EBOOK

The SEON Online Fraud

Dictionary - All The
Terms You Should Know

-
to Protect Your Business

seon.io
A
SEON Technologies Ltd. info@seon.io
0044-20-351-44790
Fraud Dictionary 2019

The SEON Online Fraud Dictionary

- All The Terms You Should Know
to Protect Your Business

All the analysts agree: online fraud is going to increase in the upcoming years. And at
SEON, our job is both to fight it, and to help companies prepare against attacks.

This is why we wanted to compile a list of all the useful terms you might need to
understand, prevent, and combat fraud.

The vocabulary of online security and cybercrime evolves fast, and it’s important to
keep up with the latest terms. But it’s also important to know the basics if this is your
first entry into the world of cybercrime. We’ve compiled a list of both in this dictionary.

2
Fraud Dictionary 2019

2FA

Stands for 2-factor authentication. When a user wants to access a website or

app, they need to provide a single piece of authentication (SFA) in the form of
a password. Adding another method is called 2-factor authentication, and it
improves security. You will also hear the name multi-factor authentication.

Authentication factors can include facial scans, ID cards, SMS confirmations,

security tokens, or biometric fingerprints, amongst others. According to Google,
2FA helps reduce 66% of targeted attacks, and 99% of bulk phishing attacks.

3D SECURE

A security protocol designed for online credit and debit card transactions. It is
designed as an additional password validated by the issuer, which helps transfer
liability to the customer in case of fraud.

3D refers to three domains where the information is checked: issuer domain

(where the money is taken from, acquirer domain (where the money is going
to), and interoperability domain (the whole payment infrastructure, including
software, merchant plugin, card scheme, servers, etc…).The newest version of
the protocol, 3D Secure 2.0, adds more data points like device and IP. As of late
2019, it has yet to be implemented by all merchants and issuers.

2-3 3
Fraud Dictionary 2019

ACCOUNT FARMING

The fraudulent practice of creating and maintaining multiple accounts with

a platform in order to resell them later. Very popular with social media sites.

See also: Bot attacks

ACCOUNT TAKEOVER

A form of identity fraud where fraudsters gain access to a victim’s account. This
can be for an online store account, bank account, or even app login. The goal is
usually to extract monetary funds, but account takeovers (ATOs) are increasingly
used for other means, such as abusing promotions and coupons, extracting
more user information, or cheating on gambling sites.

An example about the anatomy of an ATO from our ebook:

Anatomy of 01

an ATO
STEP

02
They log in and change the
shipping address.
STEP

03 The fraudster buys items with the

A
account’s linked credit card.
STEP

04 They use the same account to resell the

item on a legitimate marketplace
STEP

ADDRESS VERIFICATION SYSTEM

The address verification system (AVS) is used to confirm a transaction by looking

at the US billing address and home address linked to a credit card. Note that
it only looks at the numerical parts of the addresses, which means it is often
prone to false positives (rejecting a payment when the user is legitimately the
cardholder).

4
Fraud Dictionary 2019

AFFILIATE FRAUD

Affiliate marketing is a model where marketers are rewarded for directing visitors
towards a specific business. The company tracks conversions through referral
links, and pays out money to the best marketers.
Fraudsters try to earn these commissions by: spamming the referral links; using
software to imitate human behavior and generate fake clicks and transactions;
and maliciously diverting traffic from other sites.
In some cases they will clone the vendor’s website, and host it on a domain
name that looks similar. More advanced techniques include malicious browser
extensions that swap legitimate affiliate URLs for their own, and even inject ads
with referral links into ad-free web pages.

API

An application program interface (API) is a set of tools for building software. It

allows developers to build applications and GUI by putting all the blocks provided
by the API together. With fraud prevention tools, it allows easy integration into
your platform.

ARBERS

A
In the world of online betting and gambling, arbitrage is a technique which sees
fraudsters create multiple accounts to increase their winning odds. Those who
use it are referred to as arbers.

