Glossary of financial fraud terms

There’s no question that fraud is one of the financial services industry’s most pressing challenges right now. It also happens to be one of the industry’s most complicated issues.

A big key to solving fraud is understanding what type of fraud you see, so you know how to better protect yourself against it in the future.

If you don’t know the difference between first, second, and third-party fraud just yet, don’t sweat. Alloy un-complicates things in our ever-growing glossary of financial fraud terminology. Check it out below.

Account takeover fraud (ATO)
A type of fraud that occurs when a bad actor is able to gain control of a target's bank accounts, often by stealing their credentials. Learn how to detect and prevent ATO here

Accounting fraud
Manipulating financial records and statements to present false information about a company's financial health.

ACH fraud
An unauthorized transfer from a bank account via ACH payment. ACH fraud often occurs after a fraudster obtains a person’s banking and routing numbers via phishing attacks and then transfers money from the compromised account. Learn more about ACH fraud here

Advance fee fraud
A scam that, in exchange for an upfront fee, promises you something in the future (such as products, services, stock, or opportunity to participate in a deal). Fraudsters often label these fees as membership fees, participation fees, administrative or handling fees, or taxes. After the victim pays the fee, they never receive the good/service and never see the scammer again.

Authorized push payment (APP) fraud
When someone is tricked into authorizing a payment to an account controlled by a criminal. Particularly prevalent and difficult to control when the payment is made via instant payments.

Biometric spoofing
A fraud tactic where bad actors attempt to bypass biometric authentication by using sophisticated AI algorithms to create 3D facial masks, fingerprints, etc., that mimic the biometric features of an individual, allowing them to impersonate someone else during identity verification.

Bust-out
Bust-out fraud is when someone applies for a financial service (such as a credit card), establishes a normal spending pattern, makes prompt payments for a period of time, and then suddenly maxes out the account — without any intention of ever paying the balance. First-party bust-out fraud occurs when a bad actor does this under their own name, whereas third-party bust-out fraud occurs when a bad actor uses a stolen or fake identity.

Card-not-present (CNP) fraud
CNP fraud involves the unauthorized use of a credit card or debit card to purchase products or services in an environment where the customer is not physically present. Learn more about CNP fraud.

Check fraud
A type of fraud that occurs when a bad actor illegally alters or creates checks to withdraw funds from another person's account or steals a legitimate check to obtain sensitive account information or deposit the check.

Credit card fraud
The unauthorized use of someone else's credit card information to make purchases or withdraw funds.

Deepfakes
Videos or audio recordings that have been manipulated to make it appear as if someone is saying or doing something that they did not actually say or do. Despite being a relatively new technological development, deepfakes are already a massive threat to the financial services industry. Learn how AI is transforming both fraud and fraud prevention in our blog

Document verification (Doc-V)
A process utilized during identity verification to confirm whether official documents — such as a driver’s license, passport, bank statement, etc. — are authentic or not.

Embezzlement
Illegally taking money entrusted to an individual or organization for personal use.

Financial fraud
The intentional deception or misrepresentation of financial information, often for personal gain or to cause financial loss to others.

Financial grooming scam
A common scam in the cryptocurrency market where a fraudster strikes up a conversation with their victim over texting, dating apps, or social media. In this type of scam, the fraudster builds trust with the victim, and then begins to talk about the financial success they’ve seen from investing. Then, the fraudster encourages the victim that they could see the same success if they invest, too. Once the victim takes the bait and invests using a fraudulent link, the fraudster clears out the account and ghosts the victim.

First-party fraud
An individual misrepresents their identity, financial situation, or intent to repay a credit or loan in an attempt to commit fraud. Check out our first-party fraud deep dive here

Fraud model
A predictive model within a bank or fintech’s fraud management system that examines data points — such as application information, PII, behavioral analytics, transactions, and account activity — to assess the risk of a transaction or entity and the likelihood it is fraudulent. Learn why most banks and fintechs’ fraud models are broken

Fraud ring
An organized, coordinated group of fraudsters that study banks and fintechs closely and look for ways to exploit the design of their onboarding, money movement, or account management systems. Learn why fraud rings are the new "startups" here

Fraud ring attack
Larger-scale instances of fraud that occur when a group of coordinated, organized bad actors identify and exploit a vulnerability in your fraud controls and attempt to take advantage of that vulnerability as much as possible before the bank/fintech notices.

