Last updated: March 2026

The Definitive Reference for Risk, Fraud, AML, KYC & Compliance Professionals

Introduction

The language of risk and fraud is evolving as fast as the threats themselves. New attack vectors, regulatory frameworks, and detection technologies emerge every year—bringing with them a wave of specialized terminology that professionals must master to stay effective.

This glossary is designed to be the single most comprehensive, authoritative, and practically useful reference for anyone working in fraud prevention, AML compliance, credit risk, identity verification, or risk decisioning. Whether you are a seasoned compliance officer, a fraud analyst building detection rules, a product manager designing onboarding flows, or a fintech founder evaluating risk platforms, this resource gives you clear, concise, and expert-level definitions—each accompanied by a real-world example that brings the concept to life.

Terms are organized alphabetically and cover the full spectrum of modern risk management: from foundational regulatory concepts like the Bank Secrecy Act and Know Your Customer, to cutting-edge techniques like behavioral analytics, deepfake fraud detection, and explainable AI.

Each entry is crafted to be quotable, searchable, and immediately useful.

How to Use This Glossary

Browse by letter using the alphabetical sections below, or search for a specific term. Each entry includes a clear definition, a practical example, and a link to the relevant Oscilar solution page for deeper exploration. Terms are cross-referenced where applicable to help you build a complete understanding of interconnected concepts.

A

Account Takeover (ATO)

Definition: A form of identity theft where a bad actor gains unauthorized access to an existing user’s account by stealing credentials through phishing, credential stuffing, social engineering, or malware. Once inside, the attacker may change account settings, exfiltrate data, or initiate fraudulent transactions. ATO is one of the fastest-growing fraud vectors in digital financial services.

Example: A cybercriminal uses leaked credentials from a data breach to log into a customer’s banking app, changes the email and phone number on file, and transfers $15,000 to a mule account.

→ See: Transaction Fraud Protection

ACH Fraud

Definition: Unauthorized or deceptive transactions conducted through the Automated Clearing House (ACH) network, which processes electronic fund transfers between banks. ACH fraud includes unauthorized debits, account takeover-driven transfers, and payroll diversion schemes. Because ACH transactions are batch-processed and can be reversed, fraudsters exploit the settlement window to move funds before detection.

Example: A fraudster obtains a victim’s bank routing and account numbers through a phishing email, then initiates a series of small ACH debits to test the account before draining a larger sum.

→ See: ACH Fraud Monitoring Under Nacha 2026

Adverse Media Screening

Definition: The process of monitoring and analyzing news sources, public records, and online media to identify negative information about customers or prospective clients that may indicate involvement in financial crime, fraud, corruption, or other illicit activities. Adverse media screening is a key component of customer due diligence and ongoing monitoring, helping institutions detect risks that may not appear in structured databases such as sanctions or PEP lists.

Example: During periodic review, an adverse media screening tool surfaces a news article linking an existing client to a money laundering investigation in another jurisdiction. The compliance team escalates the case for Enhanced Due Diligence.

→ See: AML for Banks

AML (Anti-Money Laundering)

Definition: The set of laws, regulations, and organizational procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. AML programs typically include customer due diligence, transaction monitoring, suspicious activity reporting, and sanctions screening. Financial institutions are legally required to maintain AML programs under regulations such as the Bank Secrecy Act and the EU Anti-Money Laundering Directives.

Example: A bank’s AML system flags a series of cash deposits just below the $10,000 reporting threshold across multiple branches—a pattern known as structuring—and files a Suspicious Activity Report.

→ See: AML for Fintechs

Authorized Push Payment (APP) Fraud

Definition: A scam in which a victim is manipulated into voluntarily sending a payment to a fraudster’s account, typically through social engineering, impersonation of trusted entities, or fake invoices. Unlike unauthorized fraud, the victim initiates the transaction themselves, making recovery and liability allocation more complex. APP fraud is a growing concern globally, prompting regulators to introduce mandatory reimbursement schemes.

Example: A business receives an email that appears to come from a long-standing supplier, requesting payment to a new bank account. The finance team processes the wire transfer, only to discover the email was spoofed.

→ See: Transaction Fraud Protection

B

Behavioral Analytics

Definition: The practice of analyzing patterns in user behavior—such as typing cadence, mouse movements, navigation habits, session timing, and device interaction—to build a dynamic risk profile. Behavioral analytics enables continuous authentication and anomaly detection without adding friction to the user experience. Deviations from established behavioral baselines can signal account takeover, bot activity, or social engineering.