ARBITRAGE (GAMBLING FRAUD)

In the world of online betting and gambling, arbitrage is a technique which

sees fraudsters create multiple accounts to increase their winning odds. It is
sometimes referred to as an “arb” performed by “arbers”.

AUCTION FRAUD

A type of e-commerce fraud specific to auction sites. It involves non-delivery of

products, where fraudsters create fake listings for items that are never sent. They
can also purchase items with stolen card details and ship them, thus making a
profit on something they didn’t pay for.

5
Fraud Dictionary 2019

BACK DOOR

A way for criminals to bypass security systems to access the data they’re after.
Contrasts with a front door attack, where a virus or attack is done with help from
the user, for instance by downloading an infected email attachment.

BAITING

Leaving a device such as a USB flash drive unattended so it is picked up by

an unsuspecting victim. It preys upon people’s natural curiosity, as the drive will
contain viruses, keyloggers or other spyware.

BIN ATTACK

Credit cards come with various ranges in

BIN (Bank Identification Numbers). If these
numbers aren’t properly randomized, it is
possible for an attacker to generate valid
card numbers based on a real one. However,
the CVV and validity / expiry dates make this
process very unlikely to succeed.

B
BITCOIN

The most famous and popular cryptocurrency. While it is often referred to as

anonymous, bitcoin (BTC) is actually pseudonymous, which means it is possible
to track someone’s payments if you can tie a real life identity to a wallet. However,
bitcoin is still the currency of choice on darknet marketplaces, and it can be
“tumbled” to be made anonymous and untraceable.

See also: Tumbler

BLACKBOX (MACHINE LEARNING)

In the context of fraud prevention, machine learning relies on complex calculations

to provide a risk score. If the probability-based calculations remove transparency
for the sake of scores, it is considered a blakcbox system.

See also: Whitebox

6
Fraud Dictionary 2019

BONUS ABUSE

Also known as promo or coupon abuse. This type of fraud sees fraudsters create
multiple accounts to cash out promotional offers. It can be used for signup
bonuses, and is particularly prevalent in the gambling industry.

BOT ATTACKS

In the context of fraud prevention, bots are used to automate and repeat the
same attack with different data until it works. Bots can be used to attempt ATOs,
create multiple accounts (account farming), or process numerous stolen credit
card numbers at checkout.

BOTNET

Also known as a zombie army. A botnet is a network of computers that have been
infected with bots (viruses) for mass attacks. These botnets can try to infect
more computers or spread spam for affiliate fraud, amongst other reasons. They
can also act as a proxy to mask a criminal’s original IP address.

BROWSER HASH

B
In device fingerprinting, a browser hash is an ID created by combining data from
a user’s browser, operating system, device and network. This hash remains
unchanged, even if the user browses privately, or if they clear their browser
cookies and cache. However, a device with multiple browsers or multiple browser
versions installed will generate different hashes.

See also: Device Fingerprinting, Device Hash, Cookie Hash

BURNER PHONE

Also called a “burn phone”. The term originates from the drug dealing world, and
is used for inexpensive mobile phones designed for temporary use. It allows
fraudsters and criminals to link an account to a disposable phone number, for
instance to bypass 2FA.

These days, phone numbers can be generated via burner phone apps or services.
These work like prepaid phone cards, only allowing you to use them for a limited
amount of time before being recirculated. Because they go through your phone’s
original cellular data, they are not untraceable.

7
Fraud Dictionary 2019

CANVAS FINGERPRINTING

A form of online tracking. It uses the HTML5 canvas element on web pages to
identify and track browser, operating system, and installed graphics hardware. It
is used in device fingerprinting.

See also: Device Fingerprinting

CARDING

General fraudster term for using stolen credit card data. This is either used for
direct purchases, or charging prepaid or gift store cards, which are then resold.

CATFISHING

A form of social engineering where fraudsters and criminals create fake online
identities to lure people into emotional or romantic relationships for personal
or financial gain. Online seduction and blackmail are used to acquire personal
information such as credit card numbers, social security numbers, or home
addresses, amongst others.

