Search a word or term:


Credit Cards

An ATM, or automated teller machine, is an interactive terminal with a touch screen or keypad that allows consumers with credit cards or debit cards to withdraw cash, check balances and/or make deposits using the magnetically encoded card to perform transactions. Most ATMs are interconnected via networks, allowing consumers to conduct banking or credit card business anywhere in the world.

A credit card account holder is the person or persons responsible for paying the amounts charged. A person can be allowed to use a credit card as an authorized user but not be legally liable for the debt.

An account number is a unique number assigned by a financial institution to a credit card customer. On a credit card, the account number is usually embossed and encoded on the face of the plastic.

Account takeover fraud is a form of identity theft in which the fraudster gets access to a victim’s bank or credit card accounts — through a data breach, malware or phishing — and uses them to make unauthorized transactions.

An acquirer, or acquiring financial institution, is a bank that processes and settles a merchant’s daily credit card transactions, and then in turn settles those transactions with the card issuer/association. Merchants must maintain such an account to receive credit for credit card transactions. Daily card transaction totals are deposited in the merchant’s account after settlement and discount fees are deducted. In this way, such a financial institution acquires, or serves as the intermediary, to facilitate the credit transaction and pays the merchant, less a discount fee for the service.

An acquiring financial institution, or acquirer, is a bank that processes and settles a merchant’s daily credit card transactions, and then in turn settles those transactions with the card issuer/association. Merchants must maintain such an account to receive credit for credit card transactions. Daily card transaction totals are deposited in the merchant’s account after settlement and discount fees are deducted. In this way, such a financial institution acquires, or serves as the intermediary, to facilitate the credit transaction and pays the merchant, less a discount fee for the service.

Acquisition is the credit card industry’s term for acquiring consumers and businesses as credit card customers.

An add-on rate is a way to calculate interest. The final amount of interest on the principal loan amount is determined ahead of time and added on to the original amount. If paying in installments, the sum of the total interest plus the original amount is divided into even installments.

When you have a credit card, it is often possible to add an additional card to the account for use by someone else. The main cardholder remains responsible for making payments on all charges made, whether by the original cardholder or the additional cardholder.

The adjusted balance method is a formula many card issuers use to calculate monthly payments. Issuers subtract payments made during the month on a credit card account, along with adding finance charges incurred.

An adverse action is a decision by a creditor, based on a credit score, that causes the creditor to deny a consumer access to credit, or to offer anything less than the best terms available. Federal rules went into effect in 2011 requiring lenders to give to consumers a detailed explanation of the adverse action. In practice, that has meant if consumers are denied credit or given less than the best terms, the lender makes available a free copy of the credit score that triggered the decision.

Score factors, also called reason codes or score factors, are numerical or word-based codes that describe the reasons why a particular credit score is not higher. For example, a code might cite a high utilization rate of available credit as the main negative influence on a particular credit score. The codes are often provided with credit score reports, or with adverse action reports issued after denial of credit. Different sources of credit scores use different code systems.

A term used by lenders to define and classify consumers with less-than-perfect credit histories when being considered for a loan or credit. An adverse credit history can include late payments of 90 days or more, deficiency judgments, garnishment orders, repossessions, bankruptcy, foreclosures, tax liens and/or debt write-offs.

A credit card issued in association with an organization or group; commonly professional, alumni, retirement or other associations. The card issuer often pays the organization a royalty for marketing the card.

An affinity card is a credit card offered in conjunction with two organizations, one a card issuer and the other a nonfinancial group with which consumers have an affinity. Universities, sports franchises and nonprofit organizations are examples of affinity groups that often offer special discounts or deals for using their credit cards issued in partnership with a major bank.

An airline credit card is one issued by an airline in conjunction with a bank. It offers incentives in the form of miles and fee discounts to consumers who make purchases from that airline.

An algorithm is a predetermined, finite set of steps or calculations in which data are rigorously analyzed. In credit scoring, algorithms are the complex set of calculations that analyze a person’s or a business’s past behavior with credit to determine the level of risk that person or business carries for future loans.

Alternative methods of payment (AMOP) is a term covers the spectrum of noncash payments, including: credit and debit cards; billing extensions (adding purchases to your telephone or cable TV bill, for example); value access services (frequent flyer programs, credit card bonus programs, etc.)

American Express, often called AmEx, is one of the main international credit card issuing schemes. American Express issues its own credit cards—unlike Visa and Mastercard—and is responsible for its own relationships with retailers.

An annual (yearly) fee charged by a credit card company each year for use of a credit card. This is a separate fee from interest rate on purchases. While annual fees were once common, they largely disappeared in the ’80s and ’90s, remaining only on a few classes of cards, such as secured cards or those that offer airline frequent flyer miles as a reward.

The annual percentage rate (APR) is the interest rate charged on credit card balances expressed in a standardized, annualized way. This rate is applied each month that an outstanding balance is present.

An app-o-rama describes the practice of credit card points and miles junkies to apply for multiple credit cards in a very short period of time. By limiting the span of time between applications, an app-o-rama limts the odds that you’ll be turned down for a card due to multiple applications. App-o-ramas are less effiective than they used to be, and require more research, because credit inquiries now show up on a credit bureau’s datase in close to real-time.

A credit card application is the document a consumer or consumers sign to request a credit card. It typically asks for personal information such as income and Social Security number to help the card issuer decide whether to extend credit and at what rate. Who signs the application is particularly important. If a husband and wife both apply, for example, then both become individually responsible for the entire debt.

An application fee is often charged on credit cards for people with bad credit. Consumers should make sure to ask how much the fee is and how it is applied. Beware of cards that apply fees to the credit card and eat up most of its credit limit.

Application fraud is a type of banking fraud in which a crook uses your personal information to apply for a credit card or other bank account in your name.

An approval response is an authorization that is received by a merchant when a transaction is approved.

Arbitrage, also called stoozing, is the practice of taking a free or low interest loan from a credit card company, depositing it in a high-yield savings account, making the minimum payments on the card and pocketing the difference. Consumers who practice arbitrage make money on the interest rate spread between money received and money paid — just like a bank.

A credit card association is a group of card-issuing banks or organizations that set common transaction terms for merchants, issuers and acquirers. Some major associations are Visa, Mastercard, American Express and Discover.

Authentication is the process of assuring that a credit card transaction has been initiated by an authorized user of that card. From the merchant’s point of view, authentication means getting the right information from the consumer, and having it verified by the transaction network. In recent years, authentication has been stepped up by means including security codes on credit cards.

Authorization is an important concept for both credit cardholders and credit card merchant accounts. Every retailer has a purchase limit above which they must seek authorization from the card issuer before they can complete the sale. Such authorization can be done by telephone or electronically at the cash register. Authorization is used to control credit card fraud. Authorization is also the first step in processing a credit card. After a merchant swipes the card, the data is submitted to merchant’s bank, called an acquirer, to request authorization for the sale. The acquirer then routes the request to the card-issuing bank, where it is authorized or denied, and the merchant is allowed to process the sale.

A code that an issuer or its authorizing processor provides to indicate approval or denial for an authorization request.

The authorization date and time is the date annd time when a credit card transaction is approved.

An authorization only transaction is a transaction that is created to reserve an amount against a credit card’s available limit for intended purchases; an authorization only transaction is intended for a merchant’s protection, to assure that the credit card has a limit high enough to allow a transaction.

In routine credit card transactions, the authorized amount is the approved amount of money to be charged. After transactions are approved, the authorized amount is deducted from the amount of available credit.

In credit card terminology, an authorized transaction is one that has been approved.

