Information Technology Auditor's Glossary:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 13:08, 9 April 2007 by Mdpeters (talk | contribs) (New page: ==Information Technology Auditor's Glossary== ==A== '''Acceptance Criteria''' Pre-established standards or requirements a product or project must meet. '''Account aggregation''' A servic...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Information Technology Auditor's Glossary

A

Acceptance Criteria Pre-established standards or requirements a product or project must meet.

Account aggregation A service that gathers information from many websites, presents that information to the customer in a consolidated format, and, in some cases, may allow the customer to initiate activity on the aggregated accounts. Aggregation services typically involve three different entities: (1) The aggregator that offers the aggregation service and maintains information on the customer's relationships/accounts with other on-line providers. (2) The aggregation target or website/entity from which the information is gathered or extracted by means of direct data feeds or screen scraping. (3) The aggregation customer who subscribes to aggregation services and provides customer IDs and passwords for the account relationships to be aggregated.

Account Balancing Monitoring System (ABMS) The Federal Reserve’s computing system providing reserve account information to the Federal Reserve Banks and depository institutions (DI) on an intraday basis. ABMS serves both as an informational source and a monitoring tool. This information includes opening balances, funds and security transfers, accounting activity, and DI cap and collateral limits.

Account management Activities such as balance inquiry, statement balancing, transfers between the customer’s accounts at the same financial institution, maintenance of personal information, etc.

ACL Acronym for access control list

Acquirer fee Fee paid to the acquirer of the merchant sales draft. The acquirer of the sales draft collects a merchant discount fee (or processing fee) from the merchant for the costs associated with processing the transaction.

Acquiring bank and acquirer See Merchant acquirer.

Address verification service (AVS) Bankcard association service that verifies the customer provided billing address matches the billing address on their credit card account. The bankcard associations will not support merchants that opt not to use AVS if those transactions are disputed and will charge the merchant an additional 1.25 percent on those sales.

Administrative access Individuals or terminals authorized to perform network administrator or system administrator functions.

Agent bank A member of a bankcard association that agrees to participate in an acquirer’s merchant processing program. The agent may or may not be liable for losses incurred on its merchant accounts. An agent is usually a small community financial institution that wants to offer merchant processing services as a customer service. Agent banks that only refer merchants to an acquiring financial institution’s program are known as referral banks.

Aggregate Short Position The sum of a Settlement Member’s short positions, each such short position expressed in its base currency equivalent and adjusted by the applicable haircut.

Aggregate Short Position Limit In respect of a Settlement Member, the maximum aggregate short position that such Settlement Member is permitted to incur at any time.

Aggregation See Account aggregation.

Antivirus software Computer programs that offer protection from viruses by making additional checks of the integrity of the operating system and electronic files. Also known as virus protection software

Applet A small program that typically is transmitted with a Web page.

Application 1) A software program designed for use by end users. 2) Software that performs automated functions for a user. Examples include home banking, word processing, and payroll. Distinguished from operating system or utility software.

Application controls Controls related to transactions and data within application systems. Application controls ensure the completeness and accuracy of the records and the validity of the entries made resulting from both programmed processing and manual data entry. Examples of application controls include data input validation, agreement of batch totals and encryption of data transmitted

Application system An integrated set of computer programs designed to serve a well-defined function and having specific input, processing, and output activities (e.g., general ledger, manufacturing resource planning, human resource management).

ATM Asynchronous transfer mode. The method of transmitting bits of data one after another with a start bit and a stop bit to mark the beginning and end of each data unit. Can also mean automated teller machine.

Audit charter A document approved by the board of directors that defines the IT audit function's responsibility, authority to review records, and accountability.

Audit plan A description and schedule of audits to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited, the type of work planned, the high-level objectives and scope of the work and includes other items such as budget, resource allocation, schedule dates, and type of report issued.

Audit program The audit policies, procedures, and strategies that govern the audit function, including IT audit.

AUP An acceptable use policy. It documents permitted system uses and activities for a specific user, and the consequences of noncompliance.

Authentication 1) The process of verifying the claimed identity of an individual user, machine, software component, or any other entity. 2) The verification of identity by a system based on the presentation of unique credentials to that system.

Authorization The process of giving access to parts of a system, typically based on the business needs and the role of the individual within the business.

Authorization for ACH A written or oral agreement between the originator and a receiver that allows payments processed through the ACH Network to be deposited in or withdrawn from the receiver’s account at a financial institution.

Automated clearing house (ACH) 1) An electronic clearing system in which a data processing center handles payment orders that are exchanged among financial institutions, primarily through telecommunications networks. ACH systems process large volumes of individual payments electronically. Typical ACH payments include salaries, consumer and corporate bill payments, interest and dividend payments, and Social Security payments. 2) An electronic clearing system in which a data processing center handles payment orders that are exchanged among financial institutions, primarily via telecommunications networks. ACH systems process large volumes of individual payments electronically. Typical ACH payments include salaries, consumer and corporate bill payments, interest and dividend payments, and Social Security payments.

Automated clearing house (ACH) operator A central clearing facility that depository financial institutions use to transmit and receive ACH entries. ACH operators are typically a Federal Reserve Bank or a private-sector organization that operates on behalf of a depository financial institution (DFI).

Automated Controls Software routines designed into programs to ensure the validity, accuracy, completeness, and availability of input, processed, and stored data.

Automated teller machine (ATM) An electronic funds transfer (EFT) terminal that allows customers using a PIN-based debit (ATM) card to initiate transactions (e.g., deposits, withdrawals, account balance inquiries).

Automatic log-on A feature offered by some aggregation services allowing customers to log on by clicking on a hyperlink and thereby causing the usernames and passwords stored at the aggregator to be used to log onto other websites.

B

Back-up Generations A methodology for creating and storing back-up files whereby the youngest (or most recent file) is referred to as the “son,” the prior file is called the “father,” and the file two generations older is the “grandfather.” This back-up methodology is frequently used to refer to master files for financial applications.

Bandwidth Terminology used to indicate the transmission or processing capacity of a system or of a specific location in a system (usually a network system) for information (text, images, video, sound). Bandwidth is usually defined in bits per second (bps) but also is usually described as either large or small. Where a full page of English text is about 16,000 bits, a fast modem can move approx. 15,000 bps. Full-motion, full-screen video requires about 10,000,000 bps, depending on compression.

Bank Identification Number/Interbank Card Association (BIN/ICA) A series of assigned numbers used to identify the settling financial institution for both acquiring and issuing bankcard transactions.

Bankcard A general-purpose credit card, issued by a financial institution under agreement with the bankcard associations (Visa and MasterCard) that customers can use to purchase goods and services and to obtain cash against a line of credit established by the bankcard issuer.