Example: A behavioral analytics engine detects that a user who normally logs in from a desktop in Chicago is now accessing the account from a mobile device in another country with an unusually fast typing speed, triggering a step-up authentication challenge.

→ See: Oscilar Platform

Biometric Authentication

Definition: A security method that uses unique biological characteristics—such as fingerprints, facial geometry, iris patterns, or voiceprints—to verify a user’s identity. In financial services, biometric authentication adds a strong layer of security to account access, transaction authorization, and identity verification. When combined with liveness detection, it helps prevent spoofing attacks using photos, masks, or deepfakes.

Example: A mobile banking app requires facial recognition with liveness detection (requiring the user to blink and turn their head) before authorizing any wire transfer above $1,000, preventing both unauthorized access and deepfake attacks.

→ See: Oscilar Platform

BSA (Bank Secrecy Act)

Definition: A United States federal law enacted in 1970 that requires financial institutions to assist government agencies in detecting and preventing money laundering. The BSA mandates recordkeeping and reporting requirements, including Currency Transaction Reports (CTRs) for transactions exceeding $10,000 and Suspicious Activity Reports (SARs) for potentially illicit activity. It forms the foundation of the U.S. AML regulatory framework.

Example: A community bank files a CTR after a customer deposits $12,000 in cash, as required by the BSA, and separately files a SAR after noticing the customer has made similar deposits at three other branches within the same week.

→ See: AML for Banks

Bust-Out Fraud

Definition: A premeditated scheme in which a fraudster builds up a positive credit history—often over months—by making regular payments on credit accounts, then suddenly maxes out all available credit lines and disappears. Bust-out fraud can involve synthetic identities and is particularly damaging because traditional credit scoring models rate these accounts as low-risk right up until the bust-out event.

Example: A fraudster opens several credit card accounts using a carefully cultivated synthetic identity, makes on-time payments for eight months to increase credit limits, then charges $50,000 across all cards and vanishes.

→ See: AI Risk Decisioning

C

CDD (Customer Due Diligence)

Definition: The process financial institutions use to verify the identity of their customers and assess the risk they pose. CDD involves collecting and verifying identifying information, understanding the nature and purpose of the customer relationship, and conducting ongoing monitoring. For higher-risk customers, Enhanced Due Diligence (EDD) applies more rigorous verification and monitoring standards.

Example: During account opening, a bank collects a new customer’s government-issued ID, proof of address, and source of funds documentation, then screens the individual against sanctions lists and PEP databases as part of standard CDD.

→ See: KYC Fraud Detection

Chargeback Fraud

Definition: Also known as friendly fraud or first-party fraud abuse, chargeback fraud occurs when a consumer makes a legitimate purchase and then disputes the charge with their card issuer, falsely claiming the transaction was unauthorized or that goods were never received. This shifts the financial loss to the merchant and can result in increased processing fees, reputational damage, and potential loss of the merchant’s processing privileges.

Example: A customer purchases a high-end laptop online, receives it, then contacts their bank to dispute the charge, claiming the package never arrived. The merchant is forced to refund the transaction and loses the product.

→ See: Transaction Fraud Protection

Credential Stuffing

Definition: An automated cyberattack in which stolen username-password combinations from data breaches are systematically tested against multiple online services, exploiting the widespread practice of password reuse. Credential stuffing attacks use botnets to attempt thousands of login combinations per minute and are a primary driver of account takeover fraud.

Example: An attacker obtains 2 million email-password pairs from a leaked e-commerce database and uses automated scripts to test them against a digital banking platform, successfully compromising 15,000 accounts where users had reused their passwords.

→ See: Transaction Fraud Protection

Credit Decisioning

Definition: The process of evaluating a borrower’s creditworthiness and determining loan terms using data-driven models. Modern credit decisioning platforms combine traditional credit bureau data with alternative data sources—such as cash flow analysis, behavioral signals, and device intelligence—to produce faster, more inclusive, and more accurate lending decisions. AI-powered credit decisioning enables real-time approvals while maintaining regulatory compliance.

Example: A fintech lender uses an AI credit decisioning engine that analyzes a thin-file applicant’s bank transaction history, employment verification, and device signals to approve a personal loan within seconds.

→ See: AI Risk Decisioning

Credit Scoring

Definition: A statistical method of quantifying a borrower’s likelihood of repaying debt, typically expressed as a numerical score. Traditional credit scores (FICO, VantageScore) are based on payment history, credit utilization, length of credit history, credit mix, and new credit inquiries. Alternative credit scoring models incorporate non-traditional data such as rent payments, utility bills, and banking behavior to extend credit access to underserved populations.

