Share
Glossary of financial fraud terms
Learn how we define types of financial fraud at Alloy

There’s no question that fraud is one of the most pressing challenges in financial services risk management. It is also one of the most complicated issues faced by financial institutions and fintechs.
To solve for fraud, it helps to understand which type your organization is experiencing. Once you can put a name to a certain fraud type, you’ll know how to recognize the patterns and better protect your financial institution or fintech.
If you don’t know the difference between first, second, and third-party fraud just yet, don’t sweat. We created our ever-growing glossary of financial fraud terminology to help you smooth out the details. Select a fraud type from the list to jump ahead to its definition, or keep scrolling to start at the top.
- Account takeover fraud (ATO)
- Accounting fraud
- ACH fraud
- Advance fee fraud
- Artificial intelligence (AI) fraud
- Authorized push payment (APP) fraud
- Biometric spoofing
- Bust-out fraud
- Card-not-present (CNP) fraud
- Chargeback fraud
- Check fraud
- Credit card fraud
- Deepfakes
- Embezzlement
- Financial grooming scam
- First-party fraud
- Fraud model
- Fraud ring
- Fraud ring attack
- High-velocity fraud attack
- Identity theft
- Internal fraud
- Investment fraud
- Invoice and mandate scams
- Money laundering
- Money muling
- Peer-to-peer (P2P) payments fraud
- Phishing
- Pump and dump
- Purchase scams
- Referral fraud
- Romance scam
- Second-party fraud
- Shell company
- Smishing (SMS phishing)
- Social engineering
- Step-up verification
- Synthetic fraud (first party/third party)
- Third-party fraud
- Triangulation fraud
- Vishing
- Vulnerable adult abuse
- Wire fraud
Defining financial fraud types is an evolving challenge
Clear fraud definitions and classifications enable financial organizations to develop targeted prevention strategies, improve detection algorithms, and enhance staff training. By regularly updating their fraud taxonomy, financial institutions and fintechs can remain agile in responding to emerging threats.
A shared vocabulary facilitates better communication and trend analysis within organizations and the industry. However, the dynamic nature of fraud can make it difficult to maintain a comprehensive and up-to-date classification system.
This glossary aims to contribute to that effort by providing a foundation for understanding the diverse fraud schemes that threaten the financial sector.
List of financial fraud types in alphabetical order
Account takeover fraud (ATO)
A type of fraud that occurs when a bad actor is able to gain control of a target's bank accounts, often by stealing their credentials. Learn how to detect and prevent ATO here.
Accounting fraud
Manipulating financial records and statements to present false information about a company's financial health.
ACH fraud
An unauthorized transfer from a bank account via ACH payment. ACH fraud often occurs after a fraudster obtains a person’s banking and routing numbers via phishing attacks and then transfers money from the compromised account. Learn more about ACH fraud here.
Advance fee fraud
A scam that promises you something in the future (such as products, services, stock, or opportunity to participate in a deal) in exchange for an upfront fee. Fraudsters often label these fees as membership fees, participation fees, administrative or handling fees, or taxes. After the victim pays the fee, they never receive the good/service and never see the scammer again.
Artificial intelligence (AI) fraud
AI fraud refers to the use of AI technologies to perpetrate fraudulent activities. This can include using deepfakes to impersonate individuals, generating fake content or documents, or manipulating data to deceive detection systems. AI fraud also encompasses the misuse of AI-powered tools to automate and scale traditional fraud schemes, making them more sophisticated and harder for financial institutions’ machine learning algorithms to detect.
Authorized push payment (APP) fraud
When someone is tricked into authorizing a payment to an account controlled by a criminal. One of the most common types of fraud, APP fraud is difficult to control because of the involvement of instant payments. Learn more about APP fraud.
Biometric spoofing
A fraud tactic where bad actors attempt to bypass biometric authentication by using sophisticated AI algorithms to create 3D facial masks, fingerprints, etc., that mimic the biometric features of an individual, allowing them to impersonate someone else during identity verification.