See also: Phishing, Social Engineering

C
CC

What fraudsters call stolen credit card data. A full CC contains the original
cardholder’s name and address, expiry date, and CCV. It becomes a Fullz when
other personal data points are added to the package.

See also: Fullz

8
Fraud Dictionary 2019

CHARGEBACK

Chargebacks are a protection for buyers who want to dispute online purchases.
They can claim a chargeback to defend themselves against fraud or purchases
made without their knowledge or permission.
The credit card company involved with the transaction will review the
chargeback claim and review evidence for or against it. If it is approved, the
buyer is refunded, and the merchant has to pay a chargeback fee to cover the
administrative costs.
Here is the anatomy of a chargeback:

Cardholder (buyer) files chargeback

with their bank (issuer).

Issuing bank reviews the claim

APPROVED - Dispute sent to Acquirer

DECLINED
bank who reviews the transaction.

Merchant provides APPROVED - Dispute sent to merchant

good evidence who reviews the claim.

C
Merchant can’t provide good evidence.
Funds are taken from the Acquirer’s
bank and transferred back to the
buyer’s issuing bank

CLEAN FRAUD

Also known as Friendly Fraud, First-Party Fraud or Fraud by False Claim. It’s
fraudulent transactions that don’t get detected as they appear legitimate. Harder
to flag because it only involves real data, so no fake identities or user accounts.

CLICKJACKING

Targeting someone to click a link, either to install malware or for phishing

purposes. Often done via funny, shocking or alluring videos that are shared on
social media.

9
Fraud Dictionary 2019

CONFUSION MATRIX

Also known as an error matrix. It is a table designed to see correct and incorrect
predictions for a classification problem. It helps visualize the errors and the type
of errors so you can measure and improve its precision.

Confusion Matrix Last 7 days Today All (base currency)

C U R R E N T S TAT E SEON APPROVE SEON REVIEW SEON DECLINE

223 0 0
APPROVE
0 EUR 0 EUR 0 EUR

3 38 3
REVIEW
0 EUR 24,000 EUR 0 EUR

0 1 1012
DECLINE
0 EUR 4,000 EUR 91,360 EUR

COOKIE HASH

An ID generated for each browser session. While clearing cookies and cache will
generate a new hash, it is still useful for fraud prevention: if multiple users share
the same hash, it shows they are using the same browser and device.

CRYPTO

Short for cryptocurrencies. A digital asset that uses cryptography to secure

C
financial transactions. It’s often referred to as “digital money”. While it has many
consumer benefits (low transaction fee, fast, decentralized), it is also the main
currency that fraudsters and criminals use to exchange products and services
on the darkweb.

CRYPTOMINING

Cryptocurrencies require large amounts of computer power to be created, or

“mined”. Some legitimate companies specialize in mass cryptomining through
dedicated mining farms. Cyber criminals and fraudsters, however, like to deploy
cryptomining viruses or bots on unsuspecting users’s computers, or even
organization’s servers. This allows them to mine at scale, without spending extra
money on equipment or resources like electricity.

CYBERSECURITY

Also known as Computer Security, or Information technology Security. It is the

practice of protecting individuals or organizations against attacks designed to
steal or damage digital equipment or services.

10
Fraud Dictionary 2019

DARK WEB

A network of unindexed, encrypted websites, often dedicated to criminal activities.

They are hosted on special domains, and you need special software to access
them, such as the Freenet or TOR browser. While there are technical differences
between Dark Web and Dark Net, the terms are used interchangeably these days.

SURFACE WEB
Google

Wikipedia

4%
Bing

DEEP WEB Multilingual databases

Financial Records

D
Medical Records Governemnt Resources

Legal Documents Organisation-Specific

Repositories
Scientific Reports
3:24 PM
Subscription information

90%
Academic information

DARK WEB Political protest

Private Communications
Drug traficking, weapons

6%
and other illegal informations
and activities

11
Fraud Dictionary 2019

DATA ENRICHMENT

The process of refining and enhancing information. It can be to break down

existing data, correct flaws, or link data to other sources. In fraud prevention, it is
mostly used to gather extra info about a user based on single data points such
as an email address.