Example: A credit union uses an alternative scoring model that factors in a member’s consistent rent payments and utility bill history, enabling approval for a member whose traditional FICO score would have resulted in a decline.

→ See: AI Risk Decisioning

CTR (Currency Transaction Report)

Definition: A report that U.S. financial institutions must file with FinCEN for each cash transaction exceeding $10,000, or multiple related cash transactions that total more than $10,000 in a single business day. CTRs are a foundational component of BSA compliance and help authorities track large cash movements that may indicate money laundering, tax evasion, or other financial crimes.

Example: A bank teller processes three cash deposits totaling $11,500 from the same customer in one day. The system automatically aggregates the transactions and generates a CTR for filing with FinCEN.

→ See: AML for Banks

D

Data Enrichment

Definition: The process of augmenting raw transaction or customer data with additional context from internal and external sources to improve the accuracy of risk decisions. In fraud prevention, data enrichment may include appending device intelligence, email reputation, phone number verification, IP geolocation, social media presence, and behavioral signals to a base transaction record.

Example: When a new account is opened, the platform enriches the applicant’s email address by checking its age, domain reputation, and association with known fraud rings, adding these signals to the risk model’s input features.

→ See: Oscilar Platform

Decision Engine

Definition: A software system that automates complex decisions by evaluating data inputs against a configurable set of rules, models, and policies. In risk management, decision engines orchestrate fraud detection, credit underwriting, and compliance workflows in real time. Modern decision engines support no-code rule creation, machine learning model integration, and A/B testing to continuously optimize decisioning accuracy.

Example: A payments company’s decision engine evaluates each transaction against 200+ rules and three ML models within 50 milliseconds, automatically approving low-risk payments and routing suspicious ones to a manual review queue.

→ See: AI Risk Decisioning

Deepfake Fraud

Definition: The use of artificial intelligence—specifically deep learning techniques such as generative adversarial networks (GANs)—to create highly realistic but fabricated audio, video, or images for fraudulent purposes. In financial services, deepfakes are increasingly used to bypass identity verification systems, impersonate executives in business email compromise schemes, and manipulate biometric authentication controls.

Example: A fraudster uses AI-generated video of a company’s CFO to conduct a video call with the finance department, instructing them to wire $2 million to an offshore account. The deepfake is convincing enough to pass initial scrutiny.

→ See: Oscilar Platform

Device Fingerprinting

Definition: A technique that collects and analyzes a combination of attributes from a user’s device—including browser type, operating system, screen resolution, installed plugins, time zone, language settings, and hardware characteristics—to create a unique identifier. Device fingerprinting helps detect fraud by identifying device anomalies, linking multiple accounts to the same device, or recognizing devices associated with known fraud rings.

Example: A fraud prevention system identifies that seven apparently unrelated loan applications were all submitted from the same device fingerprint—matching browser configuration, screen resolution, and installed fonts—revealing a coordinated fraud ring.

→ See: Oscilar Platform

E

Emulator Detection

Definition: The process of identifying when a user is accessing a digital service through software that simulates a mobile device or browser environment rather than a genuine physical device. Fraudsters use emulators to spoof device identities, automate account creation at scale, circumvent device-based security controls, and test stolen credentials. Detecting emulators is a critical layer in modern device intelligence.

Example: An onboarding risk system detects that a new account application is being submitted from an Android emulator running on a Windows desktop, which contradicts the claimed device type and triggers an automatic rejection.

→ See: Oscilar Platform

Enhanced Due Diligence (EDD)

Definition: An elevated level of customer verification and monitoring applied to higher-risk individuals and entities, such as politically exposed persons (PEPs), customers from high-risk jurisdictions, and those involved in complex or unusually large transactions. EDD goes beyond standard CDD by requiring more detailed information about the source of wealth, the purpose of the business relationship, and ongoing closer monitoring of account activity.

Example: A private bank onboarding a foreign government official as a client conducts EDD by verifying the official’s declared source of wealth through independent research, requesting additional documentation, and assigning the account to enhanced transaction monitoring with lower alert thresholds.

→ See: KYC Fraud Detection

Explainable AI (XAI)

Definition: Artificial intelligence models and techniques designed to produce human-understandable explanations for their predictions and decisions. In regulated financial services, explainability is essential for meeting fair lending requirements, satisfying regulatory examinations, supporting adverse action notices, and enabling analysts to understand and trust model outputs. XAI bridges the gap between model accuracy and regulatory transparency.