An authorized user is any person who has permission to use a credit card account, but is not responsible for paying the bill. Authorized users differ from joint credit, in which both parties are obliged to pay. In some cases, the user will receive a credit card in his or her name, even though it is linked to someone else’s account.

The Automated Clearing House, or ACH, is a network of financial institutions that processes many types of consumer payments, including debit and credit card transactions. Most consumers don’t interact directly with the system, but if you have a direct deposit of your check or make a monthly mortgage payment, you’re likely using the Automated Clearing House transaction network.

Automatic payment is a process that authorizes regular withdrawals to be made from checking or other deposit account to pay credit card and other bills.

Available credit is the amount that is available to be charged to a credit card amount; the difference between the credit limit and outstanding charges on the account.

Average daily balance is a key number used in the formula that computes how much interest you have to pay on a credit card balance. An average daily balance is determined by adding each day’s balance and then dividing that total by the number of days in the billing cycle.

A slang acronym meaning “Buy One Get One” — as in buy one, get one free. While a wise shopping move for necessities, it too often is a lure to splurge on a credit card.

A term used to describe poor credit rating. Common practices that can damage a credit rating include making late payments, skipping payments, exceeding card limits or declaring bankruptcy. “Bad Credit” can result in being denied future credit.

On a credit card account or credit line, the balance is the amount owed. When a consumer does not pay the monthly amount owed in full, and carries a balance over a monthly billing period, the card issuer charges the consumer for the privilege of borrowing, in an amount set by the card’s interest rate.

The practice by some banks of cutting a customer’s available line of credit multiple times as the borrower pays down the card’s balance.

A balance transfer occurs when the outstanding balance of one credit card (or several credit cards) is moved to another credit card account. This is often done by consumers looking for a lower interest rate. Many credit card issuers offer introductory balance transfer APRs that are lower than the standard rates. Balance transfers usually have fees.

A balance transfer fee is a fee charged by a credit card company to transfer a balance from one account to another. This fee is typically 3 percent to 5 percent of the transferred amount.

Balance-to-limit ratio is used in the calculation of credit scores. It compares the amount of credit being used to the total credt available to the borrower. Having a low ratio — in other words, not much debt but a lot of available credit — is good for your credit score. Also known as a credit utilization ratio.

We all know what a bank is — a financial institution that may take in deposits, lend money or both. But in credit card transactions, multiple banks can and usually are involved, with each bank playing different roles. One bank may issue a credit card to a consumer, another may represent the merchant, and a third may be involved in payment of a credit card bill.

A bank account, in consumer terms, is a place to place deposits, acquire loans or both. Bank accounts used to be necessary for credit card or debit transactions, but with the advent of various prepaid products, an individual bank account is no longer required of cardholders.

A bank card is a payment card issued by a bank. It may be a debit card, where money is paid in before a transaction can take place, or it may be a credit card, in which a loan is given. Sometimes spelled bankcard.

A bank holding company is a firm that owns or controls interest in one or more U.S. banks. All of the largest credit card issuers have, at the top of their corporate structure, a bank holding company. Bank holding companies are regulated by the Federal Reserve Board. The board is responsible for regulating and supervising bank holding companies, even if the bank owned by the holding company is regulated by another state or federal agency.

A bank identification number (BIN) is the first six digits of a Visa or Mastercard account number. The bank identification number is used to identify the card-issuing institution.

A financial transaction card (typically a credit or debit card) issued by a financial institution

In bankruptcy, consumers or businesses seek legal assistance when bills cannot be paid. There are different types of bankruptcies. In Chapter 7 bankruptcy, debts for an individual or household are discharged. In Chapter 13 bankruptcy, debts of an individual or household are restructured and repaid over three to five years, under bankruptcy court supervision. Chapter 11 bankruptcy allow businesses to restructure. Whatever the type, bankruptcy has a negative effect on the ability to borrow.

A basis point is one-hundredth of 1 percent. If your credit card’s APR has gone up from 14.99 percent to 15.49 percent, it has risen 50 basis points.

The second step in processing a credit card. At the end of a day, the merchant reviews all the day’s sales to ensure they were authorized and signed by the cardholder. It then transmits all the sales at once, called a batch, to the acquirer to receive payment.

A behavior score is an internal, proprietary scoring system used by some credit card issuers to supplement the credit scores they purchase from credit bureaus. A behavior score, like a traditional credit score, is a numeric summary of the bank’s experience with the customer. Behavior scores include a deeper analysis than the credit bureaus can provide, since the card issuer can mine the customer’s payment history, credit utilization over time and even the amounts and types of products purchased.

Behavior-based repricing is an interest rate hike attached to new balances. It is determined by “risky” behavior of an account such as late payments and/or credit limit overage.

Behavioral modeling is a technique used by some credit card companies. It uses consumers’ purchasing behavior to assess their risk of defaulting. Behavioral modeling is controversial: Someone who suddenly swithces to shopping at bargain stores may be suddenly frugal, not suddenly risky.

The billing cycle is a specific, recurring time period between billing statements. The federal Credit CARD Act of 2009 largely ended a once-common practice of varying the length of the billing cycle by changing due dates. Under the law, due dates must be the same day every month, and payments that come due dates that fall on weekends or holidays are not subject to late fees.

A billing statement is a written record prepared by a financial institution, usually once a month, listing all credit card transactions for an account, including purchases, payments, fees and finance charges. It may be mailed to consumers or provided electronically online. Also called a monthly statement or periodic statement.

A digital currency that works on a peer-to-peer network. It is not backed or controlled by any government. Bitcoins are kept in a digital wallet and spent by exchanging public and private security keys.

A string of letters and numbers that represents a possible destination for a bitcoin payment. A unique address is used for each transaction. Most bitcoin software will generate a new address every time you create an invoice or payment request.

A company that accepts bitcoins and processes the transaction, usually saving the bitcoins to your wallet or converting them and transferring them to your bank account.

A secure account that stores bitcoins for later use.

A chronological ledger of transactions that is shared on a distributed digital network. The network can be public, with unlimited access (as with the bitcoin), or private and permission-based.

With credit and debit cards a “block” may be placed on a portion of a consumer’s credit limit or available debit balance if the final amount of a transaction is unknown. That can happen at gas stations, restaurants or hotels, because the merchant can’t know at the time the card is presented how much you’ll pump, how much you’ll tip or how many drinks you’ll take from the minibar. Consumers near their credit or debit limits need to watch their available balances carefully, or the hold amount could push them over the limit, triggering a fee. Blocks, also called holds, are usually released within minutes or hours, but blocks can sometimes last days.

“Bottom dollar” scams are those that target people down on their luck through false promises of earning big money from home, doubling your investment or selling your time share pronto. Also called “last dollar” scams.

Breakage is a term used in the retail and payments industry to describe how some gift cards will never be used. Breakage is the reason that gift cards can sometimes be bought for less than face value, because the retailer can be sure a certain proportion will go unused.

A business credit card is sought by corporate executives or business owners in order to separate keep business expenses from personal charges. Often, business credit cards offer business oriented rewards, such as office supply discounts or travel benefits.

A business credit score uses a company’s credit history to calculate a number indicating its risk. It’s similar to what a consumer credit score does for borrowers. Also known as a commercial credit score, the number predicts the likelihood of a company’s late payment. The three leading business score issuers are commercial information firm Dun & Bradstreet and credit bureaus Equifax and Experian.

This type of business credit card agreement is established between the card issuer and the company that holds the card. It makes the business itself — rather than the current or former owner of the business — responsible for repayment.

Bust-out is a form of fraud that usually involves credit cards. The scheme begins when a person establishes good credit, either under their own name or by identity theft using stolen Social Security numbers. The fraudster then behaves well for a period of time, making on-time payments, building credit, and applying for more cards and higher credit limits. After credit is built, the “bust-out” takes place. The fraudster maxes out all the credit accounts and ceases making payments.

