Payments and Fraud Glossary


Data breach

An incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.

Data capture

The action or process of gathering data, especially from an automatic device, control system, or sensor.

Data Security Standard (DSS)

The Payment Card Industry Data Security Standard (PCI-DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions, and protect cardholders against misuse of their personal information.

Dark web

Fraudsters use the dark web, the portion of the Internet that can be browsed anonymously, to search for stolen identities and credit/debit card numbers to buy hacking tutorials or other malicious services.

Deep web

The deep web is Internet content not indexed by search engines. It includes work portals, academic databases and private members websites not publicly accessible. Estimates put the deep web at about 500 times the size of the public web, containing over 500 billion pages of content not indexed by Google. It is difficult to gauge the deep web’s size, because it has been intentionally not indexed for public consumption.

Deep learning

Deep learning is an aspect of artificial intelligence (AI) that is concerned with emulating the learning approach that human beings use to gain certain types of knowledge. At its simplest, deep learning can be thought of as a way to automate predictive analytics.

Delivery and return fraud

Return fraud is the act of defrauding a retail store via the return process. There are various ways in which this crime is committed. For example, the offender may return stolen goods to secure cash, or steal receipts or receipt tape to enable a falsified return, or to use somebody else’s receipt to try to return an item picked up from a store shelf. Return abuse is a form of “friendly fraud” where someone purchases products without intending to keep them.

Derived identification

Relying on the identification that took place at another instance, for example, a bank or governmental institution. Making use of derived identification also has its constraints. Next to that, it becomes less valuable if everyone makes use of derived identification. It also implies the prospect already needed to have an account at another bank.

Device Emulator

A device emulator is one device the pretends to be another. Used by fraudsters to deceive simply device identification and automated risk management solutions to carry out fraudulent activities.

Device fingerprinting

Device fingerprinting is a process by which a fingerprint of a connected device – desktop, tablet, smartphone, game console, etc. – is captured when visiting a website.

Device ID

It is the unique serial number or ‘fingerprint’ that a particular device has embedded in it. It can be the combination of several components (e.g. CPU + graphics card) and can include a threshold (i.e. less than 100% matching) to allow for partial upgrades, such as with the iPass (proprietary) solution.

Device cloning

This is when the fraudster makes a software image of the device in order to make it appear as the regular user on their own device. It looks the same from a software perspective and fools device fingerprinting solutions.

Denial of service attack (DoS)

An attack on a computer system or network that causes a loss of service to users. A network of computers is used to bombard and overwhelm another network of computers with the intention of causing the server to ‘crash’. A Distributed Denial of Service (DDoS) attack relies on brute force by using attacks from multiple computers. These attacks can be used to extort money from the businesses targeted.

Digital identity

It is a collection of identity attributes, an identity in an electronic form (e.g. electronic identity).

Digital signature

A digital code (generated and authenticated by public key encryption) which is attached to an electronically transmitted document to verify its contents and the sender’s identity.

DDoS Attack (Distributed Denial of Service)

DDoS is a type of DoS attack where multiple compromised systems, often infected with a Trojan, are used to target a single system, causing service disruption.

Dumpster diving

A fraudster goes through someone’s garbage to try to find personal information to commit fraud. This is why it is important to shred any personally identifi7able information before throwing it away.