where fraudsters and criminals create fake online identities to lure people into emotional or romantic relationships for personal or financial gain.
Source

Notes

Online seduction and blackmail are used to acquire personal information such as credit card numbers, social security numbers, or home addresses, among others.

Definition

The Certified Fraud Examiner (CFE) is a qualification issued by the Association of Certified Fraud Examiners (ACFE).
Source

Notes

The ACFE organization is a provider of anti-fraud education and training. CFE training includes teaching about information on difficult financial transactions and appreciating forensic approaches, regulation, and deciding on claims of fraud.

Definition

In legal context, is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidences.
Source

Notes

Maintaining a chain of custody is essential for team members working on a specific criminal case. The documentation of evidence is key for maintaining a chain of custody because everything that is done to the piece of evidence must be listed and whoever came in contact with that piece of evidence is accountable for what happens to it. This prevents police officers and other law officials from contaminating the evidence or taking the piece of evidence.

Definition

Chargeback is a return of money to a payer. Most commonly the payer is a consumer. The chargeback reverses a money transfer from the consumer's bank account, line of credit, or credit card. The chargeback is ordered by the bank that issued the consumer's payment card.
Source

Notes

The chargeback mechanism exists primarily for consumer protection. Holders of credit cards issued in the United States are afforded reversal rights by the Truth in Lending Act. United States debit card holders are guaranteed reversal rights by the Electronic Fund Transfer Act. Similar rights extend globally, pursuant to the rules established by the corresponding card association or bank network. A consumer may initiate a chargeback by contacting their issuing bank and filing a substantiated complaint regarding one or more debit items on their statement. The threat of forced reversal of funds provides merchants with an incentive to provide quality products, helpful customer service, and timely refunds as appropriate.

Definition

If a merchant encounters a chargeback they may be assessed a fee by their acquiring bank. A potential chargeback is presented on behalf of the card holder's bank to the merchant's credit card processing bank.
Source

Notes

Currently, both Visa and MasterCard require all merchants to maintain no more than 1% of dollar volume processed to be chargebacks. If the percentage goes above, there are penalties starting at $5,000 – $25,000 charged to the merchant's processing bank and ultimately passed on to the merchant. In all cases, a chargeback will cost the merchant the chargeback fee, typically $15–$30, plus the cost of the transaction and the amount processed. Pipl data plays an important role in reducing merchant chargeback losses in both automated (API) and manual review (SEARCH) approaches.

Definition

Chargeback fraud occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback from the issuing bank after receiving the purchased goods or services.
Source

Notes

For superior investigation of Chargeback Fraud, Pipl’s identity resolution engine accurately clusters a vast array of hard-to-connect identity information not found by standard research tools. With well structured reports, important facts are front and center so CBF investigators can quickly dig into details all on one page or use shortcuts to jump to social media accounts and web links.

Definition

Chargeback insurance is an insurance product that protects a merchant who accepts credit cards. The insurance protects the merchant against fraud in a transaction where the use of the credit card was unauthorized, and covers claims arising out of the merchant's liability to the service bank.
Source

Notes

A typical chargeback insurance policy will only cover losses on credit card transactions purchased through its own specific payment processor or payment gateway. While chargeback insurance can help cover losses, like any insurance there are pros and cons. While some fraud protection services charge a flat-rate fee per transaction (typically 0.5 to 15 cents per transaction), vendors who offer chargeback insurance usually charge a percentage-based fee of 0.5% to 1.5% which can be cost-prohibitive for larger transactions.

Definition

A merchant’s chargeback ratio is the number of chargebacks compared to overall transactions for a given month. As the number of chargebacks against a retailer rises, so does the ratio.
Source

Notes

Most credit card companies require that chargeback ratios be less than 1 percent; after 1 percent, merchants may be placed in a “excessive chargeback” monitoring program where they pay additional fines and fees until they are able to get the chargeback ratio decreased to an acceptable percentage. If a merchant is unable to reduce their chargeback ratio, it may lose processing privileges altogether.

Definition

Child identity theft is defined as the theft of a child's personal information, such as their Social Security numbers.
Source

Notes

This information can be used to open bank accounts and credit cards in a child's name, or help someone secure a mortgage, a job, or government and health benefits. Criminals are more likely to capitalize on kids’ data. Among notified breach victims last year, 39 percent of minors became victims of fraud, versus 19 percent of adults, according to Javelin. While adults make prime targets for their account balances, the “blank slate” a child provides can enable a criminal to do more damage by opening new lines of credit before someone catches on.

Definition

Civil records are a group of public records that pertain to civil registry records, civil family matters and non criminal civil offenses. These records vary a lot because of the nature of the information that is recorded.
Source

Notes

There are various types of public records that are available to the general public. Some of your information that could be considered public record includes: Civil and Vital Records, Birth and Death, Marriage & Divorce Records, Lien and Judgment Records, Criminal Records, Court Records, Government Records, Bankruptcy Records, Driving and Traffic Records, Phone and Address Information, Naturalization and Immigration Records.

Definition

The person making a claim. Use of the word 'claimant' usually denotes that the person has not yet filed a lawsuit. In Insurance also referred to as "the insured."
Source

Notes

The Insurance Industry Glossary defines “claimant” as “The party making a claim under an insurance policy. The claimant may be the insured. Under liability policies, the claimant is a third party.” No matter which definition you use, a “claimant” is somebody making a claim – not somebody against whom a claim will be made. Upon filing a lawsuit, the claimant becomes a plaintiff, but the terms are often used interchangeably.

Definition

A claims adjuster investigates insurance claims by interviewing the claimant and witnesses, consulting police and hospital records, and inspecting property damage to determine the extent of the company's liability. Other claims adjusters who represent policyholders may aid in the preparation of an insurance claim.
Source

Notes

Activities typically extend to include the following elements 1) Verify an insurance policy exists for the insured person and/or property. In general, these are written by the policy-holding insurance company. 2) Risk(s) of loss(es), or damages to property, culminating in the loss of property and or bodily injury. 3) After completing the above investigations, evaluate the covered injuries and/or damages that have been determined according to the coverage grants. 4) Negotiate a settlement according to the applicable law(s), and identify coverages for which the insured is covered, following best insurance practices

Definition

Clickjacking is when a fraudster targets someone to click a link, either to get them to install malware or to try to phish them.
Source

Notes

This can be done by sharing baited content on social media, having people click back to the source of the content, where the fraudster then tries to attack them.

Definition

A telephone service used to conceal the identity of the outbound caller's telephone number or Caller ID data.
Source

Notes

Services such as "Burnerapp.com" allow users to obtain and manage additional phone numbers for voice, SMS, and MMS communications, Burner lets users get as many numbers as they want to use each as a private line on an iPhone or Android phone, and keep numbers indefinitely or 'burn' numbers they no longer need.

