The Retail Fraud Taxonomy is a knowledge base of retail theft, fraud and abuse techniques derived from real-world observations, aimed at enhancing the community's ability to define, understand, prepare for, mitigate and detect fraud. The Taxonomy provides coverage of fraud behaviors, mitigations and detections from a wide range of fraud professionals. By categorizing techniques and related countermeasures,the Framework serves as an effective tool for education, communication, security assessments, team exercises and resource prioritization. This will help organizations bolster their defenses against the evolving landscape of fraud threats.
The main feature of the Retail Fraud Taxonomy Viewer is the ability for the users to have custom views of the fraud taxonomy information - e.g. showing just those techniques for a particular platform or highlighting techniques a specific adversary has been known to use. Custom techniques/sub-techniques can be created interactively within the tool or generated programmatically and then visualized via the Taxonomy Viewer.
The Retail Fraud Taxonomy Viewer is hosted live via GitHub Pages. You can find a live instance of the current version of the Retail Fraud Taxonomy Viewer here
Please see Install and Run for information on how to get the NRF Retail Fraud Taxonomy Viewer set up locally.
Important Note: The new custom files uploaded when visiting our tool instance hosted on GitHub Pages are NOT being stored on the server side, as the Taxonomy Viewer is a client-side only application. However, we still recommend installing and running your own instance of the Retail Fraud Taxonomy Viewer if your custom files contain any sensitive content.
Use our GitHub Issue Tracker to let us know of any bugs or others issues that you encounter. We also encourage pull requests if you've extended the Retail Fraud Taxonomy Viewer in a cool way and want to share back to the community!
See CONTRIBUTING.md for more information on making contributions to the NRF Retail Fraud Taxonomy Viewer.
- Chrome
- Firefox
- Edge
- Opera
- Safari
- Stay at the root directory
- Run
npm install
- Run
npm startwithin the root directory - Navigate to
http://localhost:5173/retail-fraud-taxonomy-viewer/in browser
To create custom techniques to the Retail Fraud Taxonomy Viewer-
- The json file needs to be created referring to an eg
src/content/techniques/reconaissance.json. Each file needs to have exactly the same json keys for it to show up on the application. - Place it into directory
src/content/techniques/
If you want to embed the Navigator in a webpage, use an iframe:
<iframe src="https://target.github.io/retail-fraud-taxonomy-viewer/" width="1000" height="500"></iframe>Provides a consistent set of terms and definitions to describe retail fraud behavior to standardize communication across different industries and domains. This unified language facilitates enhanced cross-team collaboration and improves industry-wide communications, ensuring that all stakeholders have a clear and common understanding of the threats they face.
Provides a consistent set of terms and definitions to describe retail fraud behavior to standardize communication across different industries and domains. This unified language facilitates enhanced cross-team collaboration and improves industry-wide communications, ensuring that all stakeholders have a clear and common understanding of the threats they face.
Establishes a standardized lexicon and methodology to describe fraud techniques so professionals can effectively educate the industry and disseminate awareness about potential threats and their countermeasures. This common framework enables a unified approach to understanding and combating retail fraud, ensuring that knowledge about risks and defensive strategies is consistently communicated across various stakeholders.
Offers practical, real-world techniques to aid in modeling potential fraud schemes and developing scenarios. This can guide participant actions and responses. This approach ensures that simulations are grounded and provide actionable insights, enabling participants to effectively strategize and respond to dynamic threat environments. This method not only enhances the realism of training exercises but also boosts the preparedness of teams to manage and mitigate actual fraud incidents.
The NRF Retail Fraud Taxonomy is a collaborative initiative led and sponsored by the National Retail Federation, through its Center for Digital Risk & Innovation (CDRI), in partnership with Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) and the Target Corporation along with other retail industry members. The Chertoff Group serves as technical advisor and project manager.