Header Ads


Access Products - products that allow consumers to access traditional payment
instruments electronically, generally from remote locations.
American National Standards Institute (ANSI) - a standard-setting
organization; it is the U.S. representative to the International Standards
Organization (ISO).
American Standard Code for Information Interchange (ASCII) - a standard
code for representing characters and numbers that is used on most microcomputers,
computer terminals, and printers.
Applet - a small application program that is designed to do a small, specific job.
Application - a computer program or set of programs that perform the processing
of records for a specific function.
Asynchronous Transfer Mode (ATM) - method of transmitting bits of data one
after another with a start bit and a stop bit to mark the beginning and end of each
data unit. 52
Auditability - the degree to which transactions can be traced and audited through a
Authentication - the process of proving the claimed identity of an individual user,
machine, software component or any other entity.
Authorization - the process of determining what types of activities are permitted.
Usually, authorization is in the context of authentication: once you have
authenticated a user, they may be authorized different types of access or activity.
Bandwidth - the transmission capacity of a computer channel or communications
Bastion Host - a system that has been hardened to resist attack, and which is
installed on a network in such a way that it is expected to potentially come under
attack. Bastion hosts are often components of firewalls, or may be "outside" web
servers or public access systems.
Biometrics - a method of verifying an individual’s identity by analyzing a unique
physical attribute.
Browser - a computer program that enables the user to retrieve information that
has been made publicly available on the Internet; also permits multimedia (graphics)
applications on the World Wide Web.
Chip - an electronic device consisting of circuit elements on a single silicon chip. The
most complex circuits are microprocessors, which are single chips that contain the
complete arithmetic and logic units of computers.
Chip Card - also known as an integrated circuit (IC) card. A card containing one or
more computer chips or integrated circuits for identification, data storage or specialpurpose processing used to validate personal identification numbers, authorize
purchases, verify account balances and store personal records.
Client-Server Network - a method of allocating resources in a local area network
so that computing power is distributed among computer workstations in the network
but some shared resources are centralized in a file server.
Closed Network - a telecommunications network that is used for a specific purpose,
such as a payment system, and to which access is restricted (also referred to as a
private network).
Closed Stored Value System - a system in which value is issued and accepted by
either a relatively small group of merchants, or in which the system is limited
geographically (i.e., university programs and fare cards for mass transit systems).
Code - computer programs, written in machine language (object code) or
programming language (source code).
Computer Emergency Response Team (CERT) - located at Carnegie-Mellon
University, this incident response team offers advisories, which contain enormous
amounts of useful, specific security information. 53
Cracker - a computer operator who breaks through a system’s security. This can be
legitimate activity, such as to test system security measures.
Cryptography - the principles, means, and methods for rendering information
unintelligible and for restoring encrypted information to intelligible form (i.e.,
scrambling a message).
Cyber Mall - a set of electronic or digital storefronts linked through a common web
Database Administrator (DBA) - the individual with authority to control the data
base management system.
Data Encryption Standard (DES) - U.S. government standard for data encryption
method published by the National Institute of Standards and Technology for the
encryption of sensitive U.S. government data which does not fall under the category
of national security related information. The DES uses a 64-bit key.
Data Integrity - the property that data meet with a priority expectation of quality.
Dedicated - assigned to only one function.
Dial-up - the ability of a remote user to access a system by using private or
common carrier telephone lines.
Digital - referring to communications processors, techniques, and equipment where
information is encoded as a binary "1" or "0".
Digital Certification - a process to authenticate (or certify) a party’s digital
signature; carried out by trusted third parties.
Digital Signatures - a mathematical encryption technique that associates a specific
person with a given computer file and indicates that the file has not been altered
since that person signed it; should not be confused with making an electronic
representation of a written signature.
Distributed Transaction Processing - application processing that involves multiple
users requiring concurrent access to a single shared resource.
Domain Name - an alphanumeric name for a web site that includes both the online
address and online name.
Download - to transmit a file or program from a central computer to a smaller
computer or a remote site.
Electronic Cash - the digital equivalent of dollars and cents (also referred to as
digital cash).
