The SEON Fraud Dictionary – Part 3: Security and Fraud Prevention Terms

by Florian

The last part of our dictionary focuses on the fraud prevention terms you should know to understand how to protect your business.

In our effort to create an online database of all the definitions you should learn, we’ve previously gone through common types of fraud, and how fraudsters and criminals talk about their activities.

This part 3 of our online dictionary is all about the terms and methods you should know in order to understand, prevent, and reduce fraud attacks.

Part 1 of our fraud dictionary focuses on common fraud attacks
Part 2 is about fraudsters and cybercriminals vocabulary

2FA	3D Secure
Address Verification System	API
Blackbox (Machine Learning)	Browser Hash
Canvas Fingerprinting	Confusion Matrix
Cookie Hash	Cybersecurity
Data Enrichment	Decision Tree
Deep Learning	Device Fingerprinting
Device Hash	Digital Footprint
Domain Quality	Encryption
Email Profiling	Email String Analysis
False Declines / False Positives	Flagging
Friction	Gateway (Payment)
Graph Network	Heuristic Rules
Honeypot	HTTPS
IP Address	KYC
Link Analysis	Machine Learning
MFA	Near-Field Communication Payments (NFC)
Phone Analysis	PSD2
Reverse Email Lookup	Reverse Phone Lookup
SCA	SMTP
Social Media Profiling	SSL / TLS
SSL Interception	Supervised Machine Learning
Tokenization	Unsupervised Machine Learning
Velocity Checks	WebRTC
Whitebox (Machine Learning)

2FA

Stands for 2-factor authentication. When a user wants to access a website or app, they need to provide a single piece of authentication (SFA) in the form of a password. Adding another method is called 2-factor authentication, and it improves security. You will also hear the name multi-factor authentication.

Authentication factors can include facial scans, ID cards, SMS confirmations, security tokens, or biometric fingerprints, amongst others. According to Google, 2FA helps reduce 66% of targeted attacks, and 99% of bulk phishing attacks.

3D Secure

A security protocol designed for online credit and debit card transactions. It is designed as an additional password validated by the issuer, which helps transfer liability to the customer in case of fraud.

3D refers to three domains where the information is checked: issuer domain (where the money is taken from, acquirer domain (where the money is going to), and interoperability domain (the whole payment infrastructure, including software, merchant plugin, card scheme, servers, etc…).The newest version of the protocol, 3D Secure 2.0, adds more data points like device and IP. As of late 2019, it has yet to be implemented by all merchants and issuers.

Address Verification System

The address verification system (AVS) is used to confirm a transaction by looking at the US billing address and home address linked to a credit card. Note that it only looks at the numerical parts of the addresses, which means it is often prone to false positives (rejecting a payment when the user is legitimately the cardholder).

API

An application program interface (API) is a set of tools for building software. It allows developers to build applications and GUI by putting all the blocks provided by the API together. With fraud prevention tools, it allows easy integration into your platform.

Blackbox (Machine Learning)

In the context of fraud prevention, machine learning relies on complex calculations to provide a risk score. If the probability-based calculations remove transparency for the sake of scores, it is considered a blakcbox system.

See also: Whitebox

Browser Hash

In device fingerprinting, a browser hash is an ID created by combining data from a user’s browser, operating system, device and network. This hash remains unchanged, even if the user browses privately, or if they clear their browser cookies and cache. However, a device with multiple browsers or multiple browser versions installed will generate different hashes.

Canvas Fingerprinting

A form of online tracking. It uses the HTML5 canvas element on web pages to identify and track browser, operating system, and installed graphics hardware. It is used in device fingerprinting.

See also: Device Fingerprinting

Confusion Matrix

Also known as an error matrix. It is a table designed to see correct and incorrect predictions for a classification problem. It helps visualize the errors and the type of errors so you can measure and improve its precision.

An ID generated for each browser session. While clearing cookies and cache will generate a new hash, it is still useful for fraud prevention: if multiple users share the same hash, it shows they are using the same browser and device.

Cybersecurity

Also known as Computer Security, or Information technology Security. It is the practice of protecting individuals or organizations against attacks designed to steal or damage digital equipment or services.

Data Enrichment

The process of refining and enhancing information. It can be to break down existing data, correct flaws, or link data to other sources. In fraud prevention, it is mostly used to gather extra info about a user based on single data points such as an email address.

“Fraud Prevention is all about discovering who you are dealing with. What kind of users should be allowed into your system, and which ones will try to scam you in the long term. This is where enriching simple data fields externally can make all the difference.“

Decision Tree

A flowchart designed to visualize algorithms relying on multiple conditions (conditional control statements). One of the most useful methods to gain transparency into a machine learning system.

In a decision tree, each node represents a condition that branches out into two more nodes (i.e.: transaction above or below $100, based in the EU or not, etc..). All the branches lead to leaves, which clearly classify the transactions as fraudulent or valid.

