Glossary

An Account takeover (ATO) occurs when a fraudster gains unauthorized access to a legitimate user's account. ATO can be accomplished through methods like phishing, social engineering, or exploiting data breaches. The fraudster, after taking control of the account, can make unauthorized transactions, steal sensitive personal information, or engage in fraudulent activities.

Age verification uses data from identity document validation in conjunction with biometric data to confirm a customer's age. This helps businesses ensure customer safety and regulatory compliance when offering age-sensitive products or services online.

AI-driven fraud detection leverages artificial intelligence (AI) and machine learning to identify and prevent fraudulent activity in real-time. AI-powered fraud detection systems analyze large volumes of data, looking for anomalous patterns or unusual behaviors that might be otherwise missed by traditional, rule-based methods. Mitek's AI-powered tools for fraud detection help organizations to proactively detect and stop threats.

Anti-Money Laundering (AML) practices include laws, regulations, and procedures applicable to the detection, prevention and reporting of activities that involve money laundering. AML practices that are implemented by financial institutions and other regulated entities are designed to prevent illicit funds from entering the financial system and becoming commingled with and indistinguishable from legitimate funds. This protects financial institutions from being a party to criminal activity and ensures compliance with federal regulations.

Anti-Money Laundering (AML) and Know Your Customer (KYC) are interconnected regulations, but are discrete processes. AML refers to the broad set of laws, regulations, and procedures that are designed to detect, prevent, and report on activities that potentially involve money laundering. KYC is an essential component of AML.

Application fraud occurs when an individual deliberately provides false, stolen, or misleading information in an application for a financial services product, such as loans, credit cards, or bank accounts. Fraudsters may use stolen or synthetic identity documents to commit application fraud with a wide range of goals, from gaining unauthorized access to credit to facilitating money laundering, leading to significant financial losses, regulatory issues, and/or reputational damage for businesses.

Authentication processes are used to verify the identity of a user or entity attempting to gain access to systems or services, such as online banking or social media accounts, or a personal or corporate email account. Common methods of authentication include passwords, biometrics (including facial recognition or fingerprint), multi-factor authentication (MFA), passive liveness detection, and behavioral analytics that determine the consistency of the login attempt with previous logins.

Authorization, broadly, is the process of granting appropriate access to a verified user. In contrast to authentication, which confirms a user's identity, authorization defines what that user is permitted to do. This might include viewing certain types of data, executing transactions, or accessing specific structures. Authorization is governed by policies and roles that define permissions related to resources. They might follow a user's role within an organization or specific account identity.

A bad actor is an individual or entity (such as a nation-state) that engages in fraudulent or otherwise malicious activity with the goal of harming others, exploiting systems, or gaining unauthorized access to sensitive information related to individuals or organizations. Bad actors employ various tactics such as identity theft, phishing, malware, social engineering, and other deceptive practices to obtain access to systems and achieve their goals.

Bank account fraud involves unauthorized access to or use of a customer's bank account. This type of fraud typically includes activities such as unauthorized withdrawals, fraudulent fund transfers, or unauthorized account openings using stolen or falsified identity information. Fraudsters often gain access through phishing, social engineering, or compromised login credentials.

The Bank Secrecy Act (BSA) is a U.S. federal law. The BSA requires financial institutions to proactively participate in the detection and prevention of money laundering. Under BSA regulations, banks and financial institutions are required to maintain detailed transaction records as well as to report suspicious activities and/or transactions — for example, large cash transactions and suspicious financial activities like patterns of regular, unexplained cash transactions — to the appropriate regulatory and legal authorities.

Behavioral biometrics is an advanced approach to identity verification and fraud prevention. It analyzes unique user behavior, like the user's typing patterns, mouse movement, navigation menu flow, and their touchscreen interactions for natural and consistent behavior. By continuously monitoring these traits passively, organizations can add an additional layer of authentication in real time without adding friction, thus providing a more seamless, secure user experience while still effectively enhancing their ability to detect fraud.

