KYC & AML Compliance Glossary: Terms and Definitions
A comprehensive glossary of KYC, AML, and identity verification terminology. Navigate through fundamental KYC and AML terms, including sanctions screening and digital onboarding, to grasp the core concepts defining today’s compliance landscape.
-
ABIS
A national-scale biometric identification platform matching individuals across large fingerprint or face databases.
-
Account Enumeration Attack
Automated attempts to discover valid usernames or emails by probing login or registration endpoints.
-
Account Opening Fraud
Creation of new financial or service accounts using stolen, synthetic, or fabricated identity data.
-
Acquirer Acquiring Bank
The merchant’s payment institution that processes card transactions, manages risk, and settles funds.
-
Address Manipulation Fraud
Tampering with customer address details to reroute deliveries, bypass controls, or enable chargebacks.
-
Adverse Media Screening
Screening news and open sources for negative mentions linked to customers, partners, or transactions.
-
AML (Anti Money Laundering)
Controls, reporting, and monitoring that deter laundering illicit funds through financial channels.
-
Anonymous Proxy Fraud
Use of masked IP infrastructure to hide origin and bypass geolocation or velocity checks for abuse.
-
Anti Money Laundering Directive
European legislation establishing requirements for customer due diligence, monitoring, and reporting.
-
Application Fraud
Deception involving applications for credit, loans, or services using falsified or stolen information.
-
Asia Pacific Group on Money Laundering
Regional anti-laundering forum coordinating mutual evaluations and guidance for member jurisdictions.
-
Automated Clearing House Risk
Risks within batch bank transfers, including returns, unauthorized debits, and settlement timing exposures.
-
Automated Decisioning
Automated approvals, declines, or referrals based on rules, scores, or machine learning models.
-
AVS (Address Verification System)
A card-not-present check comparing submitted address elements with issuer records to reduce fraud.
-
Bank Identification Number
The initial digits on a payment card that identify issuing institution and network.
-
Behavioral Anomaly Detection
Detection of unusual behavior shifts that indicate bots, takeovers, or emerging fraud attacks.
-
Beneficial Ownership Identification
Procedures identifying natural persons who ultimately own or control a legal entity.
-
Biometric Authentication
Verification using face, fingerprint, voice, or other biological traits to confirm identity.
-
Biometric comparison
Comparative scoring of two biometric samples to quantify similarity and match confidence.
-
Biometric Data
Structured measurements derived from biological traits used to recognize or verify individuals.
-
Biometric extraction
Acquisition of raw physiological or behavioral data suitable for later feature extraction.
-
Biometric Identification
Matching an observed biological trait to a stored identity within a reference database.
-
Biometric Passport
Travel document embedded with biometrics to strengthen identity assurance at borders.
-
Biometric reference
Stored features derived from a person’s biological traits used for later matching.
-
Biometric sample
The captured raw physiological or behavioral information before processing into templates.
-
Biometric Security
Safeguards, encryption, and governance protecting sensitive biological identifiers from misuse.
-
Biometric System
An integrated platform capturing, processing, and matching multiple biometric modalities.
-
Biometric Template
Compact representation of extracted features enabling efficient biometric comparisons.
-
Biometric Verification
A one-to-one biometric check confirming a claimed identity against an enrolled sample.
-
Blockchain Analytics
Analytics tracing transactions on public ledgers to identify flows, entities, and risk exposure.
-
Card Bin Attacks
Attacks that enumerate issuer prefixes and ranges to discover valid card numbers at scale.
-
Card Cloning
Duplication of payment card data onto a counterfeit card for unauthorized transactions.
-
Card Not Present Fraud
Remote transaction abuse where physical cards aren’t presented, increasing dispute and loss rates.
-
Card Skimming
Illicit capture of card data from terminals or ATMs using overlays or hidden devices.
-
Carding
A marketplace of stolen credentials and tools used to test and monetize compromised cards.
-
Central Bank Digital Currency Fraud
Abuse involving state-issued digital money systems to launder proceeds or execute scams.
-
Chargeback Fraud
Transaction reversals initiated after disputes, often shifting liability and costs to merchants.
-
Chargeback Management
Processes preventing, investigating, and responding to disputes to reduce losses and friction.
-
Claimed identity
Identity asserted by a user before verification or proof is evaluated.
