Skip to main content
Hero Banner
Cyber & enterprise risk terms banner

Glossary: Cyber and enterprise risk terms

What is anti-money laundering (AML)?

Anti-money laundering (AML) is the prevention, detection and reporting by financial institutions of money laundering, which is often combined with combating the financing of terrorism (CFT) as part of know your customer (KYC) processes. → Financial Action Task Force (FATF) 

 

What is biometric authentication?

Biometric authentication is the use of biometrics, such as a fingerprint or a facial scan, to verify people’s identities. 

 

What is Basel III?

Basel III is the most recent version of the international regulatory framework developed by the Basel Committee on Banking Supervision (BCBS). 

 

What are the Basel Accords?

The Basel Accords are international frameworks, which build on each other and of which the latest is Basel III, developed by the Basel Committee on Banking Supervision (BCBS) to ensure the operational resilience of banks. 

 

What is the Basel Committee on Banking Supervision (BCBS)?

The Basel Committee on Banking Supervision (BCBS) is the international organization behind the Basel Accords, which is hosted by the Bank for International Settlements (BIS) but functionally independent from it. 

 

What is big-game hunting (BGH)?

Big-game hunting (BGH) is a focus on large organizations by cybercriminals for bigger payouts. 

 

What is a black hat hacker?

A black hat is an individual hacker as opposed to an organized cybercrime group. → white hat 

 

What is blue teaming?

Blue teaming is defending an organization from a pretend cyberattack simulated by red teaming. 

 

What is breach & attack simulation?

Breach & attack simulation is the use of a replica of a business system to host continuous simulations of breaches and attacks without needing to interrupt daily business. 

 

What is a brute-force attack?

A brute-force attack is a cyberattack using multiple trial-and-error attempts to guess login credentials. → credential stuffing 

 

What is a chargeback?

A chargeback is a card issuer making a merchant reverse a card payment in response to a cardholder disputing a payment. → friendly fraud 

 

What is chargeback fraud?

Chargeback fraud is an alternative term for friendly fraud. 

 

What is the CIA triad?

The CIA triad is three cornerstones of cybersecurity: confidentiality to keep data private, integrity to keep data accurate, and availability to keep data accessible. 

 

What is combating the financing of terrorism (CFT)?

Combating the financing of terrorism (CFT) is the prevention, detection and reporting by financial institutions of terrorism, which is often combined with anti-money laundering (AML) as part of know your customer (KYC). → Financial Action Task Force (FATF) 

 

What is customer due diligence (CDD)?

Customer due diligence (CDD) is the part of know-your-customer (KYC) that follows a customer identification program (CIP) by continually monitoring the financial behavior of a customer. 

 

What is a customer identification program (CIP)?

A customer identification program (CIP) is the initial stage of know-your-customer (KYC) that verifies a customer’s identity, although sometimes KYC is used solely to refer to CIP rather than as an umbrella term. 

 

What is credential stuffing?

Credential stuffing is a type of cybercrime using a list of stolen credentials from one organization on another organization in the hope that someone has re-used the same login credentials there. → brute-force 

 

What is cyber risk quantification?

Cyber risk quantification is assigning context-specific numerical values to the risk of cybercrime instead of qualitative assessments based on abstract risk. 

 

What is a cyberattack?

A cyberattack is a cybercrime-based attack that may involve activities like phishing, brute force, credential stuffing and the use of malware and ransomware. 

 

What is cybercrime?

Cybercrime is a crime involving unauthorized access to network data and digital infrastructure via a cyberattack. 

 

What is cybersecurity?

Cybersecurity is protection against cybercrime. → data security, data protection 

 

What is ecosystem resilience?

Ecosystem resilience is a reorientation of cybersecurity and third-party risk management (TPRM) around a collective mindset rather than around individual security and discrete one-to-one relationships. 

 

What is eKYC?

E-KYC is know your customer (KYC) conducted electronically. 

 

What is EMV 3-D secure (EMV 3DS)?

EMV 3-D secure (EMV 3DS) is EMV specifications for the exchange of information between the three domains of acquirer, scheme and issuer to securely authenticate transactions. 

 

What is the Financial Action Task Force (FATF)?

The Financial Action Task Force (FATF) is an intergovernmental organization dedicated to anti-money laundering (AML) and combating the financing of terrorism (CFT). 

 

What is friendly fraud?

Friendly fraud is a consumer, deceitfully or erroneously, disputing a legitimate card payment to trigger a chargeback. 

 

What is inherent risk?

Inherent risk is the amount of risk that naturally exists before any mitigation. → residual risk 

 

What is the International Accounting Standards Board (IASB)?

The International Accounting Standards Board (IASB) is a board in the International Financial Reporting Standards (IFRS) foundation that covers accounting standards. → International Sustainability Standards Board (ISSB) 

 

What is the International Financial Reporting Standards (IFRS) foundation?