Definition

Confirmation fraud is a type of fraud that comes in two layers. First, a fraudster falsifies transactional information, like pretending to deposit a certain amount of money in an account (on someone else's behalf).
Source

Notes

Then, the fraudster creates fake materials that falsely confirm that that first transaction went through, when in reality it didn't. In short, a fake deposit (or other transaction) is falsely confirmed as having gone through by a fake confirmation, so as to cover up the fact that the first transaction was actually fraudulent.

Definition

Consumer Authentication is the term used for the devices that are designed to verify that a person making a transaction or any business deal is really the person who is certified to do that action.
Source

Notes

This term applies to both card-not-present transactions as well as in-person transactions. Pipl offers uniquely powerful identity data and verification tools so you can confidently approve, deny or escalate transactions. That’s why Pipl is the first choice whenever the world's top ecommerce and financial services companies must confirm that a person is who they claim to be..

Definition

A person commits contract fraud when they make a knowingly false statement that serves to trick or deceive another person into signing a contract.
Source

Notes

A person also commits contract fraud when, through misrepresentation, they trick an individual who does not believe they are entering into a contract, into signing one.

Definition

An information packet sent from a website to a web browser that records a user’s activity on that website.
Source

Notes

They can also be used to remember arbitrary pieces of information that the user previously entered into form fields such as names, addresses, passwords, and credit-card numbers.

Definition

The facts constituting or proving the body of a crime, or the necessary elements of a crime that together demonstrate it commissions.
Source

Notes

Corpus delicti is one of the most important concepts in a murder investigation. When a person disappears and cannot be contacted, many police agencies initiate a missing person case. If, during the course of the investigation, detectives believe that he/she has been murdered, then a "body" of evidentiary items, including physical, demonstrative and testimonial evidence, must be obtained to establish that the missing individual has indeed been murdered before a suspect can be charged with homicide.

Definition

A web crawler, also known as a web spider or web robot, is a program, software package, or automated script which browses the Global Web in a systematic and automated method.
Source

Notes

Web crawlers are mostly used to generate a duplicate of all the pages they visit, then processing them throughout a search engine that will file the copied pages to deliver faster search results. PiplBot is Pipl's web-indexing robot. PiplBot crawler collects documents from the Web to build a searchable index for our People Search engine. Unlike a typical search-engine robots, PiplBot is designed to retrieve information from the deep web; our robots are set to interact with searchable databases and not only follow links from other websites. As part of the crawling, PiplBot takes robots.txt standards into account to ensure we do not crawl and index content from those pages whose content you do not want included in Pipl Search.

Definition

Credential stuffing is a form of cyber-attack where a taken account's credentials, usually containing the lists of usernames and/or email ID along with the matching passwords, are stolen and then used to gain illegal access to real user accounts over a large-scale automated login.
Source

Notes

Credential stuffing attacks are possible when internet users persist the same username/password combination across multiple sites, with one survey reporting that 81% of users have reused a password across two or more sites and 25% of users use the same password across a majority of internet their accounts

Definition

A credit bureau is a data collection agency that gathers account information from various creditors and provides that information to a consumer reporting agency in the United States, a credit reference agency in the United Kingdom, a credit reporting body in Australia, a credit information company in India, Special Accessing Entity in the Philippines, and also to private lenders. It is not the same as a credit rating agency.
Source

Notes

Because credit bureaus handle such sensitive information, they’re particularly vulnerable to cyberattacks and breaches. Recent security flaws at Equifax resulted in exposing an estimated 143 million Americans’ personal data. Pipl’s unmatched depth and breadth of identity data lets you combat the unprecedented availability of breached credentials and hijacked mobile phones with superior identity testing.

Definition

Credit card fraud is an inclusive term for fraud committed using a payment card, such as a credit card or debit card. The purpose may be to obtain goods or services, or to make payment to another account which is controlled by a criminal.
Source

Notes

There are several ways Credit Card Fraud occurs: 1) Application fraud takes place when a person uses stolen or fake documents to open an account in another person's name. 2) Account Takeover refers to the act by which fraudsters will attempt to assume control of a customer's account. 3) Social Engineering fraud can occur when a criminal poses as someone else which results in a voluntary transfer of money or information to the fraudster. 4) Skimming is the theft of personal information having used in an otherwise a normal transaction. The thief can procure a victim's card number using basic methods such as photocopying receipts or more advanced methods such as using a small electronic device (skimmer).

Definition

A card security code such as (CSC), (CVD), (CVV), CVC), (V-code) or (SPC), is a security feature for "card not present" payment card transactions instituted to reduce the incidence of credit card fraud.
Source

Notes

Customers making online purchases are often asked for their credit card’s CVV, or card verification value, as a way for e-commerce retailers to verify that customers actually possess the card they're using for the purchase.

Definition

That part of a consumer credit report, most often located at the top of the report, which may identify a person's past and present residences, telephone numbers, date of birth, aliases, social security numbers, etc. The header does not contain financial or credit information.
Source

Notes

Credit Header information can be used to access other private information, particularly financial information, but the information in a credit header is not generally private in and of itself. The Social Security Number, generally regarded as the most sensitive of the information in a credit header, is used in hundreds of different ways by business and government. Unlike Pipl, many providers of Identity Data intelligence rely heavily on Credit Header data, making their solutions susceptible to Synthetic Identity fraud activity.

Definition

Credit muling involves acquiring and delivering items fraudulently obtained using credit, making it an example of credit fraud.
Source

Notes

Just as drugs mules transport illegal drugs, a credit mule transports items obtained dishonestly that have been purchased via credit card fraud. Credit mules may not be aware that they are participating in a scam and may indeed think they are working in good faith as an employee or independent contractor of a legitimate organization, such as a secret shopper operation.

Definition

A criminal record, police record, and colloquially "rap sheet." In most cases it lists all non-expunged criminal offences and is normally considered to be publicly available.
Source

Notes

Definition

A cryptogram is a short, coded text.
Source

Notes

When consumers use a chip-enabled credit card to make a purchase, the embedded microchip automatically encrypts a unique alphanumeric value for each transaction. These dynamic cryptograms improve data integrity and make it difficult for fraudsters to hack and decode credit card data and generate counterfeit cards to be used for in-store transactions.

Definition

Cryptocurrencies require large amounts of computer power to be created, or “mined”. Some legitimate companies specialize in mass cryptomining through dedicated mining farms.
Source

Notes

Cyber criminals like to deploy cryptomining viruses or bots on unsuspecting users’ computers, or even organizations’ servers. This allows them to mine at scale, without spending extra money on equipment or resources like electricity.

Definition

Current address fraud occurs when a fraudster changes the known address of somebody to a new one, thus re-routing their mail to somewhere the fraudster can likely access it.
Source

Notes

The crime involves providing one's address as a place where they never lived, or continuing to use a previous address where one no longer lives. Laws pertaining to these types of crimes vary by location. In one form of address fraud, the perpetrator uses a former address as their current address to receive mail by deliberately failing to report an address change and using the old address on legal documents. In another form, a person misrepresents a communal mailbox at their home as their exclusive address to take advantage of benefits available to others in the home. Pipl data can be used for automated in-process Address Fraud detection as well as a manual review tools for analysts.