“Fraud Prevention is all about discovering who you are dealing with.
What kind of users should be allowed into your system, and which
ones will try to scam you in the long term. This is where enriching
simple data fields externally can make all the difference.”

DECISION TREE

A flowchart designed to visualize algorithms relying on multiple conditions

(conditional control statements). One of the most useful methods to gain
transparency into a machine learning system.
In a decision tree, each node represents a condition that branches out into
two more nodes (i.e.: transaction above or below $100, based in the EU or not,
etc..). All the branches lead to leaves, which clearly classify the transactions as
fraudulent or valid.

D
The path from root to leaf represents the entirety of a classification rule, and
fraud analysts can quickly understand or tweak them to get more precise results
as needed.

DEEP FAKE

A technology that uses real video or audio from a person, and allows people to
create synthetic versions of that person.

See also: Vishing, Voice Cloning

12
Fraud Dictionary 2019

DEEP LEARNING

Deep Learning (DL), is a form of Machine Learning (ML) that can be fed huge,
unstructured data sets. It is at times used to solve problems too complex for
machine learning.

As of late 2019, Google is working to introduce more transparency into the

workflow of the deep learning models, to help its users understand features and
make better decisions.

See also: Machine Learning

DEEP WEB

The entirety of the web that is not accessible by search engines. For instance,
online banking pages, legal and government documents, or scientific reports
have no reason to be indexed. The Dark Web is part of the Deep web.

DEVICE FINGERPRINTING

Aggregating information about the device and browser used to connect to a

website. You can collect data such as device number, battery level, installed
plugins, device build, operating system, and much more. It creates browser,

D
device and cookie hashes that act as IDs.

See also: Cookie Hash, Browser hash, Device Hash

DEVICE HASH

A string that acts as an ID based on the device hardware only (GPY, screen size,
HTML5 canvas, etc..) While many users can share the same device hash (for
instance two iPhone 7 Safari users), this allows the flagging of Remote Desktop
Connections, virtual machines or emulators, which all share the same hashes.

DIGITAL FOOTPRINT

Also known as Digital Shadow. The trail of data created when using the Internet
on any device. For fraud prevention, it can be found in a user’s online profiles,
association with data breaches or blacklists. In a more general sense, it can
also include emails sent, websites cookies, and subscriptions to online services,
amongst others.

13
Fraud Dictionary 2019

DOMAIN QUALITY

When performing email analysis, or reverse email lookup, it helps to assign a

quality level to the domains. This is calculated by looking at the creation date and
how hard it is to signup. For instance, Gmail is free, but requires SMS verification.
Mail.com, however, has no extra security steps, which lowers its domain quality.

DOS / DDOS

A denial-of-service attack (DoS attack) happens when a perpetrator floods a

service with requests so nobody else can access it.

In a distributed-denial-of-service attack (DDoS attack) the incoming traffic

flooding the victim comes from many different sources. This makes it impossible
to stop the attack simply by blocking a single source.

DROP ADDRESS

The address where fraudsters sent good purchased illegally (for instance with
a stolen card). Some will go as far as making an abandoned house look lived
in (mowing the lawn, plugging in electricity generator) to use the post box for
recovering their goods.

D
Accomplices in drop address scams are often unaware they are helping fraudsters.
They are often recruited through online job offers. The fraudster pretends to be in
a different country, and offers to pay the hired person to forward them the stolen
goods.

DUMPSTER DIVING

The practice of rummaging through someone’s garbage bins to find personal

information (account numbers, PINs, passwords). Fraudsters often combine
digital attacks and real-life information gathering. This is why it is recommended
to shred important documents before discarding them.

14
Fraud Dictionary 2019

EMULATOR

Also known as a Virtual Machine. Software used to appear like (spoof) a device,
browser or operating system. This allows fraudsters to repeat multiple attempts
at login, signup or payment with with different parameters so they don’t get
blocked.