The path from root to leaf represents the entirety of a classification rule, and fraud analysts can quickly understand or tweak them to get more precise results as needed.

Deep Learning

Deep Learning (DL), is a form of Machine Learning (ML) that can be fed huge, unstructured data sets. It is at times used to solve problems too complex for machine learning.

As of late 2019, Google is working to introduce more transparency into the workflow of the deep learning models, to help its users understand features and make better decisions.

See also: Machine Learning

Device Fingerprinting

Aggregating information about the device and browser used to connect to a website. You can collect data such as device number, battery level, installed plugins, device build, operating system, and much more. It creates browser, device and cookie hashes that act as IDs.

See also: Cookie Hash, Browser Hash, Device Hash.

Device Hash

A string that acts as an ID based on the device hardware only (GPY, screen size, HTML5 canvas, etc..) While many users can share the same device hash (for instance two iPhone 7 Safari users), this allows the flagging of Remote Desktop Connections, virtual machines or emulators, which all share the same hashes.

Digital Footprint

Also known as Digital Shadow. The trail of data created when using the Internet on any device. For fraud prevention, it can be found in a user’s online profiles, association with data breaches or blacklists. In a more general sense, it can also include emails sent, websites cookies, and subscriptions to online services, amongst others.

Domain Quality

When performing email analysis, or reverse email lookup, it helps to assign a quality level to the domains. This is calculated by looking at the creation date and how hard it is to signup. For instance, Gmail is free, but requires SMS verification. Mail.com, however, has no extra security steps, which lowers its domain quality.

Encryption

The process of encoding information so that only authorized parties can read it. It is used on websites, highly recommended for storing personal data, and useful in personal communications.

Email Profiling

Gaining more information about a user based on their email address. It is also referred to as Reverse Email Lookup, Backward Email Search, or Email Checker. You can see if the email exists, if it is linked to social media profiles, or found on blacklists and data breaches.

Read more about reverse email lookup for fraud detection here.

Email String Analysis

A technique which compares the characters used in an email address with other known information. For instance, an email name which contains a lot of numbers could be suspicious. Those containing a name that doesn’t match the user’s name are also considered risky.

False Declines / False Positives

Legitimate user actions that are blocked by fraud prevention tools. A high rate of false positives could show that the prevention rules are not calibrated properly.

Note that false declines are a source of tremendous friction and frustration for users, and can damage businesses profits, who will turn towards more flexible competitors. Using a good algorithm and confusion matrix can help see when and why these happen to maximise true positives.

See: Friction, Confusion Matrix

Flagging

Marking users as suspicious via a fraud prevention tool. Their actions can be blocked, or reviewed manually based on data points such as home address, IP address, social media usage, device fingerprinting or more. Ideally, the flagged data points should be marked as such as shared between multiple users of the fraud prevention team.

Friction

Slowing down a user journey. With fraud prevention tools, it can be adding an extra security step, or manual review to confirm a transaction. Friction is notable for decreasing conversions, so online businesses need to balance security and ease of use.

Gateway (Payment)

The name of the service that authorizes payment processing for merchants. PayPal, Stripe or WorldPay are all payment gateways, acting as a bridge between credit card companies, banks and retailers. You can implement fraud prevention at that stage of the transaction process.

Graph Network

A graph network, or graph neural network (GNN) helps visualise information from databases through relationship models and connections. Every node in the graph is associated with a label, and the graph helps predict other node labels without prior information.

Heuristic Rules

Heuristic rules in computer science help solve a problem faster and with fewer resources than with classic detection methods. In fraud prevention, it can be a system that blocks transactions quickly based on a blacklisted data point such as user ID, email, browser hash or other.

It’s worth noting that heuristic rules use algorithms that trade accuracy for speed. This makes them particularly useful for time-sensitive requests, for instance when trying to decide if a transaction is fraudulent or not as quickly as possible.

Honeypot

A tool that cybersecurity experts use to lure criminals and fraudsters. It is a system deliberately used to be exploited, so that the security team can see and learn how attackers operate.

HTTPS

Hypertext Transfer Protocol Secure. The SSL-secured version of HTTP, which adds a security layer for connections between browsers and websites.

See also: SSL / TLS

IP Address

The Internet Protocol Address (IP Address) is a numerical label associated to any device connected to the Internet. IP addresses provide a basic form of ID for fraud prevention, but are not hard to spoof with the right proxy setup.

KYC

Know Your Customer / Client. A process where businesses verify someone’s identity. It can be a legal requirement in some fields like banking, gambling, and financial services.

Businesses usually have to balance light and heavy KYC procedures. The former creates less friction for users, but increases the chances of fraud. The latter is more troublesome, but increases security.