Definition

Describes any point at which customers experience resistance, e.g. a complicated checkout process, requiring customers to create an account before making a purchase, or broken features on a website or app. In any case, friction is a barrier to customers completing a purchase.
Source

Notes

Pipl usually uses this term to refer to specify fraud prevention measures taken by manual review teams for validation purposes, such as reaching out to customers via sms, email, or phone. Customer friction may also result from requiring shoppers to take cumbersome steps to verify their identity during checkout, like 3-D Secure. Many merchants and fraud prevention platforms leverage Pipl data for targeted reductions of customer friction because it provides rich "data stories" about customers on a global scale.

Definition

Records maintained by state-level government agencies that administer vehicle registration and driver licensing. The name "DMV" is not used in every state or area, nor are the traditional DMV functions handled by a single agency in every state, but the generic term is widely understood, particularly in the context of driver's license issuance and renewal.
Source

Notes

A DMV Record will show height, weight, eye color, hair color, middle name, accidents, violations, actions, drunken driving arrests, tickets, vehicles, etc. This information is usually provided as part of a Background Investigation service or commercial records review service.

Definition

The dark web is web content that exists on darknets (overlay networks) that use the internet but require specific software, configurations, or authorization to access.
Source

Notes

The dark web forms a small part of the deep web, the part of the Web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web. At Pipl we always maintain high standards of ethics and compliance to ensure we follow every applicable law and regulation; regardless of the data sourcing method we use, we maintain a clear audit log for any data added to our service to ensure we can keep track of data source quality, licensing and regulatory changes.

Definition

A Data Attribute is frequently and generally a property of a property. However, in actual usage, the term attribute can and is often treated as equivalent to a property depending on the technology being discussed.
Source

Notes

An attribute of an object usually consists of a name and a value; of an element, a type or class name; of a file, a name and extension. At Pipl these are viewed as Individual elements (fields) of information which are the building blocks for identity profiles. Sometimes referred to as "data points."

Definition

A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. Incidents range from concerted attacks by black hats, or individuals who hack for some kind of personal gain, associated with organized crime, political activist or national governments.
Source

Notes

Data breaches happen when sensitive information like banking information, health data, passwords, or credit card information) is accessed or disclosed through unauthorized means. Breaches occur through weak passwords, hackers, phishing attacks, missing software patches etc.

Definition

Data Coverage specifies the population from which observations for a particular topic can be drawn.
Source

Notes

An understanding of coverage is required to facilitate the comparison of data. Coverage issues are often explained through the use of tables showing linkages (e.g. part or full correspondence) and can also be used to explain the ratio of coverage. Pipl ethically and legally sourced data is a collection of trillions of data points compiled from the Internet, public records, listings, directories, archives and exclusive sources. Pipl Data Coverage has been tested as far superior on the basis on having more attributes (phone, email, address etc.) on a unmatched global scale.

Definition

A general term that refers to processes used to enhance, refine or otherwise improve raw data. This idea and other similar concepts contribute to making data a valuable asset for almost any modern business or enterprise. It also shows the common imperative of proactively using this data in various ways.
Source

Notes

Pipl uses this term to refer to the process of supplementing identity records with additional details that allows decision engines to accurately assess ID Verification. Pipl API can automatically enrich raw order data with information from proprietary in-house databases, as well as with data from third party sources.

Definition

A data point is defined as a distinct component of data. In a broad common sense, every single detail is considered as a data point.

Notes

In an arithmetical or systematic framework, a data point is typically imitative in terms of size or investigation and can also be exemplified in an arithmetic and/or detailed manner.

Definition

Data set is an assortment of data.
Source

Notes

"Usually a data set match up to the subjects of a distinct database table, or otherwise a particular arithmetical data matrix, where each single column of the table indicates a specific variable, and each row match up to a set of affiliates of the query data set.

Definition

The decline rate is the percentage of declined transactions out of the total order volume over a given time period.
Source

Notes

When calculating the decline rate to assess fraud operations performance, merchants take into account orders rejected due to fraud filters on the gateway level, orders automatically declined by in-house fraud prevention systems, and orders declined by the manual review team.

Definition

A dedicated hosting service, also known as a dedicated server or a managed hosting service, is basically an Internet hosting structure where the customer leases an entire server not shared with anyone else.
Source

Notes

This is even more flexible when compared to shared hosting, since with dedicated hosting organizations have full access and control over the server(s) and all hardware involved with them.

Definition

A dedicated IP address is defined as an exclusive Internet address which is exclusively and completely assigned to a distinct hosting account.
Source

Notes

Only corporate hosting accounts are qualified for dedicated IP addresses. Shared hosting accounts that share the server's IP address cannot have a dedicated IP.

Definition

The deep web, invisible web, or hidden web are parts of the World Wide Web whose contents are not indexed by standard web search-engines. The opposite term to the deep web is the "surface web", which is accessible to anyone/everyone using the Internet.
Source

Notes

See "Dark Web" above.

Definition

A 'device fingerprint', machine fingerprint, or browser fingerprint is information collected about a remote computing device for the purpose of identification.
Source

Notes

Fingerprints can be used to fully or partially identify individual users or devices even when persistent or zombie cookies can't be read or stored in the browser and the client IP address is hidden - even if one switches to another browser on the same device. Fraud-fighers use this information along with machine learning models to analyze it along with order data to determine whether the transaction is legitimate or fraudulent.

Definition

A device ID or device identification is a unique number related to a cell phone or to the handheld device itself.
Source

Notes

There is a unique device ID for all smartphones and tablets worldwide which is stored directly on the mobile device itself. IDs are separate from the hardware serial numbers.

Definition

Digital footprint or digital shadow refers to one's unique set of traceable digital activities, actions, contributions and communications manifested on the Internet or on digital devices.

Notes

There are two main types for digital footprints: passive and active. A passive digital footprint is data collected without the owner knowing (data exhaust). Active digital footprints are created when personal data is released deliberately by a user for the purpose of sharing information with websites or social media. Pipl’s identity resolution engine accurately clusters a vast array of hard-to-connect identity information not found by standard research tools.

Definition

A digital wallet also known as "e-Wallet" refers to an electronic device or online service that allows an individual to make electronic transactions.
Source

Notes

This can include purchasing items online with a computer or using a smartphone to purchase something at a store. Money can be deposited in the digital wallet prior to any transactions or, in other cases, an individual's bank account can be linked to the digital wallet.

Definition

Disposable email addressing (DEA) refers to an approach where a unique email address is used for every contact or entity. The benefit is that if anyone compromises the address or uses it in connection with email abuse, the address owner can easily cancel (or "dispose" of) it without affecting any of their other contacts.
Source

Notes

Fraudsters often utilize disposable email accounts to avoid associating their personal email accounts with their criminal activity. Many merchants and fraud prevention platforms use Pipl data to discern the use of DEAs.

