Since its beginnings, fraud has constantly evolved with perpetrators innovating new ways to benefit — mostly for financial gain. As technologies and software are advanced and adopted, it’s inevitable fraudsters will continue to develop sophisticated tactics to commit crime.
Fraud is a broad and sometimes confusing topic — fresh types and trends regularly emerge, along with new terms and definitions. We put together this glossary to concisely explain fraud terms you should be familiar with.
First and foremost, we’re defining ‘fraud’ as the general term given to a deceitful act for unlawful gain. This could refer to anything from identity theft to stealing credit card information through malicious cookies on the web. Fraud can pose a high level of risk to businesses and their customers, which is why it’s important to know the types of fraud that exist and possible threats they pose.
Also known as ‘credit muling’, first-party fraud is the act of misrepresenting one’s personal information in order to receive a product or service to which they have no entitlement. This most commonly occurs when an individual or group of people apply for a loan they have no intention of repaying.
This involves an individual knowingly giving someone their identity or personal information to commit fraud or perpetrate fraud on their behalf.
This is the most common type of fraud. As in second-party fraud, it involves the use of a person’s details by another individual to commit fraud. However, in this case, the person whose information is being used is unaware and has not given consent.
Relating to the act of taking out finance with no intention of repaying or returning goods. Most prevalent in the motor industry, this type of fraud is generally practiced by purchasing a vehicle that becomes untraceable and the buyer unreachable.
Commonly known as ATO, account takeover occurs when a perpetrator uses someone else’s online account without their consent. The intent is usually financial gain; for instance, hacking online banking accounts to send themselves money or loyalty points, or using ecommerce sites to purchase goods.
Also known as ‘429 fraud’, victims are deceived into paying a fee for a promised product or service that never materialises. Today, consumers are usually targeted via email or social media, but historically, direct mail would have been used.
Similar to account takeover, this involves the fraudster using an individual’s details (without consent) to apply for goods or services and set up accounts. However, in this case, the perpetrator creates a completely new account using stolen or fake information. This could involve opening up a bank account using personal details usually collected from unknowing victims.
Also known as ‘credit card skimming,’ this is the act of copying card information onto a device that stores data — such as PIN, card number and security code — in order to transfer onto a new card (the clone). Cloning usually occurs through a reading device which has been attached to an ATM machine, but it can also happen by simply swiping the card through a reading device.
Card-not-present fraud (CNP) is when a cardholder requests a refund for a purchase made without actually returning the purchased item. This ultimately results in the cardholder keeping both the payment and the goods.
This involves a fraudster making small online purchases in order to ascertain whether the card is active. This often leads to the illegal purchase of more expensive items.
Quite technical in nature and taking skill to accomplish, clean fraud occurs when a fraudster impersonates the cardholder by using their personal information, making transactions look seemingly legitimate through card verification, billing, IP addresses and good shipping.
This happens when fraudsters take advantage of the multiple ways available to complete a transaction, such as online banking, over the phone or in person. Once a fraudster gains access to a customer’s bank details, they can go on to use these details to make fraudulent payments across multiple channels. In turn, this can lead to card-not-present fraud.
Omnichannel payment options are now an almost expected part of the consumer experience, so securing against opportunities for fraud is important for both online merchants and financial companies.
This is the broad term used to describe any fraudulent activity carried out online. It can involve anything from the use of malicious cookies to general scams and cons. Malware, computer software like viruses or spyware, is designed to harvest information about a person or organization without their knowing or permission — with the intent of causing damage or gaining unauthorised access to a system.
Another tool often used in cyberfraud is a keystroke logger — a form of malware that records a user’s keystrokes on a device. The user is typically unaware their movements are being recorded, meaning they could unknowingly reveal personal, private data, including passwords and bank information.
Thought to be hundreds of times larger than the web we use day-to-day, the dark web is a place where fraudsters exchange intel, such as stolen credit card information, sensitive data, or guides on how to commit fraud. Through sophisticated online marketplaces, fraudsters can turn a profit from selling illegal goods whilst hiding from law enforcement and maintaining anonymity behind their computer screen.
A group of people who collaborate for the primary purpose of defrauding other individuals.
Similar to card-not-present fraud, friendly fraud is not done maliciously or intentionally by the cardholder. For example, the cardholder could simply forget a particular purchase or merchant, resulting in a request for a chargeback.
An individual wrongly representing themselves as someone else without permission to do so. This is the best-known form of ecommerce fraud whereby the cybercriminal conducts transactions using the victim’s personal information. Another example would be getting a loan or credit card to gain financially.
When fraudsters purposefully misrepresent their information in order to gain access to loans, such as a mortgage, for which they’re not eligible.
Money mules are often used in money laundering. Fraudsters generally deposit money into the bank account of the person acting as a money mule with instructions to transfer it to a different bank account — making profits difficult to trace. The money is frequently used to fund illegal activities, such as human trafficking, drug trading and terrorism.
A type of computer engineering which steers users of a website to a replica of the site — with the intent of harvesting the user’s personal information.
A particular fraud trend of 2018/2019, phishing is the act of sending fraudulent emails aimed at tricking an individual into disclosing sensitive or personal information. Victims unsuspectingly open the email which is disguised as being from a legitimate source, e.g., a bank. The email will typically include a link (containing malware) that’s veiled as a call to action.
The intentional exploitation of a promotional offer via a method such as signing up with different email addresses in order to receive multiple one-use offers.
The act of deceit against a victim in order to ascertain personal information for fraudulent purposes. A well-known subset of social engineering is shoulder surfing — which is exactly what it says on the tin — when a fraudster acquires a victim’s personal information by simply looking over their shoulder. This most commonly occurs when someone enters their PIN at an ATM and is unknowingly observed by a fraudster.
When a fraudster replaces the cardholder’s address with their own in order to receive goods purchased.
This is a type of ATO fraud that typically exploits weaknesses in two-factor authentication tools. Generally, a fraudster will redirect the second factor (likely a text message or call) to their own contact details to gain access to the victim’s account.
The term given to the process of “taking cash off the top,” or “off the book” (i.e., before the money has been logged into a business’s bookkeeping system). This enables tax evasion or use of money for unlawful activity. Plus, it can be hard to detect as it’s not traceable on the audit trail.
The act of creating a fake identity using an amalgamation of both real and fake information whereby the real information used is often stolen. This is generally used when opening fraudulent accounts to make purchases or steal money from creditors/credit card companies.
A growing phenomenon whereby shoppers buy items, such as clothing, shoes or electronics, use them and return them ‘as new’ in order to get a refund. Wardrobing is a particular issue for fast fashion ecommerce stores.
At TransUnion, we aim to help businesses understand, detect and mitigate fraud risks. That’s why our dedicated fraud team is constantly tracking and horizon scanning for new and expanded trends and tactics. Our extensive data attributes, consultancy and flexible, CX-centric products provide our partners the tools needed to effectively meet fraud and identity challenges whilst ensuring a friction-right consumer experience. That way, your customers, reputation and bottom line are all protected.
Click here to find out more about our solutions and approach.