Payments and Fraud Glossary



A type of malware that displays pop-up window warnings of non-existent computer infections that tricks you into buying fraudulent “protection” software.

Smart card

An access card that contains encoded information used to identify the user.

Secure element

A tamper-proof Smart Card chip capable to embed smart card-grade applications with the required level of security and features. In the NFC architecture, the secure element will embed contactless and NFC-related applications, and is connected to the NFC chip acting as the contactless front end. The secure element could be integrated in various form factors: SIM cards, embedded in the handset or SD Card.

Security protocol

A sequence of operations that ensure protection of data. Used with a communications protocol, it provides secure delivery of data between two parties.

Security Threat and Risk Assessment

A method that identifies general business and security risks aiming to determine the adequacy of security controls with the service and mitigating those risks.

Security token (authentication token)

It is a small hardware device that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in a commonly used object such as a key fob.

Sensitive data

Information that relates to contact information, identification cards and numbers, birth date, social insurance number and other data that can be used for malicious purposes by cybercriminals.

Script Kiddie

An unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites. It ist is generally assumed that most script kiddies are juveniles who lack the ability to write sophisticated programs or exploits on their own and that their objective is to try to impress their friends or gain credit in computer-enthusiast communities.

SIM Cloning

A victim’s SIM card data, containing all of their phone’s data, is copied to a fraudster’s SIM so that the fraudster can impersonate them and access all incoming communication, as well as mobile banking. To keep personal information secure, users are advised to make sure they download the latest banking apps directly from the official websites, and be wary of using financial institution contact details from SMSes or emails, as well as confirming account details via email, SMS, or telephone. Also, if a user realizes (s)he is not receiving calls or text notifications, (s)he may have fallen victim to a SIM card cloning scam.

Single Point of Purchase

The ability to detect whether a consumer’s card may have been compromised when an institution is experiencing a high volume of fraudulent transactions.

Smishing (SMS phishing)

A variant of phishing email scams that utilizes SMS systems instead of sending fake text messages.

Signing (confirmation by customer)

Confirming a financial or non­ financial transaction by verifying an entity’s identity in a manner that is non-repudiable (i.e. using one or more authenticators).


Card skimming is the illegal copying of information from the magnetic strip of a credit or ATM card. It is a more direct version of a phishing scam. In biometrics and ID, it could be the act of obtaining data from an unknowing end user who is not willing to submit the sample at that time.

Social engineering

It is a non-technical method of intrusion used by hackers to commit fraud. It relies on human interaction and often involves tricking people into breaking normal security procedures. It is one of the greatest threats that organizations encounter today.

Social Enginneering

Psychological manipulation of people into performing actions or divulging confidential information. Romance scams, Calamity scams are examples of social engineering

Social Media Sites

Thieves regularly troll social networking sites to steal personal information so they commit fraud.

Social Security fraud

Occurs when a fraudster uses one’s Social Security Number in order to get other personal information. An example of this would include applying for more credit in one’s name and not paying the bills.

Spear phishing

An email that appears to be from an individual or business that the user knows. In fact, the respective email is from the same criminal hackers who want the user’s credit card and bank account numbers, passwords, and the financial information on their PC.


Various scams in which fraudsters attempt to gather personal information directly from unaware individuals. The methods could include letters, telephone calls, canvassing, websites, emails or street surveys.

Strong Customer Authentication (SCA)

In accordance with EBA Consultation Paper, the authentication procedure shall result in the generation of an authentication code that is accepted only once by the payment services provider each time that the payer, making use of the authentication code, accesses its payment account online, initiates an electronic transaction or carries out any action through a remote channel which may imply a risk of payment fraud or other abuses.

Supervised Machine Learning

Learning a function that maps an input to an output based on example input - output pairs.

Suspicious Transaction Reports (STR)

A report compiled by the regulated private sector (most commonly banks and financial institutions) about financial flows they have detected that could be related to money laundering or terrorist financing.

Synthetic ID Fraud

This type of fraud occurs when a fictitious identity is created, usually with a combination of real and fake information, and is used to obtain credit, make purchases and open accounts.

Synthetic Identity Creation

Cybercriminals use either a combination of real and fake information and/or entirely fake information to create a new digital identity.