-
Commodity Futures Trading Commission
U.S. regulator overseeing derivatives markets and enforcing rules against manipulation and abuse.
-
Compliance Risk Scoring
Risk quantification aligning controls and oversight with regulatory expectations and business tolerance.
-
Contactless Payment Fraud
Abuse of tap-to-pay channels by relays, stolen devices, or compromised wallets.
-
Continuous Transaction Monitoring
Real-time surveillance of payments and behaviors to detect sanctions, laundering, or fraud patterns.
-
CPF
Brazil’s individual taxpayer identifier widely used for onboarding, credit checks, and fraud prevention.
-
Credit Card Fraud
Unauthorized use of card details to transact, cash out, or test stolen credentials.
-
Credit Card Fraud Detection
Models, rules, and signals identifying suspicious card transactions before authorization.
-
Credit Card Refund Schemes
Abuse of returns or chargebacks to siphon funds through false or inflated claims.
-
Cross Device Fraud Detection
Linking identifiers and behavior across phones, browsers, and apps to spot evasion.
-
Cryptocurrency Fraud
Scams and thefts exploiting wallets, exchanges, tokens, or social hype to steal value.
-
Customer Due Diligence
Baseline identity checks, purpose assessment, and risk profiling during onboarding.
-
Dark Web Financial Data Sales
Trafficking of stolen payment, banking, or identity records on underground forums.
-
Data Breaches
Security incidents exposing sensitive records through hacking, misconfiguration, or insider misuse.
-
Data Capture
Collection of user inputs, documents, or signals during onboarding and transactions.
-
Debit Card Fraud
Unauthorized use of bank-linked cards through skimming, phishing, or account takeover.
-
Deep Fake Identity Fraud
Synthetic faces or voices used to impersonate victims and open accounts.
-
Deposit Fraud
Manipulating deposits, checks, or receipts to inflate balances or steal funds.
-
Derived Identification
Inferred identity attributes created from existing evidence rather than originals.
-
Detection Error Tradeoff (DET)
Curve showing false accept versus false reject rates across thresholds.
-
Device Emulator
Software mimicking phones or browsers to test apps or simulate fraudulent traffic.
-
Device Spoofing
Manipulating device attributes to masquerade as trusted hardware or clean profiles.
-
Digital Banking Fraud
Abuse of online or mobile banking channels to transfer funds or harvest data.
-
Digital Identity Verification
Checks confirming claimed identity through documents, biometrics, and databases.
-
Digital Signature Fraud
Misuse or forgery of cryptographic signatures to authorize unauthorized actions.
-
DNA Biometrics
Identification using genetic markers for high-assurance matching in specialized contexts.
-
Document Fraud
Creation or alteration of records or IDs to misrepresent identity or facts.
-
Dormant Account Fraud
Reactivating inactive profiles to withdraw funds or launder proceeds unnoticed.
-
Drop Address
Location used to receive goods discreetly, separating fraudsters from delivery trails.
-
Echeck Fraud
Unauthorized electronic check payments using stolen account and routing numbers.
-
Ecommerce Fraud
Abuse of online storefronts through stolen cards, chargebacks, or refund manipulation.
-
Electronic Funds Transfer Fraud
Illicit redirection of wire, ACH, or instant payments via social engineering.
-
Email Tumbling
Address variations used to create many accounts or evade duplicate detection.
-
Enhanced Due Diligence
Deepened checks for higher-risk customers, transactions, or geographies, adding corroboration, monitoring, and approvals.
-
Entity Graph Fraud Detection
Network-based analytics linking entities, devices, and transactions to expose collusion and organized abuse.
-
Equal Error Rate (EER)
The operating point where false accepts equal false rejects, summarizing biometric system balance.
-
Face Authentication
Biometric verification comparing a live face against an enrolled template before access is granted.
-
Face Comparison
One-to-one face comparison returning a similarity score used for verification decisions.
-
Face Detection
Algorithms locating human faces within images or video frames for subsequent processing.
-
Face Identification
One-to-many search comparing a face against a gallery to find potential identity candidates.
-
Face Matching
Heuristics and models deciding whether two face images depict the same person.
-
Facial Recognition
Another usage describing the same end-to-end pipeline for detecting and recognizing faces in media.
