Download the PDF version

The online banking fraud dictionary


Your lifebelt to navigate safely in the digital world

Feeling lost in the sea of online banking fraud terms? Don't worry. The Cleafy team combined all their knowledge, expertise and passion to create this useful dictionary. You can come back here every time you need a clear and concise refresher on key concepts of online banking fraud.

We'll keep adding new terms on the go.

If you realize we missed something, please let us know!

We are a team of fraud hunters, engineers, marketing and sales experts, not superheroes. Yet!

A - E

Account Takeover (ATO)

A cyber-attack consisting in getting hold illegally of another person’s account. The most common targeted online accounts are bank accounts, social media profiles, and email addresses.   

Authorised Push Payment (APP)

A payment done through the online banking website or mobile app to another banking account. Examples of APPs are direct deposits, wire transfers, bank transfers, or digital wallet payments. APP are subject to social engineering attacks to lure customers into making payments to fraudsters’ banking accounts.

Read related insight >>

Automatic Transfer System (ATS)

Web injects used to automatically initiate wire transfers from the victims' own devices. The fraud occurs while the user actively operates on the target application by tampering with the genuine operation without the user noticing it. Unlike Account Takeover, they don't require taking over the victims’ accounts. 

Atomic visibility

One of the 5 key capabilities that an anti-fraud solution must have in order to see all details of each user session, identify new patterns of attacks, and take the best response decisions. 

Read related insight >>


A system of protocols that determines how multiple software should interact with each other.

API Abuse

Malicious or unauthorized use of Application Programming Interfaces (APIs) that violates security protocols or compromises the integrity of the system involved. API abuse typically involves exploiting vulnerabilities in an API's design, implementation, or usage to gain unauthorized access, extract sensitive information, perform unauthorized actions, or disrupt the intended functionality of the API or the systems it interacts with.



A type of social engineering attack consisting in offering to the victim something of value, such as free software, exclusive discounts, or irresistible deals, containing malware-infected links or downloads to access sensitive data.

Read related insight >>

Behavioral Analysis

A scientific discipline that examines patterns of behavior. In fraud detection and prevention, it is used to identify and flag possible incidents of fraud or other criminal activity.

In the context of anti-fraud banking, "behavior analysis" refers to the process of examining and evaluating patterns of behavior exhibited by individuals or entities to detect fraudulent activities or suspicious transactions. Behavior analysis in anti-fraud banking aims to detect and prevent fraudulent activities by detecting deviations from normal behavior, identifying unusual transaction patterns, and flagging suspicious activities for further investigation or intervention.

Behavioral Biometrics 

An advanced technology that leverages machine learning techniques to continuously assess the identity of online users, based on their behaviors, such as how they type, swipe, or move their devices.

Read related insight >>


A network of computers that have been infected by malware and have come under the control of a central entity or "botmaster" without the knowledge or consent of their owners. Each infected device is called bot.

Black-box approach

A black-box approach refers to a method where the internal workings are hidden or not easily accessible to the user. In fraud prevention, this means that machine learning gives a risk score without the human knowing the reasons for that number.



Catfishing refers to the act of creating a fake online persona, typically on social media platforms or dating websites, to deceive others into forming a romantic or emotional relationship. 

Cookie stuffing

A fraudulent technique used in online advertising and affiliate marketing which consists in secretly and forcibly placing additional tracking cookies onto a user's browser without their consent to artificially inflate the number of referrals or conversions. 

Credential Hijacking

Credential hijacking, also known as credential theft or credential stealing, is a malicious activity where an attacker illicitly acquires legitimate user credentials to gain unauthorized access to systems, accounts, or sensitive information.


Deep fake

An image, video or audio recording that has been edited using Artificial Intelligence to replace the original person with someone else.

Read related insight >>

F - K


False positives

In anti-fraud banking, a false positive refers to an incorrect identification or classification of an activity or transaction as fraudulent when it is, in fact, legitimate.

False negatives

In anti-fraud banking, a false negative refers to the failure to identify or detect a fraudulent activity or transaction.


Identity theft

The illicit use of another person's personal identifying information, like their name, or credit card number to commit fraud.

