The SEON Fraud Dictionary – Part 1: Common Online Fraud Types

fraud types

Defining and understanding the fraud types you’re most likely to encounter online.

Looking at future fraud trends, it is likely more and more businesses will need to be prepared against threats, attacks, and criminals online.

So whether you are new to fraud prevention or a seasoned expert, we thought it would help to gather all the definitions of terms you might come across in this fight.

Account Farming

Account Takeover

Affiliate Fraud

Arbitrage (Gambling Fraud)

Auction Fraud

BIN Attack

Bonus Abuse

Bot Attacks

Carding

Card Cloning / Skimming

Card Testing 

Chargeback

Clean Fraud

Fraud

Ghost Broking

Identity Fraud

Identity Theft

Matched Betting

Multi Accounting

Promo Abuse

Reshipping

SIM Swapping

Spoofing

Synthetic ID

Transaction Fraud

Account Farming

The fraudulent practice of creating and maintaining multiple accounts with a platform in order to resell them later. Very popular with social media sites. 

Account Takeover

A form of identity fraud where fraudsters gain access to a victim’s account. This can be for an online store account, bank account, or even app login. The goal is usually to extract monetary funds, but account takeovers (ATOs) are increasingly used for other means, such as abusing promotions and coupons, extracting more user information, or cheating on gambling sites. 

An example about the anatomy of an ATO from our ebook:

account takeover common fraud types

Our complete guide on Account Takeovers is here.

Affiliate Fraud

Affiliate marketing is a model where marketers are rewarded for directing visitors towards a specific business. The company tracks conversions through referral links, and pays out money to the best marketers. 

Fraudsters try to earn these commissions by: spamming the referral links; using software to imitate human behavior and generate fake clicks and transactions; and maliciously diverting traffic from other sites. 

In some cases they will clone the vendor’s website, and host it on a domain name that looks similar. More advanced techniques include malicious browser extensions that swap legitimate affiliate URLs for their own, and even inject ads with referral links into ad-free web pages.  

Arbitrage (Gambling Fraud)

In the world of online betting and gambling, arbitrage is a technique which sees fraudsters create multiple accounts to increase their winning odds. It is sometimes referred to as an “arb” performed by “arbers”.

Auction Fraud

A type of e-commerce fraud type specific to auction sites. It involves non-delivery of products, where fraudsters create fake listings for items that are never sent. They can also purchase items with stolen card details and ship them, thus making a profit on something they didn’t pay for.

BIN Attack

Credit cards come with various ranges in BIN (Bank Identification Numbers). If these numbers aren’t properly randomized, it is possible for an attacker to generate valid card numbers based on a real one. However, the CVV and validity / expiry dates make this process very unlikely to succeed.

Bonus Abuse

Also known as promo or coupon abuse. This type of fraud sees fraudsters create multiple accounts to cash out promotional offers. It can be used for signup bonuses, and is particularly prevalent in the gambling industry.

Bot Attacks

In the context of fraud prevention, bots are used to automate and repeat the same attack with different data until it works. Bots can be used to attempt ATOs, create multiple accounts (account farming), or process numerous stolen credit card numbers at checkout.

Carding

General fraudster term for using stolen credit card data. This is whether it’s used for direct purchases, or charging prepaid or gift store cards, which are then resold.

Card Cloning / Skimming

A two step process for creating physical credit cards with stolen data. The skimming part is either done manually by malicious people (waiters, shopkeepers…) or machines at unattended places such as ATMs or gas stations. The goal is to gather all the data from a real card.

Fraudsters can then create a new physical card, effectively cloning the original. The data is written on the counterfeit card ‘s magnetic strip via specific devices. 

Sophisticated fraudsters also go as far as creating fake online stores specifically designed to  acquire card data for stealing funds or reselling it.

Card Testing 

Fraudsters who acquire a credit or debit card number use this method to verify it works. It is done by making a very small purchase that won’t be detected. If the purchase goes through, the fraudsters proceed to making larger purchases, usually with a different merchant.

Chargeback

Chargebacks are a protection for buyers who want to dispute online purchases. They can claim a chargeback to defend themselves against fraud or purchases made without their knowledge or permission. 