EMAIL PROFILING

Gaining more information about a user based on their email address. It is also
referred to as Reverse Email Lookup, Backward Email Search, or Email Checker.
You can see if the email exists, if it is linked to social media profiles, or found on
blacklists and data breaches.
DOMAIN IS A FREE PROVIDER

IT WAS INVOLVED IN A DATA BREACH REGISTERED ON FACEBOOK

FIRST SEEN 2015.07.11. REGISTERED ON LINKEDIN

E
EMAIL ADDRESS IS DELIVERABLE

See also: Domain Quality, Email String Analysis

EMAIL STRING ANALYSIS

A technique which compares the characters used in an email address with other
known information. For instance, an email name which contains a lot of numbers
could be suspicious. Those containing a name that doesn’t match the user’s
name are also considered risky.

ENCRYPTION

The process of encoding information so that only authorized parties can read it.
It is used on websites, highly recommended for storing personal data, and useful
in personal communications.

15
Fraud Dictionary 2019

FALSE DECLINES / FALSE POSITIVES

Legitimate user actions that are blocked by fraud prevention tools. A high rate of
false positives could show that the prevention rules are not calibrated properly.

Note that false declines are a source of tremendous friction and frustration for
users, and can damage businesses profits, who will turn towards more flexible
competitors. Using a good algorithm and confusion matrix can help see when
and why these happen to maximise true positives.

See also: Friction, Confusion Matrix

FLAGGING

Marking users as suspicious via a fraud prevention tool. Their actions can be
blocked, or reviewed manually based on data points such as home address, IP
address, social media usage, device fingerprinting or more. Ideally, the flagged
data points should be marked as such as shared between multiple users of the
fraud prevention team.

FRAUD

F
Using deception for personal gain. While online fraud is considered a cybercrime,
not all cybercrime has to do with online fraud in nature. Protecting businesses
against it is the job of fraud analysts. They can use a fraud prevention tool, or
fraud filter to automate the process.

FRICTION

Slowing down a user journey. With fraud prevention tools, it can be adding an
extra security step, or manual review to confirm a transaction. Friction is notable
for decreasing conversions, so online businesses need to balance security and
ease of use.

16
Fraud Dictionary 2019

FRIENDLY FRAUD

When customers claim a chargeback for being the victims of fraud. It’s also
known as lie fraud and is the fastest growing reason for chargebacks. Friendly
fraud happens when buyers experience remorse, they refuse to pay for a family
member’s purchase, or simply want to exploit the system to gain a product or
service without paying for it.

See also: Clean Fraud

FULLZ

The name fraudsters give to a package containing a person’s real name, address,
and form of ID. It usually contains all the information needed to steal someone’s
identity.

F 17
Fraud Dictionary 2019

GATEWAY (PAYMENT)

The name of the service that authorizes payment processing for merchants.
PayPal, Stripe or WorldPay are all payment gateways, acting as a bridge between
credit card companies, banks and retailers. You can implement fraud prevention
at that stage of the transaction process.

GHOST BROKING

The practice of fraudulently selling inexistant insurance policies. Many victims

do not realise their insurance isn’t valid until it’s too late, for instance in the case
of a car accident.

GRAPH NETWORK

A graph network, or graph neural network (GNN) helps visualise information

from databases through relationship models and connections. Every node in the
graph is associated with a label, and the graph helps predict other node labels
without prior information.

G 18
Fraud Dictionary 2019

HEURISTIC RULES

Heuristic rules in computer science help solve a problem faster and with fewer
resources than with classic detection methods. In fraud prevention, it can be a
system that blocks transactions quickly based on a blacklisted data point such
as user ID, email, browser hash or other.

It’s worth noting that heuristic rules use algorithms that trade accuracy for speed.
This makes them particularly useful for time-sensitive requests, for instance
when trying to decide if a transaction is fraudulent or not as quickly as possible.

HONEYPOT

A tool that cybersecurity experts use to lure criminals and fraudsters. It is a

system deliberately used to be exploited, so that the security team can see and
learn how attackers operate.