Bankcard associations Visa U.S.A. and MasterCard International Inc. are bankcard associations established as bank service companies. Financial institutions must be members of an association in order to offer their credit card services. The associations have established membership rights and obligations and membership is limited to financial institutions.

Baseline A documented version of a hardware component, software program, configuration, standard, procedure, or project management plan. Baseline versions are placed under formal change controls and should not be modified unless the changes are approved and documented.

Batch processing The transmission or processing of a group of related payment instructions.

Bilateral Key Security A multi-level data encryption system, based on the exchange of Bilateral Keys, allowing users of SWIFT to create, send, and receive SWIFT messages. Bilateral Keys are unique authenticator keys possessed by only the two parties (either the provider or recipient of a message) involved and provide confirmation in both directions of the legitimacy of a message sent via SWIFT.

Bill payment An e-banking application whereby customers direct the financial institution to transfer funds to the account of another person or business. Payment is typically made by ACH credit or by the institution (or bill payment servicer) sending a paper check on the customer's behalf.

Bill presentment An e-banking service whereby a business submits an electronic bill or invoice directly to the customer's financial institution. The customer can view the bill/invoice on-line and, if desired, pay the bill through an electronic payment.

Biometrics The method of verifying a person's identity by analyzing a unique physical attribute of the individual (e.g., fingerprint, retinal scanning).

BPS Bits per second. A measurement of how fast data moves from one place to another. A 28.8 modem can move 28,800 bits per second.

Business Continuity Plan (BCP) A comprehensive written plan to maintain or resume business in the event of a disruption.

Business Impact Analysis (BIA) The process of identifying the potential impact of uncontrolled, non-specific events on an institution's business processes.

C

CAR Courtesy amount recognition. The numeric amount of a check.

Card issuer A financial institution that issues general-purpose credit cards carrying one of the two bankcard association logos. The issuing financial institution establishes the credit relationship with the consumer.

Card verification value (CVV2) Three-digit security number that is printed on the back of most Visa credit cards. CVV2 reduces credit card fraud and chargeback instances significantly when used in conjunction with AVS. See Address verification service (AVS).

Cash letter A group of checks accompanied by a paper listing sent to a clearinghouse, the Federal Reserve, or another financial institution. A cash letter contains a number of negotiable items, usually checks, accompanied by a letter listing the amounts and instructions for transmittal to another financial institution (may also be called a transmittal letter).

An incoming cash letter is received by a financial institution from a clearinghouse, Federal Reserve, or another financial institution and contains checks written on accounts at the institution that were cashed elsewhere.

An outgoing cash letter is sent to a clearinghouse, Federal Reserve, or another financial institution and contains checks deposited at the institution, which are written on accounts at other institutions.

Cellular telephone A wireless telephone that communicates using radio wave antenna towers, each serving a particular “cell” of a city or other geographical area. Areas where cellular phones do not work are referred to as “dead zones.”

Certificate authority (CA) The entity or organization that attests using a digital certificate that a particular electronic message comes from a specific individual or system.

Change management Change management refers to the broad processes for managing organizational change. Change management encompasses planning, oversight or governance, project management, testing, and implementation.

Chargeback A transaction generated when a cardholder disputes a transaction or when the merchant does not follow bankcard association procedures. The issuer and acquirer research the facts to determine which party is responsible for the transaction. The acquirer will have to cover the chargeback if the merchant is unable to pay.

Check A written order from one party (payer) to another (payee) requiring the payer’s financial institution to pay a specified sum on demand to the payee or to a third party specified by the payee.

Check 21 Act Formally known as the Check Clearing for the 21st Century Act. Creates a new document, the IRD (image replacement document or substitute check) that is the legal equivalent of the original check and should be accepted as such. The act does not require institutions to accept electronic images instead of checks or IRDs, but does require the acceptance of IRDs instead of paper checks. The exchange of electronic images is optional and will be done by agreements between individual institutions, groups of institutions, or clearinghouses.

Check clearing The movement of a check from the depository institution at which it was deposited back to the institution on which it was written. The funds move in the opposite direction, with a corresponding credit and debit to the involved accounts.

Check digits A digit in an account number that is calculated from the other digits in the account number and is used to check the account number’s correctness/validity.

Check truncation The practice of holding a check at the institution at which it was deposited (or at an intermediary institution) and electronically forwarding the essential information on the check to the institution on which it was written. A truncated check is not returned to the writer.

Clearance The process of transmitting, reconciling, and in some cases, confirming payment orders or financial instrument transfer instructions prior to settlement.

Clearing corporation A central processing mechanism whereby members agree to net, clear, and settle transactions involving financial instruments. Clearing corporations fulfill one or all of the following functions:

Nets many trades so that the number and the amount of payments that have to be made are minimized,
Determines money obligations among traders, and
Guarantees that trades will go through by legally assuming the risk of payments not made or securities not delivered.

This latter function is what is implied when it is stated that the clearing corporation becomes the “counter-party” to all trades entered into its system. Also known as a clearinghouse or clearinghouse association.

Clearinghouse associations Voluntary associations, formed by financial institutions that establish an exchange for checks drawn on those institutions. Typically, institutions participating in check clearinghouses use the Federal Reserve’s national settlement service for the checks exchanged each business day.

Clearinghouse for Inter-Bank Payment Systems (CHIPS) A “real time”, multilateral final payments system for large dollar value business-to-business payment transactions between domestic or foreign institutions that have offices located in the United States. CHIPS is run by CHIP Co. L.L.C., a subsidiary of the Clearing House.

Clustering Connecting two or more computers together in such a way that enables them to act as a single computer. Clustering is used for parallel processing, load balancing, and fault tolerance.

Code Software program instructions.

Commercially reasonable Hardware and software made available by a reputable firm for use in a commercial environment. Practices and procedures in widespread use in the business community generally considered to represent prudent and reasonable business methods.

Compared and Noncompared Transaction See Matching.

Consumer Usually refers to an individual engaged in noncommercial transactions.

Consumer account A deposit account held by a participating DFI and established by a natural person primarily for personal, family, or household use and not for commercial purposes.

Cookie A message given by a Web server to a Web browser, stored by the Web browser, and returned to the Web server when requested.

Correspondent bank An institution, acting on behalf of other institutions, that can settle the checks they collect for other institutions (respondents) by using accounts on their books or by sending a wire transfer. Generally, a provider of banking and payment services to other financial institutions.

COTS Commercial off-the-shelf. COTS products include software and hardware products that are ready-made and available for sale to the general public. COTS products are typically installed in existing systems and do not require customization. Also known as “shrink-wrap” applications.

Credit card A card indicating the holder has been granted a line of credit. It enables the holder to make purchases or withdraw cash up to a prearranged ceiling. The credit granted can be settled in full by the end of a specified period or can be settled in part, with the balance taken as extended credit. Interest is charged based on the terms of the credit card agreement and the holder is sometimes charged an annual fee.

