Glossary of Terms
Artificial intelligence and machine learning are complex topics with many tools, applications, and regulatory bodies. We will continue to update and post new terms as they surface in our work.
A form of identity theft where the fraudster gets access to a victim’s bank or credit card accounts – through a data breach, malware or phishing – and uses them to make unauthorized transactions.
A mathematical equation that describes how to solve a certain problem. In computer science, it would identify external data, assign it a value, and produce an output such as whether an entity is positive, a negative, or a newly identified.
Organizations and businesses must comply with the Bank Secrecy Act. AML rules are in place to help detect and report suspicious activities that may be behind money laundering and terrorist financing, such as frequent large transactions, securities fraud and financial market manipulation.
The ability for a machine to analyze external data based on a set of rules, learn from the data, and improve outputs over time.
Discovers interesting relationships between various data in machine learning.
Also known as the Currency and Foreign Transactions Reporting Act and commonly referred to as the anti-money laundering law. A law that requires financial institutions in the US to help US government agencies to detect and prevent money laundering. Banks must report cash purchases of negotiable instruments over $10,000, and suspicious activities that may signify money laundering, tax evasion, or other criminal activity.
A statistical model that examines variables to determine the likeliness of a shared outcome or to identify the probability of an event, such the relationship between shared symptoms and a stated disease.
Enables companies to easily define, deploy, monitor, and maintain new regulations, procedures, policies, market opportunities, and workflows. One of the main advantages of business rules is that they can be written by business analysts without the need of IT resources. A simple example is email filtering.
A type of fraud in which the customer does not physically present the card to the merchant during the transaction. It typically occurs with online or over the phone transactions that do not require an in-store credit card swipe.
When payments or cash advances are made using fraudulently obtained credit card numbers, most commonly over the internet, but also by phone, fax or mail.
Planning, managing and providing care and services to patients The goal of care management is to achieve an optimal level of wellness and improve coordination of care while providing cost effective, non-duplicative services (source: Center for Health Care Strategies).
CBR learns from past experiences to solve new problems. Rather than relying on a domain expert to write the rules or make associations along generalized relationships between problem descriptors and conclusions, a CBR system learns from previous experience in the same way a physician learns from his patients.
The purposeful misuse of cardholder dispute rights in order to retain both the goods or services purchased and the transaction amount.
A child's Social Security number (SSN) can be used by identity thieves to apply for government benefits, open bank and credit card accounts, apply for a loan or utility service, or rent a place to live. The thief may be someone the child knows, including relatives. A child's identity can also be stolen when criminals create a synthetic identity, by combining a child's SSN with a different birth date.
A process using historical data to audit commercial, Medicaid and Mecdicare claims. It can evaluate claims based on diagnosis, procedures, medication dispensed, care provider and more.
The process by which an insurer receives, investigates and determines claims filed by insured parties. It may include reviewing the claim, investigating, making adjustments and then either paying or denying the claim.
The process of designing a set of models to predict the class of objects whose class label is unknown. The derived model may be represented in various forms, such as if-then rules, decision trees, or mathematical formulas. Once external data is identified by type, certain outcomes can be predicted.
The copying of stolen credit or debit card information to a new card. This procedure requires copying information at a credit card terminal using an electronic device or software, then transferring the information to a new card or rewriting an existing card with the information. See: Skimming.
Ensuring an organization follows and adheres to the strict regulations of its industry. Data may include client information, audit trails, financial transactions, efforts to identify fraud, terrorism funding and money laundering, etc.
Used for problem solving, constraint programming is based on the idea that problems can be solved by placing limits on a group of potential solutions. It integrates those restrictions (or constraints) into the programming to narrow down or isolate potential solutions.
Terrorism funding is the secret funneling of money to finance terrorism activities. Closely tied to money laundering, terrorism funding is often done in small increments to avoid detection. Artificial intelligence is used to identify unusual transactions and is a tool in CTF.
A form of identity theft and fraud that occurs when someone steals a credit card, credit card information or personal identification number (PIN) and uses it without permission to make a purchase at a place of business, make a purchase or transaction online, make a purchase or transaction by telephone, or withdraw money from an automated teller machine (ATM).