Friendly chargeback fraud
An individual (or someone in their household) makes purchases with their credit or debit card, and then the cardholder disputes the charges through the issuing bank

High-velocity fraud attack
A high-velocity fraud attack occurs when a fraudster discovers a vulnerability in your fraud defenses and exploits it through a high-volume attack and/or publishes this information (usually on the dark web). Learn more about the nuances between fraud ring attacks and high-velocity fraud attacks in our guide

Identity Risk Solution
An end-to-end platform to manage identity, fraud, credit, and compliance risks throughout the customer lifecycle. Learn more about Identity Risk Solutions here

Identity theft
A fraudster steals another person's identity for personal gain.

Identity verification (IDV)
A mechanism for a business to verify their customers are who they say they are.

Internal fraud
Also known as insider fraud, this type of fraud is committed by an organization’s own employees.

Invoice and mandate scams
When a fraudster targets a business by posing as its regular supplier and requests the business to change the bank account details they have on file for the supplier. Businesses then pay their normal invoices to this new, fraudulent bank account.

Money muling
A fraudster coerces a person into using their own PII to apply for an account or credit card on behalf of a fraud operation (mules may or may not be willing participants in the fraud scheme).

Peer-to-peer (P2P) payments fraud
A fraudster poses as a legitimate business, requests payment for a product or service through a P2P payment platform, and then disappears before ever delivering the product or service.

Phishing
A fraud tactic where bad actors impersonate legitimate people/businesses via email to trick unsuspecting victims into sharing personal information (passwords, PII, credit card numbers, etc.).

Pump and dump
Inflating the price of a stock through false or misleading statements and then selling at the increased price before the deception is discovered.

Purchase scams
A victim intentionally makes a purchase for an item/service that they think is legitimate, but the item/service does not actually exist.

Referral fraud
When a person attempts to take advantage of a bank or fintech’s referral program to receive rewards under false pretenses. Check out our blog for tips on outsmarting referral fraud

Romance scam
Also known as catfishing, a fraudster assumes a fake online identity, develops a romantic relationship with an unsuspecting target, and manipulates the target into giving them money.

Second-party fraud
A fraudster convinces another person to use their identity or personal information to perform fraud. Learn more about second-party fraud in our guide

Shell company
A fictitious business entity created for illegal purposes, such as hiding assets, evading taxes, or facilitating financial crimes. Learn more about small business fraud here — including how to detect and prevent it.

Smishing (SMS phishing)
A fraud tactic where bad actors impersonate legitimate people/businesses via SMS/text message to trick unsuspecting victims into sharing personal information (passwords, PII, credit card numbers, etc.).

Social engineering
A fraudster impersonates a legitimate party and reaches out to a target through an everyday social interaction.

Step-up verification
An additional identity verification step that you only present to high-risk customers if they trigger certain risk thresholds during onboarding or ongoing monitoring. Learn more about step-up verifications here

Synthetic fraud (first-party)
A fraudster combines made-up credentials, such as a fake social security number (SSN), with their real name and date of birth (DOB) to manipulate their identity.

Synthetic fraud (third-party)
A fraudster uses a completely fabricated identity (name, DOB, and SSN). We break down synthetic fraud in more depth here

Third-party fraud
Financial crimes that are committed while using someone else's identity. Check out our third-party fraud deep dive here

Triangulation fraud
A fraudster sets up operations on a site that allows third-party sellers, such as Amazon. An interested shopper places an order, and the fraudster gathers their credit card information. Then the fraudster uses a different stolen credit card to buy the item from a legitimate retailer and have it shipped to the shopper, so the shopper does not realize their credit card information was stolen until the fraudster uses it for their personal gain.

Vishing
A fraud tactic where bad actors impersonate legitimate people/businesses via voice calls/voice messages to trick unsuspecting victims into sharing personal information (passwords, PII, credit card numbers, etc.).

Vulnerable adult abuse
A fraudster targets adults older than 18 who are highly susceptible to abuse, intimidation, manipulation, or exploitation because of some cognitive impairment, mental illness, physical illness, or prolonged isolation. This type of fraud often happens to an elderly individual who lives alone. Signs of Elder Financial Abuse​​

Wire fraud
Using electronic communications, such as emails or online messages, to deceive individuals into sending money or divulging sensitive information. Learn more about wire fraud here

Check out our glossary of compliance terms here