Example: When a credit application is declined, the explainable AI system generates a plain-language adverse action notice stating the top three contributing factors: insufficient credit history, high debt-to-income ratio, and short time at current address.

→ See: Oscilar AI

F

False Positive

Definition: A legitimate transaction or customer activity that is incorrectly flagged as suspicious by a fraud detection or compliance system. High false positive rates are one of the most significant operational challenges in risk management, leading to unnecessary customer friction, wasted analyst time, increased operational costs, and potential customer attrition. Reducing false positives without increasing false negatives is a key objective of AI-driven risk decisioning.

Example: A customer traveling abroad makes a hotel payment that triggers a fraud alert due to the unusual geographic location. An analyst reviews and confirms it as a legitimate purchase, adding it to the customer’s travel profile to prevent future false positives.

→ See: AI Risk Decisioning

FinCEN (Financial Crimes Enforcement Network)

Definition: A bureau of the U.S. Department of the Treasury tasked with safeguarding the financial system from illicit use, combating money laundering, and promoting national security through the collection, analysis, and dissemination of financial intelligence. FinCEN administers the Bank Secrecy Act and receives reports including SARs, CTRs, and Foreign Bank Account Reports (FBARs) from financial institutions.

Example: FinCEN issues an advisory alerting financial institutions to a new money laundering typology involving cryptocurrency exchanges, prompting compliance teams to update their transaction monitoring scenarios to capture the identified patterns.

→ See: AML for Fintechs

First-Party Fraud

Definition: Fraud committed by the actual account holder using their own identity (or a manipulated version of it) to deceive a financial institution. Unlike third-party fraud, where a stolen identity is used, first-party fraud involves intentional misrepresentation by the individual themselves—such as providing false income information on a loan application, taking out credit with no intention of repaying, or filing false insurance claims.

Example: An individual inflates their income on a mortgage application by submitting doctored pay stubs, secures a loan they cannot afford, and defaults after six months.

→ See: Transaction Fraud Protection

Fraud Detection

Definition: The use of technology, data analytics, rules, and machine learning models to identify potentially fraudulent activities in real time or near-real time. Effective fraud detection systems combine multiple signals—including transaction patterns, device intelligence, behavioral analytics, identity verification, and network analysis—to distinguish legitimate activity from fraud while minimizing false positives.

Example: A fraud detection platform analyzes a wire transfer request and identifies a confluence of risk signals: new payee, unusual amount, device mismatch, and velocity anomaly. The system blocks the transaction and alerts the fraud operations team.

→ See: Transaction Fraud Protection

Friendly Fraud

Definition: A type of first-party fraud where a legitimate cardholder makes a purchase and then disputes the charge, claiming it was unauthorized. Friendly fraud is distinct from true chargeback fraud in that the cardholder may genuinely believe the dispute is valid (e.g., forgetting a purchase or not recognizing a merchant descriptor), though the term is also used for deliberate abuse. It is a leading cause of merchant losses in e-commerce.

Example: A consumer subscribes to a streaming service, forgets about the recurring charge, and disputes it with their bank as unauthorized. The merchant loses the revenue and is charged a chargeback fee despite the subscription being legitimate.

→ See: Transaction Fraud Protection

G

Graph Analytics

Definition: A data analysis technique that models relationships between entities—such as customers, accounts, devices, addresses, and transactions—as a network graph to uncover hidden connections and patterns indicative of fraud or money laundering. Graph analytics excels at detecting fraud rings, mule networks, and collusive behavior that are invisible when analyzing individual transactions in isolation.

Example: Graph analytics reveals that 20 seemingly unrelated loan applications are connected through shared phone numbers, devices, and mailing addresses, exposing a coordinated synthetic identity fraud ring that traditional detection methods missed.

→ See: Oscilar AI

I

Identity Verification

Definition: The process of confirming that an individual is who they claim to be, typically by validating government-issued identification documents, biometric data, and personal information against authoritative data sources. Identity verification is the first line of defense against identity fraud and is a critical component of KYC, AML, and customer onboarding workflows. Modern identity verification combines document authentication, liveness detection, and database checks.

Example: A neobank’s onboarding flow requires new customers to upload a photo of their driver’s license and take a live selfie. The system uses OCR to extract document data, verifies it against government databases, and performs a biometric comparison to confirm the applicant matches the ID photo.