See Bank Secrecy Act (BSA).
Mandatory report that US financial institutions file with FinCEN for each deposit, withdrawal, currency exchange, or other payments or transfers in the amounts of $10,000 or more.
Refers to preventative methods used to protect and recover networks, device and programs from any type of illegal access that may result in theft, damage, disruption or misdirection. Strategies include identity management, risk management and incident management. A password is a common form of cyber security.
Software that accepts relevant data across multiple channels, irrespective of the type or format and source of the data.
Process of extracting unknown and potentially useful data to identify certain information, such as trends, potential new markets, customer preferences, fraudulent behaviors, or other characteristics of interest.
An identity system model that places ownership of identity with the individual.
An organization focused on developing the foundational elements necessary to establish an open ecosystem for decentralized identity.
Deep neural networks learn hierarchical layers of representation from the input to perform pattern recognition. When the problem exhibits non-linear properties, deep networks are computationally more attractive than classical neural networks. A deep network can be viewed as a program in which the functions computed by the lower-layered neurons are subroutines. Learning can be supervised, semi-supervised or unsupervised.
Credit/debit facilities provisioned direct-to-mobile wallets.
Collage of verified data that confirms the identity of a subject (user, other).
In the world of information technology, “searching through trash” refers to using various methods to retrieve information about a technology user. Hackers may use Information such as a phone list, calendar, or organizational chart to gain access to a network.
The intentional deception for personal gain or to damage another individual made through email.
A global standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. Originally developed by Europay, Mastercard and Visa, the EMV chip helps reduce the risk of identity theft with the help of a more thorough authentication process than a magnetic-stripe-based card.
Commonly used abbreviation for regulation EU 910/2014. The European Parliament and the Council of the European Union’s regulation on electronic identification and trust services for electronic transactions in the internal market.
The Health Portability and Accountability Act (HIPAA) protects the privacy of individually identifiable health information, called protected health information, to maintain individual’s privacy and confidentiality.
An error in data analysis that reports a match to the stated criteria where there is no match.
When someone you know steals your identity. This may include stealing a minor’s identity to establish a credit account; seizing a senior’s information and using it as one’s own; taking a spouse’s information to co-sign an account or access bank account funds; using a sibling or parent’s identity for financial, tax, or employment gain.
The Federal Financial Institutions Examination Council (FFIEC) is a formal U.S. government interagency body made up of five banking regulators that promote uniformity in the supervision of all financial institutions. It also oversees real estate appraisals in the U.S.
Also known by its French name, Group d’action financiière (GAFI). Based in Paris, France since 1990, the FATF is an intergovernmental organization that combats money laundering and terrorism financing worldwide. The FATF currently comprises 36 member jurisdictions and 2 regional organizations, representing most major financial centres in all parts of the globe.
Coming into force on 10 January 2020, 5MLD addresses a number of weaknesses in the European Union's current anti-money laundering and counter terrorism financing monitoring. It will be more closely aligned with the US system, while also implementing new challenges for banks to register more public officials under its scope.
A bureau of the United States Department of the Treasury that collects and analyzes information about financial transactions combat domestic and international money laundering, terrorist financing, and other financial crimes.
An intentional deception to secure unfair or unlawful gain, or to deprive a victim of a legal right. Fraud can violate civil law or criminal law, or it may cause no loss of money, property or legal right but still be an element of another civil or criminal wrong.
An organization or group of people whose activities aim to defraud people. They may be engaged in forgery, filing false claims, identity stealing, or counterfeiting checks and currencies.
Dishonest use of benefits systems, such as making false claims, wasted medical products, billing for non-existent service users, and more.
Friction is the amount of effort the customer must exert to use their credit card, such as passwords, manual signatures, or clunky identification systems. In payment security, friction presents barriers to fraudulent use but also interferes with customer experience.
Occurs when a credit card customer files a “chargeback” or refund from the issuing bank, attempting to regain the transaction amount yet holding on to the product or services rendered. Once approved, the financial transaction is cancelled and the merchant is held accountable. Well-intentioned customers may accidentally commit friendly fraud because they don't understand the differences between a traditional return (from the merchant) and a bank-issued refund.
