e-commerce fraud

The below terminology is used by the EAST Payments Task Force (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF) when producing Payment Alerts and other documents.  The aim is for this terminology to be adopted globally when describing or reporting payment and terminal fraud.

For a definition of each term under the ‘Main Classification’ and ‘Sub-Sets’ headings, see the Fraud Definitions page on this website.

EAST also publishes Terminology for the Location of Fraudulent Devices, Central/Host Fraud Definitions, Terminal Fraud Definitions and Terminal Physical Attacks Definitions and Terminology.


Main ClassificationSub-Sets
Technological Fraud
(Attacks against Technology)
• CNP – Card Not Present
• CP – Card Present
• Merchant Fraud
• Virtual Currency Fraud
• Cheque Fraud
• Digital fraud
• Mobile Fraud
• Telephone Fraud
• Standing Order Fraud
• Invoice Fraud
• Romance Fraud
• CEO Fraud
• Investment Fraud
• Money Laundering
• BIN Attack
• Black Box Attack
• DoS - Denial of Service attack
• MITM – Man-in-the-Middle attack
• Transaction Reversal Fraud
• Transaction Message Adulteration
Non-Technological Fraud
(Attacks against the Victim)
• Account Takeover Fraud
• First Party (Friendly) Fraud
• Identity Spoofing (or hacking)
• Authorised Push Payment Fraud Scams
• Direct Debit Fraud
• Extortion
• Cash Trapping
• Lost/Stolen Card


Main ClassificationSub-Sets
Social Engineering• Phishing
• Spear Phishing
• Vishing
• Smishing
• Shoulder Surfing
• Distraction
• Push Payments
Data Compromise• Malware
• ATM Malware
• Ransomware
• Data Breach
• Fake Website
• Fake App
• e-Skimming
• Skimming – CPP ATM
• Skimming – CPP UPT
• Skimming – CPP POS
• Skimming – CPP Virtual Terminal
• Card Trapping


Main ClassificationSub-Sets
Due Diligence• Lack of Patching / Security
• Bad implementation
• Deployment Error
• Merchant Negligence
• Implementation not according to Standards