Biometric authentication is a secure method of identity verification that analyzes a user’s unique biological or physical characteristics, such as their fingerprint, facial geometry, iris patterns, or voiceprint. Unlike password- or token-based methods, biometric authentication offers stronger protection and a more seamless user experience by leveraging individual traits that are extremely difficult for a fraudster to replicate.

Biometric matching is the process of comparing a user's biometric data, like their fingerprint, facial geometry, or voiceprint, against a stored reference to confirm identity. This comparison can be one-to-one (as secondary validation to verify a claimed identity), or one-to-many (for example, to search for a match across a database before authorizing or denying access based on the biometric information alone). Biometric matching is a foundational capability for biometric authentication systems. It enables fast, accurate, and more secure user verification. 

Biometrics refers to the use of measurable physical or behavioral traits, including fingerprints, facial geometry, iris patterns, voiceprints, and individual user behavior, for the purposes of identity verification and controlling access, for example, to digital accounts or physical locations. By analyzing these unique user characteristics, biometric systems provide a powerful foundation for secure and user-friendly authentication.

Bust out fraud is a form of financial fraud orchestrated over a longer timeline. An individual establishes a strong credit profile, often over months or even years, with the intention of eventually maxing out the lines of credit extended to that profile and not repaying them. Frequently, bust out fraud involves stolen or synthetic identities and is designed to evade early detection.

Call center fraud occurs when criminals exploit customer service channels to gain unauthorized access to financial accounts or sensitive data. Using techniques that include social engineering, caller ID spoofing, and/or stolen personally identifying information, the fraudsters put on a convincing act and manipulate call center agents into bypassing the security protocols that protect customer accounts. This type of fraud typically targets human vulnerabilities and agents' desire to help, rather than a financial institution's technical defenses.

Card-Not-Present (CNP) fraud refers to unauthorized transactions made without the physical presence of a payment card, which is typical of online/in-app purchases or purchases made by phone. Fraudsters use stolen payment card details to complete these remote payments, with no need to steal or clone a physical card to complete the verification required by face-to-face transactions. The scale of online commerce and speed expected for online payment processing means that CNP fraud remains one of the most prevalent threats in digital commerce.

Credit Card Fraud is the unauthorized use of credit card details to illegally access funds or purchase goods or services. Fraudsters obtain credit card info in many ways, including physical theft, the use of skimming devices, data breaches of banks or retailers, phishing attacks, or account takeovers. Credit card fraud results in immediate financial losses for financial institutions and can also cause lasting reputational damage if a bank has a constant history of not detecting and blocking fraudulent activity on its customers' accounts. 

Credit invisible describes individuals who lack sufficient credit history with the major credit bureaus due to having few or no payment accounts (like credit cards, a mortgage, or an auto loan). This "thin file" makes these customers effectively invisible due to traditional lending systems not having the data they would otherwise use to rate their risk. While that means they do not have a negative credit history, it still typically restricts their ability to obtain loans, credit cards, or similar financial services.

Customer Due Diligence (CDD) is a regulatory requirement for financial institutions. CDD mandates that these institutions verify customer identities, understand the nature and purpose of the customer's relationship with the financial institution, and evaluate any risk factors present that could indicate involvement in fraud or other financial crimes.

A Customer Identification Program (CIP) is a core regulatory requirement for financial institutions. It requires these institutions to properly verify the identity of individuals and entities before establishing financial relationships with them. CIP is a foundational element of Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance, and helps financial institutions prevent identity fraud, reduce their exposure to illicit activity, and safeguard the entire financial system.

Data encryption is the technique used to transform readable data into an encoded format through the use of cryptographic encryption algorithms, ensuring that only authorized parties with a decryption key can access or interpret it. Data encryption is widely used to protect sensitive information in transit (for example, during a payment transaction) and at rest (for example, where account information is stored), making it a critical control for safeguarding customer data and maintaining regulatory compliance.

Data privacy refers to the policies, practices, and regulatory frameworks that have been put in place to protect individuals’ personal information from unauthorized access, disclosure, or misuse. Implementation of strong data privacy measures is a legal and ethical imperative, and is necessary for maintaining customer trust, meeting compliance obligations, and reducing the overall risk of identity theft and fraud.