What is a fraud attempt? How is the result of a fraud attempt defined exactly?
Usually, during FAR determination, a fraud attempt is an attack using the characteristics of non-authorized persons. This, however, pretends a high security which may not be present since there are a lot of further possibilities for promising attacks. A fraud attempt is successful if the user interface of the application provides a “successful” message or if the desired access is granted. A fraud attempt counts as rejected if the user interface of the application provides an “unsuccessful” message. In cases where no “unsuccessful” message is available, a verification time interval has to be given to ensure comparability. If the verification time interval has expired the fraud attempt is counted unsuccessful.
