Payments and Fraud Glossary


Card capture device

A device inserted into an ATM card slot which captures the data contained on the card.

Card testing

Occurs when a fraudster uses a merchant’s website to “test” stolen credit card information to determine if the card is valid. Fraudsters can purchase lists of credit card numbers online on the dark web at a low cost but often do not know if the cards they are purchasing are active. To test these cards, fraudsters often use automated bots and scripts to run many of these numbers through a merchant’s checkout page. If a transaction is approved, the fraudster knows that the card is valid and can make fraudulent high-value purchases elsewhere.

Card-on-File (CoF)

Authorized storage of a consumer’s payment credentials by a merchant, PSP, or WSP, that allows the consumer to conveniently make repeat or automatic purchases without the need to re-enter payment credentials each time.

Cardholder-not-present (CNP) fraud

Using stolen cards or card details and personal information, a fraudster purchases goods or services remotely – online, by telephone or by mail order.

Case management

In context of fraud management, it refers to the actions required to contain and remediate the impact of a detected fraud incident. Case management system refers to the ICT tooling used to automate routine follow-up activities and facilitate case management workflows.

Case management system

It is the work ow automation system that facilitates the structured investigation of suspected fraud incidents and remediation of confirmed fraud.


A unique check value encoded on the magnetic stripe and replicated in the chip of a card or the magnetic stripe of a Visa card to validate card information during the authorization process.


Also known as Card Validation Code or Value, or Card Security Code. This is a unique 3‐digit check value generated using a secure cryptographic process that is indent‐printed on the back of a Visa card or provided to a virtual account holder.

CEO fraud

An e-mail scam in which the attacker spoofs a message from the boss and tricks someone at the organization into wiring funds to the fraudsters.

Change of address fraud

Occurs when the fraudster obtains details of a genuine customer’s account and then contacts the business to announce that he has changed address. This is usually accompanied or followed by a request for items of value such as a checkbook, debit card or statement of account to be sent to the fake new address. A false change of address is used to facilitate previous address fraud and account/facility takeover fraud.


Chargeback occurs when a credit cardholder contacts their credit card issuing bank to initiate a refund for a purchase made on their credit card. Chargebacks are generally the result of a cardholder changing their mind, being dissatisfied with their purchase or a case of fraud. The fraud can result from the unauthorized use of their credit card (stolen card) or the cardholder purposely seeking to dispute a legitimate purchase they made (see ‘delivery and returns fraud’).

Chip Authentication Program (CAP)

The CAP is a Mastercard initiative and technical specification for using EMV banking smartcards developed for authenticating users and transactions in online and telephone banking. It was also adopted by Visa as Dynamic Passcode Authentication (DPA). CAP is a form of two-factor authentication as both a smartcard and a valid PIN must be present for a transaction to succeed.

The CAP specification defines a handheld device (CAP reader) with a smart card slot, a numeric keypad, and a display capable of showing at least 12 characters. Banking customers who have been issued a CAP reader by their bank can insert their Chip and PIN (EMV) card into the CAP reader in order to participate in one of several supported authentication protocols.

Clean fraud

Clean fraud leverages stolen credit card information. Criminals make purchases by accurately impersonating legitimate cardholders through the acquisition of extensive amounts of personal data.

Cloud-based solutions

Also called Software-as-a-service (SaaS), it is a software running on a shared server farm that provides shared processing resources and data to computers and other devices on demand.

Consumer authentication

The term used to describe tools intended to verify that the person making the transaction is actually the person authorized to do so, both in-person and card-not-present transactions.


Data issued to an individual by a third party with a relevant authority or assumed competence, presented so as to provide evidence of a claim. A credential is a piece of information asserting to the integrity of certain stated facts.

Credential Stuffing

An attack that test stolen credentials on website and mobile application API servers, to discover instances of password reuse across those applications and enable large-scale account takeovers.

Credit bureau

In the context of lending, it refers to an organization providing information on borrowing and bill-paying habits of an individual or company.

Credit card fraud

Fraud committed using a credit card or any similar payment mechanism as a fraudulent source of funds in a transaction. The purpose may be to obtain goods without paying, or to obtain unauthorized funds from an account. Credit card fraud is also an adjunct to identity theft.


The fraudulent reproduction of original documents/instruments in a manner that enables the fraudster to pass them off as genuine/original items.

Customer identity and access management (CIAM)

Consumer identity and access management (CIAM) is a sub-genre of traditional identity and access management (IAM). Traditional IAM systems are designed to provision, authenticate, authorize, and store information about employee users. User accounts are de ned; users are assigned to groups; users receive role or attribute information from an authoritative source. They are generally deployed in an inward-facing way to serve a single enterprise.

However, many enterprises have found it necessary to also store information about business partners, suppliers, and customers in their own enterprise IAM systems.

CIAM goes beyond traditional IAM in commonly supporting some baseline features for analyzing customer behavior, as well as integration into CRM and marketing automation systems. Nevertheless, CIAM differs from CRM in that, with CRM systems, sales and marketing professionals counted upon to enter the data about the contacts, prospects, and track the sales cycle. The focus of CRM is managing all processes around the customer relationship, while CIAM focuses on the connectivity with the customer when accessing any type of systems, on premises and in the Cloud, from registration to tracking. With CIAM, to some extent similar kinds of information as in CRM systems can be collected, but the consumers themselves provide and maintain this information.

Customer due diligence

Identification and verification of customers and beneficial owners.


Protecting information or hiding its meaning by converting it into a secret code before sending it out over a public network.