Payments and Fraud Glossary


Passive authentication

A method where the user signs in through a Web form displayed by the identity provider and the user is requested to log in.

Payment Application Data Security Standard (PA DSS)

PA DSS is a system designed by the Payment Card Industry Security Standards Council and adopted worldwide. It was implemented in an effort to provide the definitive data standard for software vendors that develop payment applications.The standard aims to prevent developed payment applications for third parties from storing prohibited secure data including magnetic stripe, CVV2, or PIN. In that process, the standard also dictates that software vendors develop payment applications that are compliant with the Payment Card Industry Data Security Standards (PCI DSS).

Payment Card Industry Data Security Standard (PCI-DSS)

A proprietary information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) or by a rm specific Internal Security Assessor (ISA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions, or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

Payment Fraud (criminial fraud)

any type of false or illegal transaction completed by a cybercriminal.

Persona Technology

A collection of information from the purchases made across all merchants within Kount's network that serves as a "shortcut" for predicting the likelihood of fraud. A single persona may be associated with dozens of credit card numbers issued to different individuals that have been used to make purchases within a short time span.


A type of online fraud where people are redirected from a real website to a website impersonating a real one, with malicious intent.


A method which allows criminals to gain access to sensitive information (like usernames or passwords). It is a method of social engineering. Very often, phishing is done by electronic mail. This mail appears to come from a bank or other service provider. It usually says that because of some change in the system, the users need to re­enter their usernames/passwords to confirm them. The emails usually have a link to a page similar to the one of the real bank.

Phishing Kit

Phishing Kits provide a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site.

Phishing Schemes

A variety of different scam schemes using fraudulent emails or texts, or copycat websites to get you to share valuable personal information.

Proxy Piercing

A patented Kount technology that allows merchants to determine in real time if the purchase transaction request is being relayed through a proxy and, if so, determine the true geolocation of the purchase request and the type of network being used by the person attempting to make the transaction (prisons, schools, libraries, anonymous proxies etc)

Public Key Infrastructure (PKI)

The infrastructure needed to support the use of Digital Certificates. It includes Registration Authorities, Certificate Authorities, relying parties, servers, PKCS and OCSP protocols, validation services, revocation lists. Uses include secure e­mail, file transfer, document management services, remote access, web-based transactions, services, non-repudiation, wireless networks and virtual private networks, corporate networks, encryption, and ecommerce.

Point-to-point encryption (P2PE)

A point-to-point encryption (P2PE) solution is provided by a third party solution provider, and is a combination of secure devices, applications and processes that encrypt data from the point of interaction (for example, at the point of swipe or dip) until the data reaches the solution provider’s secure decryption environment.

A PCI P2PE solution must include all of the following:

  • Secure encryption of payment card data at the point-of-inter­action (POI)
  • P2PE­-validated application(s) at the point-of-interaction
  • Secure management of encryption and decryption devices
  • Management of the decryption environment and all decrypted account data

Use of secure encryption methodologies and cryptographic key operations, including key generation, distribution, loading/injection, administration and usage.


Privacy is the ability of a person to control the availability of personal information and exposure of himself or herself. It is related to being able to function in society anonymously (including pseudonymous or blind credential identification).


Identity proofing is a common term used to describe the act of verifying a person’s identity, as in verifying the ‘proof of an ID’. Other terms that describe this process include identity verification and identity vetting.