Payments and Fraud Glossary



A threat consists of an adverse action performed by a threat agent on an asset. Examples of threats are:

  • A hacker (with substantial expertise, standard equipment, and being paid to do so) remotely copying confidential files from a company network or from card;
  • A computer malware seriously degrading the performance of a wide area network;
  • A system administrator violating user privacy;
  • someone on the internet listening confidential electronic communication.
Third-Party Fraud

Fraud committed against an individual by an unrelated or unknown third-party.


Any hardware or software that contains credentials related to a user’s attributes. Tokens may take any form, ranging from a digital data set to smart cards or mobile phones. Tokens can be used for both data/entity authentication (authentication tokens) and authorization purposes (authorization tokens).


The process of substituting a sensitive data with an easily reversible benign substitute. In the payment card industry, tokenization is one means of protecting sensitive cardholder PII in order to comply with industry standards and government regulations. The technology is meant to prevent the theft of the credit card information in storage.


Free software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router". Tor directs internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays.

Transaction Authentication Number (TAN)

A type of single-use password used for an online banking transaction in conjunction with a standard ID and password.

Triangulation fraud

Considered as one of the most complex ecommerce attack methods, triangulation fraud involves three points.

  • An unsuspecting customer who places an order on an auction or marketplace using some form of credit, debit, or PayPal tender.
  • A fraudulent seller who receives the order and then places the order for the actual product with a legitimate ecommerce website using a stolen credit card.
  • A legitimate ecommerce website that processes the criminal’s order.
Triangulation Schemes

Involves a fraudulent seller on a legitimate eCommerce unsuspecting customer placing an order on an auction or marketplace. Once the order is placed the seller will either purchase the product at a lower rate or, if possible, run away with the money without fulfilling the order.


The firm belief in the competence of an entity to act dependably, securely, and reliably within a specified context.

Trusted Framework

A certification program that enables a party who accepts a digital identity credential (called the relying party) to trust the identity, security and privacy policies of the party who issues the credential (called the identity service provider) and vice versa.

Trusted Third-Party

An entity trusted by multiple other entities within a specific context and which is alien to their internal relationship.

Two-Factor Authentication (2FA)

Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code.