Bust-out fraud
Bust-out fraud is a scheme where a fraudster applies for a financial service (such as a credit card account) and establishes a normal spending pattern with small purchases. The fraudster takes the time to build up their repayment history until one day, they max out the credit line without any intention of paying back the balance. First-party bust-out fraud occurs when a bad actor does this under their own name, whereas third-party bust-out fraud involves synthetic or stolen identities. In this case, the impact of bust-out fraud may significantly damage their victims’ good credit score, resulting in reduced credit limits, account closures, and difficulty securing new lines of credit.
Card-not-present (CNP) fraud
CNP fraud involves the unauthorized use of a credit card or debit card to purchase products or services in an environment where the customer is not physically present. Learn more about CNP fraud.
Chargeback fraud
Also known as friendly fraud, an individual (or someone in their household) makes purchases with a credit or debit card and then disputes the charges through the issuing bank.
Check fraud
A type of fraud that occurs when a bad actor illegally alters or creates checks to withdraw funds from another person's account or steals a legitimate check to obtain sensitive account information or deposit the check. Learn more about check fraud here.
Credit card fraud
The unauthorized use of someone else's credit card information to make purchases or withdraw funds.
Deepfakes
Videos or audio recordings that have been manipulated to make it appear as if someone is saying or doing something that they did not actually say or do. Despite being a relatively new technological development, deepfakes are already a massive threat to the financial services industry. Learn how AI is transforming both fraud and fraud prevention in our blog.
Embezzlement
Illegally taking money entrusted to an individual or organization for personal use.
Financial grooming scam
A common scam in the cryptocurrency market where a fraudster strikes up a conversation with their victim over texting, dating apps, or social media. In this type of scam, the fraudster builds trust with the victim, and then begins to talk about the financial success they’ve seen from investing. Then, the fraudster encourages the victim that they could see the same success if they invest, too. Once the victim takes the bait and invests using a fraudulent link, the fraudster clears out the account and ghosts the victim.
First-party fraud
An individual misrepresents their identity, financial situation, or intent to repay a credit or loan in an attempt to commit fraud. Check out our first-party fraud deep dive here.
Fraud model
A predictive model within a bank or fintech’s fraud management system that examines data points — such as application information, personally identifiable information (PII), behavioral analytics, transactions, and account activity — to assess the risk of a transaction or entity and the likelihood it is fraudulent.
Learn why most banks and fintechs’ fraud models are broken
Fraud ring
An organized, coordinated group of fraudsters that study banks and fintechs closely and look for ways to exploit the design of their onboarding, money movement, or account management systems. Learn why fraud rings are the new "startups" here
Fraud ring attack
Larger-scale instances of fraud that occur when a group of coordinated, organized bad actors identify and exploit a vulnerability in your fraud controls and attempt to take advantage of that vulnerability as much as possible before the bank/fintech notices.
High-velocity fraud attack
A high-velocity fraud attack occurs when a fraudster discovers a vulnerability in your fraud defenses and exploits it through a high-volume attack and/or publishes this information (usually on the dark web).
Learn about the nuances of fraud ring attacks and high-velocity fraud attacks in our guide
Identity theft
A fraudster steals another person's identity for personal gain. Check out our deep dive on identity theft here.
Internal fraud
Also known as insider fraud, this type of fraud involves criminal activity committed against a financial institution or company by its own employees.
Investment fraud
From Ponzi schemes (where the origin of payouts is other investors’ funds) to cryptocurrency and real-estate scams, the red flags of investment fraud are grandiose, time-sensitive investment opportunities with the promise of little to no risk.
Invoice and mandate scams
When a fraudster targets a business by posing as its regular supplier and requests the business change the bank account details they have on file for the supplier. Businesses then pay their invoices to this new, fraudulent bank account.
Money laundering
Money laundering involves concealing the origin of funds acquired through illegal or criminal activity by attributing them to a seemingly legitimate source via layered transfers. The Federal Bureau of Investigation (FBI) partners with national and international law enforcement and government agencies to monitor and upset the flow of laundered funds.