HTTPS

Hypertext Transfer Protocol Secure. The SSL-secured version of HTTP, which

adds a security layer for connections between browsers and websites.

H
See also: SSL / TLS

19
Fraud Dictionary 2019

IDENTITY FRAUD

The activity that uses someone’s personal information without authorization,

and for personal gain. It all falls under the general online fraud umbrella, but
focuses on data such as personal identification elements: date of birth, first and
last name, social security number, card number or even personal photos.

IDENTITY THEFT

Acquiring someone’s personal data such as credit card numbers, phone number,
or other data points in order to impersonate for a number of actions: opening
new accounts, applying for loans, purchasing goods, or posting fake ads and
reviews.

IP ADDRESS

The Internet Protocol Address (IP Address) is a numerical label associated to

any device connected to the Internet. IP addresses provide a basic form of ID for
fraud prevention, but are not hard to spoof with the right proxy setup.

20
I
Fraud Dictionary 2019

KEYLOGGING

Installing a program that logs and shares every key pressed on someone’s
device. They are used to gather sensitive information such as passwords and
bank details.

KYC

Know Your Customer / Client. A process where businesses verify someone’s

identity. It can be a legal requirement in some fields like banking, gambling, and
financial services.
Businesses usually have to balance light and heavy KYC procedures. The former
creates less friction for users, but increases the chances of fraud. The latter is
more troublesome, but increases security.
Ideally, a good system should be flexible enough to let you create a customer
journey that triggers light or heavy KYC depending on the known user data.

HEAVY KYC LIGHT KYC

more thorough, but also riskier, but offering

K-L
bothersome for users a smoother user experience

LINK ANALYSIS

The practice of using data to create networks that help investigate relationships
between entities. Useful data for flagging fraudsters via link analysis can be
payment transactions, logins, or new account openings, amongst others.

21
Fraud Dictionary 2019

MACHINE LEARNING

Machine Learning (ML) is a branch of Artificial Intelligence (AI) that allows data
analysis to improve overtime, by learning from the data it is fed. It allows systems
to identify patterns and make decisions with minimal human intervention,
essentially reprogramming themselves with new, updated rules.

MATCHED BETTING

Using multiple accounts on gambling sites to improve betting odds and make
money from free offers. A person will place a Back bet (backing a certain
outcome). They will then create another account to place a Lay bet (backing the
opposite outcome). This cancels out the losses, but allows them to profit from
the free bet offer. Note that matched betting is legal in some regions, such as
the UK.
See also: Bonus abuse, Multi Accounting

MFA

Multi Factor Authentication. Like 2 Factor Authentication, but not restricted to 2

factors.

M
See also: 2FA

MONEY MULES

People who receive money into their account and transfer it elsewhere for a fee.
It is usually done for money laundering, which makes money mules complicit in
illegal crimes.
Like with address drop scams, money mules are often unaware they are helping
criminals. They are commonly found via fake job posts, and hired under false
pretenses, for instance forwarding money a charity in a foreign country.

MULTI ACCOUNTING

When one person creates multiple accounts with the same platform. It can be
innocent (lost login details) or for fraudulent purposes, such as matched betting,
bonus abuse, or creating fake reviews.

22
Fraud Dictionary 2019

NEAR-FIELD COMMUNICATION PAYMENTS (NFC)

The technology that enables contactless payments. It allows two devices, such as
smartphones and POS terminals to exchange data in order to process transactions.

PHARMING

A cyber attack which redirects traffic from a website to another. The second
website is usually a copy of the original, designed to gather personal information
such as credit card numbers.

PHISHING

The malicious act of stealing someone’s personal data through deceptive emails,
phone calls, or other methods.
See also: See also: 2FA

PHONE ANALYSIS

N-P
Also known as reverse phone lookup. A process which lets you glean information
about a user based on a phone number. Checks can verify if the phone is valid,
network type, and even last time seen online and profile picture, if linked with
mobile-first services like WhatsApp or Viber. Linking a phone number to social
media networks is one of the best tools for getting a full picture of users based
on that single data point.