Definition

Chargeback is a return of money to a payer. Most commonly the payer is a consumer. The chargeback reverses a money transfer from the consumer's bank account, line of credit, or credit card. The chargeback is ordered by the bank that issued the consumer's payment card.
Source

Notes

Chargebacks exist primarily for consumer protection. Holders of credit cards issued in the United States are afforded reversal rights by the Truth in Lending Act. United States debit card holders are guaranteed reversal rights by the Electronic Fund Transfer Act. Similar rights extend globally, pursuant to the rules established by the corresponding card association or bank network. A consumer may initiate a chargeback by contacting their issuing bank and filing a substantiated complaint regarding one or more debit items on their statement. The threat of forced reversal of funds provides merchants with an incentive to provide quality products, helpful customer service, and timely refunds as appropriate.

Definition

A set of federal regulations passed in 2010 with the intention of preventing a recurrence of the events that caused the 2008 financial crisis.
Source

Notes

The Act created financial regulatory processes that enforce transparency and accountability while protecting consumers and taxpayers. “Dodd-Frank,” as it is often called, is named after Sen. Christopher J. Dodd and Rep. Barney Frank, who were largely responsible for its creation and passage.

Definition

A type of trolling that consists of posting some or all of the personal information (name, address, phone number, Social Security number, birth date, etc.) of victims online for public view.
Source

Notes

The term dox derives from the slang "dropping dox" which, according to Wired writer Mat Honan, was "an old-school revenge tactic that emerged from hacker culture in 1990s". Hackers operating outside the law in that era used the breach of an opponent's anonymity as a means to expose opponents to harassment or legal repercussions. Consequently, doxing often comes with a negative connotation, because it can be a vehicle for revenge via the violation of privacy.

Definition

Source

Notes

Definition

The process of systematically evaluating information, to identify risks and issues relating to a proposed transaction (i.e. verify that information is what it has been stated to be). Also associated with "Vetting."
Source

Notes

In criminal law, “due diligence” also identifies the standard a prosecuting entity must satisfy in pursuing an action against a defendant, especially with regard to the provision of the Federal and State Constitutional and statutory right to a speedy trial or to have a warrant or detainer served in an action. Pipl's well structured reports puts important identity related facts front and center so investigators can quickly dig into details all on one page or use shortcuts to jump to social media accounts and web links.

Definition

E-commerce (electronic commerce) is the activity of electronically buying or selling of products on online services or over the Internet.
Source

Notes

Usually divided into three categories 1) Business to business (B2B) 2) Business to consumer (B2C) 3) Consumer to consumer (C2C). Pipl's Identity Data Intelligence services are used by the world's largest e-commerce operations.

Definition

Also called mobile apps, are types of application software that let customers browse and buy on mobile devices, like smartphones or tablets.
Source

Notes

They act similar to a retailer’s website, capturing payment information and processing transactions. Although they’re generally smaller in scope, they offer greater interactivity. Simple apps let customers browse and make purchases; more complex apps might enable location based features and integrate with social media.

Definition

An e-commerce platform is software technology that lets e-commerce merchants open and manage an online storefront; sell products and services; and perform other functions, like send emails, integrate with social media and create loyalty programs.
Source

Notes

There are an estimated 12-24 million stores using e-commerce platforms to sell their products online. These platforms range from the simple and free to the complex and expensive; selecting the right platform depends on a merchant’s budget, goals and needs.

Definition

“ECOA” stands for Equal Credit Opportunity Act, which was enacted by Congress in 1974 to prohibit discrimination in lending.

Notes

ECOA-mandated codes appear on credit reports and are designed for nondiscriminatory identifications/categorization of an account. Code examples: “I” is an Individual account, “J” is a Joint account, “A” is an Authorized user. Pipl data is frequently used to enrich identity records of all cardholders connected to an account and can be used to pinpoint data points that confirm associations.

Definition

EMV cards are smart cards, also called chip cards, integrated circuit cards, or IC cards which store their data on integrated circuit chips, in addition to magnetic stripes for backward compatibility. These include cards that must be physically inserted or "dipped" into a reader, as well as contactless cards that can be read over a short distance using near-field communication technology.
Source

Notes

EMV (or “chip”) technology was developed by Europay, MasterCard and Visa (hence the name “EMV”) to help make credit card and debit transactions more secure. A microprocessor chip is embedded in these cards, and the chip interacts with a merchant’s point-of-sale systems to validate the card. As the new global standard for credit and debit cards, these new cards improve security by being nearly impossible to duplicate.

Definition

To identify the owner of an email address.
Source

Notes

Definition

The section of an email message that contains the sender and recipient's email addresses as well as the routing information.
Source

Notes

An email header tells who sent the email and where it arrived. Some markers indicate this information, like “From:” — sender’s name and email address, “To:” — the recipient’s name and email address, and “Date:” — the time and date of when the email was sent. All of these are mandatory indicators. Other parts of the email header are optional and differ among email service providers.

Definition

This term refers to how long an email account has existed.
Source

Notes

At Pipl the email age is a valuable metadata for assessing the fraud risk of a CNP order. A recently created email account is more likely to be associated with fraud; whereas an order placed with an email created several years ago is a positive indicator of legitimacy. As part of Pipl's automatic data enrichment process, raw identity data is supplemented with email age information.

Definition

Source

Notes

When merchants transmit transaction data they use encryption to code data so only authorized parties can access it. Converting data into ciphered (encrypted) data makes it difficult for an unauthorized third person to intercept the data and use it for illegal purposes. And even if the encrypted data is by a hacker, they’ll be unable to decode the information without the decryption key.

Definition

Like other credit scores, a FICO score is a three- digit numeric value that assesses a borrower’s credit risk.

Notes

FICO score can range from 300 to 850. The higher the number, the more likely the loan is to be repaid. People with low FICO scores get charged higher interest rates to make up for the added risk. People with high FICO scores get the best deals. FICO scores are calculated using complex formulas that predict future debt repayment behavior. Income, credit lines outstanding, debt to income ratio, mix of credit and past payment behavior all factor into a person’s FICO score.

Definition

Fast Identity Online is a set of open technical specifications for mechanisms of authenticating users to online services that do not depend on passwords.

Notes

FIDO authentication seeks to use the native security capabilities of the user device to enable strong user authentication and reduce the reliance on passwords.

Definition

The Fair Credit Reporting Act was enacted to govern how credit bureaus maintain, share and correct information in credit reports.
Source

Notes

It was intended to protect consumers from the willful and/or negligent inclusion of inaccurate information in their credit reports. To that end, the FCRA regulates the collection, dissemination, and use of consumer information, including consumer credit information. Together with the Fair Debt Collection Practices Act (FDCPA), the FCRA forms the foundation of consumer rights law in the United States.