"Buy Here, Pay Here" companies are a subset of used car dealers. Instead of paying a finance company, buyers make monthly payments directly to the car dealer. Vehicles sold by these vendors are typically older with high mileage. The interest rates are usually much higher than standard auto loans.

COB fraud—the COB stands for “Change of Billing” address—is a scam in which the billing address of a cardholder is changed by a thief who calls or electronically contacts a financial institution so that goods or services purchased using a stolen credit card or bank account can be delivered to the thief.

CVV is one of the credit card industry’s several acronyms for the credit card security code that helps verify the legitimacy of a credit card. Depending on the card, the security code can be a three-digit or four-digit number, printed on either on the back of the card or the front. CVV stands for “card verification value” code. Other card issuers call their security codes CVV2 (Visa), CVC2 (Mastercard), or CID (American Express).

After a card is authorized, a second set of data is passed for the transaction itself and this is called capture. It signifies that an actual transaction has taken place and the data is passed to the acquiring bank for settlement.

The date when a transaction is processed by an acquirer.

In the early days of credit cards, sales were transacted by using carbon-paper packets that fit into a simple sliding device called a zip-zap machine. The card would be put face-up in the zip-zap, a carbon-paper packet of alternating paper and carbon paper would be placed over it, and the tight-fitting slide would be run over both of them. The pressure of the slide would create an impression of the credit card number on the papers — one for the customer, one for the merchant, one for the merchant’s bank. Today, such transactions are rare; most are handled by electronic card readers that take the card information via its magnetic stripe.

Any financial institution, bank, credit union or company that issues (or causes to be issued) plastic cards to cardholders

A transaction made where the cardholder can present a physical credit card to the merchant. Requires a point of sale device

A unique numerical value calculated from the data encoded on the magnetic stripe of a Mastercard card, validating card information during the authorization process.

A unique value calculated from the data encoded on the magnetic stripe of a VISA card, validating card information during the authorization process.

A technical term for a specific credit card company, such as Visa, Mastercard, American Express, and Discover.

Any financial institution, bank, credit union or company that issues (or causes to be issued) plastic cards to cardholders.

A card member an industry term for an individual to whom a card is issued, or who is authorized to use an issued card. Sometimes spelled cardmember.

The card member agreement provides the terms and conditions of a credit card account. This agreement is required by federal law as a consumer disclosure. It also represents a binding agreement between card issuers and their customers. It must include the annual percentage rate, the monthly minimum payment formula, annual fees and dispute resolution processes. Changes in the cardholder agreement can be made, with written advance notice, at any time by the issuer. Cardholders have the right to cancel their cards if they do not accept such changes in terms, and pay off existing balances under the previous account terms in such instances

A card reader is a device that is capable of reading the encoding or chips in plastic cards. Card readers today are very common at the point of sale. For chip cards, this term refers to the area of a chip-enabled terminal where consumers either insert their card for a contact chip card transaction or tap card to initiate a contactless chip card transaction.

Card-linked loyalty offers are digital coupons from merchants that can be loaded right onto a credit, debit or store loyalty card; the discount is applied when the customer makes a purchase. The offers can be personalized based on a customer’s purchase history.

Credit or debit card transactions in which the merchant does not see or touch the card. Usually conducted online or over the phone. They are considered less secure transactions, since the merchant cannot see the card. Card processors charge higher fees for card-not-present transactions to compensate for the higher fraud risk involved.

Card-not-present fraud is the unauthorized use of credit or debit card information to make transactions in settings without face-to-face contact with a sales clerk who can verify card information. This type of fraud can be conducted over Internet, by phone or by mail.

Credit or debit card transactions conducted face-to-face, in which the card is physically swiped. Card-present transactions are considered more secure than card-not-present transactions, since a merchant can view the buyer, the card and the signature on it.

Card-present fraud occurs when a credit or debit card is used to make an unauthorized transaction in a face-to-face setting, such as a grocery store checkout lane. This type of fraud may involve the use of the actual stolen card or a fraudulent duplicated card made using a card number and magnetic stripe information

Card-present fraud occurs when a credit or debit card is used to make an unauthorized transaction in a face-to-face setting, such as a grocery store checkout lane. This type of fraud may involve the use of the actual stolen card or a fraudulent duplicated card made using a card number and magnetic stripe information.

Carders are the criminals who buy, sell, steal or conspire to hijack another person’s credit or debit card account information.

A cardholder is an individual to whom a card is issued, or who is authorized to use an issued card.

The individual to whom a credit or debit card has been issued or an additional person who is also authorized to use the card.

A cardholder agreement provides the terms and conditions of a credit card account. This agreement is required by federal law as a consumer disclosure. It also represents a binding agreement between card issuers and their customers. It must include the annual percentage rate, the monthly minimum payment formula, annual fees and dispute resolution processes. Changes in the cardholder agreement can be made, with written advance notice, at any time by the issuer. Cardholders have the right to cancel their cards if they do not accept such changes in terms, and pay off existing balances under the previous account terms.

In the credit card world, carding is a term for the activities of carders—thieves who use various means to illegally acquire and use credit or debit card account information for their own gain.

Carding forums are websites used to exchange information and technical savvy about the illicit trade of stolen credit or debit card account information.


1st Party Fraud refers to any fraud committed against a financial institution or merchant by one of its own customers. This is usually done when applying for a product or service to receive more favorable rates, or if they have no intention of meeting their commitments. Another example could be if an individual can make a false claim against an insurer to obtain a payment they are not eligible for.

Second party fraud, or money mules, is where an individual knowingly gives their identity or personal information to another individual to commit fraud. Second party fraud is difficult to detect because the person whose identity being used to commit fraud, has knowingly allowed it to happen. This means the usual characteristics associated with fraud aren't so obvious and are harder to uncover.

An XML-based protocol designed to be an additional security layer for online credit and debit card transactions. A customer identity validation protocol originally developed by Arcot Systems (now CA Technologies) and first deployed by Visa to reduce CNP fraud. Shoppers are required to enter a code provided by their card issuer. Its use shifts fraud liability to the credit card issuer but it's been linked to high bounce rates.

Third party fraud is where an individual, or group of people, use another person’s identity or personal details to open or takeover an account without the consent, or knowledge, of the person whose identity is being used. Third party fraud is a growing trend. One form is manufactured identities (Synthetic Identity Fraud) where an individual creates a new identity from stolen and false information. Up to 50% of third party fraud is seen as part of a fraud ring with activities linked to multiple identifies. Third party fraudsters acquire personal identifiable information and then use the data to take over an identity which is used to establish credit or buying products.

AML or Anti-Money Laundering refers to a set of procedures, laws or regulations designed to stop the practice of generating income through illegal activities. Most anti-money laundering programs focus on the source of funds as opposed to anti-terrorism and similar programs which focus on the destination of funds. Typically anti-money laundering programs are run by the financial institutions to analyze customer data in order to detect suspicious transactions.

Verification system used to verify the address of a person claiming to own a credit card. The system will check the billing address of the credit card provided by the user with the address on file at the credit card company.

A form of payments fraud whereby the fraudster obtains full control over an account and locks the legitimate owner out. Usually done by changing the PIN or password, or changing the statement mailing address.

Fraud protection service to check that the billing address given by the customer matches the one on file with the issuing bank to make sure they are a valid customer.

Application fraud is a type of banking fraud in which a crook uses a person's personal information to apply for a credit card or other bank account in their name. Application is a growing problem for financial institutions across the world. As identity crimes continue to grow, it is increasingly difficult for FIs to determine who they are dealing with in all service channels. These identity crimes are resulting in a number of strategies as FIs make new technology investments to meet both compliance (KYC) and fraud challenges.