→ See: KYC Fraud Detection

IP Intelligence

Definition: The analysis of Internet Protocol (IP) address data to derive risk signals such as geolocation, proxy or VPN usage, hosting provider classification, and historical association with malicious activity. IP intelligence is a fundamental component of digital fraud prevention, enabling institutions to detect geographic anomalies, automated attacks, and attempts to mask a user’s true location.

Example: A login attempt from an IP address identified as a known Tor exit node and geolocated to a country where the customer has no history triggers a step-up authentication challenge and a fraud alert.

→ See: Oscilar Platform

K

KYB (Know Your Business)

Definition: The due diligence process used to verify the legitimacy and ownership structure of a business entity before establishing a commercial relationship. KYB involves verifying the business’s registration, identifying its Ultimate Beneficial Owners (UBOs), screening directors and officers against sanctions and PEP lists, and assessing the business’s risk profile. KYB is essential for preventing shell companies and money laundering through corporate structures.

Example: A payment processor onboarding a new merchant conducts KYB by verifying the company’s articles of incorporation, identifying all shareholders with more than 25% ownership, and screening each UBO against global sanctions and adverse media databases.

→ See: KYC Fraud Detection

KYC (Know Your Customer)

Definition: The regulatory requirement and operational process by which financial institutions verify the identity of their clients and assess their suitability, risk profile, and potential for involvement in money laundering or terrorism financing. KYC is a subset of broader CDD requirements and encompasses identity verification, beneficial ownership identification, and ongoing monitoring. Failure to maintain adequate KYC programs can result in significant regulatory penalties.

Example: A digital bank uses an automated KYC workflow that collects the applicant’s personal details, verifies their identity document in real time, screens them against global watchlists, and assigns a risk tier—all within under two minutes.

→ See: Frictionless and Secure KYC

L

Liveness Detection

Definition: A biometric security technique that verifies a user is a real, physically present person rather than a spoofing attempt using a photo, video replay, mask, or deepfake. Liveness detection methods include active checks (asking the user to perform actions like blinking or turning their head) and passive checks (analyzing micro-textures, light reflections, and depth cues). It is critical for preventing identity fraud during remote onboarding.

Example: A digital bank’s onboarding flow uses passive liveness detection to analyze subtle skin texture patterns and light reflections in the applicant’s selfie, automatically rejecting an application that attempted to use a printed photo held in front of the camera.

→ See: KYC Fraud Detection

M

Machine Learning in Fraud

Definition: The application of machine learning algorithms—including supervised, unsupervised, and deep learning models—to detect fraudulent patterns that rules-based systems cannot capture. ML models learn from historical fraud data to identify subtle, evolving patterns such as coordinated fraud rings, emerging attack vectors, and anomalous behavior. They continuously improve as new data becomes available, enabling adaptive and scalable fraud prevention.

Example: An unsupervised ML model detects an emerging fraud pattern where new accounts are opened with slight variations of the same synthetic identity across multiple institutions—a pattern invisible to rule-based systems.

→ See: Oscilar AI

MFA (Multi-Factor Authentication)

Definition: A security mechanism requiring users to provide two or more independent verification factors—something they know (password), something they have (device or token), and something they are (biometric)—before granting access. MFA significantly reduces account takeover risk by ensuring that stolen credentials alone are insufficient for unauthorized access.

Example: After entering their password, a user must approve a push notification on their registered mobile device and scan their fingerprint before a high-value transfer is authorized—combining knowledge, possession, and biometric factors.

→ See: Oscilar Platform

Money Mule

Definition: An individual who transfers illegally obtained money on behalf of criminals, often through their personal bank account. Money mules may be recruited unknowingly through fake job offers or romance scams, or may participate willingly in exchange for a commission. Mule accounts are critical infrastructure for laundering the proceeds of fraud, and detecting them is a key focus of AML transaction monitoring.

Example: A college student responds to an online job posting for a ‘payment processing agent.’ They receive wire transfers from fraud victims into their personal account and forward 90% to an overseas account, keeping 10% as their ‘commission.’

→ See: AML for Fintechs

N

Nacha Compliance

Definition: Adherence to the rules and operating guidelines established by Nacha (formerly the National Automated Clearing House Association), which governs the ACH network in the United States. Nacha rules cover authorization requirements, data security, fraud monitoring, and return processes for ACH transactions. Recent rule changes have expanded fraud monitoring obligations, requiring originating and receiving financial institutions to monitor ACH transactions for fraudulent activity.

Example: Following Nacha’s 2026 rule updates, a credit union implements real-time monitoring on inbound ACH credits to detect potentially fraudulent transactions before they settle, significantly reducing fraud losses on unauthorized transfers.