Credit entry An entry to the record of an account to represent the transfer or placement of funds into the account.

Critical financial markets Financial markets whose operations are critical to the U.S. economy, including markets for fed funds, foreign exchange, commercial paper, and government, corporate, and mortgage-backed securities.

Currency Balance As at the time calculated, the current amount (positive or negative) of a particular eligible currency included in an account, as indicated on the books and records of CLS Bank. A currency balance is not a separate account.

D

DASD Direct access storage device. A magnetic disk storage device historically used in mainframe environments. DASD may also include hard drives used in personal computers.

Data synchronization The comparison and reconciliation of interdependent data files at the same time so that they contain the same information.

Database An organized collection of information stored on one or more electronic files.

Daylight overdraft A daylight overdraft occurs at any point in the business day when the balance in an institution’s account becomes negative. Daylight overdrafts can occur in accounts at Federal Reserve Banks as well as at private financial institutions. Daylight credit can also arise in the form of net debit positions of participants in private payment systems. A daylight overdraft occurs at a Federal Reserve Bank when there are insufficient funds in an institution’s Federal Reserve Bank account to cover outgoing funds transfers or incoming book-entry securities transfers. An overdraft can also be the result of other payment activity processed by the Federal Reserve Bank, such as check or automated clearinghouse transactions.

Debit card A payment card issued as either a PIN-based debit (ATM) card or as a signature-based debit card from one of the bankcard associations. A payment card issued to a person for purchasing goods and services through an electronic transfer of funds from a demand deposit account rather than using cash, checks, or drafts at the point-of-sale.

Debit entry An entry to the record of an account to represent the transfer or removal of funds from the account.

Deferred net settlement See National Settlement Service.

Deliverable A project goal or expectation. Deliverables include broadly-defined project or phase requirements, and specifically-defined tasks within project phases.

Depositary bank The institution at which a check is first deposited.

Depository An institution that holds funds or marketable securities for safekeeping. Depositories may be privately or publicly operated, allow securities transfers through book-entry, and offer funds accounts permitting funds transfers as a means of payment.

Depository bank An institution that accepts deposits.

Dictionary Attack Discovery of authenticators by encrypting likely authenticators, and comparing the actual encrypted authenticator with the newly encrypted possible authenticators.

Digital certificate The electronic equivalent of an ID card that authenticates the originator of a digital signature.

Direct data feed A process used by information aggregators to gather information directly from a website operator rather than copying it from a displayed webpage.

Direct debit Electronic transfer, usually through ACH, out of an individual's checking (or savings) account to pay bills, such as mortgage payments, insurance premiums, and utility payments. Also referred to as “direct payment.”

Direct deposit Electronic deposits or credit usually through ACH to an individual’s deposit account. Common uses of direct deposit include payroll payments, Social Security benefits, and income from investments such as CDs, annuities, and mutual funds.

Direct presentment Depositary banks can present checks directly to the paying institution. The paying institution may be the depositary bank (no settlement is needed), or, if not, may settle on the books of the Federal Reserve, using the Federal Reserve’s national settlement service.

Disaster recovery plan A plan that describes the process to recover from major processing interruptions.

Distributed Environment A computer system with data and program components physically distributed across more than one computer.

DMZ Abbreviation for “demilitarized zone.” A computer or small subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the public Internet.

DNS server Abbreviation for “Domain Name Service server.” A computer that determines Internet Protocol (IP) numeric addresses from domain names presented in a convenient, readable form.

DSL Digital subscriber line. A technology that uses existing copper telephone lines and advanced modulation schemes to provide high-speed telecommunications to businesses and homes.

E

E-banking The remote delivery of new and traditional banking products and services through electronic delivery channels.

Electronic benefits transfer (EBT) A type of EFT system involving the transfer of public entitlement payments, such as welfare or food stamps, through direct deposit or point-of-sale technology (see POS). The recipient can be given an identification card, similar to a benefit card, and a PIN allowing access to the benefits through an electronic network.

Electronic bill presentment and payment (EBPP) An electronic alternative to traditional bill payment, allowing a merchant or utility to present its customers with an electronic bill and the payer to pay the bill electronically. EBPP systems usually fall within two models: direct and consolidation-aggregation. In the direct model, the merchant or utility generates an electronic version of the consumer’s billing information, and notifies the consumer of a pending bill, generally via e-mail.

The consumer can initiate payment of the electronically presented bill using a variety of payment mechanisms, typically a credit card. In the consolidation-aggregation model, the consumer’s bills are consolidated by a consolidator acting on behalf of merchants and utilities (or aggregated on behalf of the consumer), combining data from multiple bills and presenting a single source for the consumer to initiate payment. Some consolidators present bills at their own web sites, typically most support the aggregation of bills by consumer service providers such an Internet portals, financial institutions, and brokerage web sites.

Electronic check presentment (ECP) Check truncation methodology in which the paper check’s MICR line information is captured and stored electronically for presentment. The physical checks may or may not be presented after the electronic files are delivered, depending on the type of ECP service that is used.

Electronic commerce (e-commerce) A broad term encompassing the remote procurement and payment by businesses or consumers of goods and services through electronic systems such as the Internet.

Electronic data capture (EDC) Process used for capturing and transferring the encoded information on the magnetic strip from a bankcard or debit card at the point-of-sale (POS) to the processor’s database.

Electronic funds transfer (EFT) A generic term describing any transfer of funds between parties or depository institutions through electronic data systems.

Electronic Funds Transfer Act (EFTA) The Electronic Funds Transfer Act and Regulation E are designed to ensure adequate disclosure of basic terms, costs, and rights relating to electronic fund transfer (EFT) services provided to consumers. Institutions offering EFT services must disclose to consumers certain information, including: initial and updated EFT terms, transaction information, periodic statements of activity, the consumer’s potential liability for unauthorized transfers, and error resolution rights and procedures. EFT services include automated teller machines, telephone bill payment, point-of-sale transfers in retail stores, fund transfers initiated through the Internet, and preauthorized transfers to or from a consumer’s account.

E-mail server A computer that manages e-mail traffic.

Emergency plan The steps to be followed during and immediately after an emergency such as a fire, tornado, bomb threat, etc.

Encryption 1) A data security technique used to protect information from unauthorized inspection or alteration. Information is encoded so that it appears as a meaningless string of letters and symbols during delivery or transmission. Upon receipt, the information is decoded using an encryption key. 2) The conversion of information into a code or cipher.

End User An individual who will utilize a product or program.

Enterprise Architecture 1) An organization’s framework of technology hardware, software, and related policies. 2) The configuration of computer systems within an organization. Includes local area networks (LANs), wide area networks (WANs), bridges, applications, etc.

Expedited Funds Availability Act (EFAA) See Regulation CC.