A mathematical model used to classify information that is unclear as a result of ambiguous data. Traditional logic typically categorizes information into binary patterns such as, black/white, yes/no, or true/false. Fuzzy logic brings a middle ground where statements can be partially true and partially false to account for much of day-to-day human reasoning.
The concept that flawed data input results in flawed outputs, or garbage data.
EU 2016/679 is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
Works by simulating the logic of Darwinian selection where only the best performers of a species are selected for reproduction. In computing terms, a genetic algorithm implements the model of computation by having arrays of bits or characters (binary string) to represent the chromosomes. Each string represents a potential solution. The genetic algorithm then manipulates the most promising chromosomes searching for improved solutions.
See Financial Action Task Force (on Money Laundering) (FATF).
The process of verifying the identity of a user.
The deliberate unauthorized use of someone else’s identifying information, usually to gain a financial advantage or obtain credit or other benefits in the other person’s name. A common form is financial fraud, where an individual’s personal information is used without their knowledge or consent to establish a new account, typically a loan or credit card.
An organization that naturally is able to verify user identity data, such as a government (for passport), mobile network operator (for phone location), postal service (for address), financial institution (for core identity data from KYC actions).
System of interrelated computing devices, mechanical and digital machines, objects, people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to- human or human-to-computer interaction.
Process for banks or others to verify identity of customers, typically tied to regulatory or other business policy requirements.
A subset of artificial intelligence, machine learning describes the use of algorithms and statistical models to perform tasks without instructions by relying on the patterns learned during previous interactions.
A crime that uses the postal system to steal money and valuables from victims. It is most often committed through solicitation letters, phony sweepstakes or work-at-home offers. Thieves can also commit mail fraud by simply stealing mail, such as bank statements, credit card offers or cheques, from a mailbox.
Any program or file that is harmful to a computer user. These malicious software programs can perform a variety of different functions such as stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring computer activity without permission.
Unscrupulous clinics and assessment centres may engage in a wide range of fraudulent activities such as:overbilling for services performed, billing for services not performed, falsely using credentials of health practitioners and forging patients’ signatures.
Data that is required to make instantaneous decisions about essential matters, e.g. border security or money laundering. Failure to access mission critical data could have serious implications for businesses and organizations.
Organizations that provide mobile phone and data services.
United States standards body.
Inspired by the structure of the brain, a neural network consists of many simple elements called artificial neurons, each producing a sequence of activations. The elements used in a neural network are far simpler than biological neurons; the number of elements and their interconnections are orders of magnitude fewer than the number of neurons and synapses in the human brain.
An enforcement agency of the US Treasury Department that administers and enforces economic and trade sanctions. Its objectives are to support US national security and foreign policy objectives. OFAC activities are determined by Presidential national emergency powers.
Financial coverage that provides remuneration in the event of a person’s or organization’s inability to make payment.
The ability to mitigate loss through detection and prevention of fraudulent insurance claims. It may include billing for services, procedures or materials that were never used, misrepresentation of what was provided, or the provision of unnecessary services.
Public and private personal information that, when used alone or with other relevant data, can identify an individual. PII may contain direct identifiers (such as passport information) that can identify a person uniquely, or quasi-identifiers (e.g. race or religion) that can be combined with other identifiers (such as birth date) to successfully identify the person. PII can be used to identify fraud through anolomous behaviors or shopping preferences, but can also be used to commit crimes such as fraud.
When a fraudster installs malicious code on a personal computer or server. This code then redirects any clicks made on a website to another fraudulent website without your consent or knowledge.
Criminal activity that attempts to fraudulently obtain sensitive information, such as your User ID and password, social security number, driver's license, credit card information or bank account information, often with a sense of urgency.
The health outcomes of a group of individuals, including the distribution of those outcomes within the group. Distribution may be defined by geography, overall level of health, those with disabilities, or other population determinations. It involves a multidisciplinary approach, bringing together health care systems and agencies to work together to improve health outcomes for the entire community.
See Electronic Protected Health Information (ePHI).
Tracks how often an individual does certain activities to learn an individual’s behavior overtime and create a baseline behavior. Once the baseline behavior is created, Smart Agents will detect any deviations and flag the behavior as suspicious.