Definition

False declines are valid credit card transactions that are incorrectly rejected. Also called “false positives.” False declines can be caused by identity-related, technical, or structural issues. They are the ultimate "customer friction."
Source

Notes

False Decline happen when a cardholder triggers a merchant’s fraud detection system (e.g. large purchases, orders shipped outside of the customer’s billing address) and is incorrectly flagged as fraud. 40% of Americans have had a purchase transaction falsely blocked or questioned. They are embarrassing and inconvenient for customers and costly to merchants. False declines cost merchants more than $118 billion in sales yearly — 13 X more than losses to actual e-commerce fraud. Many merchants and fraud prevention platforms use Pipl data to reduce the occurrence of False Declines.

Definition

False Front Merchants is when a company appears to have valid businesses, but actually, all are just fronts for a number of various fraud schemes.
Source

Notes

The ability of some fraudsters to make fake companies is growing with the new ways digital payment systems perform in a business, which give the opportunities for the fraudsters to set up sophisticated, deceptive schemes of false front merchants.

Definition

A federated identity in information technology refers to process of linking a person's electronic identity and attributes across multiple distinct identity management systems.
Source

Notes

Federated identity is related to single sign-on (SSO), in where a user's single authentication ticket or token, is cleared across multiple IT systems. SSO is a subset of federated identity management, as it relates only to authentication and is understood on the level of technical interoperability and it would not be possible without some sort of federation.

Definition

Law enforcement officers complete a form called the Field Interview Report (FIR) which notes details about any and everything.
Source

Notes

The officer uses the FIR to gather information about an individual, who is acting suspiciously, may have had the potential of committing a crime or is being checked while passing through a jurisdiction’s boundary. Information is captured about the event, to record the individual, vehicle, location and field officer related to the FIR for the purpose of recording the event for possible future investigations and identification.

Definition

A fraud analyst monitors and investigates customer accounts and transactions to investigate suspected fraud.
Source

Notes

Insurance companies, banks, retailers, and a many other organizations employ fraud analysts to detect and deter deceitful actions. While unlawful activities such as fake claims and false IDs have been burdensome for years, advances in technology have opened up new attack vectors for creative tricksters. Fraud analysts use everything at their disposal to catch these thieves. When transactions get escalated review teams are on the clock. Pipl Search quickly shows Fraud Analysts how the purchase data submitted by buyers is connected - or that no relationship exists - so your team can approve or deny global transactions with confidence.

Definition

A fraud filter is a tool used in e-commerce to prevent potentially fraudulent orders from processing. Depending on how the fraud filters are set up, it will either warn of a potentially fraudulent transaction or cancel an order entirely.
Source

Notes

There are many different types of fraud filters including velocity, address verification system (AVS), card verification value (CVV) and purchase amount filters. Merchants must be careful about the order in which they apply these filters. If layered incorrectly, some rules may cancel out others, reducing the total amount of protection they offer. While fraud filters are a popular and relatively inexpensive fraud protection strategy, they're not foolproof: Fraud filters typically generate a false positive rate of approximately 25%.

Definition

Fraud losses are incurred by payment card issuers, merchants, acquirers of card transactions from merchants, and acquirers of card transactions at ATMs on all credit, debit, and prepaid general purpose and private label payment cards issued around the globe.
Source

Notes

When criminals fraudulently take something of value from a merchant a wide range of fraud losses are realized. This includes the product itself, fees and often penalties associated with any connected chargebacks - as well as reputational damage. Smaller companies are less likely to have the resources to invest in anti-fraud practices and technology and are especially hard hit.

Definition

Fraud Management Services are defined as services that provide support in reviewing and resolving all potential fraudulent operations of a company, assisting with the immediate control of illicit purchases. These services conduct ongoing investigations to create innovative fraudulent policies to increase controls.
Source

Notes

These services focus on preventing fraud from happening, rather than reacting to fraud attacks. They offer a team of experienced analysts to managed all aspects of the business’s e-commerce activity, actively screening transactions and implementing comprehensive chargeback management strategies to stop fraudulent orders before they’re approved. The fraud managed services provider may be liable for the fraud risk if a fraudulent transaction is approved. The typical organization loses an average of 5% of revenues due to fraud — translating to nearly $3.7 trillion of global losses annually.

Definition

Software programs that help companies identify hazardous transactions in real time and decrease the amount of consumer fraud that occurs.
Source

Notes

Fraud detection software monitors transactions and assigns risk scores to each of them. Transactions with attributes that don't deviate from the norm are allowed for processing. If even one transaction detail indicates suspicious activity, the system automatically halts or denies it, and sends an alert to the user. Many of these systems use both rules (that users can edit) and machine learning techniques to achieve higher efficiency. Many Providers create countermeasures using Pipl to help power new identity verification platforms, Know Your Customer (KYC) data models, and behavioral pattern analysis to minimize fraud while keeping the customer experience as friction-free as possible.

Definition

A Fraud Ring could be described as an organization which performs activities with the intention to defraud or take advantage of other people.
Source

Notes

A fraud ring might be involved in any kind of forgery, creating fake claims, stealing a private identity, or even counterfeiting checks and currency as well.

Definition

The Fraud Triangle is a simple framework that is useful to understand a worker's decision to commit workplace or occupational fraud.
Source

Notes

The fraud triangle consists of three components (sides) which, together, lead to the workplace fraud, and are: 1) a financial need, 2) a perceived opportunity, and 3) a way to rationalize the fraud as not being inconsistent with their own values. The Fraud Triangle is a common teaching aide and metaphor that has been used for decades.

Definition

Also known as Chargeback fraud; occurs when a consumer makes an online shopping purchase with their own credit card, and then requests a chargeback (with dishonest intent) from the issuing bank after receiving the purchased goods or services.
Source

Notes

For superior investigation of Chargeback Fraud, Pipl’s identity resolution engine accurately clusters a vast array of hard-to-connect identity information not found by standard research tools. With well structured reports, important facts are front and center so Chargeback Fraud investigators can quickly dig into details all on one page or use shortcuts to jump to social media accounts and web links.

Definition

The nickname fraudsters give to an information package containing a person’s real name, address, and form of ID. It usually contains all the information needed to steal someone’s identity.
Source

Notes

The underground economy in which hackers operate is laden with forums, chat rooms, websites and other communities designed to facilitate, streamline, and industrialize cybercrime. Taking a look at what gets sold and traded in these communities can give us a pretty good understanding of what’s most valuable to hackers — and what we need to focus on protecting.

Definition

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA).
Source

Notes

According to the European Commission, "Personal data is information that relates to an identified or identifiable individual. If you cannot directly identify an individual from that information, then you need to consider whether the individual is still identifiable. You should take into account the information you are processing together with all the means reasonably likely to be used by either you or any other person to identify that individual. Pipl takes privacy compliance very seriously, we are certified for the EU-US Privacy Shield to ensure that our services support GDPR compliance and we comply with applicable laws and regulations, including the California Consumer Privacy Act (CCPA).