Fraud prevention is the implementation of a strategy to detect fraudulent transactions or banking actions and prevent these actions from causing financial and reputational damage to the customer and financial institution.

An illegal activity designed to convert illegal funds into acceptable funds by passing them through accounts and businesses in transactions that hide their origins.

SIM swapping can be described as a form of account takeover fraud. To make the attack work, the cybercriminal will first gather information on the mark, often through trawling the web and searching for every tidbit of data the potential victim may have (over)shared

Synthetic identity theft is a type of fraud in which a criminal combines real and fake information to create a new identity.

Identity & Authentication

The combination of two out of the three authentication factor categories. Two-factor authentication is a subset of multi-factor authentication, and significantly increases security, because each authentication factor requires a different style of attack to compromise.

Adaptive authentication refers to authentication policies that are triggered based on device, user, or location context. Authentication requirements may be determined by static parameters, such as the type of user, their current location, type of device, and so on. It may also be determined using dynamic parameters, in which the system continually analyzes access patterns, and adjusts authentication policies accordingly. For example, a user who only ever logs in from a single location may be blocked if they attempt to log in from a different location.

Adaptive authentication is all about dynamically adjusting login parameters based on unique scenarios. One of the parameters that adaptive authentication can adjust is the requirement for an additional factor of authentication, or step-up authentication. For example, if the system detects an unusual access pattern, it challenges the user for an additional authentication factor (e.g. a code sent via SMS) to establish identity assurance rather than blocking the user altogether.

Authentication is the process of recognizing a user's identity. It is the mechanism of associating an incoming request with a set of identifying credentials.

This refers to three mutually reinforcing categories of authentication schemes: 1. Something you are (e.g. your retina, thumbprint, voice characteristics) 2. Something you have (e.g. a specific device, a fob) 3. Something you know (e.g. a password, a secret code)

An authenticator is the means used to confirm the identity of a user, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. In the simplest case, the authenticator is a common password

The process of determining whether a given identity is allowed to access a given resource or function.

A cloud identity management system is an alternative to traditional directory service systems, which typically manage identity for on-premises monolithic enterprise applications. These often leave cloud services with siloed identity services that must be managed individually, thus complicating lifecycle management.

Consumer authentication is the term used for the devices that are designed to verify that a person making a transaction or any business deal is really the person who is certified to do that action.

Continuous authentication is a process that continually monitors a user’s session with an eye for authentication, and raises authentication challenges whenever there are signals that a user may have changed. Signals can be based on subtle usage patterns, including unique behavioral biometrics such as typing speed, language fingerprints, and mouse movement patterns.

Customer Identity Access Management (CIAM) is a software solution that allows an organization to control customer access to applications; determine customer identity by linking with databases, online profiles, and other available information; and securely capture and manage customer profile information. CIAM supports organizations in conducting targeted marketing, providing seamless authentication for customer support, and gathering business intelligence analytics to better serve customers with new product features and updates.

Digital identity is the electronic equivalent to a real identity, both for people and devices

Digital onboarding is an online process whereby an individual signs up with a company or a government/institutional service in order to later access its products and services. The individual provides their personal data, and if required, a piece of biometric information such as a fingerprint or face scan.

The process of cataloguing employees in a software system. Employee identity management often includes representing the organizational structure of functional groups. Employee identity management requires ongoing maintenance, such as when employees are hired or leave the organization. It also often includes an authentication scheme, such as having the employee set their account password.

In a federated identity system, multiple software systems can share identity data from a larger centralized system. For example, an application for consumers may allow its users to log in using a Google or Facebook account. An enterprise network may use a federated system so that branch offices can manage their own identity system, while connecting systems from each branch through a system at head office. This would allow employees traveling to a different branch office to use the computer systems, but different access policies would likely still apply.

ID verification is an authentication process that compares the identity a person claims to possess with data that proves it.

The process of codifying not only users and groups in a software system, but also what resources they are each able to access and what functions they are each able to perform. IAM addresses authentication, authorization, and access control.

The process of codifying users and groups, as well as the metadata related to each of these entities, such as contact details, location, photo, etc. Includes mechanisms for authentication of these entities.

This is a variant on the concept of Software-as-a-Service (SaaS), indicating that identity management can be outsourced and purchased as a cloud-based service instead of either purchasing the software and operating it in-house or building the functionality from scratch in-house.

A token representing some number of claims, most typically the claim that the holder is authenticated and authorized to access a resource. These tokens are stored in a JSON format with standardized fields for issuer, subject, and expiry. Web applications often employ a refresh token to automatically generate new access tokens indefinitely.

The process of codifying not only users and groups in a software system, but also what resources they are each able to access and what functions they are each able to perform. IAM addresses authentication, authorization, and access control.

This term recognizes that many entities represented in a software system will be at a certain stage in a lifecycle, and their access needs to be managed accordingly. For instance, an employee may start off as a “candidate,” then become a “full employee” with one or more positions over their tenure, and ultimately cease to be an employee and be deprovisioned entirely. Lifecycle management can also apply to other things. For instance, devices may be purchased, provisioned for a particular user, reprovisioned for a different user, and ultimately deprovisioned and sold or discarded.

Lightweight Directory Access Protocol refers to a protocol for interacting with a hierarchical directory service database, particularly for authentication and authorization. However, the term LDAP has also come to represent a wide range of directory system implementations, including OpenLDAP, Apache Directory, and FreeIPA.

Mobile authentication is the verification of a user's identity through the use a mobile device and one or more authentication methods for secure access.

The practice of configuring security policies, monitoring usage and location, and enabling the functionality for provisioning and deprovisioning. This includes remotely wiping data from devices, whether company-owned or employee-owned.

Multi-factor authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.

OAuth is an open standard for allowing delegated access to user information in web applications. OAuth 2.0 is the second major revision to the standard, which completely overhauls the specification. As a result, it is not backwards compatible with OAuth 1.0.

A one-time password or passcode (OTP) is a string of characters or numbers that authenticates a user for a single login attempt or transaction.

OpenID Connect is a RESTful authentication system that uses OAuth 2.0 for authorization. It uses JSON web tokens (JWTs) and effectively provides single sign-on across multiple applications.

A type of brute force password attack whereby a single common password (e.g.: password1) is tried in combination with many usernames, rather than the other way around. Many systems can detect a brute force attack against a single user and will lock the account after a number of failed attempts. By executing a brute force attack along a different axis, the attacker often goes unnoticed.

To authenticate users by means other than a password. This could be one of the two other authentication factor categories (something you are, or something you have) or it may refer to a process by which an email or text containing a secret single-use code authenticates you with no other password required.

The process of establishing an identity and associated access configuration in a software system. An example is when a new user signs up for a service, or a new employee begins at an organization. Provisioning requires establishing a method for subsequent authentication (e.g. receiving user login credentials, choosing a password, etc.).

An application of asymmetric cryptography, where one key is private and the other is public. Asymmetric cryptography means a message encrypted with one key can only be decrypted by the other. The public one is widely distributed, so that anyone wishing to send the owner of the private key a message can do so knowing that only the intended recipient will be able to decrypt it.

This is a standardized protocol used to integrate authentication and authorization functions between multiple systems. It is most often used to gain single sign-on functionality between multiple applications from different vendors. SAML implementations act as an “identity provider,” which handle authentication and authorization on behalf of one or more applications.

SSO enables a user to authenticate to multiple software systems with a single authentication session. A common business application of this is an employee enters their credentials once into a company SSO product and gains access to all their business apps without logging into each app separately. This is particularly helpful if the software systems are within the same organization and managed by the same authority.