PROMO ABUSE

See: Bonus Abuse

PSD2

The second Payment Services Directive from the European Union, which aims to
break bank’s monopolies over customer data. It is designed around the OpenAI
protocol, which allows access to customer’s banking data for integration with
third party services like sending payments.

23
Fraud Dictionary 2019

RANSOMWARE

Malware that blackmails the user in order to be removed. It is a virus that

blocks access to a computer via encryption, unless a certain sum is paid (via
cryptocurrencies to enjoy anonymity). The criminals usually threaten to delete
important files, or disable the entire computer if the money isn’t paid by a certain
deadline.

RESHIPPING

Also known as Delivery Address Fraud and Fake Address Fraud. A process where
criminals fool people into sending goods or cashier cheques purchased with
stolen credit cards, usually to an address not linked to their name. It helps muddy
the trail between fraudulent purchases and delivery addresses.

REVERSE EMAIL LOOKUP

See: Email Profiling

REVERSE PHONE LOOKUP

R
See: Phone Analysis

24
Fraud Dictionary 2019

SCA

Strong Customer Authentication. A requirement of the PSD2 directive, which

pushes organizations to improve the security of transactions. One of these
requirements is the use of 2FA.
See: PSD2, 2FA

SIM SWAPPING

A.k.a. SIM splitting or SIM jacking. Takes advantage of 2FA via SMS. Sees
fraudsters acquire a phone number through hacks, phishing or sheer luck. They
then call the mobile phone’s provider, and claim to want to change their number
to a new one. The new number, which is in the fraudster’s possession, will then
receive all the SMS used for mobile verification, which allows them to access
other accounts such as email, social media, or even mobile banking.

SMURFING

Also known as Structuring. The process of laundering money by breaking up large

funds into multiple bank accounts to operate under the radar of law enforcement
agencies.

S
In the iGaming industry, the term refers to a special kind of multi accounting. It’s
for gamers who want to improve their tactics without damaging the statistics of
their main account.

SMTP

Simple Mail Transfer Protocol. The protocol which allows the delivery of emails.
An SMTP check can be used by fraud tools to confirm the validity of an email
address.

25
Fraud Dictionary 2019

SOCIAL ENGINEERING

Psychological manipulation done through human interaction that gets people

to reveal personal information for fraudulent purposes. It can happen in one or
multiple steps, and can range from the basic to the complex, where attackers
impersonate co-workers or officials.
See also: Baiting, Catfishing, Phishing, Scareware, Spear Phishing

SOCIAL MEDIA PROFILING

Linking a person’s social media profiles to a name or email address. Useful to

enrich data and learn more about users.
See: Email Profiling

SPEAR PHISHING

Format via emails that target a specific organisation, or specific people within an
organisation. Spear-phishing usually involves some form of social engineering to
gain the confidence of intended victims. Unlike phishing, spear-phishing emails
are addressed to deliberately chosen recipients rather than sent out randomly.

S
SPOOFING

Falsifying data such as an IP address, email address or caller ID. For instance,
spammers will spoof a sender email address to mislead the recipient or gain
their trust for phishing.

SSL / TLS

Secure Sockets Later, and Transport Layer Security. Certificates that confirm
encryption between a server (typically a website) and client (browser). The
secured connections are established with a “Handshake” protocol, which can be
analyzed by certain tools.

26
Fraud Dictionary 2019

SSL INTERCEPTION

SSL Interception, or SSL decryption, is a process with allows organizations to

monitor network traffic and improve security. It can be an Active SSL Deployment
where traffic passes through a man-in-the-middle implementation (MIM), or
Passive SSL Deployment, which does not affect the traffic itself.

SUPERVISED MACHINE LEARNING

In Machine Learning, there are Supervised and Unsupervised learning algorithms.