→ See: ACH Fraud Monitoring Under Nacha 2026

Network Analysis

Definition: The examination of relationships, connections, and communication patterns between entities to identify suspicious structures, hidden relationships, and organized criminal activity. In financial crime, network analysis maps the flow of funds between accounts, identifies shared attributes across seemingly unrelated entities, and detects patterns consistent with money laundering, fraud rings, or terrorist financing.

Example: Network analysis reveals that dozens of accounts receiving small international wire transfers are all linked through a single intermediary account, with funds rapidly moving through the chain before being withdrawn as cash—a classic layering pattern.

→ See: Oscilar AI

O

OFAC (Office of Foreign Assets Control)

Definition: A division of the U.S. Department of the Treasury responsible for administering and enforcing economic sanctions programs against targeted foreign countries, regimes, terrorists, international narcotics traffickers, and proliferators of weapons of mass destruction. Financial institutions are required to screen all transactions and customer relationships against OFAC’s Specially Designated Nationals (SDN) list and other sanctions lists.

Example: A bank’s real-time sanctions screening system blocks an outgoing wire transfer when the beneficiary’s name matches an entity on OFAC’s SDN list, and the compliance team files a blocking report with OFAC within the required 10-day window.

→ See: AML for Banks

Onboarding Risk

Definition: The risk of fraud, identity theft, or compliance violations that arises during the customer or merchant onboarding process. Onboarding is a high-vulnerability point because it is the first opportunity for fraudsters to introduce fake or stolen identities into a financial system. Effective onboarding risk management combines identity verification, device intelligence, behavioral analytics, and watchlist screening to approve legitimate customers while blocking bad actors.

Example: A fintech app detects that a new account application is being submitted from a device previously associated with five rejected applications, using an email address created minutes before signup, and from an IP address linked to a known VPN—triggering an automatic decline.

→ See: Oscilar Platform

P

PEP (Politically Exposed Person)

Definition: An individual who holds or has recently held a prominent public function—such as a head of state, senior government official, judicial authority, or military leader—along with their family members and close associates. PEPs present a higher risk for potential involvement in corruption and money laundering due to their position and influence. Financial institutions must apply Enhanced Due Diligence (EDD) to PEP relationships and monitor them more closely.

Example: A wealth management firm identifies a new client as the spouse of a sitting cabinet minister. The compliance team classifies the account as PEP-related and applies EDD, including enhanced transaction monitoring and annual relationship reviews.

→ See: AML for Banks

PEP Screening

Definition: The process of checking individuals and entities against PEP databases to identify politically exposed persons and their associates during onboarding and on an ongoing basis. PEP screening is a regulatory requirement under AML legislation and is typically performed using specialized databases that aggregate information from government sources, public records, and media across jurisdictions.

Example: During KYC onboarding, a customer’s name triggers a PEP match against a database listing them as a former senior official in a foreign tax authority. The compliance team conducts additional due diligence before approving the relationship.

→ See: AML for Banks

Phishing

Definition: A social engineering attack in which a fraudster impersonates a trusted entity—such as a bank, employer, or government agency—through email, text message (smishing), or voice call (vishing) to trick victims into revealing sensitive information, clicking malicious links, or transferring funds. Phishing is the most common initial attack vector for account takeover, business email compromise, and credential theft.

Example: An employee receives an email that appears to come from their bank, asking them to verify their account by clicking a link. The link leads to a convincing replica of the bank’s login page, which captures the employee’s credentials and passes them to the attacker.

→ See: Transaction Fraud Protection

R

Real-Time Decisioning

Definition: The capability to evaluate risk and make automated approve, decline, or review decisions on transactions, applications, or events within milliseconds of their occurrence. Real-time decisioning is essential for maintaining both security and customer experience in high-volume digital environments where any delay in processing can result in cart abandonment, customer friction, or undetected fraud.

Example: A payment processor’s real-time decisioning engine evaluates each of 10,000 transactions per second against fraud models, rules, and sanctions lists, returning a decision within 50 milliseconds to ensure uninterrupted checkout experiences.

→ See: AI Risk Decisioning

Risk Decisioning

Definition: The process of making automated, data-driven decisions about whether to approve, decline, or escalate a transaction, application, or customer interaction based on its assessed risk level. AI-powered risk decisioning platforms unify fraud detection, credit evaluation, and compliance checks into a single real-time decision framework, enabling organizations to balance risk mitigation with customer experience and operational efficiency.