Read the ABCs of AML for our glossary of compliance terms
Money muling
A fraudster coerces a person into using their own PII to apply for a bank account or credit card on behalf of a fraud operation. Mules may or may not be willing participants in the fraudulent activity.
Peer-to-peer (P2P) payments fraud
A fraudster poses as a legitimate business, requests payment for a product or service through a P2P payment platform, and then disappears before ever delivering the product or service.
Phishing scams
A fraud tactic where bad actors impersonate legitimate people/businesses via email to trick unsuspecting victims into sharing personal information (account number, phone number, password, credit card number, etc.).
Pump and dump
Inflating the price of a stock through false or misleading statements and then selling at the increased price before the deception is discovered.
Purchase scams
A victim intentionally makes a purchase for an item/service that they think is legitimate, but the item/service does not actually exist.
Referral fraud
When a person attempts to take advantage of a bank or fintech’s referral program to receive rewards under false pretenses. Get tips on outsmarting referral fraud on our blog.
Romance scam
Also known as catfishing, a fraudster assumes a fake online identity, develops a romantic relationship with an unsuspecting target, and manipulates the target into giving them money.
Second-party fraud
A fraudster convinces another person to use their identity or personal information to perform fraud. For example, a second-party fraudster might use a family member’s online account information to commit fraud. Learn more about second-party fraud in our guide.
Shell company
A fictitious business entity created for illegal purposes, such as hiding assets, evading taxes, or facilitating financial crimes like money laundering. Learn more about small business fraud here — including how to detect and prevent it.
Smishing (SMS phishing)
A fraud tactic where bad actors impersonate legitimate people/businesses via SMS/text message to trick unsuspecting victims into sharing personal information (passwords, PII, credit card numbers, etc.).
Social engineering
A fraudster impersonates a legitimate party and reaches out to a target through an everyday social interaction. Learn how you can stop social engineering scams here.
Step-up verification
An additional identity verification step that you only present to high-risk customers if they trigger certain risk thresholds during onboarding or ongoing monitoring. Learn more about step-up verifications here.
Synthetic identity fraud (first-party/third-party)
A fraudster combines made-up credentials, such as a fake social security number (SSN), with their real name and date of birth (DOB) to manipulate their identity. Third-party synthetic fraud is when a fraudster uses a completely fabricated identity (name, DOB, and SSN). We break down synthetic identity fraud more depth here.
Third-party fraud
Financial crimes that are committed while using someone else's identity. Check out our third-party fraud deep dive here
Triangulation fraud
A fraudster sets up operations on a site that allows third-party sellers, such as Amazon. An interested shopper places an order, and the fraudster gathers their credit card information. Then the fraudster uses a different stolen credit card to buy the item from a legitimate retailer and have it shipped to the shopper, so the shopper does not realize their credit card information was stolen until the fraudster uses it for their personal gain.
Vishing
A fraud tactic where bad actors impersonate legitimate people/businesses via voice calls/voice messages to trick unsuspecting victims into sharing personal information (passwords, PII, credit card numbers, etc.).
Vulnerable adult abuse
A fraudster targets adults older than 18 who are highly susceptible to abuse, intimidation, manipulation, or exploitation because of some cognitive impairment, mental illness, physical illness, or prolonged isolation. This type of fraud often happens to an elderly individual who lives alone.
Wire fraud
Using electronic communications, such as emails or online messages, to deceive individuals into sending money or divulging sensitive information to commit fraudulent wire transfers.
Alloy helps the world’s leading financial institutions and fintechs fight fraud
Alloy is an end-to-end platform for fraud and identity risk management. With Alloy, you can prevent different types of credit risk with real-time access to over 200 data sources. We help global financial organizations scale their fraud detection and compliance operations by automating credit card application approvals and other manual fraud work while preventing risk throughout the customer lifecycle.