Definition

Address validation is the process of checking a mailing address against an authoritative database to see if the address is valid.
Source

Notes

If the address in question matches an address in the official database, the address "validates", meaning it's a real address. Addresses that do not match any addresses in the database are marked as "invalid", meaning the address either doesn't exist or isn't registered with the official postal service. Most countries around the world have their own respective databases against which addresses can be validated.

Definition

Human intelligence (abbreviated HUMINT and is pronounced as hyoo-mint) is intelligence gathered by means of interpersonal contact.

Notes

HUMINT is used in collaboration with more technical intelligence gathering disciplines such as signals intelligence (SIGINT), imagery intelligence (IMINT) and measurement, open source (OSINT) and signature intelligence (MASINT).

Definition

The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data.
Source

Notes

Hash functions and their associated hash tables are used in data storage and retrieval applications to access data in a small and nearly constant time per retrieval, and storage space only fractionally greater than the total space required for the data or records themselves. Hashing is a computationally and storage space efficient form of data access which avoids the non-linear access time of ordered and unordered lists and structured trees, and the often exponential storage requirements of direct access of state spaces of large or variable-length keys.

Definition

High-risk industries are those that are particularly vulnerable to online credit fraud and chargebacks, like merchants doing business in verticals such as gaming, adult entertainment, online gambling and travel.
Source

Notes

It is impossible to define all activity that would qualify as suspicious. However, the following guidelines quantify the types of suspicious accounts/activities that should be monitored 1) “High-risk” businesses 2) Other business with high wire transfer activity, particularly wires to foreign entities and banks, 3) Cash intensive businesses 4) Frequent consumer foreign wire transfer activity. 5) Frequent large cash consumer deposits and withdrawals. One of the best ways to avoid being an unknowing accomplice to money launderers is to properly identify new customers, clients and vendors.

Definition

A honeypot is a tempting set of data or an attractive computer system that lures fraudsters and counteracts their attempts to hack into or otherwise compromise an information system.
Source

Notes

Comparable to a police sting operation, honeypots act as bait by appearing to be a legitimate part of a website; however, it’s actually being monitored by information technology professionals. Watching and recording this activity gives fraud prevention specialists insights into new modes of attack by fraudsters while also testing the security of network infrastructure.

Definition

Identity theft is the deliberate use of someone else's identity, usually as a method to gain a financial advantage or obtain credit and other benefits in the other person's name and perhaps to the other person's disadvantage or loss.
Source

Notes

Identity theft happens when fraudsters gather enough critical pieces of personal data about an victim (name, driver’s license number, date of birth and address) and transact as that person to open new accounts and make purchases. Also a criminal can also use stolen information to hijack a consumer’s existing account (called “account takeover”)

Definition

This is a variant on the concept of Software as a Service (SaaS), indicating that identity management can be outsourced and purchased as a cloud-based service instead of either purchasing the software and operating it in-house or building the functionality from scratch in-house.
Source

Notes

IDaaS can be used for a number of different applications. Adaptive multi-factor authentication is one such use. This is a feature where users submit multiple factors to gain entry to the network—thus increasing security over single-factor authentication—and access is granted dynamically, depending on how much risk users present. Another application is single sign-on. This allows users to sign on only once at the network perimeter, and with that single effort, obtain access to whichever parts of the company's constellation of programs and resources are authorized.

Definition

An insider threat can happen when someone close to an organization with authorized access misuses that access to negatively impact the organization’s critical information or systems.

Notes

This person does not necessarily need to be an employee – third party vendors, contractors, and partners could pose a threat as well.

Definition

An Internet Protocol address (IP address) is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
Source

Notes

Each device connected to the internet has an Internet Protocol (IP) address, which is a numerical label that serves to both identify the device and provide its location. There are two types of IP addresses 1) Static: The user configures this by editing a device’s network settings 2) Dynamic: The device is assigned a new IP address each time it starts. Merchants can use IP addresses to flag potentially fraudulent orders, like multiple orders shipped to different physical addresses but placed from the same IP address.

Definition

Jamming is a scam by fraudulent credit repair firms who bulk mail dispute letters to credit bureaus, asking to have legitimate information removed from a customer’s credit record.
Source

Notes

This long-running scam by illegitimate credit repair operations is throwing a wrench into the already-beleaguered credit report dispute process, making it harder for the big three credit bureaus to keep up with legitimate disputes.

Definition

Records of court civil judgments such as municipal and small claims actions not already included in a civil court search.
Source

Notes

Judgment information is usually included as part of either a Background Investigation service or commercial records review service. Also known as adjudication which means the evaluation of evidence to make a decision.

Definition

Know Your Customer (KYC) refers to due diligence that banks and other financial institutions must perform on their customers before doing business with them.
Source

Notes

Know your customer policies (KYC) are usually required by governments and enforced by bank regulators to prevent corruption, identity theft, financial fraud, money laundering and terrorism financing. Most KYC frameworks are based on four components: 1) customer identification, 2) customer acceptance, 3) transaction monitoring and 4) ongoing risk management. Requirements vary by country, but the collection of basic identity documents, comparison against certain name lists (OFAC for example), and analysis of transaction behaviors are most common.

Definition

A Level of Assurance, as defined by the by ISO/IEC 29115 Standard, describes the degree of confidence in the processes leading up to and including an authentication.
Source

Notes

It provides assurance that the entity claiming a particular identity, is the entity to which that identity was assigned.

Definition

Liability shift generally refers to the responsibility of covering the losses from fraudulent transactions moving from the merchant to the issuing bank when the merchant has authenticated the transaction using any of the 3D Secure (3DS) protocols.
Source

Notes

If the merchant does not authenticate the credit card transaction with a 3D Secure method, the merchant remains liable for chargebacks and fraud losses.

Definition

Loyalty Fraud is when a fraudster gains unauthorized access to an account tied to a loyalty rewards program offered by a merchant.
Source

Notes

This form of ATO fraud occurs when store credit or rewards cash balance are stolen by fraudsters who use it to shop immediately. Common examples are frequent flyer miles or hotel loyalty points, where many customers have significant value stored in the account. When a fraudster commits loyalty fraud, the merchant is responsible for reimbursing those stolen points, miles or other store credit.

Definition

The scientific study of algorithms and statistical models that computer systems use to perform a specific task without using explicit instructions, relying on patterns and inference instead. Seen as a subset of artificial intelligence.
Source

Notes

Machine learning is frequently used for fraud software, allowing programs to make fast transactional decisions and minimize risk. As machine learning systems detect fraud patterns in purchase data and as they integrate new data, they make increasingly accurate predictions and are considered effective at identifying fraud. These machines still rely on current data and analytics’ insights to make well informed decisions. Global service providers know from testing that Pipl’s unmatched breadth and depth of public identity information provides critical data for Machine learning application.