Example: A risk decisioning platform evaluates a loan application by running the applicant through identity verification, credit scoring, fraud model scoring, and compliance screening simultaneously, returning an approve decision with conditions within 200 milliseconds.

→ See: AI Risk Decisioning

Rules Engine

Definition: A software component that executes predefined conditional logic (if-then rules) to automate decisions in real time. In fraud prevention and compliance, rules engines evaluate transactions against thresholds, patterns, and conditions set by risk analysts. While rules engines provide transparent and auditable decisioning, they are most effective when combined with machine learning models that can detect patterns too complex or novel for predefined rules.

Example: A rules engine blocks any transaction over $5,000 from a newly created account within the first 48 hours, while simultaneously passing the transaction to an ML model that evaluates a broader set of risk signals before making a final determination.

→ See: AI Risk Decisioning

S

Sanctions Screening

Definition: The process of checking customers, counterparties, and transactions against government-maintained lists of sanctioned individuals, entities, and countries. Sanctions are imposed by bodies such as OFAC (U.S.), the EU, the UN, and HM Treasury (UK) to restrict financial dealings with designated parties involved in terrorism, proliferation, human rights abuses, or other threats. Effective sanctions screening requires real-time checks, fuzzy name matching, and robust alert management.

Example: A bank’s sanctions screening system flags a wire transfer to an entity whose name closely matches an OFAC-designated organization. An analyst reviews the match, confirms it as a true positive, and blocks the transaction in compliance with U.S. sanctions law.

→ See: AML for Banks

SAR (Suspicious Activity Report)

Definition: A regulatory filing that financial institutions must submit to FinCEN (in the U.S.) or equivalent authorities when they detect transactions or behavior that may indicate money laundering, terrorism financing, fraud, or other financial crimes. SARs must be filed within 30 days of detecting suspicious activity, are confidential, and must not be disclosed to the subject of the report. SAR filing quality and timeliness are key areas of regulatory examination.

Example: A compliance analyst observes a customer receiving large wire transfers from multiple international sources, immediately converting them to cryptocurrency, and transferring them to external wallets. The analyst files a SAR with FinCEN, documenting the pattern and supporting evidence.

→ See: AML for Fintechs

SCA (Strong Customer Authentication)

Definition: A regulatory requirement under the EU’s Revised Payment Services Directive (PSD2) mandating that electronic payments use at least two independent authentication factors from three categories: knowledge (password/PIN), possession (device/token), and inherence (biometric). SCA aims to reduce fraud in online and contactless payments across the European Economic Area.

Example: When a European customer makes an online purchase over €30, their bank app sends a push notification requiring fingerprint authentication (inherence) on their registered phone (possession) before the payment is authorized.

→ See: Transaction Fraud Protection

Step-Up Authentication

Definition: A risk-based security approach where additional verification is required only when a transaction or action exceeds a defined risk threshold, rather than applying the same level of friction to every interaction. Step-up authentication dynamically adjusts the verification requirements based on contextual risk signals, balancing security with user experience.

Example: A customer makes routine purchases under $100 without any additional verification. When they attempt to change their account’s linked bank details, the system triggers step-up authentication requiring biometric verification and a one-time SMS code.

→ See: Oscilar Platform

Structuring

Definition: The illegal practice of breaking up large financial transactions into multiple smaller ones to avoid triggering regulatory reporting thresholds—specifically the $10,000 CTR filing requirement in the United States. Also known as “smurfing,” structuring is a federal crime regardless of whether the underlying funds are legitimate, and it is a key typology monitored by AML programs.

Example: An individual makes cash deposits of $9,500 at four different bank branches within three days. The bank’s AML system aggregates the transactions, identifies the structuring pattern, and generates a SAR.

→ See: AML for Fintechs

Synthetic Identity Fraud

Definition: A sophisticated form of identity fraud in which criminals fabricate a new identity by combining real and fictitious personal information—such as a legitimate Social Security number paired with a fake name, date of birth, and address. Synthetic identities are designed to pass identity verification checks and build credit history over time before executing a bust-out. It is one of the fastest-growing and hardest-to-detect forms of financial fraud.

Example: A fraud ring creates 50 synthetic identities by combining SSNs stolen from children and deceased individuals with fabricated names and addresses. Over 18 months, they build credit histories and then execute a coordinated bust-out across multiple lenders, stealing over $1 million.