-
Failure to Acquire Rate (FTA)
A biometric quality metric counting attempts where equipment cannot capture usable samples.
-
Failure to Enroll Rate (FTE)
A metric counting subjects who cannot be successfully enrolled into the biometric system.
-
False Accept Rate (FAR)
A biometric security rate measuring how often impostors are incorrectly accepted as genuine.
-
False Declines
Legitimate transactions incorrectly declined, causing customer friction and revenue loss.
-
False Negative Identification Rate (FNIR)
A biometric statistic counting genuine subjects incorrectly labeled as non-matches at a threshold.
-
False Positive Identification Rate (FPIR)
A biometric statistic counting impostors incorrectly labeled as matches at a threshold.
-
False Reject Rate (FRR)
A biometric security rate measuring how often legitimate users are incorrectly rejected.
-
Fast Identity Online Authentication
Open standards enabling phishing-resistant sign-in using public-key credentials and device authenticators.
-
Financial Action Task Force
An intergovernmental body setting global AML/CFT standards and evaluating jurisdictions' effectiveness.
-
Fingerprint Biometrics
Biometric methods using ridge patterns from fingertips for identity verification or search.
-
Fingerprint Identification
One-to-many search using latent or live prints to retrieve candidate identities from databases.
-
Fingerprint Recognition
Algorithms comparing ridge minutiae to decide whether two fingerprint samples originate from one finger.
-
Fintech Fraud
Platform-driven abuse targeting neobanks or fintech apps through social engineering, bots, or mule networks.
-
Foreign Account Tax Compliance Act
U.S. rules requiring foreign financial institutions to report assets held by American taxpayers.
-
Forged Signatures
Unauthorized signatures replicated or altered to approve payments, contracts, or identity documents.
-
Fraud Consortium
Information-sharing network coordinating signals and outcomes across organizations to improve defenses.
-
Fraud Detection
Models, rules, and workflows surfacing suspicious activity before authorization or fulfillment.
-
Fraud Filter
Pre-authorization rules or lists used to block risky transactions before they finalize.
-
Fraud Prevention
Preventive policies, controls, and education that reduce exposure before losses occur.
-
Fraud Ring
Organized groups coordinating roles, tools, and cash-out channels to scale deception.
-
Fraud Score
A composite indicator estimating liability based on features, history, and model outputs.
-
Fraud Screening
Triage that prioritizes, queues, and routes suspicious events for review or automation.
-
Friendly Fraud
Disputes raised by cardholders for legitimate purchases, often due to confusion or family use.
-
I2p Anonymous Proxy
Privacy network relaying traffic to conceal origin and defeat censorship or attribution.
-
iBeta
Independent lab testing biometric accuracy, PAD performance, and standards compliance.
-
Identity and Access Management
Policies and tools managing users, roles, and entitlements across systems.
-
Identity Authentication
Verification of a claimed identity before granting access or privileges.
-
Identity Fraud
Misuse of identity attributes to obtain benefits, accounts, or credentials unlawfully.
-
Identity Management
Administration of identities, credentials, and lifecycle processes across applications.
-
Identity Proofing
Evidence collection and checks establishing sufficient assurance about a claimed identity.
-
Identity Risk Profiling
Scoring identity risk using behavior, device, geography, and historical context.
-
Identity Theft
Using stolen personal data to open accounts, take loans, or commit crimes.
-
Identity Verification
Confirming who someone is by checking documents, biometrics, or trusted data.
-
Iod Impersonation of the Deceased Fraud
Using details of deceased individuals to obtain credit, benefits, or refunds.
-
Iris Recognition
Matching unique iris patterns to verify or identify individuals accurately.
-
Keystroke Dynamics
Behavioral biometrics from typing rhythms used to assess identity.
-
Know Your Business
Verification of company ownership, control, and legitimacy before onboarding.
-
Know Your Merchant
Due diligence assessing merchant legitimacy and chargeback exposure.
-
Know Your Vendor
Supplier checks for legitimacy, sanctions, and performance history.
-
Knowledge-based approach
Identity checks relying on user-known facts and history.
-
KYC Compliance
Adherence to KYC policies, procedures, and regulatory expectations.
-
Layered Security Approach
Defense-in-depth layering controls to avoid single points of failure.
-
Level of Assurance
Measure expressing confidence level in an identity or claim.