Definition

A mail receiving service often employed for reasons of anonymity or secrecy.
Source

Notes

A commercial mail receiving agency (CMRA) is a private business that accepts mail from the Postal Service on behalf of third parties. A CMRA may also be known as a Mail drop. A customer of a CMRA can receive mail and other deliveries at the street address of the CMRA rather than the customer's own street address. Depending on the agreement between the customer and the CMRA, the CMRA can forward the mail to the customer or hold it for pickup.

Definition

Mail Order Telephone Order (MOTO) is a type of card-not-present (CNP) transaction in which services are paid and delivered via telephone, mail, fax, or internet communication.
Source

Notes

With the introduction of chip technology on most cards, there has been reduced fraud in “card present” transactions, but a corresponding increase in fraud in CNP transactions. The word stands for “mail order telephone order,” although those types of financial transactions are increasingly rare. MOTO has, therefore, become synonymous with any financial transaction where the entity taking payment does not physically see the card used to make the purchase.

Definition

Malware (malicious software) is any software intentionally designed to cause damage to a computer, server, client, or computer network.
Source

Notes

An abbreviation for “malicious software,” malware is designed to damage computers, servers and even networks through computer viruses, ransomware, spyware and more. Installed malware on a victim’s computer can even capture the user’s keystrokes as they enter user names, passwords and emails. Fraudsters then use that data to access the accounts and use the funds to make fraudulent purchases.

Definition

An attack that occurs when someone or something that is trusted intercepts packets and retransmits them to another party.
Source

Notes

In cryptography and computer security, a man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. As it aims to circumvent mutual authentication, a MITM attack can succeed only when the attacker impersonates each endpoint sufficiently well to satisfy their expectations. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks.

Definition

A process by which analysts manually review orders for fraud, usually after automated fraud detection systems fail to definitively determine whether or not an order is valid.
Source

Notes

Rather than relying only on automated fraud prevention systems, manual fraud review teams make decisions based on experience and judgment. They are generally measured by approval and chargeback rates and review turnaround time. Pipl offers uniquely powerful identity data and verification tools so you can confidently approve, deny or escalate transactions. That’s why Pipl is the first choice whenever the world's top ecommerce and financial services companies must confirm that a person is who they claim to be.

Definition

When a person seeks medical treatment or prescription drugs under an assumed identity.
Source

Notes

If a thief has stolen insurance information they can seek medical attention posing as the victim. In addition to risks of financial harm common to all forms of identity theft, the thief's medical history may be added to the victim's medical records. Inaccurate information in the victim's records is difficult to correct and may affect future insurability or cause doctors relying on the misinformation to deliver inappropriate care.

Definition

In the United States, Medicare fraud is the claiming of Medicare health care reimbursement to which the claimant is not entitled.
Source

Notes

Definition

A merchant account is a type of bank account that allows businesses to accept payments in multiple ways, typically debit or credit cards. A merchant account is established under an agreement between an acceptor and a merchant acquiring bank for the settlement of payment card transactions.
Source

Notes

In some cases a payment processor, independent sales organization (ISO), or member service provider (MSP) is also a party to the merchant agreement. Whether a merchant enters into a merchant agreement directly with an acquiring bank or through an aggregator, the agreement contractually binds the merchant to obey the operating regulations established by the card associations.

Definition

Merchant account providers give businesses the ability to accept debit and credit cards in payment for goods and services. This can be face-to-face, on the telephone, or over the internet.
Source

Notes

Definition

Amassed data that is used to describe large amounts of other data.
Source

Notes

There are 5 basic types of metadata: 1) Descriptive metadata is descriptive information about a resource. It is used for discovery and identification. 2) Structural metadata is metadata about containers of data and indicates how compound objects are put together. 3) Administrative metadata is information to help manage a resource, like resource type, permissions, and when and how it was created. 4) Reference metadata is information about the contents and quality of statistical data. 5) Statistical metadata, also called process data, may describe processes that collect, process, or produce statistical data.

Definition

When a fraudster obtains account information, but not the associated credit card details. So the attack is made using a stolen card card that belongs to an unrelated person.
Source

Notes

Many merchants, unaware of the scope of the ATO issue, decide that good login credentials are enough to essentially auto-approve an order. And even when merchants detect something suspicious in one of these orders, they tend to refrain from requesting additional identity verification steps to check the identity of this “loyal” customer. Pipl’s unmatched depth and breadth of identity data lets you combat the unprecedented availability of breached credentials and hijacked mobile phones with superior identity testing.

Definition

Multi-factor authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism.
Source

Notes

Authentication factors of a multi-factor authentication scheme may include: 1) Something you have - some physical object in the possession of the user, such as a USB stick with a secret token, a bank card, a key, etc. 2) Something you know - certain knowledge only known to the user, such as a password, PIN, TAN, etc. 3) Something you are - some physical characteristic of the user (biometrics), such as a fingerprint, eye iris, voice, typing speed, pattern in key press intervals, etc. 4) Somewhere you are - some connection to a specific computing network or utilizing a GPS signal to identify the location.

Definition

The blending of different distribution and promotional channels for the purpose of Marketing. Distribution channels range from a retail storefront, a website, or a mail-order catalogue.
Source

Notes

Multichannel merchants focus on getting their products into the hands of customers, wherever they may be. Over the years, multichannel selling has expanded from brick-and-mortar stores, phone sales and catalogs to now include e-commerce sales made via apps, mobile devices, social media sites and online marketplaces. Retailers selling in at least two channels enjoyed approximately twice the revenue of those who sold through only one. And merchants who sold on two, rather than one, online marketplaces averaged 190% more in sales revenue.

Definition

In e-commerce, blacklisting is used to prevent fraud. A given blacklist includes data from customers who have proved to be unreliable in the past. This enables online retailers to exclude disreputable or suspicious customers and prevent fraud before incurring any loss.
Source

Notes

Blacklists record all information from individuals who have been flagged as untrustworthy in the past. To prevent fraudulent transactions in e-commerce, the buyer’s name, transaction data, bank data, IP addresses, and email addresses may be listed. For example, if a buyer defaults on one or more purchases, their data is immediately placed on the blacklist. This protects retailers against further fraudulent activity.

Definition

Nonpublic personal information is the category of information protected by prevailing privacy rules, e.g. Gramm-Leach-Bliley Act (GLBA).
Source

Notes

NPI consists of Personally identifiable financial information that is not publicly available information; and lists, descriptions, or other groupings of consumers that were either created using personally identifiable financial information that is not publicly available information, or contain personally identifiable financial information that is not publicly available information.

Definition

Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context. In the intelligence community, the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources). It is not related to open-source software or collective intelligence.
Source

Notes

Definition

An eCommerce term for the practice of cross-checking all data from new transactions against previous orders.
Source

Notes

The practice of cross-checking all data from new transactions against previous orders. Order linking helps prevent fraud, for example, when a new order is placed from a device and IP address from which a fraudulent chargeback was previously incurred. Linking also helps approve orders placed by good customers.