Exploit A technique or code that uses a vulnerability to provide system access to the attacker.

Exposure The potential loss to an area due to the occurrence of an adverse event.

Exposure limit Referring to the settlement of operating services, the maximum amount an ACH originator is allowed to originate. This amount can be based on the originator’s credit rating, historical or predicted funding requirements, and the type of obligation.

F

Federal Reserve Banks The Federal Reserve Banks provide a variety of financial services including retail and wholesale payment services. The Federal Reserve Banks also operate a nationwide system for clearing and settling checks drawn on depository institutions located in all regions of the United States.

FedLine FedLine is the Federal Reserve Bank’s proprietary electronic platform providing a common electronic delivery channel for financial institution access to Federal Reserve financial services including Fedwire funds transfer.

Fedwire The Federal Reserve System’s nationwide real-time gross settlement electronic funds and securities transfer network. Fedwire is a credit transfer system, and each funds transfer is settled individually against an institution’s reserve or clearing account on the books of the Federal Reserve as it is processed and is considered a final and irrevocable payment. Finality Irrevocable and unconditional transfer of payment during settlement.

Fedwire Funds Service The Federal Reserve Banks’ high-speed electronic funds transfer system. As a real-time gross settlement system, the Fedwire Funds Service processes and settles individual payments between participants immediately in central bank money. Once processed, these payments are final.

Fedwire Securities Service The Federal Reserve Banks’ high-speed electronic payments system for maintaining securities accounts and for effecting securities transfers. The Fedwire Securities Service provides a real-time, delivery-versus-payment (DVP), gross settlement system that allows for the immediate, simultaneous transfer of securities against payment. Once processed, securities transfers are final.

FEMA Acronym for Federal Emergency Management Agency.

Fibre Channel A high performance serial link supporting its own, as well as higher-level protocols such as the small computer system interface, high performance parallel interface framing protocol, and intelligent peripheral interface. The Fibre Channel standard addresses the need for very fast transfers of large amounts of information. The fast (up to 1 Giga byte per second) technology can be converted for LAN technology by adding a switch specified in the Fibre Channel standard that handles multipoint addressing. Fibre Channel gives users one port that supports both channel and network interfaces, unburdening the computers from large number of input and output (I/O) ports. Fibre Channel provides control and complete error checking over the link.

FIN (Financial Application) The SWIFT application within which all SWIFT user-to-user messages are input and output.

Finality Irrevocable and unconditional transfer of payment during settlement.

Financial EDI (FEDI) Financial electronic data interchange. An instrument for settling invoices by initiating payments, processing remittance data and automating reconciliation, through the exchange of electronic messages.

Firewall A hardware or software link in a network that relays only data packets clearly intended and authorized to reach the other side.

Float Funds held by an institution during the check-clearing process before being made available to a depositor. Interest may be earned on these funds.

Flowcharts Traditional flowcharts involve the use of geometric symbols, such as diamonds, ovals, and rectangles to represent the sequencing of program logic. Software packages are available that automatically chart programs or enable a programmer to chart a program without the need to draw it manually.

Frame Relay A high-performance WAN protocol that operates at the physical and data link layers of the Open Systems Interconnect (OSI) reference model. Frame Relay is an example of a packet-switched technology. Packet-switched networks enable end stations to dynamically share the network medium and the available bandwidth. Frame relay uses existing T-1 and T-3 lines and provides connection speeds from 56 Kbps to T-1.

Framing A frame is an area of a webpage that scrolls independently of the rest of the webpage. Framing generally refers to the use of a standard frame containing information (like company name and navigation bars) that remains on the screen while the user moves around the text in another frame.

FS/ISAC Acronym for Financial Services Information Sharing and Analysis Center

Full-duplex A communications channel that carries data in both directions.

Functional Requirements The business, operational, and security features an organization wants included in a program.

G

Gap analysis A comparison that identifies the difference between actual and desired outcomes.

Gateway server A computer (server) that connects a private network to the private network of a servicer or other business.

General controls Controls, other than application controls, that relate to the environment within which application systems are developed, maintained, and operated, and that are therefore applicable to all the applications at an institution. The objectives of general controls are to ensure the proper development and implementation of systems, and the integrity of program and data files and of computer operations. Like application controls, general controls may be either manual or programmed. Examples of general controls include the development and implementation of an IT strategy and an IT security policy, the organization of IT staff to separate conflicting duties and planning for disaster prevention and recovery.

GETS Acronym for the Government Emergency Telecommunications Service card program. GETS cards provide emergency access and priority processing for voice communications services in emergency situations.

H

Hacker An individual who attempts to break into a computer without authorization.

Haircut With respect of an eligible currency, the percentage increase of a negative currency balance or reduction of a positive currency balance and is based on (a) the volatility of the historic foreign exchange movements in the applicable eligible currency determined by CLS Bank and (b) an add-on component.

Hardening 1) The process of securing a computer’s administrative functions or inactivating those features not needed for the computer’s intended business purpose. 2) Decreasing the capability of a device to the minimum required for its intended purpose.

Hash A fixed length cryptographic output of variables, such as a message, being operated on by a formula, or cryptographic algorithm.

Hash totals A numerical summation of one or more corresponding fields of a file that would not ordinarily be summed. Typically used to detect when changes in electronic information have occurred.

HBA Host bus adapter. A host bus adapter provides I/O processing and physical connectivity between a server and storage. As the only part of a storage area network that resides in a server, HBAs also provide a critical link between the storage area network and the operating system and application software.

Hijacking The use of an authenticated user’s communication session to communicate with system components.

Hop Each step of a trip a data packet takes from its origination to its destination. For example, on the Internet a data packet may go through several routers before reaching its final destination.

Host A computer that is accessed by a user from a remote location.

Hosting See Website hosting.

HTML Abbreviation for “Hypertext Markup Language.” A set of codes that can be inserted into text files to indicate special typefaces, inserted images, and links to other hypertext documents.

Hub Simple devices that pass all data traffic in both directions between the LAN sections they link. Hubs forward every message they receive to the other sections of the LAN, even those that do not need to go there.

HVAC Acronym for heating, ventilation, and air conditioning.

Hyperlink An item on a webpage that, when selected, transfers the user directly to another location in a hypertext document or to another webpage, perhaps on a different machine. Also simply called a “link.”

I

I/O Acronym for Input/Output.

IDS Acronym for Intrusion Detection System.

Independence Self-governance, freedom from conflict of interest and undue influence. The IT auditor should be free to make his or her own decisions, not influenced by the organization being audited, or by its managers and employees.

Independent sales organizations (ISO) A nonfinancial institution organization that provides a variety of merchant processing functions on behalf of the acquirer. These functions include soliciting new merchant accounts, arranging for terminal purchases or leases, and providing backroom services. An ISO is also referred to as a member service provider (MSP). The acquirer must register all ISO/MSPs with the bankcard associations.