SCIM is a standard for modeling identity data through resources such as users and groups. It defines standard operations through a REST-based system for manipulating the resources as JSON objects.

An algorithmically-generated code that is deterministic based on the current date and time and a secret “seed” value. The server knows the seed, and can easily verify that a given code is valid for the current time period. TOTP can significantly increase security because even if a code is intercepted, it is worthless after the time window has passed (usually less than a minute). This makes the logistics of an attack much more difficult. TOTP can be implemented on a simple and inexpensive hardware device or on a smartphone. The seed is installed and is made difficult or impossible to recover or duplicate.

A method of authenticating to an application using a signed cookie containing session state information. A more traditional authentication method is usually used to initially establish user identity, and then a token is generated for re-authentication when the user returns.

U2F is an open standard, whereby a hardware token device can attest the holder’s identity through a challenge and response protocol. The token device is connected via USB or NFC (near-field communication). It is the standard maintained by the FIDO Alliance and is supported by Chrome, Firefox, and Opera.

UAF is an open standard developed by the FIDO Alliance with the goal of enabling a secure passwordless experience for primary authentication, as opposed to a second factor as described in U2F. Under the spec, the user presents a local biometric or PIN and is authenticated into the service. This protocol is not yet embedded in the major browsers, which has limited its adoption.

An evolution of the FIDO U2F and UAF protocols. WebAuthn continues in the FIDO tradition of allowing for using credentials for step up authentication. However, it's biggest innovation is in enabling users to authenticate to services without necessarily needing the user to identify themselves first (through the use of a username and password combination).

Zero Trust is a security framework developed by Forrester Research in 2009 that throws away the idea that we should have a trusted internal network vs an untrusted external network. Rather we should consider all network traffic untrusted. This research has evolved to discuss an Zero Trust Extended Ecosystem that includes the need to secure the workforce through strong identity and access management, along with multi-factor authentication. Forrester has coined the term “next-generation access” to describe this critical component.


The primary electronic network for money movement in the United States; it automates the movement of money between banks.

Fee paid to the acquirer by the cardholder bank for an ATM transaction. These fees are set by the ATM network.

A system to verify a user’s address at varying levels of detail, such as the cardholder’s ZIP code, street address, city or state.

A bank that accepts payments for a payments network. Often the financial institution that provides a merchant account and processes card transactions via POS equipment on behalf of a merchant. The acquirer feeds transaction data into the interchange system. Sometimes referred to as the acquiring bank.

Acquirer processors connect directly with merchants, the network and the acquiring bank, or via a payment gateway, to facilitate payment at the merchant. They provide the technical capabilities to create the system of record to communicate with authorization and settlement entities. In some cases the acquiring bank and acquirer processor are a single entity.

A unique number attached to a card transaction when it is passed from the merchant’s bank to the cardholder's bank. The numbers are used to track transactions and their progress. They can also be called trace IDs because they are most often used to trace where the funds for a transaction are in the process.

An acquiring bank provides merchant accounts that allow a legal entity to accept card payments and works in conjunction with the acquirer processor. In some cases the acquiring bank and acquirer processor are a single entity.

A fee charged by the network to both issuing and acquiring banks in addition to the interchange fee. Assessments are how the networks generate revenue, taking a fee from each bank for every transaction.

Authentication is the process of assuring that a credit card transaction has been initiated by an authorized user of that card. From the merchant’s standpoint, authentication means getting the right information from the consumer, and having it verified by the transaction network. In recent years, authentication has been stepped up by means including security codes on credit cards.

A type of transaction. The process of confirming whether a card is valid, business rules are met, and funds are sufficient, and then placing a temporary hold on those funds.

The process of checking and approving that a cardholder has enough funds in their account for the proposed transaction. A positive check means an authorization code is created and funds are set aside for the proposed transaction.

An authorized transaction is a debit or credit card purchase for which the merchant has received approval from the bank that issued the customer’s payment card. Authorized transactions are a component of the electronic payment process.This involves the cardholder and numerous other entities working together to complete an electronic transaction.

An authorization code is a six-digit number that serves as the record for the credit, debit or stored value card approval.

Every payment card has an available balance that governs its purchasing power; this factors into the authorization process.

The average amount of transactions processed by an organization (merchant, processor, etc.) during a month. Typically expressed in dollars.

For any particular merchant account, the average transaction size. Used for predictions and fee and pricing calculations. Also called Average Selling Price (ASP).

The first four to six digits of a card representing the identification number of the issuing or acquiring bank.

The first digits — typically the first four digits or first six digits — that are found on a card from an issuing or acquiring institution as unique identifiers of that institution.

The first nine digits at the bottom of a personal check which identify the financial institution where the account is located.

One one-hundredth of one percent. Generally referred to as basis points (bps).

One basis point, often referred to with the shorthand “bips”, is equal to 1/100th of one percent of the transaction amount. One percent, therefore, equals 100 bips.

A group of card transactions collected for submitting to settlement to the merchant’s bank account.

Person who receives funds collected by a third party. Sometimes a person sets up an account on behalf of another person. If they want the funds to be settled directly to the beneficiary, the account will need to be changed to complete KYC checks on the beneficiary and verify their bank information.

The process of finalizing authorizations and the initiation of funds transfers by a merchant.

A card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected. It is most commonly used for payments made over Internet, but also mail-order transactions by mail or fax, or over the telephone.

Abandonment rate as a marketing metric helps marketers to understand website user behavior. Specifically, abandonment rate is defined as "the percentage of shopping carts that are abandoned" prior to the completion of the purchase.

A “chargeback” is a dispute of a specific transaction.

Chargeback is a return of money to a payer. Most commonly the payer is a consumer. The chargeback reverses a money transfer from the consumer's bank account, line of credit, or credit card. The chargeback is ordered by the bank that issued the consumer's payment card

The process of exchanging financial transaction details (but not actual funds) to facilitate the posting of that transaction to a cardholder’s account and reconciling an issuing bank’s settlement position.

The process of exchanging financial transaction details (but not actual funds) to facilitate the posting of that transaction to a cardholder’s account and reconciling an issuing bank’s settlement position.

In a closed-loop payment system, funds can only be used at a defined set of locations or merchants.

The distribution of funds once a transaction has been approved. Includes the process to get the various fees to the stakeholders along the way.

Also referred to as the add on rate, the discount rate refers to the interest that the acquiring bank adds on top of the interchange fee and assesses to the merchant. The discount rate is generally tiered and falls in the range of 40-50 basis points though can be as low as 20-30 basis points.

The electronic equivalent of a paper check.

The name of EMV comes from the Card companies that developed it: Europay, Mastercard, Visa. EMV is an industry standard covers the interaction at the physical, electrical, data and application levels between Chip cards and Chip card processing devices for financial transactions.

Buying and selling goods and services online.

Method for consumers to pay bills using PCs, smartphones or other devices to send electronic instructions to withdraw funds from accounts and pay merchants.

A system that captures transaction information off a paper check and converts it into an electronic item processed through check clearing without the need for a paper check or via ACH. Now available to consumers via smartphone apps and some banking institutions.

The electronic transfer of funds between two bank accounts, using electronic means rather than paper methods. Includes ACH, wire transfers, payroll deposits and any other fund transfer made completely electronically.

Payment programs built for business-to-business applications (for example, for expense payment).

A commonly-available chip-based standard for smart payment cards using chip and pin systems for card present transactions. Designed to combat fraud by making cards much harder to counterfeit.

“For benefit of” (FBO) funds are held in an issuer bank account for stored value card programs.

Charges assessed by one entity to another.

Funds in a GPA are “open-loop” funds that can be used at any merchant, subject to authorization controls. Most Visa and Mastercard accounts access GPA funds.