→ See: AI Risk Decisioning

T

Third-Party Fraud

Definition: Fraud committed by an external bad actor who uses stolen or fabricated identity information to impersonate a legitimate individual without their knowledge or consent. This contrasts with first-party fraud, where the individual uses their own identity. Third-party fraud encompasses identity theft, account takeover, and new account fraud using stolen credentials.

Example: A criminal uses personal information obtained from a data breach—including name, SSN, and date of birth—to open a credit card account in the victim’s name and runs up $20,000 in charges before the victim discovers the account exists.

→ See: Transaction Fraud Protection

Transaction Monitoring

Definition: The continuous, systematic surveillance of customer transactions—including transfers, payments, deposits, and withdrawals—to identify patterns indicative of fraud, money laundering, or other illicit activity. Transaction monitoring is a regulatory requirement for financial institutions under AML laws and typically involves a combination of rule-based scenarios and machine learning models that analyze transaction attributes in real time.

Example: A transaction monitoring system detects that a small business account that normally processes $10,000 per month has received $500,000 in incoming wires over the past week from previously unseen international counterparties, triggering an automated alert for investigation.

→ See: Transaction Fraud Protection

Typology

Definition: A documented pattern or method of financial crime that describes how specific types of fraud, money laundering, or terrorism financing are carried out. Regulatory bodies, financial intelligence units, and industry groups publish typologies to help institutions recognize emerging threats and update their detection systems accordingly. Typologies form the basis for transaction monitoring rules and scenarios.

Example: FATF publishes a new typology describing how trade-based money laundering is conducted through over-invoicing of goods between related companies in different countries. Banks update their trade finance monitoring rules to detect the identified patterns.

→ See: AML for Banks

U

UBO (Ultimate Beneficial Owner)

Definition: The natural person who ultimately owns or controls a legal entity, either directly or indirectly, typically defined as anyone holding 25% or more of ownership interest or exercising significant control. Identifying UBOs is a critical component of KYB and AML compliance, as complex corporate structures are frequently used to obscure the true ownership of entities involved in money laundering, sanctions evasion, or tax fraud.

Example: A compliance officer investigates a corporate client and discovers that the company is owned by a holding company in the BVI, which in turn is owned by a trust. After tracing the ownership chain, the officer identifies the UBO as an individual on the bank’s PEP list.

→ See: AML for Banks

V

Velocity Checks

Definition: Fraud detection rules that measure the frequency, count, or cumulative value of events within a defined time window. Velocity checks are used to identify abnormal patterns that may indicate automated attacks, card testing, credential stuffing, or bust-out fraud. Common velocity metrics include the number of transactions per hour, login attempts per device, or new account registrations per IP address.

Example: A velocity check flags a payment card that has been used for 30 transactions of $1.00 each within five minutes across different merchants—a classic card testing pattern used to validate stolen card numbers before making larger fraudulent purchases.

→ See: Transaction Fraud Protection

W

Watchlist Screening

Definition: The process of checking individuals, entities, and transactions against regulatory and law enforcement watchlists—including sanctions lists, terrorist financing lists, and most-wanted lists—to ensure compliance and prevent dealings with prohibited parties. Watchlist screening is conducted during onboarding, at the point of transaction, and on an ongoing basis through batch rescreening against updated lists.

Example: A fintech platform rescreens its entire customer base weekly against updated OFAC, EU, and UN sanctions lists. A new match surfaces for an existing customer whose business partner has been designated, triggering an immediate compliance review.

→ See: AML for Fintechs

Wire Fraud

Definition: The use of electronic communications—including email, phone, internet, or wire transfers—to carry out a scheme to defraud. In the United States, wire fraud is a federal crime under 18 U.S.C. § 1343 carrying penalties of up to 20 years imprisonment (30 years if targeting a financial institution). Wire fraud is one of the most commonly prosecuted financial crimes and often accompanies other offenses such as business email compromise and investment fraud.

Example: A scammer impersonates a real estate attorney via email and sends fraudulent wire instructions to a homebuyer, redirecting the down payment to a controlled account. The FBI investigates the case as wire fraud.

→ See: Transaction Fraud Protection

About This Glossary

This glossary is maintained by Oscilar, the leading provider of AI Risk Decisioning solutions for financial institutions. It is designed as a living document that evolves alongside the risk and fraud landscape. New terms are added quarterly to reflect emerging threats, technologies, and regulatory developments.

Have a term you think should be included? Want to learn how Oscilar’s platform addresses these challenges in practice? Visit oscilar.com or contact our team to book a demo.

Stay in touch

Connect with us on LinkedIn for the latest insights and updates

Follow us

->