Definition

Information that, when used alone or with other relevant data, can identify an individual.
Source

Notes

Definition

Non-sensitive personally identifiable information is easily accessible from public sources and can include zip code, race, gender, and date of birth.
Source

Notes

Definition

Sensitive personally identifiable information can include Social Security Number, driver’s license, financial information, and medical records.
Source

Notes

Definition

Identifying the owner of a post office box.
Source

Notes

Pipl's intuitive & flexible search enables users to enter a single data point, paste a mailing address or open Advanced Search and pinpoint the identity profile you need. Most data is hyperlinked to make reverse lookup easy.

Definition

1st Party Fraud refers to any fraud committed against a financial institution or merchant by one of its own customers.
 

Notes

This is usually done when applying for a product or service to receive more favorable rates, or if they have no intention of meeting their commitments. Another example could be if an individual can make a false claim against an insurer to obtain a payment they are not eligible for.

Definition

Place of Employment.

Notes

Pipl's intuitive & flexible search enables users to enter a single data point, paste a search parameter or open Advanced Search and pinpoint the identity profile you need. Most data is hyperlinked to make reverse lookup easy.

Definition

The Payment Services Directive (PSD, Directive 2007/64/EC, replaced by PSD2, Directive (EU) 2015/2366) is an EU Directive, administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA).
Source

Notes

Definition

Package rerouting is the practice of changing an item’s delivery address after the purchase has been approved.
Source

Notes

This usually happens after the package has left the warehouse and is already in-transit. Many retailers and shippers offer shoppers the option to change the shipping address after placing an order online. Unfortunately, this service can be exploited by fraudsters.

Definition

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment.
Source

Notes

Definition

A payment gateway is a merchant service provided by a service provider that authorizes credit card or direct payments processing for e-businesses, online retailers, bricks and clicks, or traditional brick and mortar.
Source

Notes

Definition

Notes

Definition

Pharming is a cyber attack intended to redirect a website's traffic to another, fake site.

Notes

Definition

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
Source

Notes

Definition

The act of identifying the owner of a telephone number. As referred to as "reverse phone lookup."
Source

Notes

Definition

Point-to-point encryption (P2PE) is a standard established by the PCI Security Standards Council. Payment solutions that offer similar encryption but do not meet the P2Pe standard are referred to as end-to-end encryption (E2Ee) solutions.
Source

Notes

Definition

A ruse, lie or deceit most often used by a PI to elicit information from someone who would not have otherwise willingly assisted the investigator.
Source

Notes

Definition

Property Insurance Loss Register or PILR for short is an insurance industry database, which lists the insured's in burglary & theft claims.
Source

Notes

Definition

Flagging any purchase that falls outside a prescribed range can be flagged and held for further review, processed as usual but trigger a report, or automatically declined.
Source

Notes

Definition

A type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. A form of extortion.
Source

Notes

Definition

A person or organization who reships cargo etc; a forwarding agent.
Source

Notes

Definition

The duration it takes to review an order for fraud and reach a decision as to whether to approve or decline the purchase.
Source

Notes

Definition

The identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.
Source

Notes

Definition

Search Engine Results Pages (SERP) are the pages displayed by search engines in response to a query by a searcher.
Source

Notes

Definition

Signals Intelligence (SIGINT) refers to electronic transmissions that can be collected by ships, planes, ground sites, or satellites.
Source

Notes

Definition

Special Investigative Unit (SIU) — unit or department within an insurance company involved in detecting and pursuing action against fraudulent activities on the part of insureds or claimants.
Source

Notes

Definition

A suspicious transaction report (STR) refers to the information demanded by the Internal Revenue Service (IRS) from banks and other financial institutions regarding suspicious transactions.
Source

Notes

Definition

Fraud scoring is a system of predictive fraud detection models or technologies that payment processors use to identify the highest risk transactions in card-not-present environment that require additional verification.
Source

Notes

Definition

A character or string of characters used in a search engine query to narrow the focus of the search.
Source

Notes

Definition

The procedure by which a party to a lawsuit gives an appropriate notice of initial legal action to another party (such as a defendant), court, or administrative body in an effort to exercise jurisdiction over that person so as to enable that person to respond to the proceeding before the court, body, or other tribunal.
Source

Notes

Definition

Instances of skimming have been reported where the perpetrator has put over the card slot of an ATM (automated teller machine) a device that reads the magnetic strip as the user unknowingly passes their card through it.
Source

Notes

Definition

The process of finding a person whose whereabouts are unknown, is missing, lost, or in hiding.
Source

Notes

Definition

Source

Notes

Definition

In the context of information security, is the psychological manipulation of people into performing actions or divulging confidential information.
Source

Notes

Definition

A digital footprint (including Social Media interaction) is a trail of data people create while using the Internet. It includes the websites visited, emails sent, and information submitted to online services.
Source

Notes

Definition

A spider is a program that visits Web sites and reads their pages and other information in order to create entries for a search engine index.
Source

Notes

Definition

The practice of concealing a file, message, image, or video within another file, message, image, or video.
Source

Notes

Definition

Translated from Latin, this means "under the rose" and is a term frequently used for surveillance but can also mean any type of undercover or discrete investigation.
Source

Notes

Definition

Source

Notes

Definition

A type of insurance fraud; a vehicle purposely pulls into another's path and slams on its brakes, causing the other vehicle to rear-end it.
Source

Notes

Definition

Synthetic identity theft is a type of fraud in which a criminal combines real and fake information to create a new identity. The real information used in this fraud is usually stolen. This information is used to open fraudulent accounts and make fraudulent purchases.
Source

Notes

Definition

The Modus Operandi of an attacker or group of attackers. Sometimes called tools, tactics, and procedures.
Source

Notes

Definition

Title fraud is altering, or counterfeiting an automobile title or reassignment form.
Source

Notes

Definition

Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value.
Source

Notes

Definition

Records of long distance telephone calls; may be from a landline or mobile phone.
Source

Notes

Definition

Tor, which stands for The Onion Router, is free software that facilitates anonymous communication.
Source

Notes

Definition

A telephone service used to capture an inbound caller's telephone number despite their attempt to conceal that number.

Notes

Definition

Triangulation fraud denotes that there are three individuals who play a role in the purchase of the order.
Source

Notes

Definition

A Trojan horse, or Trojan for short, is a piece of malware that pretends to be something benign, such a media player, an emailed file, a smartphone app or even a Web page.
Source

Notes

Definition

Vehicle Identification Number; a unique serial number assigned to every automobile by its manufacturer.

Notes

Definition

Velocity Filters let merchants set a specific limit on how many transactions a payment gateway can process in a set period of time. This protects against high-volume attacks attempted by online fraudsters.
Source

Notes

Definition

Watering hole is a computer attack strategy, in which the victim is of a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware.
Source

Notes

Definition

Typically a single-pixel graphic or image that is placed on websites to track user activity.
Source

Notes

Definition

Notes

Definition

Monitoring of telephone conversations by a third party or one of the callers, often by covert means.
Source

Notes