Instruction Means (i) any instruction submitted by a Member through the submission process directing CLS Bank to settle certain payment entitlements and obligations arising pursuant to an FX transaction eligible for settlement in CLS Bank and (ii) any instructions resulting from the split of Settlement Eligible Instructions.

Interbank checks Checks that are not “on-us.” They are cleared and settled either by direct presentment, a clearinghouse association, a correspondent bank, or a Federal Reserve Bank.

Interchange Exchange of transactions between financial institutions participating in a bank card network, based on a common set of rules. Card interchange allows a financial institution’s customers to use a bank credit card at any card honoring merchant and to gain access to multiple ATM systems from a single ATM.

Interchange (fees) Fees paid by one financial institution to another to cover handling costs and credit risk in a bankcard transaction. Interchange fees generally flow toward the institution funding the transaction and assuming risk in the process. In a credit card transaction, the interchange fee is paid by the merchant acquirer accepting the merchant’s sales draft to the card-issuing institution, and in turn passes the fee to its merchants. In EFT/POS transactions, interchange flows in the opposite direction: the card-issuing institution (or customer) pays the fee to the terminal-owning institution. When a transaction is an off-line debit sale, the card-issuing institution collects an interchange fee from the merchant, rather than from the customer, unlike in an EFT/POS transaction, where the customer pays the interchange fee. Interchange revenue is derived from fees set by the card associations. Depending on the card association, fees can range from 1.0 to 3.0 percent of the value of the transaction. Interchange revenue is recognized as a card issuer’s second largest revenue line item.

Interface Computer programs that translate information from one system or application into a format required for use by another system or application.

Internet 1) A cooperative message-forwarding system linking computer networks all over the world. 2) A worldwide network of computer networks, governed by standards and protocols developed by the Internet Engineering Task Force (IETF).

Internet service provider (ISP) A company that provides its customers with access to the Internet.

Interoperability standards/protocols Commonly agreed on standards that enable different computers or programs to share information. Example: HTTP (Hypertext Transfer Protocol) is a standard method of publishing information as hypertext in HTML format on the Internet.

Intrusion detection system (IDS) Software/hardware that detects and logs inappropriate, incorrect, or anomalous activity. IDS are typically characterized based on the source of the data they monitor: host or network. A host-based IDS uses system log files and other electronic audit data to identify suspicious activity. A network-based IDS uses a sensor to monitor packets on the network to which it is attached.

IPS Acronym for Intrusion Prevention System

IPv6 Version 6 of the Internet Protocol

ISAC Acronym for Information Sharing and Analysis Center

iSCSI Internet small computer system interface. An Internet protocol based storage networking standard for linking data storage facilities, used to facilitate. iSCSI is data transfers over intranets and to manage storage over long distances.

ISDN Integrated systems digital networking. A hierarchy of digital switching and transmission systems that provides voice, data, and image in a unified manner. ISDN is synchronized so that all digital elements communicate in the same protocol at the same speed.

ISO Acronym for International Organization for Standards.

Iterative Repetitive or cyclical. Iterative software development involves the completion of project tasks or phases in repetitive cycles. Tasks and phase activities are repeated until a desired result is achieved.

J

There are no words starting with "J" at this time.

K

Kiosk A publicly accessible computer terminal that permits customers to directly communicate with the financial institution via a network.

L

LAN Local Area Network

LAR Legal amount recognition. The handwritten dollar amount of the check.

Large-value transfer system A wholesale payment system used primarily by financial institutions in which large values of funds are transferred between parties. Fedwire® and CHIPS are the two large-value transfer systems in the United States.

Legacy systems A term commonly used to refer to existing computers systems and applications with which new systems or applications must exchange information.

Lockbox Deposit mechanism used by commercial firms and businesses to facilitate their deposit transaction volume. Typically, commercial firms and businesses direct customers to send payments directly to a financial institution address or post office box controlled by the institution. Financial institution personnel record payments received and prepare deposit slips, and subsequent processing proceeds as with other deposit taking activities.

Lockout The action of temporarily revoking network or application access privileges, normally due to repeated unsuccessful logon attempts.

Long Position In respect of a currency balance that is greater than zero, the amount by which such currency balance is greater than zero. A position that appreciates in value if market prices increase. When one buys a currency, their position is long.

M

Mainframe An industry term for a large computer, typically used for the commercial applications of businesses and other large-scale computing purposes. Generally, a mainframe is associated with centralized rather than distributed computing.

Man-in-the-middle attack A man-in-the-middle attack places the attacker’s computer in the communication line between the server and the client. The attacker’s machine can monitor and change communications.

Matched Instructions Two Instructions in which the information set forth in a specific CLS Bank Rule is matched in accordance with the parameters and procedures set forth in the CLS Bank Rules

Matching With respect to compared and non-compared transactions, the process of comparing the trade or settlement details provided by counterparties to ensure they agree with respect to the terms of the transaction. Also called comparison checking.

Media 1) Physical objects that store data, such as paper, hard disk drives, tapes, and compact disks (CDs). 2) Material used for storage of information. Includes paper, magnetic disks, tapes, and optical disks.

Merchant acquirer Bankcard association members that initiate and maintain contractual agreements with merchants for the purpose of accepting and processing bankcard transactions.

Merchant processing Activity for the acceptance and settlement of bankcard products and transactions from merchants through the payment system.

Metrics A quantitative measurement.

MICR Magnetic ink character recognition. Magnetic codes found on the bottom of checks, deposit slips, and general ledger debit and credit tickets that allow a machine to scan (capture) the information. MICR encoding on a check includes the account number, the routing number, the serial number of the check and the amount of the check. The amount of the check is encoded when the proof department processes the check.

MICR-line information Refers to data characters at the bottom of a check. The magnetic ink character recognition (MICR) line includes the routing number of the payer bank, the amount of the check, the number of the check, and the account number of the customer.

Midrange Computers that are more powerful and capable than personal computers but less powerful and capable than mainframe computers.

Milestone Major project event.

MIPS Millions of instructions per second. A general measure of computing performance and, by implication, the amount of work a larger computer can do.

Mirroring 1) A process that duplicates data to another location over a computer network in real time or close to real time. 2) A process that copies data to multiple disks over a computer network in real time or close to real time. Mirroring reduces network traffic, ensures better availability of the website or files, or enables the site or downloaded files to arrive more quickly for users close to the mirror site.

MIS Management information systems. A general term for the computer systems in an enterprise that provide information about its business operations.

Mnemonic A symbol or expression that can help someone remember something. For example, the phrase “Hello! My name is Bill. I'm 9 years old.” might help an individual remember a secure 10- character password of “H!MniBI9yo.”