-
Liability Shift
Allocation of fraud or chargeback responsibility under scheme rules.
-
Liveness Detection
Checks ensuring a real user, not a photo, video, or mask.
-
Loan Application Fraud Detection
Analytics flagging fabricated identities or income in loan submissions.
-
Loyalty Points Fraud
Redeeming rewards through theft, bots, or fake activity.
-
Loyalty Program Fraud
Exploiting loyalty ecosystems via fake accounts or refund abuse.
-
Machine Learning Adversarial Attacks
Inputs crafted to mislead models or evade detection.
-
Machine Learning in AML Compliance
Models detecting suspicious activity, entities, or patterns for regulators.
-
Manual Review
Human validation of flagged events to confirm or dismiss fraud.
-
Marketplace Fraud
Abuse in marketplaces via fake listings or non‑delivery.
-
Mas Notices on AML CFT
Singapore regulations outlining AML/CFT expectations for institutions.
-
Medical Identity Theft
Impersonation using medical details to obtain care or drugs.
-
Merchant Identity Verification
Checks validating business identity and documents before onboarding.
-
Micro Deposit Fraud
Exploiting verification micro‑deposits to confirm stolen accounts or trigger withdrawals.
-
Money Laundering
Concealing origins of criminal proceeds through layering and integration.
-
Money Mules
Individuals recruited to move illicit funds through their accounts, obscuring origin and aiding laundering.
-
Money Services Business MSB Fraud
Abuse of remittance or exchange providers to launder proceeds, structure payments, or defraud customers.
-
Neural Network Fraud Scoring
Nonlinear models learning complex patterns to produce probability of fraud for events or entities.
-
New Account Fraud
Creation of accounts using stolen or synthetic identities to access services or lines of credit.
-
NIST
U.S. standards body publishing cybersecurity, identity, and risk management frameworks for organizations.
-
Nonrepudiation
Assurance that a party cannot deny a performed action due to cryptographic proofs or logs.
-
NYDFS (Part 504)
Rule requiring certified transaction monitoring and filtering programs for institutions operating in New York.
-
OCR (Optical Character Recognition)
Technology extracting machine-readable text from images or scans for automation and verification.
-
OFAC
U.S. authority administering sanctions lists used for screening customers, payments, and partners.
-
Omnichannel Fraud
Cross-channel abuse leveraging inconsistencies between web, app, and in-store processes to evade controls.
-
One Time Passcode OTP Interception
Capturing single-use codes via SIM swaps, malware, or social engineering to take over accounts.
-
Online Marketplace Fraud
Scams through platforms using fake listings, non-delivery, or chargeback exploitation.
-
Out of Band Authentication
Verification performed through a separate channel to mitigate session or device compromise.
-
Palm Print Recognition
Biometric identification using palm ridge patterns and minutiae for matching.
-
Passive Authentication
Background risk checks using signals like device, behavior, and location without user interaction.
-
Payment Fraud
Illicit manipulation of payment instruments or flows to steal funds or goods.
-
Payment Gateway
Service routing and authorizing electronic transactions between merchants, acquirers, and networks.
-
Payment Gateway Spoofing
Impersonating processing endpoints to steal credentials, capture payments, or inject malware.
-
Payment Services Directive
EU regulation setting rules for payments, access-to-account, and strong customer authentication.
-
Payment Verification
Checks confirming payer identity, method ownership, and transaction intent before authorization.
-
PCI DSS
Technical and procedural controls required to protect payment card data within environments.
-
PEP
Person with prominent public functions presenting higher bribery and corruption risk.
-
Perpetual KYB
Ongoing business due diligence updating ownership, sanctions, and risk as events occur.
-
Phone Verification
Checks confirming phone number ownership and reachability using carrier and activity signals.
-
pKYC
Event-driven, continuous identity refresh replacing rigid periodic reviews with dynamic updates.
-
Point to Point Encryption
Protecting card data from capture by encrypting at entry and decrypting at secure endpoints.
-
Predictive Fraud Analytics
Models estimating likelihood of abuse to prioritize controls and investigations.
-
Prepaid Card Abuse
Exploiting stored-value instruments for anonymous purchases, cash-out, or laundering.
-
Real Time Risk Management
Continuous assessment and action on events to reduce exposure before losses occur.
