FFIEC
Information Technology Examination Handbook Glossary |
||||||||||||||||||||||||||
Acceptance
Criteria
Pre-established standards or requirements a product or project must
meet.
Account
aggregation
A service that gathers information from many websites, presents that information
to the customer in a consolidated format, and, in some cases, may allow the
customer to initiate activity on the aggregated accounts.
Aggregation services typically involve three different entities: (1) The aggregator
that offers the aggregation service and maintains information on the customer's
relationships/accounts with other on-line providers. (2) The aggregation target
or website/entity from which the information is gathered or extracted by means
of direct data feeds or screen scraping. (3) The aggregation customer who
subscribes to aggregation services and provides customer IDs and passwords
for the account relationships to be aggregated.
Account
Balancing Monitoring System (ABMS)
The Federal Reserve’s computing system providing reserve account information
to the Federal Reserve Banks and depository institutions (DI) on an intraday
basis. ABMS serves both as an informational source and a monitoring tool.
This information includes opening balances, funds and security transfers,
accounting activity, and DI cap and collateral limits.
Account
management
Activities such as balance inquiry, statement balancing, transfers between
the customer’s accounts at the same financial institution, maintenance
of personal information, etc.
Acquirer
fee
Fee paid to the acquirer of the merchant sales draft. The acquirer of the
sales draft collects a merchant discount fee (or processing fee) from the
merchant for the costs associated with processing the transaction.
Acquiring
bank and acquirer
See Merchant acquirer.
Address
verification service (AVS)
Bankcard association service that verifies the customer provided billing address
matches the billing address on their credit card account. The bankcard associations
will not support merchants that opt not to use AVS if those transactions are
disputed and will charge the merchant an additional 1.25 percent on those
sales.
Administrative
access
Individuals or terminals authorized to perform network administrator or system
administrator functions.
Agent
bank
A member of a bankcard association that agrees to participate in an acquirer’s
merchant processing program. The agent may or may not be liable for losses
incurred on its merchant accounts. An agent is usually a small community financial
institution that wants to offer merchant processing services as a customer
service. Agent banks that only refer merchants to an acquiring financial institution’s
program are known as referral banks.
Aggregate
Short Position
The sum of a Settlement Member’s short positions, each such
short position expressed in its base currency equivalent and adjusted by the
applicable haircut.
Aggregate Short Position Limit
In respect of a Settlement Member, the maximum aggregate short position that
such Settlement Member is permitted to incur at any time.
Aggregation
See
Account aggregation.
Antivirus
software
Computer programs that offer protection from viruses by making additional
checks of the integrity of the operating system and electronic files. Also
known as virus protection software
Applet
A small program that typically is transmitted with a Web page.
Application
1) A software program designed for use by end users. 2) Software
that performs automated functions for a user. Examples include home banking,
word processing, and payroll. Distinguished from operating system or utility
software.
Application
controls
Controls related to transactions and data within application systems. Application
controls ensure the completeness and accuracy of the records and the validity
of the entries made resulting from both programmed processing and manual data
entry. Examples of application controls include data input validation, agreement
of batch totals and encryption of data transmitted
Application
system
An integrated set of computer programs designed to serve a well-defined function
and having specific input, processing, and output activities (e.g., general
ledger, manufacturing resource planning, human resource management).
ATM
Asynchronous transfer mode. The method of transmitting bits of data one after
another with a start bit and a stop bit to mark the beginning and end of each
data unit. Can also mean automated teller machine.
Audit
charter
A document approved by the board of directors that defines the IT audit function's
responsibility, authority to review records, and accountability.
Audit
plan
A description and schedule of audits to be performed in a certain period of
time (ordinarily a year). It includes the areas to be audited, the type of
work planned, the high-level objectives and scope of the work and includes
other items such as budget, resource allocation, schedule dates, and type
of report issued.
Audit
program
The audit policies, procedures, and strategies that govern the audit function,
including IT audit.
AUP
An acceptable use policy. It documents permitted system uses and activities
for a specific user, and the consequences of noncompliance.
Authentication
The process of verifying the claimed identity of an individual user, machine,
software component, or any other entity.
Authorization
The process of giving access to parts of a system, typically based on the
business needs and the role of the individual within the business.
Authorization
for ACH
A written or oral agreement between the originator and a receiver that allows
payments processed through the ACH Network to be deposited in or withdrawn
from the receiver’s account at a financial institution.
Automated
clearing house (ACH)
1) An electronic clearing system in which a data processing center handles
payment orders that are exchanged among financial institutions, primarily
through telecommunications networks. ACH systems process large volumes of
individual payments electronically. Typical ACH payments include salaries,
consumer and corporate bill payments, interest and dividend payments, and
Social Security payments. 2) An electronic clearing system in which a data
processing center handles payment orders that are exchanged among financial
institutions, primarily via telecommunications networks. ACH systems process
large volumes of individual payments electronically. Typical ACH payments
include salaries, consumer and corporate bill payments, interest and dividend
payments, and Social Security payments.