Multi-factor authentication Strong authentication mechanism relying on more than one type of authentication. A PIN or password alone is representative of single factor authentication. Adding additional authentication mechanisms would result in multi-factor authentication.

Multilateral netting settlement system Multilateral netting is an arrangement among three or more parties to net their obligations. In these settlement systems transfers are irrevocable but are only final after the completion of end-of-day-settlement.

N

NAS Network attached storage. Hard disk storage set up with its own network address rather than being attached to the department computer that is serving applications to a network's workstation users. By removing storage access and its management from the department server, both application programming and files can be served faster because they are not competing for the same processor resources. The network-attached storage device is attached to a local area network (typically, an Ethernet network) and assigned an IP address. File requests are mapped by the main server to the NAS file server.

National Automated Clearing House Association (NACHA) The national association that establishes the rules and procedures governing the exchange of automated clearinghouse payments.

National Settlement Service (NSS) The Federal Reserve Banks' multilateral settlement service (also referred to as deferred net settlement). NSS is offered to depository institutions that settle for participants in clearinghouses, financial exchanges, and other clearing and settlement groups. Settlement agents acting on behalf of those depository institutions electronically submit settlement files to the Federal Reserve Banks. Files are processed on receipt, and entries are automatically posted to the depository institutions' Reserve Bank accounts. Entries are final when posted.

Net debit cap The maximum dollar amount of uncollateralized daylight overdrafts that an institution is authorized to incur in its Federal Reserve account. The net debit cap is generally equal to an institution’s capital times the cap multiple for its cap category.

Network Two or more computer systems that are grouped together to share information, software, and hardware.

Network administrator The individual responsible for the installation, management, and control of a network.

Non-repudiation Ensuring that a transferred message has been sent and received by the parties claiming to have sent and received the message. Non-repudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.

O

Object Code Software program instructions compiled (translated) from source code into machine-readable formats.

Object program A program that has been translated into machine language and is ready to be run (i.e., executed) by the computer.

OFAC The Office of Foreign Assets Control (OFAC), within the U.S. Department of the Treasury, administers and enforces economic and trade sanctions against targeted foreign countries, terrorism-sponsoring organizations, and international narcotics traffickers based on U.S. foreign policy and national security goals.

Office of Foreign Asset Control (OFAC) The Office of Foreign Assets Control, United States Department of the Treasury, administers and enforces economic sanctions programs primarily against countries and groups of individuals such as terrorists and narcotics traffickers. The sanctions can be either comprehensive or selective, using the blocking of assets and trade restrictions to accomplish foreign policy and national security goals.

On-us checks Checks that are deposited into the same institution on which they are drawn.

Open Market Operations The buying and selling of government securities in the open market in order to expand or contract the amount of money in the banking system.

Operating System 1) Programs that collectively manage application programs. Operating systems allocate system resources, provide access and security controls, maintain file systems, and manage communications between end users and hardware devices. 2) The program that manages all the basic functions and programs on a computer.

Originating depository financial institution (ODFI) A participating financial institution that originates entries at the request of and by agreement with its originators in accordance with the provisions of the NACHA rules.

Originator A person that has authorized an ODFI to transmit a credit or debit entry to the deposit account of a receiver at an RDFI.

Outsourcing (1) The practice of contracting with another entity to perform services that might otherwise be conducted in-house. (2) Contracting with third parties to perform activities, duties, or functions.

P

P2P Peer-to-peer communication, the communications that travel from one user’s computer to another user’s computer without being stored for later access on a server. E-mail is not a P2P communication since it travels from the sender to a server, and is retrieved by the recipient from the server. On-line chat, however, is a P2P communication since messages travel directly from one user to another.

Passwords A secret sequence of characters that is used as a means of authentication.

Patch Software code that replaces or updates other code. Frequently patches are used to correct security flaws.

Paying bank A paying bank is the institution where a check is payable and to which it is sent for payment.

Payment A transfer of value.

Payment system The mechanisms, rules, institutions, people, markets, and agreements that make the exchange of payments possible.

Payments System Risk policy (PSR) The Federal Reserve’s Payments System Risk (PSR) policy addressing the risks that payment systems present to the Federal Reserve Banks, the banking system, and to other sectors of the economy.

PBX 1) Acronym for private branch exchange. A telephone system within an enterprise that switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines. 2) Private branch exchange. A telephone system within an enterprise that switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines.

Penetration test The process of using approved, qualified personnel to conduct real-world attacks against a system so as to identify and correct security weaknesses before they are discovered and exploited by others.

Personal digital assistant (PDA) A pocket-sized, special-purpose personal computer that lacks a conventional keyboard.

Person-to-person (P2P) payment On-line payments using electronic mail messages to invoke a transfer of value between the parties over existing proprietary networks as on-us transactions.

Phase A project segment.

PKI Abbreviation for “public key infrastructure.” The use of public key cryptography in which each customer has a key pair (i.e., a unique electronic value called a public key and a mathematically-related private key). The private key is used to encrypt (sign) a message that can only be decrypted by the corresponding public key or to decrypt a message previously encrypted with the public key. The public key is used to decrypt a message previously encrypted (signed) using an individual's private key or to encrypt a message so that it can only be decrypted (read) using the intended recipient’s private key. See Encryption.

Platform The underlying computer system on which applications programs run. A platform consists of an operating system, the computer system's coordinating program, which in turn is built on the instruction set for a processor or microprocessor, and the hardware that performs logic operations and manages data movement in the computer.

POD Proof of deposit. The verification of the dollar amount written on a negotiable instrument being deposited.

Point-of-sale (POS) network A network of institutions, debit cardholders, and merchants that permit consumers to make direct payment electronically at the place of purchase. The funds are withdrawn from the account of the cardholder.

Pop-up box A dialog box that automatically appears when a person accesses a webpage.

Port Either an endpoint to a logical connection, or a physical connection to a computer.

POTS Plain old telephone system. Basic telephone service.

Presentment fee A presentment fee is a fee that an institution receiving a check may impose on the institution that presents the check for payment. For checks presented by 8 a.m. local time, however, no presentment fee may be charged.

Private key See PKI.

Private label card See Store card.

Project A task involving the acquisition, development, or maintenance of a technology product.

Project Management Planning, monitoring, and controlling an activity.

Protocol 1) A format for transmitting data between devices. 2) A standard way of carrying out data transmission between computers.

Proxy server An Internet server that controls client computers’ access to the Internet. Using a proxy server, a company can stop employees from accessing undesirable websites, improve performance by storing webpages locally, and hide the internal network's identity so monitoring is difficult for external users.

Public key See PKI.

Q

There are no words starting with "Q" at this time.

R

RAID Redundant array of independent disks. The use of multiple hard disks to store the same data in different places. By placing data on multiple disks, I/O operations can overlap in a balanced way, improving performance. Since multiple disks increase the mean time between failures (MTBF), storing data redundantly also increases fault-tolerance.

