payments yask force

The below terminology is used by the EAST Expert Group on Payment and Transaction Fraud (EPTF) and the EAST Expert Group on All Terminal Fraud (EGAF) when producing Payment Alerts and other documents.  The aim is for this terminology to be adopted globally when describing or reporting payment and terminal fraud.

For a definition of each term under the ‘Main Classification’ and ‘Sub-Sets’ headings, see the Fraud Definitions page on this website.

EAST also publishes Terminology for the Location of Fraudulent Devices, Central/Host Fraud Definitions, Terminal Fraud Definitions, Terminal Physical Attacks Definitions and Terminology and Countermeasures against ATM Malware and Black Box Attacks.

FRAUD TYPE

Main ClassificationSub-Sets
Technological Fraud
(Attacks against Technology)
• CNP – Card Not Present
• CP – Card Present
• Merchant Fraud
• Virtual Currency Fraud
• Cheque Fraud
• Digital fraud
• Mobile Fraud
• Telephone Fraud
• Standing Order Fraud
• Invoice Fraud
• Romance Fraud
• CEO Fraud
• Investment Fraud
• Money Laundering
• BIN Attack
• Black Box Attack
• DoS - Denial of Service attack
• MITM – Man-in-the-Middle attack
• Transaction Reversal Fraud
• Transaction Message Adulteration
Non-Technological Fraud
(Attacks against the Victim)
• Account Takeover Fraud
• First Party (Friendly) Fraud
• Identity Spoofing (or hacking)
• Authorised Push Payment Fraud Scams
• Direct Debit Fraud
• Extortion
• Cash Trapping
• Lost/Stolen Card

FRAUD ORIGIN

Main ClassificationSub-Sets
Social Engineering• Phishing
• Spear Phishing
• Vishing
• Smishing
• Shoulder Surfing
• Distraction
• Push Payments
Data Compromise• Malware
• ATM Malware
• Ransomware
• Data Breach
• Fake Website
• Fake App
• e-Skimming
• Skimming – CPP ATM
• Skimming – CPP UPT
• Skimming – CPP POS
• Skimming – CPP Virtual Terminal
• Card Trapping

DUE DILIGENCE

Main ClassificationSub-Sets
Due Diligence• Lack of Patching / Security
• Bad implementation
• Deployment Error
• Merchant Negligence
• Implementation not according to Standards