CAFP Fraud Study Set
Fraud Risk Factors Answer - Fraud event, customer experience and regulatory compliance
Fraud Levers Answer - Prevention, Detection, Response
First Party Fraud Answer - Individual who unjustly profits from fraud or misuse of account in own identity at the bank
Third Party Fraud Answer - Occurs when someone other than the applicant or account owner is responsible for fraud behavior
Fraud Management Program Answer - Exposure to fraud varies based on geographic concentrations, product (convenience, diversity), weak controls
Fraud Policy Answer - Establish your bank's posture relative to fraud (#1 of 6 Anti Fraud Fundamental)
Fraud Identification Answer - Effort must be placed on pulling fraud out of hidden places (#2 of 6 Fraud Fundamental)
Fraud Prevention & Detection Answer - Stop the incident, reduce the severity (#3 of 6 Fraud Fundamental)
Training & Awareness Answer - Feeds ID program, faster detection, deterrence (#4 of 6 Fraud Fundamental)
Response Answer - What to do when an event happens, best established in advance. (#5 of 6 Fraud Fundamental)
Portfolio Management Answer - Routines you use to effectively manage this loss type (#6 of 6 Fraud Fundamental)
Elements of Fraud Detection Framework Answer - Fraud Policy, Identification, Prevention & Detection, Training & Awareness, Response, Portfolio Management
PII (Personally identifiable information) Answer - Identity information such as full name, SSN, address, personal characteristics, linkable information (DOB, religion, etc) True Name Fraud Answer - Criminals represent them self as the consumer, using the exact PII of the victim. Hard to detect.
Synthetic Identity Answer - Do not use full PII of an individual, may use all fictitious or combination of real and fake.
Account Takeover Answer - Criminal use stolen credentials or PII to gain access or call Call Center and identify themselves as victim.
Social Engineering Answer - Attempt to extract sensitive data from humans.
Data Compromise Answer - Criminals harvest data from computer or other sources.
Pretext Call Answer - Pretend to be someone else
Phishing Answer - Social engineering in which criminals force emails from seemingly legitimate business to trick recipients into divulging PII or other account credentials.
Phreaking Answer - attacking phone systems to obtain free phone line access, use phone lines to transmit malware, and to access, steal, and destroy data
Spear Phishing Attack Answer - Phishing attacks that target large groups of people. the perpetrators find out as much information about an individual as possible to improve their chances that phishing techniques will be able to obtain sensitive, personal information
Whaling Answer - targeted to senior business executives and government leaders
Pharming Answer - A phishing attack that automatically redirects the user to a fake site.
Vishing Answer - Phishing attacks committed using telephone calls or VoIP systems.
Smishing Answer - Phishing attacks committed using text messages (SMS).
Dumpster Diving Answer - The act of digging through trash receptacles to find information that can be useful in an attack.
Mass Data Compromise Answer - Hundreds, thousands or millions of records are hacked from databases.
Malware Answer - software that is intended to damage or disable computers and computer systems.
Red Flags Rule Answer - Promulgated under FACTA, the Red Flags Rule requires certain financial entities to develop and implement identity theft detection programs to identify and respond to "red flags" that signal identity theft.
Fraud Risk Factors Answer - Fraud event, customer experience and regulatory compliance
Fraud Levers Answer - Prevention, Detection, Response
First Party Fraud Answer - Individual who unjustly profits from fraud or misuse of account in own identity at the bank
Third Party Fraud Answer - Occurs when someone other than the applicant or account owner is responsible for fraud behavior
Fraud Management Program Answer - Exposure to fraud varies based on geographic concentrations, product (convenience, diversity), weak controls
Fraud Policy Answer - Establish your bank's posture relative to fraud (#1 of 6 Anti Fraud Fundamental)
Fraud Identification Answer - Effort must be placed on pulling fraud out of hidden places (#2 of 6 Fraud Fundamental)
Fraud Prevention & Detection Answer - Stop the incident, reduce the severity (#3 of 6 Fraud Fundamental)
Training & Awareness Answer - Feeds ID program, faster detection, deterrence (#4 of 6 Fraud Fundamental)
Response Answer - What to do when an event happens, best established in advance. (#5 of 6 Fraud Fundamental)
Portfolio Management Answer - Routines you use to effectively manage this loss type (#6 of 6 Fraud Fundamental)
Elements of Fraud Detection Framework Answer - Fraud Policy, Identification, Prevention & Detection, Training & Awareness, Response, Portfolio Management
PII (Personally identifiable information) Answer - Identity information such as full name, SSN, address, personal characteristics, linkable information (DOB, religion, etc) True Name Fraud Answer - Criminals represent them self as the consumer, using the exact PII of the victim. Hard to detect.
Synthetic Identity Answer - Do not use full PII of an individual, may use all fictitious or combination of real and fake.
Account Takeover Answer - Criminal use stolen credentials or PII to gain access or call Call Center and identify themselves as victim.
Social Engineering Answer - Attempt to extract sensitive data from humans.
Data Compromise Answer - Criminals harvest data from computer or other sources.
Pretext Call Answer - Pretend to be someone else
Phishing Answer - Social engineering in which criminals force emails from seemingly legitimate business to trick recipients into divulging PII or other account credentials.
Phreaking Answer - attacking phone systems to obtain free phone line access, use phone lines to transmit malware, and to access, steal, and destroy data
Spear Phishing Attack Answer - Phishing attacks that target large groups of people. the perpetrators find out as much information about an individual as possible to improve their chances that phishing techniques will be able to obtain sensitive, personal information
Whaling Answer - targeted to senior business executives and government leaders
Pharming Answer - A phishing attack that automatically redirects the user to a fake site.
Vishing Answer - Phishing attacks committed using telephone calls or VoIP systems.
Smishing Answer - Phishing attacks committed using text messages (SMS).
Dumpster Diving Answer - The act of digging through trash receptacles to find information that can be useful in an attack.
Mass Data Compromise Answer - Hundreds, thousands or millions of records are hacked from databases.
Malware Answer - software that is intended to damage or disable computers and computer systems.
Red Flags Rule Answer - Promulgated under FACTA, the Red Flags Rule requires certain financial entities to develop and implement identity theft detection programs to identify and respond to "red flags" that signal identity theft.