-
Real Time Sanctions Screening
Immediate checks of payees and counterparties against dynamic watchlists during transactions.
-
Refund Fraud
Manipulating return processes to obtain cash or goods dishonestly.
-
Regtech
Technology streamlining compliance through automation, analytics, and regulatory reporting.
-
Regulatory Reporting
Required submissions to regulators outlining activity, compliance, and incidents.
-
Relying Party
Service that accepts identity assertions from an external identity provider.
-
Remittance Fraud
Deceptions in cross-border transfers, including fake recipients and fee scams.
-
Remote Identity Verification
Validating a person remotely using documents, biometrics, and authoritative data.
-
Retail Fraud
Schemes in stores or ecommerce including returns abuse, wardrobing, and barcode swaps.
-
Retinal Scanning
Biometric technique analyzing blood vessel patterns at the back of the eye.
-
Return Fraud
Abusing refund policies with used goods, falsified receipts, or stolen merchandise.
-
Rules Based Fraud Detection
Deterministic logic flagging suspicious behavior using thresholds, lists, and correlations.
-
Second Party Fraud
Collusion between customers and insiders to abuse systems or credit lines.
-
Selfie Verification
Liveness-checked selfie matched to identity documents for remote onboarding.
-
Sim Cloning
Copying mobile subscriber profiles to intercept calls, SMS, and one-time passcodes for takeovers.
-
Social Media Intelligence
Insights from public posts, relationships, and activity used for investigations or risk scores.
-
Social Security Number SSN
U.S. personal identifier widely abused for credit applications, employment, and tax fraud.
-
Subscription Billing Fraud
Abusing trials, promotions, or chargebacks to avoid payment while retaining service.
-
Suspicious Activity Monitoring
Continuous surveillance that flags patterns associated with laundering, sanctions, or account abuse.
-
Tax Identity Theft
Filing returns using another's details to capture refunds or benefits illicitly.
-
Telecommunication Fraud
Abuse of phone networks and services for premium scams, bypass, or account takeovers.
-
Third Party Data Breaches
Compromises at vendors exposing customer data and cascading risk to clients.
-
Third Party Fraud
Criminal uses stolen identity or credentials to transact, shifting liability to victims.
-
Threat Intelligence Sharing
Collaborative exchange of indicators, TTPs, and outcomes to strengthen defenses.
-
Token-based approach
Strategy relying on cryptographic artifacts instead of passwords or raw identifiers.
-
Transaction Laundering
Concealing prohibited sales by routing them through legitimate merchant accounts.
-
Transaction Reversal Fraud
Abusing chargebacks or disputes to reclaim funds after receiving goods or services.
-
Triangulation Fraud
Marketplace scheme using stolen cards to fulfill orders while charging victims later.
-
Unclaimed identity
Profile lacking verified ownership that requires additional proof before activation.
-
Unsupervised Machine Learning
Algorithms discovering structure in unlabeled data like clusters and anomalies.
-
Unusual Activity Reporting Uar
Internal escalation documenting suspicious behavior ahead of formal regulatory filings.
-
User Behavior Anomaly Detection
Monitoring interaction patterns to surface deviations that imply compromise or bots.
-
Verification benchmarks
Standardized evaluations measuring accuracy, speed, and robustness of identity systems.
-
Virtual Card Fraud
Abuse of tokenized numbers to perform unauthorized online purchases or cash-outs.
-
Virtual Currency Compliance
Controls addressing AML, sanctions, and travel rule obligations for crypto activity.
-
Voice Biometric Fraud
Spoofing or synthesis that deceives speaker recognition to unlock accounts.
-
Voice Phishing Vishing
Calls persuading victims to reveal secrets or authorize transfers through urgency and trust.
-
Wallet Draining Scams
Tricking users into signing malicious crypto transactions that move assets irreversibly.
-
Watchlist Screening
Matching names and identifiers against sanctions and PEP lists to block prohibited parties.
-
Whitelisting
Allowing only approved entities or software to operate, blocking everything else by default.
-
Wolfsberg Anti Money Laundering Principles
Banking industry guidance promoting risk-based due diligence and correspondent controls.
Definitions that matter. Solutions that work.
Understanding regulatory requirements is just the first step — let’s put them to work for you. Book a call with KYCAID and find out how we can make verification simple for you.