Automated
clearing house (ACH) operator
A central clearing facility that depository financial institutions use to
transmit and receive ACH entries. ACH operators are typically a Federal Reserve
Bank or a private-sector organization that operates on behalf of a depository
financial institution (DFI).
Automated
Controls
Software routines designed into programs to ensure the validity,
accuracy, completeness, and availability of input, processed, and stored data.
Automated
teller machine (ATM)
An electronic funds transfer (EFT) terminal that allows customers using a
PIN-based debit (ATM) card to initiate transactions (e.g., deposits, withdrawals,
account balance inquiries).
Automatic
log-on
A
feature offered by some aggregation services allowing customers to log on
by clicking on a hyperlink and thereby causing the usernames and passwords
stored at the aggregator to be used to log onto other websites.
Back-up
Generations
A methodology for creating and storing back-up files whereby the youngest
(or most recent file) is referred to as the “son,” the prior file
is called the “father,” and the file two generations older is
the “grandfather.” This back-up methodology is frequently used
to refer to master files for financial applications.
Bandwidth
Terminology used to indicate the transmission or processing capacity
of a system or of a specific location in a system (usually a network system)
for information (text, images, video, sound). Bandwidth is usually defined
in bits per second (bps) but also is usually described as either large or
small. Where a full page of English text is about 16,000 bits, a fast modem
can move approx. 15,000 bps. Full-motion, full-screen video requires about
10,000,000 bps, depending on compression.
Bank
Identification Number/Interbank Card Association (BIN/ICA)
A series of assigned numbers used to identify the settling financial institution
for both acquiring and issuing bankcard transactions.
Bankcard
A general-purpose credit card, issued by a financial institution under agreement
with the bankcard associations (Visa and MasterCard) that customers can use
to purchase goods and services and to obtain cash against a line of credit
established by the bankcard issuer.
Bankcard
associations
Visa U.S.A. and MasterCard International Inc. are bankcard associations established
as bank service companies. Financial institutions must be members of an association
in order to offer their credit card services. The associations have established
membership rights and obligations and membership is limited to financial institutions.
Baseline
A documented version of a hardware component, software program, configuration,
standard, procedure, or project management plan. Baseline versions are placed
under formal change controls and should not be modified unless the changes
are approved and documented.
Batch
processing
The transmission or processing of a group of related payment instructions.
Bilateral
Key Security
A multi-level data encryption system, based on the exchange of Bilateral Keys,
allowing users of SWIFT to create, send, and receive SWIFT messages. Bilateral
Keys are unique authenticator keys possessed by only the two parties (either
the provider or recipient of a message) involved and provide confirmation
in both directions of the legitimacy of a message sent via SWIFT.
Bill
payment
An e-banking application whereby customers direct the financial institution
to transfer funds to the account of another person or business. Payment is
typically made by ACH credit or by the institution (or bill payment servicer)
sending a paper check on the customer's behalf.
Bill
presentment
An e-banking service whereby a business submits an electronic bill or invoice
directly to the customer's financial institution. The customer can view the
bill/invoice on-line and, if desired, pay the bill through an electronic payment.
Biometrics
The method of verifying a person's identity by analyzing a unique physical
attribute of the individual (e.g., fingerprint, retinal scanning).
BPS
Bits per second. A measurement of how fast data moves from one place
to another. A 28.8 modem can move 28,800 bits per second.
Business
Continuity Plan (BCP)
A comprehensive written plan to maintain or resume business in the event of
a disruption.
Business
Impact Analysis (BIA)
The process of identifying the potential impact of uncontrolled, non-specific
events on an institution's business processes.
CAR
Courtesy amount recognition. The numeric amount of a check.
Card issuer
A financial institution that issues general-purpose credit cards carrying
one of the two bankcard association logos. The issuing financial institution
establishes the credit relationship with the consumer.
Card
verification value (CVV2)
Three-digit security number that is printed on the back of most Visa credit
cards. CVV2 reduces credit card fraud and chargeback instances significantly
when used in conjunction with AVS. See Address verification
service (AVS).
Cash
letter
A group of checks accompanied by a paper listing sent to a clearinghouse,
the Federal Reserve, or another financial institution. A cash letter contains
a number of negotiable items, usually checks, accompanied by a letter listing
the amounts and instructions for transmittal to another financial institution
(may also be called a transmittal letter).
An incoming cash letter is received by a financial institution from a clearinghouse,
Federal Reserve, or another financial institution and contains checks written
on accounts at the institution that were cashed elsewhere.
An outgoing cash letter is sent to a clearinghouse, Federal Reserve, or another
financial institution and contains checks deposited at the institution, which
are written on accounts at other institutions.