A GPA Order refers to the direction of funds into a user’s general-purpose account (GPA).

Special purpose software platform that provides an interface between merchants and acquiring institutions.

An organization or system initiating transactions between merchants and the acquiring firms. Often provides additional fraud, identity, and reporting functions as well as equipment and software to process transactions.

Refers to an operation that has no additional effect if it is called more than once with the same input parameters; in the payment world, idempotency is important because it prevents requests from being processed repeatedly in the case of multiple, inadvertent submissions.

Also known as a substitute check. An electronic image of the original paper check that conforms to the requirements set forth by the Check Clearing for the 21st Century Act (Check 21). Because of Check 21, IRDs act as the legal equivalent of the original paper check and enable financial institutions to settle check transactions.

ISOs sell merchant accounts from other processors – they are usually purely sales and support organizations.

A method for online retailers to automatically track purchases and other server-to-server communication in real time.

The domestic and international systems operated by VISA and Mastercard for authorization, settlement and the passing through of interchange and other fees, as well as other monetary and non-monetary information related to bankcard activities.

Payment networks like Visa and Mastercard determine the interchange fee for processing payment cards transactions. Interchange fees are typically paid by the merchant’s bank (the acquirer) to the customer’s bank (the issuing bank). In the United States, interchange fees average between one and two percent of the transaction (200 bips).

A fee specified by card associations that is paid by the acquirer to the issuing bank for each credit or debit card transaction to cover transaction costs. The acquirer passes this fee to merchants, in addition to any other fees charged for processing credit or debit card transactions. The fee depends on a number of variables, such as card type, business type, card acceptance method, settlement or batch timeframe, information submitted with the transaction, and more. Fees usually range between 1-3%.

Connects directly with the networks and issuing bank to provide the system of record, manage issuance of cards, authorize transactions and communicate with settlement entities.

The issuing bank enters into a relationship with the cardholder, and enables cards on a given network. The issuing bank fills three primary roles in payment processing: it is a “network sponsor,” which means it can issue cards on a given network; it is a holder of prepaid funds (for example, for gift cards and other non-credit cards); and it is a “settlement point,” managing a consumer’s card account and paying out to the merchant's account after a purchase.

The bank that holds the customer’s credit or debit card account and settles funds to the acquiring bank for payment to the merchant. The issuing bank bills the cardholder for transactions at a later date, typically monthly.

To comply with regulatory requirements and as a protection against fraud, issuer processors can run a “know your customer verification” to verify the identity of potential cardholders.

The compliance process of confirming the identity of a merchant or customer. Most commonly refers to government, bank, and card network requirements to verify identity to prevent fraud, identity theft, money laundering, and terrorist financing.

The term “ledger balance” refers to the amount of spendable funds.

A merchant simply refers to any business that accepts card-based payments via a physical swipe (at the POS in the real world), by entering payment data manually or via a virtual swipe online.

Another term for the acquirer or acquiring bank.

The contract between merchant and acquiring bank listing legal warranties, rights and responsibilities.

A unique number to identify each merchant to everyone else in the processing chain for accounting and billing purposes.

Refers to funds allocated by merchants to power rewards programs (and accounts) that promote their brands (and partners’ brands) and to encourage brand loyalty.

A bank account from an acquiring bank that allows a merchant to accept credit, debit and other payment types.

Method used to pay for a transaction - for example, check, direct debit, credit card, ACH, debit card, cash and more.

A mobile device, either stand-alone or for use with a tablet or smartphone, combined with software or an app to allow mobile card reading and transaction processing.

The aim of a mobile wallet is to replace conventional wallets with a mobile device. A wide range of applications can be stored in the wallet: cash, cards, ID documents, driver’s licenses, coupons, access authorizations, keys, and much more.

Every US state has a regulatory body overseeing money transmission. Many (but not all) states require institutions that handle payments to become registered money transmitters and procure a license to operate in their state.

The National Automated Clearing House Association, NACHA is a not-for-profit organization that manages and governs the ACH Network, the backbone for the electronic movement of money and financial data in the United States. NACHA represents nearly 11,000 financial institutions across the United States.

Near Field Communication (NFC) is an international transmission standard for contactless exchange of data via radio technology for short distances of a few centimeters and a data transfer rate of up to 424 kBit/s. So far, this technique has mainly been used in solutions for micropayments – cashless small-value payments.

Provides oversight and management for the ACH.

A form of communication used mostly in smartphones or other handheld devices for payments that allows devices to communicate with a payment terminal to complete transactions.

The final (net) effect of a series of payment transactions involving customers of two or more banks.

Fees charged for payment transactions by the card networks that are included in interchange fees.

A financial institution that does not offer banking services.

The ODFI functions as the interface between the ACH network and the originator of the transaction, confirming that transactions comply with the rules.

To combat fraud, many processors generate one time use virtual card numbers good for only one transaction (the number then becomes inactive).

The institution that initiates a wire transfer or ACH payment.

Any institution or person initiating a debit or credit transaction through ACH.

A common term used to indicate that a particular organization meets the Payment Card Industry Data Security Standard (PCI DSS) requirements. Failure to meet PCI compliance can mean penalties or the suspension of the ability to make card transactions.

A procedure to validate cardholder identity by comparing the PIN to a card account.

The actual device at a point of sale (POS) that conducts a transaction and is used to gather and forward the transaction details.

The person/business/organization that receives a payment.

A proprietary information security standard for the payment card industry. A requirement for merchants and payment processors to meet security requirements that are used extensively across almost all card systems for security

The credit, debit, prepaid and other payment card businesses. Also refers to the requirements that they have set out that provide security management, policies, procedures, network architecture, software design and more.

Provides online services for accepting electronic payments by a variety of payment methods including credit card, direct debit, bank transfer, and others.

Occurs when two users transfer funds between two different accounts (also known as “peer transfers”).

A pending credit is unavailable for use by the card or accountholder and does not affect purchasing power; typically, a pending credit results when an ACH load that has been accepted but the funding hasn’t yet cleared.

The point of sale, or POS, is the location in a merchant’s establishment at which the sale is consummated by payment for goods or services received. It is also where many retailers offer their store’s credit card applications to consumers.

Debit card that is acquired with a balance already associated with it. Prepaid cards allow the cardholder to spend up to the amount deposited into the prepaid card account.

A card that is accepted by only one merchant.

Businesses that manage a card program on behalf of the issuing bank. The Program Manager is responsible for defining the program, marketing to consumers and merchants, operating the program, and managing its profitability. The program manager typically is responsible for establishing relationships with processors, banks, payment networks and distributors and for establishing pooled account(s) at banks.

The corollary to the ODFI, the RDFI receives the ACH transaction from an operator and credits or debits funds from their appropriate accounts.

A code used to provide additional information about a transaction and (typically) a rejection or change in status. Information covered could include a chargeback, subsequent presentment, fee collection, funds disbursement, or request for a source document.

An organization or person that authorizes the originator to initiate an ACH transaction, either as a debit or credit to an account.

Manages ACH transactions by taking credits or debits from relevant parties.

An accounting process to compare two sets of records to ensure the figures are in agreement and are accurate. Reconciliation is the key method for determining whether the incoming or outgoing funds in an account match the amount spent/returned and that the two values are balanced at the end of a given recording period.

The process through which incoming and outgoing funds and transactions are matched up.


It's the third generation of mobile phone cards that allow to mobile phone high-speed data access, voice communication as well a visio-commucation.

Automatic Device Configuration Automatically triggered download and configuration of appropriate settings and data Over-the-Air to a specific handset or terminal.