Electronic Data Interchange (EDI) - the transfer of information between
organizations in machine-readable form.
Electronic Document - the digital or computer equivalent of paper documents. 54
Electronic Money - monetary value measured in currency units stored in electronic
form on an electronic device in the consumer’s possession. This electronic value can
be purchased and held on the device until reduced through purchase or transfer.
Electronic Purse - a stored value device that can be used to make purchases from
more than one vendor.
E-mail - messages people send to one another electronically from one computer to
Encryption (Cryptography) - the process of scrambling data by a device or
encoding principle (mathematical algorithms) so that the data cannot be read
without the proper codes for unscrambling the data.
End-to-end Encryption - the protection of information passed in a
telecommunications system by cryptographic means, from point of origin to point of
Ethernet - a type of local area network originally developed by Xerox,
communication takes place by means of radio frequency signals carried over coaxial
File Transfer Protocol (FTP) - a standard way of transferring files from one
computer to another on the Internet.
Firewall - a system or combination of hardware and software solutions that enforces
a boundary between two or more networks.
Flowchart - a programming tool to graphically present a procedure by using
symbols to designate the logic of how a problem is solved.
Gateway - a computer that performs protocol conversion between different types of
networks or applications.
Graphical User Interface (GUI) - a way of communicating with a computer by
manipulating icons (pictures) and windows with a mouse.
Groupware - software that allows a group of people to work on the same data
through a network, by facilitating file sharing and other forms of communication.
Hacker - a computer operator who breaks into a computer without authorization,
either for malicious reasons or just to prove it can be done.
Home Banking - banking services that allow a customer to interact with a financial
institution from a remote location by using a telephone, television set, terminal,
personal computer, or other device to access a telecommunication system which
links to the institution’s computer center.
Home Page - a screen of information made available to users through the Internet
or a private intranet; it is the "main page" that users are expected to read first in
order to access the other pages that comprise the web site. 55
Host - also known as a host computer that is the primary or controlling computer in
a computer network, generally involving data communications or a local area
Hypertext - electronic documents that present information that can be connected
together in many different ways, instead of sequentially.
Hypertext Markup Language (HTML) - a set of codes that can be inserted into
text files to indicate special typefaces, inserted images, and links to other hypertext
Hypertext Transfer Protocol (HTTP) - a standard method of publishing
information as hypertext in HTML format on the Internet.
Incident Response Team - a team of computer experts (internal or external)
organized to protect an organization’s data, systems, and other assets from attack
by hackers, viruses, or other compromise.
Integrated Circuit Card (IC Card) - a plastic card in which one or more integrated
circuits are embedded (also called a chip card).
Integrated Services Digital Network (ISDN) - a type of all-digital telephone
service. ISDN lines provide a connection that can transmit digital data as well as
voice, without a modem.
International Organization for Standardization/Open Systems
Interconnection (ISO/OSI) – an international standard-setting organization. ANSI
is the U.S. representative.
Internet - a worldwide network of computer networks (commonly referred to as the
Information Superhighway).
Internet Service Provider (ISP) - an entity that provides access to the Internet
and related services, generally for a fee.
Interoperability - the compatibility of distinct applications, networks, or systems.
Intranet - a private network that uses the infrastructure and standards of the
Internet and World Wide Web, but is cordoned off from the public Internet through
firewall barriers.
Issuer - in a stored value or similar prepaid electronic money system, the entity
which receives payment in exchange for value distributed in the system and which is
obligated to pay or redeem transactions or balances presented to it.
Key - A secret value or code used in an encrypting algorithm known by one or both
of the communicating parties.
Local Area Network (LAN) - a network that connects several computers that are
located nearby (in the same room or building), allowing them to share files and
devices such as printers. 56
Lock and Key Protection System - a protection system that involves matching a
key or password with a specific access requirement.
Logging - the storing of information about events that occurred on the firewall or
Magnetic Stripe - used on debit, credit, and identification cards to store encoded
information read by card readers; less secure than computer chip cards.
Memory Card - an integrated circuit (IC) card capable of storing information only.