Ideally, a good system should be flexible enough to let you create a customer journey that triggers light or heavy KYC depending on the known user data.

Link Analysis

The practice of using data to create networks that help investigate relationships between entities. Useful data for flagging fraudsters via link analysis can be payment transactions, logins, or new account openings, amongst others.

Machine Learning

Machine Learning (ML) is a branch of Artificial Intelligence (AI) that allows data analysis to improve overtime, by learning from the data it is fed. It allows systems to identify patterns and make decisions with minimal human intervention, essentially reprogramming themselves with new, updated rules.

MFA

Multi Factor Authentication. Like 2 Factor Authentication, but not restricted to 2 factors.

See also: 2FA

Near-Field Communication Payments (NFC)

The technology that enables contactless payments. It allows two devices, such as smartphones and POS terminals to exchange data in order to process transactions.

Phone Analysis

Also known as reverse phone lookup. A process which lets you glean information about a user based on a phone number. Checks can verify if the phone is valid, network type, and even last time seen online and profile picture, if linked with mobile-first services like WhatsApp or Viber. Linking a phone number to social media networks is one of the best tools for getting a full picture of users based on that single data point.

PSD2

The second Payment Services Directive from the European Union, which aims to break bank’s monopolies over customer data. It is designed around the OpenAI protocol, which allows access to customer’s banking data for integration with third party services like sending payments.

Reverse Email Lookup

See: Email Profiling

Reverse Phone Lookup

See: Phone Analysis

SCA

Strong Customer Authentication. A requirement of the PSD2 directive, which pushes organizations to improve the security of transactions. One of these requirements is the use of 2FA.

See: PSD2, 2FA

SMTP

Simple Mail Transfer Protocol. The protocol which allows the delivery of emails. An SMTP check can be used by fraud tools to confirm the validity of an email address.

Linking a person’s social media profiles to a name or email address. Useful to enrich data and learn more about users.

See: Email Profiling

SSL / TLS

Secure Sockets Later, and Transport Layer Security. Certificates that confirm encryption between a server (typically a website) and client (browser). The secured connections are established with a “Handshake” protocol, which can be analyzed by certain tools.

SSL Interception

SSL Interception, or SSL decryption, is a process with allows organizations to monitor network traffic and improve security. It can be an Active SSL Deployment where traffic passes through a man-in-the-middle implementation (MIM), or Passive SSL Deployment, which does not affect the traffic itself.

Supervised Machine Learning

In Machine Learning, there are Supervised and Unsupervised learning algorithms. The majority of practical machine learning uses supervised learning, where an algorithm is used to learn the function from an input to output. It is called supervised because the correct answers are already known, and the data is used to train the algorithms.

Unsupervised learning, on the other hand, works with data referred to as “unlabeled”. For instance with transactions, it means we do not yet have the correct answers, i.e, whether they should be classed as fraudulent or legitimate.

See also: Unsupervised ML

Tokenization

In data security, tokenization happens when you substitute sensitive data for a non-sensitive equivalent. For instance, a customer’s account number can be replaced with randomly-generated numbers. It is a security layer often used in conjunction with encryption.

See also: Encryption

Unsupervised Machine Learning

The goal of unsupervised machine learning is to make sense of data that has not yet been labeled, that is to say, where we do not have the right answer. It uses different algorithms to identify anomalies, irregularities and outliers compared with previous historic data.

One method is to automatically flag data points that noticeably deviate from the statistical norm. Through training, the machine learning system can then become more efficient at identifying regular noise from abnormal behaviour. This is helpful to identify things like seasonal changes without increasing false positives.

See: Supervised Machine Learning

Velocity Checks

The ability to check and compare user behavior using variable data such as transaction amount, or login attempts during a specific timeframe. Looking at the time elapsed between each action is a powerful tool that allows the creation of Velocity Rules, and Velocity Filters.

WebRTC

Web Real Time Communication is a free, open-source project that helps browsers and mobile applications communicate in real time via simple APIs.

Because WebRTC uses public IPs, it makes them discoverable through leaks, which can be a security issue.

Whitebox (Machine Learning)

A machine learning model that delivers clearly readable rules. This helps fraud analysts with manual reviews and understanding scores so they can adjust their approve / decline thresholds. Whitebox models can use tools like Decision Trees or other visualization and decision support tools to give transparency into the classification process.

Security and Fraud Prevention Terms – Key Takeaway

Like many other technical disciplines, security and online fraud prevention terms can appear jargon-y and confusing to the outsider.

But knowing the difference between a whitebox and a blackbox system in machine learning, for instance, can be tremendously beneficial. Not just for the fraud prevention team, but across all business departments.

Since fraud is a problem that affects everyone, it is in the best interests of sales people and executives to understand how prevention work too. Hopefully, this dictionary is a great primer on the topic.

You may also download the full dictionary here.

More resources