Automatic Device Detection Method for automatically pairing a mobile subscription identifier (IMSI/MSISDN) with terminal identifier (IMEI). When a new pairing is detected, this may trigger an ADC.

API is the short name of Application Programming Interface. It's a language and message format used by an application program to communicate with the operating system such as a database management system.

API is the short name of Application Programming Interface. It's a language and message format used by an application program to communicate with the operating system such as a database management system.

Application programming interfaces (APIs) have unique authentication challenges because the user is typically another software system rather than a person.The API Access Management system provides functionality to assist with this challenge by ensuring that API services are well-integrated with the rest of the user management system.

ATM - Automated Teller Machine, a self service terminal for the secure dispensing of cash without the assistance of bank staff.

Maximum quantity in percent of banknotes not rejected by a banknote scanning system. Crucial to the acceptance rate are the machine-readable features for determining value and authenticity of the banknotes.

This uses a challenge/response mechanism based in public key cryptography and any digital signatures. It provides proof that the document is not copied and refers to the correct IC.

Animated matt effects on holograms that are aligned in such a way so as to make pumping or running effects visible.

Applet is formed from the words 'application' and 'snippet' and refers to: a Java program (Java applet) running in a Web browser – a computer program that is not operated as an independent application (widget).

Banknote papers are enhanced by the addition of security foil elements and printed effects.

The current trend of moving away from monolithic enterprise IT systems toward a system of of smaller applications from multiple vendors, which are integrated using open APIs and standards. This allows vendors to focus on a specialized niche, and enterprise customers to have more flexibility in choosing their functionality

Special deposit terminal stacker, in which banknotes suspected of being counterfeit can be stored separately.

Authentication is the process of proving that a banknote or security document is genuine by checking the watermark or by feeling the intaglio embossing of a banknote.

The condition of a security element of a banknote or security document being genuine or of an ID document being unaltered.

The authenticity of banknotes can basically be established in two ways: 1. With the human senses, like sight and touch (so-called “human feature”) 2. With the aid of tools, such as: a) Sensors b) Magnifying glass, UV light, ruler c) With forensic materials, e.g. high-tech laboratory equipment (electron microscope, AAS, NMR, ESR, etc.)

Bearer Independent Protocol, a way of delivering Short Messages to a mobile phone over an IP network.

Abbreviation of “banknote”

Short for "Buyer Supplied Detector".

Paper strip that holds a banknote package together. The band can be printed with the origin and processing data so that the depositor can be traced if there are any discrepancies.

Tool for analyzing measured banknote properties.

Five or ten bundled banknote packages (straps)

100 banded banknotes (strap)

Designed for the secure and (completely) automated packing of banknotes; available as an online or offline system.

The banknote substrate is a special paper produced on a cylinder mould paper machine and usually made of 100% cotton.

Banknote substrate based on various materials such as cotton, polymer or a combination of the two (so-called hybrid substrates).

Punch to cancel banknotes that are no longer fit for circulation (unfit banknotes). Two variants are offered: BanknoteCanceler 40 M, with manual feeding and BanknoteCanceler 40 A, with automatic feeding.

Scanner to record a barcode, for example, on the header cards.

This uses challenge/response mechanisms based on triple DES recommendations. It has the advantage of preventing skimming and eavesdropping via a secure communication.

Refers to type of a zero trust security model that focuses on individual users and devices instead of network perimeters. BeyondCorp is guided by the principles of perimeterless design, context-awareness, and contextual access management.

A security foil element that can be distinguished by having two different metals (e.g. aluminum and gold) placed next to one another.

Completed European research project to increase smart card security for future electronic ID documents valid throughout the EU.

Measurable, distinct physical characteristic or personal trait that can be used to recognise the identity or verify the claimed identity of an enrolled person.

Biometrics is a technology that uses the physical characteristics of an individual to enhance security. E.g. Fingerprint, Iris, Face. Biometrics can replace the use of traditional methods of identity authentication such as passwords and security questions.

Biometric is a technology who help to enhance the security. It can be use for smart cards, in company to verify entrances and exits or to protect a computer. The biometric technology will replace the use of the passwords and up the level of security by insuring the real indentity of the user. For example, the biometric technology use the fingerprint or the iris to reveal the indentity.

Bluetooth is a transmission specification for digital data exchange between 2 or more devices over short-range radio wawes. This data can be documents, pictures, videos or voices.

The process in which an OMA DM account is set up for the very first time or when re-installing a missing OMA DM account. The process by which an un-configured device is taken from its initial state to a configured state.

A description of a communication channel that can support large amounts of data at relatively high speeds. Broadband networks normally combine voice, data, and multimedia.

A method of attack whereby an attacker systematically attempts all possible combinations of inputs, usually by automating the process with a script.

The Card Application Management System controls all functions in the lifecycle of a card, from production, programming, personalization, and issuing of the card through the continuous maintenance of data and applications during the service life to disabling it if it is lost or no longer valid.

Abbreviation for “Controller Area Network”: Real-time computer network for the internal control of BPS® machines. Contrary to LAN, the arbitration and collision avoidance behave in a deterministic way and do not reduce the possible data rate.

Charging Data Record, also Call Detail Record Records generated from traffic events in a telecommunications network that can form input to billing post processing.

Common term for devices that are based on smart card technology. SIM card has become the de facto way of referring to Smart Cards used for cellular telephony networks.

An electrical and mechanical device of simple construction that can receive a smart card and make electric contact with them. In contrast to terminals, card readers have no display or keypad. Despite the name, card readers can usually also be used to write data onto the card.

(Central) processing center for large volumes of cash

Describes the various typical stages in the lifecycle of cash – from manufacture through usage and processing to destruction.

Management and control of cash in circulation.

Recycling means that banks and cash-in-transit companies can pay out banknotes that have been checked for authenticity and sorted for fitness without any additional checks by the central bank (sometimes also referred to as "recirculation").

Cash deposit machine

The chip card is a plastic card who integrates a computer chip. With this chip, the performances of the card are better than the magstipe card like a higher memory capacity and a better security of the data. Chip card is also known as smart card or memory card.

Description of the lifecycle of banknotes starting with their issue and ending with their destruction.

Policy adopted by central banks to maintain the high quality of circulating banknotes, especially in terms of cleanliness.

Is a negative text in which the text elements become legible when looked through. The nontransparent part is normally generated by means of metallization.

See ColourShift.

Security element featuring an optical surface divided into two sections. The ColourShift section changes color dramatically when tilted while the ColourFix section retains its original color. At a particular angle, the ColourShift and ColourFix sections are the same color, but then change color when viewed at a different angle

Cash center management software that automates the procedures in the cash center.

A card that transfers power and data between the chip on the card and the card reader via an electrical terminal consisting of six to eight gold-plated contacts.

The contacless card is a card that uses the radio frequencies to transfer data to a contacless reader. The range of transmission is short (some inchs). The advantages of this technology insure a better and a faster transaction to the reader than a contact-based card.

Tools for remote access to configuration and data management, includes Banknote Analyzer and Live Viewer.

Holographic LEAD stripes on banknotes with copper metallization.

Raw material used for making banknote paper. Cotton is a natural fiber that is extracted from the seed hairs of the cotton plant. The textiles industry primarily uses long cotton fibers to produce high-quality materials. The short fibers that the textiles industry disposes of are used for the production of banknote paper.

If one or more features on the system cannot be measured correctly, the banknote is suspected to be counterfeit. The manual inspection operator must establish whether the note really is counterfeit or not.

Security threads that alternately depict a text element (usually the name of the country) and the country’s flag. CountryCode threads are completely embedded in the security paper, e.g. for passports.

The process of turning readable text into cipher text and back again.

Industry term: Cyclic Elementary File Or: cyclic file. Included in the SIM card file system.