Middleware - facilitates the client/server connections over a network and allows
client applications to access and update remote databases and mainframe files.
National Institute for Standards and Technology (NIST) – an established US
agency, within the Department of Commerce to develop technical, management,
physical and administrative standards and guidelines for the cost effective security
and privacy of sensitive information in Federal computer systems. NIST issues the
Federal Information Processing Standards (FIPS).
Navigation - moving through a complex system of menus or help files.
Network - a group of computers connected by cables or other means and using
software that enables them to share equipment and exchange information. A system
of software and hardware connected in a manner to support data transmission.
Node - any device, including servers and workstations, connected to a network.
Also, the point where devices are connected.
Non-repudiable Transactions - transactions that cannot be denied after the fact.
Offline - equipment or devices that are not in direct communication with the central
processor of a computer system, or connected only intermittently.
Online - equipment or devices that communicate with a computer network.
Connections can be direct (as in a LAN using dedicated connections) or indirect (as in
using the Internet).
Online Scrip - debit accounts on the Internet or other major computer network.
Online Service Providers (OSP) - closed network services that provide access to
various computer sites or networks for a fee.
Open Network - a telecommunications network to which access is not restricted.
Open Stored Value System - a system that may be comprised of one or more
electronic cash issuers of stored value that is accepted by multiple merchants or
Operating System - a program that controls a computer and makes it possible for
users to enter and run their own programs. 57
Packet Switching - a data transmission method that routes packets along the most
efficient path and allows a communication channel to be shared by multiple
Password - a unique word or string of characters that a programmer, computer
operator, or user must supply to satisfy security requirements before gaining access
to the system or data.
Password Cracker - a software program designed to conduct an automated brute
force attack on the password security controls of an information system by
"guessing" user passwords.
Password Sniffer - a software program that is illicitly inserted somewhere on a
network to capture user passwords as they pass through the system.
Payment System - a financial system that establishes the means for transferring
money between suppliers and users of funds, usually by exchanging debits or credits
between financial institutions.
Personal Identification Number (PIN) - a sequence of digits used to verify the
identity of a device holder.
Piggyback (Between-the-lines Entry) - a means of gaining unauthorized access
to a system via another user’s legitimate connection.
Point of Sale (POS) - a system of terminals that debits or charges a customer’s
account and credits or pays a merchant’s account to effect payment for purchases at
retail establishments.
Prepaid Card - a card on which value is stored, and for which the holder has paid
the issuer in advance.
Privacy - in the context of a payment system, the property that no information
which might permit determination of transactions may be collected without the
consent of the counterparties involved.
Protocols - a standardized set of rules that define how computers communicate with
each other.
Proximity Cards - cards that can be read from a short distance; mainly used for
security and vehicle identification.
Public Key Cryptography - type of cryptography in which the encryption process is
publicly available and unprotected, but in which a part of the decryption key is
protected so that only a party with knowledge of both parts of the decryption process
can decrypt the cipher text.
Remote Payment - a payment carried out through the sending of payment orders
or payment instruments.
Repudiation - the denial by one of the parties to a transaction of participation in all
or part of that transaction or of the content of the communication. 58
Router - a computer system in a network that stores and forwards data packets
between local area networks and wide area networks.
Scattering - the process of mixing the integrated circuit (IC) chip components so
that they cannot be analyzed easily.
Search Engines - software programs that are capable of locating specified
information or web sites on the Internet.
Secure Electronic Transaction (SET) - a set of standards jointly developed by
Visa, MasterCard, and several technologies companies to facilitate secure credit card
transactions over the Internet.
Secure Hypertext Transfer Protocol (SHTTP) - provides secure communication
mechanisms between an HTTP client-server pair.
Secure Socket Layer (SSL) - a protocol for providing data security during
transmission using data encryption, server authentication, and message integrity.
Server - a computer that provides services to another computer (the client).
Settlement - an act that discharges obligations with respect to funds or securities
transfers between two or more parties.
Settlement system - a system used to facilitate the settlement of transfers of
Simple Mail Transfer Protocol (SMTP) - a protocol used to transfer electronic
mail between computers on the Internet.