The International Financial Reporting Standards (IFRS) foundation is an organization that publishes accounting and sustainability standards through two boards: the International Accounting Standards Board (IASB) and the International Sustainability Standards Board (ISSB). 

 

What is know your customer (KYC)?

Know your customer (KYC) is the process of vetting and monitoring a customer, which includes customer identification program (CIP), customer due diligence (CDD), anti-money laundering (AML) and combating the financing of terrorism (CFT). → know your transaction (KYT) 

 

What is know your transaction (KYT)?

Know your transaction (KYT) is the process of vetting and monitoring a transaction as an add-on to know your customer (KYC). 

 

What is malware?

Malware is malicious software used in a cyberattack. → ransomware 

 

What is multifactor authentication (MFA)?

Multifactor authentication (MFA) is the use of at least two different ways to validate an individual’s identity before granting access. → two-factor authentication (2FA), strong customer authentication (SCA) 

 

What is a one-time password (OTP)?

A one-time password (OTP) is a password that may be used for a single login within a certain time and is often used as part of two-factor authentication (2FA) or multifactor authentication (MFA). 

 

What is the Payment Card Industry Security Standards Council (PCI SSC)?

The Payment Card Industry Security Standards Council (PCI SSC) is the payment network consortium that maintains the payment card industry data security standard (PCI DSS). 

 

What is the payment card industry data security standard (PCI DSS)?

The payment card industry data security standard (PCI DSS) is a set of security requirements maintained by the Payment Card Industry Security Standards Council (PCI SSC) for any business involved in card payments. 

 

What is penetration testing (pen testing) 

Penetration testing (pen testing) is individuals, usually white hat hackers, identifying known vulnerabilities in a system and then exploiting them to test the system’s cybersecurity. → vulnerability scanning 

 

What is phishing?

Phishing is a cyberattack involving posing as a legitimate entity to persuade people to reveal sensitive data. → spear phishing 

 

What is ransomware?

Ransomware is a form of malware designed to encrypt or remove data and then hold it hostage. 

 

What is ransomware as a service (RaaS)?

Ransomware as a service (RaaS) is the provision of ransomware to cybercriminals so they can use it without having to create it themselves. 

 

What is red teaming?

Red teaming is simulating a cyberattack on an organization to test its cybersecurity and is often used in tandem with blue teaming for defense. 

 

What is residual risk?

Residual risk is the amount of risk that remains after attempts to mitigate inherent risk. 

 

What is risk-based authentication (RBA)?

Risk-based authentication (RBA) is the determination of appropriate degrees of authentication, such as how many factors in multi-factor authentication (MFA), based on individual risk profiles. 

 

What is the same risk, same regulatory outcome principle?

The “same risk, same regulatory outcome” principle is the assumption that an activity posing the same risk as another regulated activity should be regulated to an equivalent level. 

 

What is spear phishing?

Spear phishing is a focused instead of mass-based approach to phishing that carefully targets a specific individual or group of individuals. 

 

What is stress testing?

Stress testing is a computer simulation to test the resilience of a financial institution in the event of sudden adverse changes in market conditions, which was formally introduced in the second of the Basel Accords. 

 

What is strong customer authentication (SCA)?

Strong customer authentication (SCA) is the EU and UK regulatory requirement for two-factor authentication (2FA) and multi-factor authentication (MFA). 

 

What is a supply-chain attack?

A supply-chain attack is a cyberattack to a business’s supply chain partner as an attempt to gain access to the business itself. → third-party risk management (TPRM) 

 

What is the Swiss cheese model?

The Swiss cheese model is a model used to analyze risk based on holes in defensive layers, analogous to slices of Swiss cheese, that are increasingly unlikely to line up and cause damage as the layers increase. 

 

What is systemic risk?

Systemic risk is risk to an entire system rather than an individual part. 

 

What is third-party risk management (TPRM)?

Third-party risk management (TPRM) addresses risks, such as a supply-chain attack, to a business coming indirectly via partners rather than directly to the business itself. → ecosystem resilience 

 

What is two-factor authentication (2FA)?

Two-factor authentication (2FA) is the use of two different ways to validate an individual’s identity before granting access. → multifactor authentication (MFA), strong customer authentication (SCA) 

 

What is vulnerability scanning?

Vulnerability scanning is the use of databases of known vulnerabilities to automatically detect weaknesses in cybersecurity. → penetration testing (pen testing) 

 

What is a white hat hacker?

A white hat is an ethical hacker who conducts cybersecurity testing that often involves penetration testing (pen testing). → black hat

Related resources

AI & advanced analytics terms
Glossary
Glossary: AI and advanced analytics terms

From “A/B testing” to “variance error” — All the AI and advanced analytics terms you need to know in one sentence each.

Data strategy & management terms_Teaser
Glossary
Glossary: Data strategy and management terms

From “account information service provider” to “web scraping” — All the data strategy and management terms you need to know in one sentence each.

Economics terms_Teaser
Glossary
Glossary: Economics terms

From “agency bank” to “yield curve” — All the economics terms you need to know in one sentence each.