Also known as a genuine or multitone watermark. This is characterized by a high imaging accuracy and is able to represent the mapping of motifs in tone value, e.g as preferred for mapping portraits in banknote paper.

Mobile shredder disposal unit banknote shreds.

Dedicated File Included in the SIM card file system. DF constitutes headers that hold hierarchical trees of elementary files on the SIM card, but do not have data of their own. This is most simply visualized as a directory in a file system

Data Over Voice, data transmission technique that allows simultaneous transmission of data as sounds and speech via a telephone line, since the data sounds are outside of the speech band and are also not audible to the human ear.

Short for "Dual Supply Bander".

Dynamic SIM Application Toolkit

Refers to an incident whereby data is accessed by an unauthorized individual or software system.

Includes technology, people, and process considerations — all of which work together to protect an organization. From a technology perspective, this includes well-maintained user authentication and authorization configuration, systems that scan and block network activity in real time based on content filtering policies, or “circuit breakers” that detect potential exfiltration based on an abnormally high outbound data rate.

This uses a symmetric or asymmetric encryption method and is able to protect sensitive data.

Bank card that can be used to make cashless payment or withdraw money from ATMs. Unlike credit cards, the current account of the cardholder will be charged (debited) immediately after the purchase or within a few days.

Production process in which text or design elements are removed from a metallic layer so that they are legible in transmitted light. Used for security threads and security stripes (LEAD) in banknotes.

Individual value in a series of banknotes. For example, the euro comes in seven denominations: 5, 10, 20, 50, 100, 200, and 500 euros

The process of removing access for a particular user from software systems. For example, when an employee leaves the organization, their user profile must be deprovisioned. Deprovisioning is generally more complicated than simply deleting the account, because it’s often desirable to retain and accurately attribute the user’s previous contributions, so the account must remain in some type of disabled state.

Device is a generic word denoting hardware. Device can be a SIM, SD Card, Personal Digital Assistant, cell phone, smart phone, mobile terminal, mobile handset, machine-2-machine module, or USB-data module with mobile radio

Device is a generic word denoting hardware. Device can be a SIM, SD Card, Personal Digital Assistant, cell phone, smart phone, mobile terminal, mobile handset, machine-2-machine module, or USB-data module with mobile radio

The Device Management is a set of technology that optimize the functionality and the security of a mobile communication. The management is supported by the Over-The-Air technology who allows to communicate with all the mobile devices such as mobile phones, smartphones, tablet computers, mobile printers, etc.

The Device Management is a set of technology that optimize the functionality and the security of a mobile communication. The management is supported by the Over-The-Air technology who allows to communicate with all the mobile devices such as mobile phones, smartphones, tablet computers, mobile printers, etc.

M2M is an abbreviation for Machine-To-Machine. It consists of a communication between to machines wirelessly. M2M is used in a lot of sector like robotics, road traffic control, security systems, cars and more.

A dual-interface card is a chip card that has both a contact and a contactless interface for data transmission from and to the card. Also known as a combi card.

Semi-automated border control system, which significantly reduces passenger waiting times upon arrival. Supported by biometrics, this border control process is designed around electronic passports. The system verifies the authenticity of the passport using optical and electronic security features.

Processing national administration activities and delivering services via the Internet, e-mail, and other digital communication technologies.

An electronic passport with a contactless chip and an antenna embedded in it.

Elementary file Included in the SIM card file system. EF has both a header and a body, and comes in three flavors; Transparent EF, Linear fixed EF and Cyclic EF. See also: Transparent EF, Linear fixed EF and Cyclic EF.

The name of EMV comes from the Card companies that developed it: Europay, Mastercard, and Visa. EMV is an industry standard covers the interaction at the physical, electrical, data and application levels between Chip cards and Chip card processing devices for financial transactions.

Chip-based payment card that complies with the EMV standard.

Global industry standard for chip-based credit and debit cards. The specification is issued by EMVCo, whose current members include Mastercard, Visa, and JCB (Japan Credit Bureau).

Short for “Euro Test mark.” Voluntary certification of technical products by the German Social Accident Insurance (DGUV) body and other European test bodies under the Device and Product Safety Act (GPSG) and EU conformity directives. The GS mark based on similar criteria is not recognized in all European countries.

The electrical conductivity of security elements can be measured with sensors and serves as a machine-readable authentication feature.

Microprocessor smart card containing a photograph and emergency data in addition to the personal details of the patient. Additional applications, such as documenting medication, are also possible.

Electronic purses (or Intersector Electronic Purses/IEP) enable cashless offline payment of small amounts of money by means of smart cards and usually without the need for a PIN. They were introduced in 1995, when chips were attached to payment cards in addition to the magnetic strip. Electronic purses can be applied to all plastic cards with suitable chips.

Security elements embedded in the paper during the paper production process. These security elements are considered to be especially secure since they are completely integrated in the paper and cannot be removed or added retroactively without destroying the paper, e.g. watermarks, security threads, security fibers, etc

See Hologram embossing.

Banknotes are stored temporarily in the escrow after being fed into the payment terminal. If the depositor decides to cancel the deposit, the banknotes can then be returned

Uses an additional symmetric key or asymmetric key pair to prevent unauthorized skimming and access to sensitive data and provides additional key management


A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router).

The term originates from the drug dealing world, and is used to describe inexpensive mobile phones designed for temporary use.

A card not present transaction (CNP, MO/TO, Mail Order / Telephone Order, MOTOEC) is a payment card transaction made where the cardholder does not or cannot physically present the card for a merchant's visual examination at the time that an order is given and payment effected. It is most commonly used for payments made over Internet, but also mail-order transactions by mail or fax, or over the telephone.

A telephone service used to conceal the identity of the outbound caller's telephone number or Caller ID data.

A dedicated IP address is defined as an exclusive Internet address which is exclusively and completely assigned to a distinct hosting account.

Device cloning is the practice of producing an accurate copy of any application driver. The term can be used to indicate a body, software design or an application that has roles and behavior related to another body or application driver, however, it does not comprise the real source code of body or the apprehensive program.

A device ID or device identification is a unique number related to a cell phone or to the handheld device itself

Encryption is the process of encoding a message or information in such a way that only authorized parties can access it and those who are not authorized cannot.

GSM is a digital mobile telephony system that is used as based in a lot countries in the world, specially in Europe. GSM can be consider as the 2G, the ancestor of the 3G. The GSM phones consist of two physically separate units - the cell phone as the communication unit and the participant card as the memory unit.

ISP monitoring is the practice through which ISPs record information about your online connections and activities. That means that everything from your search history to your email conversations are monitored and logged by your Internet service provider.

A PIN, or personal identification number, is a series of digits used to verify the identity of the user. The PIN is a kind of password. Consumers often may choose whether to authorize a transaction by a PIN.

It is the process of identifying if a number used by a user is valid or not, as well as if a phone number being used is the phone number of the person trying to use it. Phone number verification is used in different forms of multi-factor authentication

SIM is the short name of Subscriber Identity Module. SIMs are small smart cards that are used in all the cellphones. A SIM contains a lot of personalized data of the subscriber like the user identity, phone number, contact, etc. A SIM is not linked to a cellphone so consumers can easily put out the SIM of their phone and put in to an other phone and keep their data.

Short Message Service (SMS), or texting, is used to send text messages via cell phone. However, it can also be used as a payment technology on cell phones or for authenticating payment initiation.

Electronic Subscriber Identity Module – individual subscriber or machine data and/or software profile that is downloaded over the mobile network via subscription management onto a SIM or eUICC to allow secure identification and authentication on the (mobile) network; the data that is downloaded is the result of a data generation process in the high-security area of the eSIM provider.