The majority of practical machine learning uses supervised learning, where
an algorithm is used to learn the function from an input to output. It is called
supervised because the correct answers are already known, and the data is used
to train the algorithms.
Unsupervised learning, on the other hand, works with data referred to as
“unlabeled”. For instance with transactions, it means we do not yet have the
correct answers, i.e, whether they should be classed as fraudulent or legitimate.
See also: Unsupervised ML

SYNTHETIC ID

S
Unlike common identity fraud, Synthetic ID fraud combines pieces of real personal
data with fake data to create a new, untraceable identity. An example is the rise
in synthetic IDs that use children’s personal info in order to have a clean credit
score for loaning fraud.

27
Fraud Dictionary 2019

TOKENIZATION

In data security, tokenization happens when you substitute sensitive data for
a non-sensitive equivalent. For instance, a customer’s account number can be
replaced with randomly-generated numbers. It is a security layer often used in
conjunction with encryption.

See also: Encryption

TRANSACTION FRAUD

Transaction fraud, or payment fraud and credit card fraud, is a broad term that
covers any crime committed when purchasing a service or item. It is the direct
result of card theft, account takeover, or card cloning.

See also: ATO, BIN attack, Card cloning

TROJAN

On the surface, a legitimate computer programme. However, it also adds malicious

software when it is installed.

T
TUMBLER

A service that moves cryptocurrencies from one digital wallet to another to make
it harder to trace back the funds back to the original owner. This is essentially
digital money laundering, usually performed for a fee for cryptocurrencies like
Bitcoin.

28
Fraud Dictionary 2019

UNSUPERVISED MACHINE LEARNING

The goal of unsupervised machine learning is to make sense of data that has not
yet been labeled, that is to say, where we do not have the right answer. It uses
different algorithms to identify anomalies, irregularities and outliers compared
with previous historic data.

One method is to automatically flag data points that noticeably deviate from
the statistical norm. Through training, the machine learning system can then
become more efficient at identifying regular noise from abnormal behaviour.
This is helpful to identify things like seasonal changes without increasing false
positives.

See: Supervised Machine Learning

U 29
Fraud Dictionary 2019

VELOCITY CHECKS

The ability to check and compare user behavior using variable data such as
transaction amount, or login attempts during a specific timeframe. Looking at
the time elapsed between each action is a powerful tool that allows the creation
of Velocity Rules, and Velocity Filters.

Distinct Count of user ID for the same IP address in the last 10 seconds ≥ 1 + 1 SCORE

Count IF Transaction ID Device ID 5 minute 3 3

SUM Transaction amount Card hash 1 hour 5 5
MAX IP adress Phone number 1 month 10 10

VOICE CLONING

A technology which allows criminals to “make” someone say what they want by
creating a synthetic, or cloned, version of their voice.

VISHING

Voice phishing done via phone calls. Callers will impersonate IT engineers,
bank managers, and even company executives, whose voices are synthetically
recreated via deepfake technology.

V-W
See also: Voice Cloning, Deepfake, Phishing

WHITEBOX (MACHINE LEARNING)

A machine learning model that delivers clearly readable rules. This helps fraud
analysts with manual reviews and understanding scores so they can adjust their
approve / decline thresholds. Whitebox models can use tools like Decision Trees
or other visualization and decision support tools to give transparency into the
classification process.

See also: Blackbox Machine Learning, Decision Tree

30
Fraud Dictionary 2019

SEON Fraud Dictionary - Key Takeaways

Like many other technical disciplines, online fraud terms can appear jargon-y and
confusing to the outsider. This is true both of the prevention side of things, and of the
fraudsters’ vocabulary too.

And yet, knowing the difference between a whitebox and a blackbox system in machine
learning, for instance, can be tremendously beneficial. Not just for the fraud prevention
team, but across all business departments.

Since fraud is a problem that affects everyone, it is in the best interests of sales people
and executives to understand how prevention work too. Hopefully, this dictionary will be
a great primer on the topic that you can revisit for many years to come.

To see how SEON can help your Or schedule a personalised product

company prepare for the future, showcase call now.
please visit seon.io

Visit our website Schedule a call

SEON Technologies Ltd. info@seon.io

seon.io +44 20 8089 2900