Payments and Fraud Glossary



Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion in which it encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them.

Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into down­loading or opening when it arrives as an email attachment.

Real-time Risk Management

A process which allows risk associated with payments between payment system participants to be managed immediately and continuously.

Relying Party (RP)

A website or application that wants to verify the end-user’s identifier. Other terms for this entity include ‘service provider’ or the now obsolete ‘consumer’.

Reshipping Fraud Scheme

Criminals will post job announcement on internet career sites advertising "merchandising manager" or "package processing assistant". After you accept the job, they will send you product packages containing stolen merchandise and ask that you ship these packages to their location.

Retail Loss Prevention

A set of practices employed by retail companies to reduce and deter losses from theft and fraud, colloquially known as ‘shrink reduction’.

Risk assessment

The process of studying the vulnerabilities, threats, and likelihood of attacks on a computer system or network.

Risk-Based Authentication (RIBA)

Risk-Based Authentication is where issuing banks apply varying levels of stringency to authentication processes, based on the likelihood that access to a given system could result in it being compromised. As the level of risk increases, the authentication process becomes more intense.

Rule based fraud detection

Rule based fraud detection systems use correlation, statistics, and logical comparison of data to identify potential ‘acts of fraud’ based on insights gained from previous (known) fraud incidents. They generally use traditional methods of data analysis and require complex and time-consuming investigations that deal with different domains of knowledge like financial, economics, business practices and behavior Fraud often consists of many instances or incidents involving repeated transgressions using the same method. Fraud instances can be similar in content and appearance, but usually are not identical. Rule based systems rely on identifying a known fraud pattern.