IP Address

An Internet Protocol address (IP address) is a numerical label that is connected to a computer network that uses the Internet Protocol for communication. It identifies the network interface and the location.


Know Your Client (KYC)

Know Your Client (KYC) is a process followed by businesses and financial institutions to verify and understand the identity, background, and financial activities of their customers. It involves collecting and verifying personal information, such as identification documents, proof of address, and financial history, to ensure compliance with legal and regulatory requirements. The purpose of KYC is to mitigate risks related to money laundering, terrorist financing, fraud, and other illegal activities.

L - P



Any software or code designed to cause harm, compromise security, or disrupt computer systems, networks, or devices. It encompasses a wide range of malicious programs, including viruses, worms, trojans, ransomware, spyware, adware, and more. 


Malicious spam emails that are sent with the intent of delivering malware or tricking recipients into taking harmful actions. These emails often contain deceptive messages, fake attachments, or malicious links.

Man-in-the-Middle (MitM)

Man-in-the-Middle (MitM) is a type of cyber attack where an attacker intercepts and alters communication between two parties without their knowledge. The attacker positions themselves between the sender and the receiver, allowing them to eavesdrop on the conversation, manipulate the data being transmitted, or even impersonate one or both parties. 

Man-in-the-Browser (MitB)

Man-in-the-Browser (MitB) is a type of cyber attack where a malicious actor gains control over a victim's web browser to manipulate or monitor their online activities. This attack is typically achieved by infecting the victim's computer with malware, such as a browser extension or Trojan horse. Once installed, the malware can intercept and modify web page content, capture keystrokes, steal login credentials, or inject additional malicious code into web forms or transactions. 

Money Mule

A money mule identifies someone who transfers illegal money through a courier service, or electronically, on behalf of others.

Multi-Factor Authentication

Multi-factor authentication (MFA), also known as two-factor authentication (2FA), is an electronic authentication technique that requires users to provide two or more pieces of evidence (or factors) to access a website or application. These factors typically include knowledge (something the user knows), possession (something the user has), and inherence (something the user is). 


One-Time-Password (OTP)

A One-Time Password (OTP) is a unique and temporary authentication code that is generated for a single-use and typically valid for a limited time period. Once used, it becomes invalid. It is an additional security measure to verify a user's identity during the login process for various online services, applications, or systems. 


Overlay attack employs malware that overlays fake windows on legitimate programs to steal confidential user information. Victims, believing they are interacting with the authentic program, unknowingly enter sensitive data such as login credentials or bank card numbers. 

Online Banking Fraud

Online banking fraud refers to any illicit activity completed on the financial institution’s web application or native mobile apps for money management, bank transfers, instant payments, and money lending. 



A string of characters that allows access to a computer system or service.


Pharming is a type of social engineering attack that exploits vulnerabilities in DNS servers or injects malicious code into users' systems to redirect victims to fraudulent websites, where they unknowingly provide their login credentials and other sensitive information. 

Read related insight >>


Phishing is a cyber-attack consisting of tricking users into committing involuntary actions to give away sensitive information.

Read related insight >>


Pretexting is a type of social engineering attack where an attacker creates a pretext or scenario to manipulate and deceive a victim, coaxing them into a compromised state. The attacker employs this strategy to exploit vulnerabilities and gain unauthorized access to sensitive data or resources.

Read related insight >>


PSD2 stands for the Second Payment Services Directive, a regulation implemented by the European Union to enhance the security and efficiency of electronic payments and promote competition in the financial services industry. It was introduced to update and replace the original Payment Services Directive (PSD) and provide a framework for open banking.

Q - U



A malware that operates by coercing victims to pay a ransom or face consequences such as the public release of their personal data or the permanent denial of access to it. While basic ransomware may merely lock the system without causing file damage, sophisticated malware utilizes a method known as cryptoviral extortion to exert control.


Screen Scraping

It refers to the technique used to extract data from the display output or user interface of an application or website. It is often associated with malicious activities where an unauthorized party captures and collects sensitive information from a target application or website without proper authorization.

Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) is a security measure designed to enhance the protection of online transactions and prevent fraudulent activities. It requires customers to provide multiple forms of identification or verification during the payment process, typically involving two or more of the following elements: something the customer knows (e.g., password), something the customer possesses (e.g., smartphone), and something the customer is (e.g., fingerprint or facial recognition).

SIM Swap

A cyber-attack consists in taking control of a victim’s mobile phone number by transferring it to a new SIM card.

Read related insight >>

Social Engineering

Social engineering attacks are attempts to manipulate individuals into divulging sensitive information or performing actions that let the attackers complete the fraud. 

Read related insight >>

Security posture

An organization's cybersecurity capability to predict, prevent and respond to digital attacks.


Smishing is a form of cyber attack that involves sending fraudulent text messages (SMS) or multimedia messages (MMS) to deceive and trick individuals into divulging sensitive information or taking malicious actions. 

Read related insight >>

SMS Sniffer

the It refers to a type of malicious software or component designed to intercept and capture Short Message Service (SMS) communications on a mobile device without the user's knowledge or consent. 


Smurfing is a technique used in cyber attacks where a large number of spoofed IP packets are sent to a victim's network using a network amplifier, such as Internet Control Message Protocol (ICMP) broadcasts. The goal is to overwhelm the target network with an excessive amount of traffic, causing it to become congested or even crash (DDos). 

Spear phishing

Spear phishing is a type of social engineering attack that targets specific individuals inside organizations to complete fraud. This is commonly used in online banking as it can lead to high financial gains.

Read related insight >>


Threat Actors

Threat actors refer to individuals, groups, or entities that actively engage in activities to compromise or exploit computer systems, networks, or data for malicious purposes. These actors can include hackers, cybercriminals, state-sponsored organizations, hacktivists, insider threats, and even disgruntled employees. 

Threat Intelligence

The term Threat Intelligence identifies the knowledge and insights gained about the potential and existing cybersecurity threats used to prevent, detect and respond to malicious activities with the best approach.

Transaction Tampering

It refers to the unauthorized modification or alteration of a financial transaction to deceive or defraud the bank or its customers. It involves malicious actors manipulating the details, parameters, or data associated with a transaction in order to carry out fraudulent activities.

Transactional Analysis

It refers to the process of examining and evaluating financial transactions to detect patterns, anomalies, or indicators of fraudulent activity. It involves analyzing transactional data, such as payment history, transaction amounts, timestamps, locations, and associated metadata, to identify suspicious patterns or deviations from normal behavior

Trojan (Banking)

It refers to a type of malware designed to target online banking systems and steal sensitive financial information, such as login credentials, credit card details, or personal identification numbers (PINs).

V - Z



Vishing is a form of social engineering attack that combines voice communication (typically over phone calls) with phishing techniques. In vishing attacks, fraudsters impersonate trusted individuals, organizations, or financial institutions to manipulate victims into revealing sensitive information, such as credit card numbers, social security numbers, or login credentials. 

Read related insight >>


Web inject

A web inject is a technique used by malicious software to manipulate the content of web pages displayed to users during their online banking sessions.

Web Scraping

It refers to the automated extraction of data from websites using software tools or scripts. It involves accessing web pages, parsing their content, and extracting specific information for various purposes.


Whaling is a type of social engineering attack that involves targeting high-ranking executives inside an organization to access critical information, sensitive data, or high quantities of money. 

Read related insight >>

White-box approach

A white-box approach refers to a strategy that involves having full visibility and access to the inner workings and details of the system or process being analyzed. In fraud management, it entails having comprehensive knowledge of the underlying algorithms, rules, and logic used in fraud detection and prevention. 

With this transparent and detailed understanding, organizations can more effectively identify and mitigate fraudulent activities by leveraging the specific insights gained from the system's internal mechanisms.


Zero-day attack

Zero-day attacks are a type of cyber attack that exploit vulnerabilities that are unknown to the software developers or security providers. These attacks occur before any patches or solutions are available, giving no time for defense or protection against them. The term "zero-day" refers to the fact that the attack occurs on the same day the vulnerability is discovered, leaving no opportunity for organizations to proactively defend themselves.

Read more articles