Payments and Fraud Glossary



Claiming of a certain identity by someone and/or something.


Set of attributes related to an entity that allow an entity to be uniquely recognized within a context.

Identity of Things (IDoT)

An area of endeavor that involves assigning unique identifiers (UID) with associated metadata to devices and objects (things), enabling them to connect and communicate effectively with other entities over the internet.

Identity Service Provider

An identity provider (IdP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying party applications within a federation or distributed network.

It usually offers user authentication as a service. Relying party applications, such as web applications, outsource the user authentication step to a trusted identity provider. Such a relying party application is said to be federated, that is, it consumes federated identity.

An identity provider is considered a trusted provider that enables consumers to use single sign-on (SSO) to access other websites. SSO enhances usability by reducing password fatigue. It also provides better security by decreasing the potential attack surface.

Identity spoofing

Using a stolen identity, credit card or compromised username / password combination to attempt fraud or account takeover. Typically, identity spoofing is detected based on high velocity of identity usage for a given device, detecting the same device accessing multiple unrelated user accounts or unusual identity linkages and usage.

Identity theft

Identity theft happens when fraudsters access enough information about someone’s identity (such as their name, date of birth, current or previous addresses) to commit identity fraud. Identity theft can take place whether the fraud victim is alive or deceased.

Identity verification

Checking the provided information about the identity with previously corroborated information and its binding to the entity.

Identity and Access Management (IAM)

The security and business discipline that enables the right individuals to access the right resources at the right time and for the right reasons. It addresses the need to ensure appropriate access to resources across increasingly heterogeneous technology environments and to meet increasingly rigorous compliance requirements.

Information sharing network

In the context of fraud management, it refers to a public or private service provider of one or more Abuse Lists.

InfoSec (information security)

The practice of defending information from unauthorized access, use, disclosure, disruption, modi cation, perusal, inspection, recording or destruction.

Integrator (Systems Integrator)

An entity that specializes in bringing together component subsystems into a whole and ensuring that those subsystems function together.


The gathering, assessment and dissemination of information that is valuable for fraud prevention and/or detection. Fraud intelligence can be strategic (activities of threat actors, etc.) and/or tactical (mule accounts, phishing sites, botnet IPs, etc.).

Internal fraud

Internal fraud occurs when a staff member dishonestly makes false representation, wrongfully fails to disclose information, abuses a position of trust for personal gain, or causes loss to others. Internal fraud can range from compromising customer or payroll data to inflating expenses to straightforward theft. Sometimes it is an unplanned, opportunistic attack purely for personal financial gain, but sometimes it is linked to a serious and organized criminal network, or even terrorist financing.

Internet of Things (IoT)

The network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these objects and other internet-enabled devices and systems.

IoT Botnet

A group of hacked computers, smart appliances and Internet-connected devices that have been co-opted for illicit purposes.


A situation in which payment instruments belonging to a given scheme may be used in other countries and in systems installed by other schemes. Interoperability requires technical compatibility between systems, but can only take effect where commercial agreements have been concluded between the schemes concerned.

IP Address

A numerical label assigned to each device connected to a computer network that uses the internet protocol for communication.


A bank or financial institution that issues cards to consumers on behalf of the card networks (Visa, Mastercard). The issuing bank is also known as the credit or debit card company. The issuer acts as the middleman for the consumer and the card network by contracting with the cardholders for the terms of the repayment of transactions.

I2P Anonymous Proxy

A proxy network aiming at online anonymity by encrypting all communications in various layers and relaying them through a network of routers run by volunteers in various locations.