The credit card company involved with the transaction will review the chargeback claim and review evidence for or against it. If it is approved, the buyer is refunded, and the merchant has to pay a chargeback fee to cover the administrative costs.

Here is the anatomy of a chargeback:

Our complete guide to chargeback fraud and how to reduce it is here.

Clean Fraud

Also known as Friendly Fraud, First-Party Fraud or Fraud by False Claim. It’s fraudulent transactions that don’t get detected as they appear legitimate. Harder to flag because it only involves real data, so no fake identities or user accounts. 

Fraud

Using deception for personal gain. While online fraud is considered a cybercrime, not all cybercrime has to do with online fraud in nature. Protecting businesses against it is the job of fraud analysts. They can use a fraud prevention tool, or fraud filter to automate the process.

Friendly Fraud

When customers claim a chargeback for being the victims of fraud. It’s also known as lie fraud and is the fastest growing reason for chargebacks. Friendly fraud happens when buyers experience remorse, they refuse to pay for a family member’s purchase, or simply want to exploit the system to gain a product or service without paying for it.

See also: clean fraud

Ghost Broking

The practice of fraudulently selling inexistant insurance policies. Many victims do not realise their insurance isn’t valid until it’s too late, for instance in the case of a car accident.

Identity Fraud

The activity that uses someone’s personal information without authorization, and for personal gain. It all falls under the general online fraud umbrella, but focuses on data such as personal identification elements: date of birth, first and last name, social security number, card number or even personal photos. 

Identity Theft

Acquiring someone’s personal data such as credit card numbers, phone number, or other data points in order to impersonate for a number of actions: opening new accounts, applying for loans, purchasing goods, or posting fake ads and reviews.

Matched Betting

Using multiple accounts on gambling sites to improve betting odds and make money from free offers. A person will place a Back bet (backing a certain outcome). They will then create another account to place a Lay bet (backing the opposite outcome). This cancels out the losses, but allows them to profit from the free bet offer. Note that matched betting is legal in some regions, such as the UK. 

See also: Bonus abuse, Multi accounting

Multi Accounting

When one person creates multiple accounts with the same platform. It can be innocent (lost login details) or for fraudulent purposes, such as matched betting, bonus abuse, or creating fake reviews.

Promo Abuse

See also: Bonus abuse

Reshipping

Also known as Delivery Address Fraud and Fake Address Fraud. A process where criminals fool people into sending goods or cashier cheques purchased with stolen credit cards, usually to an address not linked to their name. It helps muddy the trail between fraudulent purchases and delivery addresses.

SIM Swapping

A.ka. SIM splitting or SIM jacking. Takes advantage of 2FA via SMS. Sees fraudsters acquire a phone number through hacks, phishing or sheer luck. They then call the mobile phone’s provider, and claim to want to change their number to a new one. The new number, which is in the fraudster’s possession, will then receive all the SMS used for mobile verification, which allows them to access other accounts such as email, social media, or even mobile banking.

Spoofing

Falsifying data such as an IP address, email address or caller ID. For instance, spammers will spoof a sender email address to mislead the recipient or gain their trust for phishing. 

Synthetic ID

Unlike common identity fraud, Synthetic ID fraud combines pieces of real personal data with fake data to create a new, untraceable identity. An example is the rise in synthetic IDs that use children’s personal info in order to have a clean credit score for loaning fraud.

Transaction Fraud

Transaction fraud, or payment fraud and credit card fraud, is a broad term that covers any fraud type committed when purchasing a service or item. It is the direct result of card theft, account takeover, or card cloning.

See also: ATO, BIN attack, Card cloning  

Common Fraud Types: The Bottom Line

Online fraud evolves at an alarming pace, so no dictionary on the topic will ever be complete. We will try our best to keep this one updated for our whole ongoing series. You can find links to the following parts here:

  • Part 2: Focuses on cybercrime as a whole and fraudster terminology
  • Part 3: Looks at fraud prevention terms and techniques

Hopefully, it will give you all the knowledge and insights needed to understand fraud, and prepare yourself against it in the future.

Learn more about our products!

Products

Sign up to our newsletter