Real time gross settlement (RTGS) system A type of payments system operating in real time rather than batch processing mode. It provides immediate finality of transactions. Gross settlement refers to the settlement of each transfer individually rather than netting. Fedwire® is an example of a real time gross settlement system.

Receiver An individual, corporation, or other entity that has authorized a company or an originator to initiate a credit or debit entry to a transaction account held at its RDFI.

Receiving depository financial institution (RDFI) Any financial institution qualified to receive debits or credits through its ACH operator in accordance with the ACH rules.

Reciprocal agreement An agreement whereby two organizations with similar computer systems agree to provide computer processing time for the other in the event one of the systems is rendered inoperable. Processing time may be provided on a "best effort" or "as time available" basis.

Recovery point objectives The amount of data that can be lost without severely impacting the recovery of operations.

Recovery site An alternate location for processing information (and possibly conducting business) in an emergency. Usually distinguished as "hot" sites that are fully configured centers with compatible computer equipment and "cold" sites that are operational computer centers without the computer equipment.

Recovery time objectives The period of time that a process can be inoperable.

Recovery vendors Organizations that provide recovery sites and support services for a fee.

Regulation CC A regulation (12 CFR 229) promulgated by the Board of Governors of the Federal Reserve System regarding the availability of funds and the collection of checks. The regulation governs the availability of funds deposited in checking accounts and the collection and return of checks.

Regulation E A regulation (12 CFR 205) promulgated by the Board of Governors of the Federal Reserve System to ensure consumers a minimum level of protection in disputes arising from electronic fund transfers.

Replay Attack The interception of communications, such as an authentication communication, and subsequently impersonation of the sender by retransmitting the intercepted communication.

Repudiation The denial by one of the parties to a transaction of participation in all or part of that transaction or of the content of the communication.

Reserve Account A non-interest earning balance account institutions maintain with the Federal Reserve Bank or with a correspondent bank to satisfy the Federal Reserve’s reserve requirements.

Reserve Requirements The percentage of deposits that a financial institution may not lend out or invest and must hold either as vault cash or on deposit at a Federal Reserve Bank. Reserve requirements affect the potential of the banking system to create transaction deposits.

Retail payments Payments, typically small, made in the goods and services market.

Return (ACH) Any ACH entry that has been returned to the ODFI by the RDFI or by the ACH operator because it cannot be processed. The reason for each return is included with the return in the form of a “return reason code.” (See the NACHA “Operating Rules and Guidelines” for a complete reason code listing.)

Risk The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems.

Risk assessment A process used to identify and evaluate risks and their potential effect.

Router A hardware device that connects two or more networks and routes incoming data packets to the appropriate network.

Routing The process of moving information from its source to a destination.

Routing number A nine-digit number (eight digits and a check number) that identifies a specific financial institution (also referred to as the ABA number).

S

SAN Storage area network. A high-speed special-purpose network (or sub-network) that connects different types of data storage devices with associated data servers on behalf of a larger network of users.

SAS 70 report An audit report of a servicing organization prepared in accordance with guidance provided in the American Institute of Certified Public Accountants’ Statement of Auditing Standards Number 70.

Scalability A term that refers to how well a hardware and software system can adapt to increased demands. For example, a scalable network system would be one that can start with just a few nodes but can easily expand to thousands of nodes. Scalability can be a very important feature because it means the entity can invest in a system with confidence they will not quickly outgrow it.

Screen scraping A process used by information aggregators to gather information from a customer’s website, whereby the aggregator accesses the target site by logging in as the customer, electronically reads and copies selected information from the displayed webpage(s), then redisplays the information on the aggregator’s site. The process is analogous to “scraping” the information off the computer screen.

Script (1) A file containing active content; for example, commands or instructions to be executed by the computer. (2) Software program instructions.

SCSI Small computer systems interface (pronounced ”scuzzy”). A standard way of interfacing a computer to disk drives, tape drives, and other devices that require high-speed data transfer. Also, a secondary SAN protocol that allows computer applications to talk to storage devices.

SDLC 1) Systems Development Life Cycle. A project management technique. 2) The stages through which software evolves from an idea to implementation.

Security event An event that compromises the confidentiality, integrity, availability, or accountability of an information system.

Security Procedure Agreement An agreement between a financial institution and a Federal Reserve Bank whereby the financial institution agrees to certain security procedures if it uses an encrypted communications line with access controls for the transmission or receipt of a payment order to or from a Federal Reserve Bank.

Server A computer or other device that manages a network service. An example is a print server, a device that manages network printing.

Settlement The final step in the transfer of ownership involving the physical exchange of securities or payment. In a banking transaction, settlement is the process of recording the debit and credit positions of the parties involved in a transfer of funds. In a financial instrument transaction, settlement includes both the transfer of securities by the seller and the payment by the buyer. Settlements can be “gross” or “net.” Gross settlement means each transaction is settled individually. Net settlement means parties exchanging payments will offset mutual obligations to deliver identical items (e.g., dollars or Euros), at a specified time, after which only one net amount of each item is exchanged.

Settlement date (ACH) The date on which an exchange of funds with respect to an entry is reflected on the books of the Federal Reserve Bank(s).

Settlement Eligible Instructions See Matched Instructions.

Short Position In respect of a currency balance that is less than zero, the amount by which such currency balance is less than zero. An investment position that benefits from a decline in market price. When one sells a currency their position is short.

Short Position Limit In respect of an eligible currency, the maximum short position a Settlement Member may have at any time in that eligible currency and, unless otherwise reduced pursuant to the CLS Bank Rules, shall equal (i) the total amount of all available committed liquidity facilities in such eligible currency (or such lesser amount that CLS Bank may determine from time to time) minus (ii) the amount of the largest available committed liquidity facility among such liquidity facilities (after taking into account any amounts already drawn.

Single-entry (ACH) A one-time transfer of funds initiated by an originator in accordance with the receiver’s authorization for a single ACH credit or debit to the receiver's consumer account.

SLA Service level agreement. SLAs detail the responsibilities of an IT service provider, the rights of the service provider’s customers, and the penalties assessed when the service provider violates any element of the SLA. SLAs also identify and define the service offering itself, plus the supported products, evaluation criteria, and quality of service customers should expect. SLAs are typically measured in terms of metrics. Examples include processing completion times and systems availability times.

Smart cards A card with an embedded computer chip on which information can be stored and processed.

Sniffing The passive interception of data transmissions.

Social engineering Obtaining information from individuals by trickery.

SONET Synchronous optical network. A standard that defines interface standards for connecting fiber-optic transmission systems.

Source Code Software program instructions written in a format (language) readable by humans.

Source program A form of masquerading where a trusted IP address is used instead of the true IP address as a means of gaining access to a computer system.