Smart Card - a card with a computer chip embedded, on which financial, health,
educational, and security information can be stored and processed.
Specification - documents that contain basic detailed data.
Spoofing - an attempt to gain access to a system by posing as an authorized user.
Standards - the rules under which analysts, programmers, operators, and other
personnel in an information service organization work.
Stored Value Card - a card that stores prepaid value via magnetic stripe or
computer chip.
Structured Query Language (SQL) - a query language used to manipulate large
System Integrity - the quality that a system has when it performs its intended
function in an unimpaired manner, free from deliberate or inadvertent manipulation
of the system.
System Specification - a baseline specification containing all the essential
computer-based business system documentation. It is completed at the end of the
Development Phase. 59
Systemic Risk - the risk that the failure of one participant in a funds transfer
system, or in financial markets generally, to meet its required obligations will cause
other participants or financial institutions to be unable to meet their obligations when
Systems Analysis - the performance, management, and documentation of the four
phases of the life cycle of a business system: study, design, development, and
Tamper-evident - the capacity of devices to show evidence of physical attack.
Tamper-proof - the proven capacity of devices to resist all attacks.
Tamper resistant - the capacity of devices to resist physical attack up to a certain
Telecommunications - data transmission between a computing system and
remotely located devices via telephone lines, cable, or wireless technology.
Telnet - a protocol that permits users to access a remote terminal or another
computer through a network; widely used on the Internet.
Threat Monitoring - the analysis, assessment, and review of audit trails and other
data collected for the purpose of searching out system events that may constitute
violations or attempted violations of system security.
Throughput - the total amount of useful work performed by a data processing
system during a given period of time.
Topology - the arrangement of nodes usually forming a star, ring, tree, or bus
Traceability - the degree to which transactions can be traced to the originator or
recipient (also referred to as auditability).
Transferability - in electronic money systems, the degree to which an electronic
balance can be transferred between devices without interaction with a central
Transmission Control Protocol/Internet Protocol (TCP/IP) - a standard format
for transmitting data in packets from one computer to another, on the Internet and
within other networks. TCP deals with the construction of the data packets while IP
routes them from machine to machine.
Trap Door - a concealed and unauthorized entrance into a computer operating
system, designed by the programmer.
Trojan Horse - a program that appears to perform a useful function and sometimes
does so quite well but also includes an unadvertised feature, which is usually
malicious in nature. 60
Truncation - dropping off part of a character string either to conserve space or
because of limited space.
Trusted Computer System - a system that employs sufficient assurance measures
to allow its use for simultaneous processing of a range of sensitive or classified
Trusted Third Party - a reputable entity that authenticates one or more parties to
an electronic transaction. The authentication process generally involves the issuance
and administration of digital certificates.
Uniform Resource Locator or Universal Resource Locator (URL) - a way of
specifying the location of available information on the Internet.
Upload - to transmit a file to a central computer from a smaller computer or a
remote location.
Usenet - a set of many newsgroups distributed via the Internet.
Virtual Corporations - corporations that have no official physical site presence and
are made up of diverse geographically dispersed or mobile employees.
Virus - a program with the ability to reproduce by modifying other programs to
include a copy of itself. It may contain destructive code that can move into multiple
programs, data files, or devices on a system and spread through multiple systems in
a network.
Vulnerability - a weakness in system security procedures, system design,
implementation, internal controls, etc., that could be exploited to violate system
Web Page - a screen of information supporting the home page of a web site.
Web Site - the collection of an entity’s home page and other proprietary pages
located on the World Wide Web.
Wide Area Network (WAN) - a communications network that covers a wide
geographic area, such as state or country, using high speed long distance lines or
satellites provided by a common carrier.
World Wide Web (web, www) - a sub network of the Internet through which
information is exchanged via text, graphics, audio, and video.
Worm - a program that scans a system or an entire network for available, unused
space in which to run. Worms tend to tie up all computing resources in a system or
on a network and effectively shut it down. 

No comments

Powered by Blogger.