Regression analysis creates models that explain dependent variables through the analysis of independent variables. As an example, the prediction for a product’s sales performance can be created by correlating the product price and the average customer income level.
The term used to describe the organization that provides user application services (e.g. a retail bank, an online pharmacy, or airline) through a digital experience and that relies upon a digital identity.
A machine learning algorithm that uses both labeled and unlabeled data. The labeled data will identify specific sets of data, and the unlabeled data will identify new data to expand the dataset.
The practice of directly observing the user of an automated teller machine (ATM), computer or other electronic device in order to obtain their personal access information. Binoculars, video cameras and vision-enhancing devices may also be used, depending on the location and situation.
The crime of taking private information about someone else's credit card used in an otherwise normal transaction. Skimming can occur at automated teller machines or merchants such as gas stations when a third-party card-reading device is installed either outside or inside a card-swiping terminal. This device allows a thief to capture a customer's card information, including their PIN, with each card swipe. Sometimes a miniature camera is also used to read the user’s PIN number at the same time.
Smart Agents technology overcomes the limits of legacy machine learning to allow personalization, adaptability and self-learning. Smart Agents do not rely on pre-programmed rules and do not try to anticipate every possible scenario. Instead, they create profiles specific to each entity and behave according to their goals, observations, and the knowledge they continuously acquire through interactions with other Smart Agents. Each Smart Agent pulls all relevant data across multiple channels, irrespective of the type or format and source of the data, to produce robust virtual profiles. Each profile is automatically updated in real time and the resulting intelligence is shared across the Smart Agents.
Using cell phone text messages to lure consumers with a URL or phone number that links to a request for personal information. Like phishing, the smishing message usually asks for your immediate attention.
The act of intercepting and capturing packets of data flowing across a computer network. Packet sniffing is to computer networks what wire-tapping is to a telephone network. While this “eavesdropping” has legitimate uses such as monitoring or troubleshooting network performance, it is also used by hackers to gather information illegally prior to a cyberattack.
If an SSN falls into the wrong hands, it could be used to obtain personal information and invade the rightful owner’s privacy, as well as redirecting government benefits, tax refunds or bank credits. See: Identity theft
The standard of care deemed reasonable to properly administer care to a patient or client. In healthcare, it specifies appropriate treatment guidelines based on medical evidence. It also refers to the reasonable precautions that should be taken by the individuals receiving care or by their guardians. These guidelines are often determining factors in malpractice suits.
Machine learning algorithms that analyze data with labels added by data scientist that enable the algorithm to understand which features are important to the problem at hand.
Reports suspicious or potentially suspicious activity by financial institutions. Most countries have regulations for SAR reports. In the US, reports are made to the Financial Crimes Enforcement Network (FinCEN), an agency of the United States Department of the Treasury.
A type of fraud in which a criminal combines real (usually stolen) and fake information to create a new identity, which is used to open fraudulent accounts and make illegal purchases. Synthetic identity theft is a common type of identity fraud and a major source of losses for financial institutions.
Any malicious computer program that misleads users of its true intent. The term is derived from the ancient Greek story of the deceptive wooden horse that led to the fall of Troy. Once installed and activated, a Trojan virus may provide access to users' banking information, passwords, or personal identity. It may also infect other devices connected by a network.
A provider that delivers direct users the capability to register for a digital identity and manage the lifecycle of that digital identity and interactions.
An acronym for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism. National security legislation passed after the September 11, 2001 attacks and subsequent anthrax attacks. The bill enhances domestic security to prevent terrorism, covers all aspects of surveillance of suspected terrorists, detects and prosecutes acts of money laundering and terrorism financing, and provides jurisdiction around border security.
Machine learning from unlabeled data, where particularly informative privileged variables or labels do not exist. As a result, the greatest challenge is often to differentiate between what is relevant and what is irrelevant in any particular dataset.
An international community where member organizations, a full-time staff, and the public work together to develop web standards.
This telephone equivalent of phishing – a form of identity theft – attempts to solicit personal information, usually by illegally representing a reputable agency or business, that others can use to access important accounts.