Spiral Development An iterative project management model that focuses on the identification of project and product risks and the selection of project management techniques that best control the identified risks.

Spoofing A form of masquerading where a trusted IP address is used instead of the true IP address as a means of gaining access to a computer system.

Spot The most common foreign exchange transaction. Spot or spot date refers to the spot transaction value date that requires settlement within two business days, subject to value date calculation.

SSL (Secure Socket Layer) An encryption system developed by Netscape. SSL protects the privacy of data exchanged by the website and the individual user. It is used by websites whose names begin with https instead of http.

Standard entry class (SEC) Code Three-character code in an ACH company/batch header record used to identify the payment type within an ACH batch.

Stateful Inspection A firewall inspection technique that examines the claimed purpose of a communication for validity. For example, a communication claiming to respond to a request is compared to a table of outstanding requests.

Store card A credit card issued by a financial institution for a specific merchant or vendor that does not carry a bankcard association logo. Store cards can only be used at the merchant or vendor whose name appears on the front of the card.

Stored- value Card A card-based payment system that assigns a value to the card. The card’s value can be stored on the card itself (i.e., on the magnetic stripe or in a computer chip) or in a network database. As the card is used for transactions, the transaction amounts are subtracted from the card’s balance. As the balance approaches zero, some cards can be "reloaded" through various methods, and others are designed to be discarded. These cards are often used in closed systems for specific types of purchases.

Suspicious Activity Report (SAR) Reports required to be filed by the Bank Secrecy Act when a financial institution identifies or suspects fraudulent activity.

Switch A device that connects more than two LAN segments that use the same data link and network protocol.

System Development Life Cycle (SDLC) A written strategy or plan for the development and modification of computer systems, including initial approvals, development documentation, testing plans and results, and approval and documentation of subsequent modifications.

System Resources Capabilities that can be accessed by a user or program either on the user’s machine or across the network. Capabilities can be services, such as file or print services, or devices, such as routers.

T

T-1 line A special type of telephone line for digital communication only and transmission. T-1 lines provide for digital transmission with signaling speed of 1.544Mbps (1,544,000 bits per second). This is the standard for digital transmissions in North America. Usually delivered on fiber optic lines.

TCO Total cost of ownership. A term defining the true cost of ownership of a PC or other technology system. TCO includes:

  • Original cost of the computer and software;
  • Hardware and software upgrades;
  • Maintenance;
  • Technical support; and
  • Training

TCP/IP Transmission control protocol/Internet protocol. A communication standard for transmitting data packets from one computer to another. TCP/IP is used on the Internet and other networks. The two parts of TCP/IP are TCP, which deals with constructions of data packets, and IP, which routes them from machine to machine.

Test Key Internal controls used to verify the authenticity of incoming wire requests involve the use of test keys. A test key is a formula used to develop or interpret test codes or test words. Test codes or words consist of a series of numbers signifying different types of information and usually precede the text of the message. As an example, a test code may contain a bank number, the amount of the transaction, and a number indicating the day and week of the month. As an additional precaution, many test codes contain a variable (sequence number) based on the number of messages received.

Third-party service provider (for ACH) A third party other than the ODFI or RDFI that performs any function on behalf of the ODFI or the RDFI related to ACH processing. These functions would include the creation and sending of ACH files or acting as a sending or receiving point on behalf of a participating DFI.

Tokens A small device with an embedded computer chip that can be used to store and transmit electronic information.

Topology A description of any kind of locality in terms of its physical layout. In the context of communication networks, a topology describes pictorially the configuration or arrangement of a network, including its nodes and connecting communication lines.

Trojan Horse Malicious code that is hidden in software that has an apparently beneficial or harmless use.

Truth in Lending Act (TILA) Regulation Z (12 CFR 226) promulgated by the Board of Governors of the Federal Reserve System prescribing uniform methods for computing the cost of credit, for disclosing credit terms, and for resolving errors on certain types of credit accounts.

U

UPS 1) Acronym for uninterruptible power supply. Typically a collection of batteries that provide electrical power for a limited period of time. 2) A device that allows your computer to keep running for at least a short time when the primary power source is lost. A UPS may also provide protection from power surges. A UPS contains a battery that "kicks in" when the device senses a loss of power from the primary source allowing the user time to save any data they are working on and to exit before the secondary power source (the battery) runs out. When power surges occur, a UPS intercepts the surge so that it doesn't damage your computer.

URL Abbreviation for “Uniform (or Universal) Resource Locator.” A way of specifying the location of publicly available information on the Internet, in the form: protocol://machine: port number/filename. Often the port number and/or filename are unnecessary.

Utility programs A program used to configure or maintain systems, or to make changes to stored or transmitted data.

V

Vaulting A process that periodically writes back-up information over a computer network directly to the recovery site.

VESDA Very early smoke detection alert. A system that samples the air on a continuing basis and can detect fire at the pre-combustion stage.

Virtual mall An Internet website offering products and services from multiple vendors or suppliers.

Virtual private network (VPN) A wide-area network interconnected by common carrier lines or that uses the Internet as its network transport.

Virus Malicious code that replicates itself within a computer.

VLAN Acronym for virtual local area network.

Vulnerability A flaw that allows someone to operate a computer system with authorization in excess of that which the system owner specifically granted to him or her.

W

Warehouse Attack The compromise of systems that store authenticators.

WEB SEC Code An ACH debit entry initiated by an originator resulting from the receiver’s authorization through the Internet to make a transfer of funds from a consumer account of the receiver.

Weblinking The use of hyperlinks to direct users to webpages of other entities.

Website A webpage or set of webpages designed, presented, and linked together to form a logical information resource and/or transaction initiation function.

Website Hosting The service of providing ongoing support and monitoring of an Internet-addressable computer that stores webpages and processes transactions initiated over the Internet.

Wireless Application Protocol (WAP) A data transmission standard to deliver wireless markup language (WML) content.

Wireless gateway server A computer (server) that transmits messages between a computer network and a cellular telephone or other wireless access device.

Wireless phone See Cellular telephone.

Work program A series of specific, detailed steps to achieve an audit objective.

Workstation A series of specific, detailed steps to achieve an audit objective.

Worm Malicious code that infects computers across a network without user intervention. Typically, a worm is a program that scans a system or an entire network for available, unused space in which to run. Worms tend to tie up all computing resources in a system or on a network and effectively shut it down.

WORM Write once, read many times. A type of optical disk where a computer can save information once, can then read that information, but cannot change it.

X

XML XML (Extensible Markup Language) is a ”metalanguage” – a language for describing other languages – which lets you design your own customized markup languages for different types of documents. It is designed to improve the functionality of the Web by providing more flexible and adaptable information identification.

Y

There are no words starting with "Y" at this time.

Z

There are no words starting with "Z" at this time.