Cellular
telephone
A wireless telephone that communicates using radio wave antenna towers,
each serving a particular “cell” of a city or other geographical
area. Areas where cellular phones do not work are referred to as “dead
zones.”
Certificate
authority (CA)
The entity or organization that attests using a digital certificate
that a particular electronic message comes from a specific individual or system.
Change
management
Change management refers to the broad processes for managing organizational
change. Change management encompasses planning, oversight or governance, project
management, testing, and implementation.
Chargeback
A transaction generated when a cardholder disputes a transaction or when the
merchant does not follow bankcard association procedures. The issuer and acquirer
research the facts to determine which party is responsible for the transaction.
The acquirer will have to cover the chargeback if the merchant is unable to
pay.
Check
A written order from one party (payer) to another (payee) requiring the payer’s
financial institution to pay a specified sum on demand to the payee or to
a third party specified by the payee.
Check
21 Act
Formally known as the Check Clearing for the 21st Century Act. Creates
a new document, the IRD (image replacement document or substitute check) that
is the legal equivalent of the original check and should be accepted as such.
The act does not require institutions to accept electronic images instead
of checks or IRDs, but does require the acceptance of IRDs instead of paper
checks. The exchange of electronic images is optional and will be done by
agreements between individual institutions, groups of institutions, or clearinghouses.
Check
clearing
The movement of a check from the depository institution at which it was deposited
back to the institution on which it was written. The funds move in the opposite
direction, with a corresponding credit and debit to the involved accounts.
Check
digits
A digit in an account number that is calculated from the other digits
in the account number and is used to check the account number’s correctness/validity.
Check
truncation
The practice of holding a check at the institution at which it was deposited
(or at an intermediary institution) and electronically forwarding the essential
information on the check to the institution on which it was written. A truncated
check is not returned to the writer.
Clearance
The process of transmitting, reconciling, and in some cases, confirming
payment orders or financial instrument transfer instructions prior to settlement.
Clearing
corporation
A central processing mechanism whereby members agree to net, clear, and settle
transactions involving financial instruments. Clearing corporations fulfill
one or all of the following functions:
— Nets many trades so that the number and the amount of payments that
have to be made are minimized,
— Determines money obligations among traders, and
— Guarantees that trades will go through by legally assuming the risk
of payments not made or securities not delivered.
This latter function is what is implied when it is stated that the clearing
corporation becomes the “counter-party” to all trades entered
into its system. Also known as a clearinghouse or clearinghouse association.
Clearinghouse
associations
Voluntary associations, formed by financial institutions that establish an
exchange for checks drawn on those institutions. Typically, institutions participating
in check clearinghouses use the Federal Reserve’s national settlement
service for the checks exchanged each business day.
Clearinghouse
for Inter-Bank Payment Systems (CHIPS)
A “real time”, multilateral final payments system for large dollar
value business-to-business payment transactions between domestic or foreign
institutions that have offices located in the United States. CHIPS is run
by CHIP Co. L.L.C., a subsidiary of the Clearing House.
Clustering
Connecting two or more computers together in such a way that enables
them to act as a single computer. Clustering is used for parallel processing,
load balancing, and fault tolerance.
Code
Software program instructions.
Commercially
reasonable
Hardware and software made available by a reputable firm for use in a commercial
environment. Practices and procedures in widespread use in the business community
generally considered to represent prudent and reasonable business methods.
Compared
and Noncompared Transaction
See Matching.
Consumer
Usually refers to an individual engaged in noncommercial transactions.
Consumer
account
A deposit account held by a participating DFI and established by a natural
person primarily for personal, family, or household use and not for commercial
purposes.
Cookie
A message given by a Web server to a Web browser, stored by the Web browser,
and returned to the Web server when requested.
Correspondent
bank
An institution, acting on behalf of other institutions, that can settle the
checks they collect for other institutions (respondents) by using accounts
on their books or by sending a wire transfer. Generally, a provider of banking
and payment services to other financial institutions.
COTS
Commercial off-the-shelf. COTS products include software and hardware
products that are ready-made and available for sale to the general public.
COTS products are typically installed in existing systems and do not require
customization. Also known as “shrink-wrap” applications.
Credit
card
A card indicating the holder has been granted a line of credit. It enables
the holder to make purchases or withdraw cash up to a prearranged ceiling.
The credit granted can be settled in full by the end of a specified period
or can be settled in part, with the balance taken as extended credit. Interest
is charged based on the terms of the credit card agreement and the holder
is sometimes charged an annual fee.
Credit
entry
An entry to the record of an account to represent the transfer or placement
of funds into the account.
Critical
financial markets
Financial markets whose operations are critical to the U.S. economy, including
markets for fed funds, foreign exchange, commercial paper, and government,
corporate, and mortgage-backed securities.
Currency
Balance
As at the time calculated, the current amount (positive or negative) of a
particular eligible currency included in an account, as indicated on the books
and records of CLS Bank. A currency balance is not a separate account.
Glossary |