Financial Services Information Security Definitions

  • A

    anti-money laundering software (AML)

    Anti-laundering software is a type of computer program used by financial institutions to analyze customer data and detect suspicious transactions... (Continued)

  • B

    Bank Secrecy Act (BSA)

    The Bank Secrecy Act (BSA), also known as the Currency and Foreign Transactions Reporting Act, is legislation passed by the United States Congress in 1970 that requires U.S. financial institutions to collaborate with the U.S. government in cases of suspected money laundering and fraud.

  • Big 4 (Final 4)

    The Big 4, also known as the Final 4, are the four largest international accounting and professional services firms.

  • C

    card verification value (CVV)

    Card verification value (CVV) is a combination of features used in credit, debit and automated teller machine (ATM) cards for the purpose of establishing the owner's identity and minimizing the risk of fraud... (Continued)

  • CISP-PCI (Cardholder Information Security Program - Payment Card Industry Data Security Standard)

    CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit card companies for the purpose of ensuring and enhancing the privacy and security of financial data... (Continued)

  • Common Vulnerabilities and Exposures (CVE)

    Common Vulnerabilities and Exposures (CVE) provides unique identifiers for publicly known security threats.

  • corporate governance

    Corporate governance is the combination of rules, processes or laws by which businesses are operated, regulated or controlled.

  • CTCI (Computer-to-computer interface)

    Computer-to-computer interface (CTCI) is a digital communications protocol that allows customers of the NASDAQ (National Association of Securities Dealers Automated Quotations) to conduct business in the options market... (Continued)

  • D

    Dodd-Frank Act

    The Dodd-Frank Act (fully known as the Dodd-Frank Wall Street Reform and Consumer Protection Act) is a United States federal law that places regulation of the financial industry in the hands of the government.

  • DROP (delivery of real-time execution information protocol)

    DROP (delivery of real-time execution information protocol) is a feature of various NASDAQ (National Association of Securities Dealers Automated Quotations) protocols that allows a subscriber to continuously view vital information about trades including the date and time, the participants (by symbol or icon), order identification data, condensed descriptions, the exchange prices and relevant commissions... (Continued)

  • E

    eavesdropping

    Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message, videoconference or fax transmission.

  • electronic discovery (e-discovery or ediscovery)

    Electronic discovery (also called e-discovery or ediscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case.

  • F

    FACTA (Fair and Accurate Credit Transactions Act)

    FACTA (Fair and Accurate Credit Transactions Act) is an amendment to FCRA (Fair Credit Reporting Act ) that was added, primarily, to protect consumers from identity theft... (Continued)

  • FCRA (Fair Credit Reporting Act)

    FCRA (Fair Credit Reporting Act) is a United States Law that regulates how consumer credit information is collected, used and shared... (Continued)

  • Federal Deposit Insurance Corporation (FDIC)

    The Federal Deposit Insurance Corporation (FDIC) is an independent agency of the United States (U.S.) federal government that preserves public confidence in the banking system by insuring deposits... (Continued)

  • Federal Rules of Civil Procedure (FRCP)

    The Federal Rules of Civil Procedure (FRCP) are rules that specify procedures for civil legal suits within United States federal courts... (Continued)

  • FFIEC compliance (Federal Financial Institutions Examination Council)

    FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC)... (Continued)

  • Financial Crimes Enforcement Network (FinCEN)

    Financial Crimes Enforcement Network (FinCEN) is a bureau of the United States Department of the Treasury. FinCEN was established in 1990 to safeguard financial systems from abuse by promoting transparency in the U.S. and international financial systems.

  • FIX protocol (Financial Information Exchange protocol)

    The Financial Information Exchange (FIX) protocol is an open specification intended to streamline electronic communications in the financial securities industry... (Continued)

  • G

    Governance, Risk and Compliance (GRC)

    Governance, risk and compliance (GRC) is a combined area of focus developed to cover an organization's strategy to handle any interdependencies between the three components.

  • I

    ITCH

    ITCH is a direct data-feed interface that allows customers of the NASDAQ (National Association of Securities Dealers Automated Quotations) to observe or disseminate information about stock trading activities... (Continued)

  • N

    NASDAQ (National Association of Securities Dealers Automated Quotations)

    The NASDAQ is the largest electronic securities exchange in the United States.

  • National Automated Clearing House Association (NACHA)

    The National Automated Clearing House Association (NACHA) is a not-for-profit trade association that develops operating rules and business practices for the nationwide network of automated clearing houses (ACHs) and for other areas of electronic payments.

  • O

    OTTO protocol (OUCH To Trade Options)

    OTTO (OUCH To Trade Options) is a digital communications protocol that allows customers of the NASDAQ (National Association of Securities Dealers Automated Quotations) to conduct business in the options market... (Continued)

  • OUCH protocol

    OUCH is a digital communications protocol that allows customers of the NASDAQ (National Association of Securities Dealers Automated Quotations) to conduct business in the options market... (Continued)

  • P

    PAN truncation (primary account number)

    PAN (primary account number) truncation is a technology that prevents most of the digits in a credit card, debit card or bank account number from appearing on printed receipts issued to customers... (Continued)

  • password cracker

    A password cracker is an application program that is used to identify an unknown or forgotten password to a computer or network resources.

  • PCI DSS (Payment Card Industry Data Security Standard)

    The Payment Card Industry Data Security Standard (PCI DSS) is a widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information... (Continued)

  • personally identifiable financial information (PIFI)

    Personally identifiable financial information (PIFI) is any type of personally identifiable information (PII) that is linked to that person's finances.

  • personally identifiable information (PII)

    Personally identifiable information (PII) is any data that could potentially identify a specific individual.

  • Podcast: What is FFIEC compliance?

    In this WhatIs.com podcast, you'll learn about this attempt to modernize existing banking practices in the context of new online threats like phishing. To learn more about FFIEC compliance, Assistant Site Editor Alex Howard interviewed Patrick Audley, the CTO of risk adaptive software provider Cogneto.

  • Q

    QIX (NASDAQ Information Exchange protocol)

    QIX (NASDAQ Information Exchange protocol) is a proprietary specification intended to streamline automated trading in the financial industry... (Continued)

  • R

    RASHport (Routing and Special Handling)

    RASHport, also called RASH (Routing and Special Handling), is a digital communications protocol that allows customers of the NASDAQ (National Association of Securities Dealers Automated Quotations) to conduct business in the options market... (Continued)

  • Real ID

    Real ID is a driver's license that complies with standards mandated by the United States Real ID Act of 2005. (Continued...)

  • Red Flags Rule (RFR)

    The Red Flags Rule (RFR) is a set of United States federal regulations that require certain businesses and organizations to develop and implement documented plans to protect consumers from identity theft.

  • remote deposit capture (RDC)

    Remote deposit capture (RDC) is a system that allows a customer to scan checks remotely and transmit the check images to a bank for deposit, usually via an encrypted Internet connection. When the bank receives a check image from the customer, it posts the deposit to the customer's account and makes the funds available based upon the customer's particular availability schedule.

  • S

    Secure Electronic Transaction (SET)

    Secure Electronic Transaction (SET) is a system for ensuring the security of financial transactions on the Internet.

  • Securities and Exchange Commission (SEC)

    The Securities and Exchange Commission (SEC) is a U.S. government agency that oversees securities transactions, activities of financial professionals and mutual fund trading to prevent fraud and intentional deception... (Continued)

  • Shared Assessments Program

    Shared Assessments is a third party risk membership program that provides organizations with a way to obtain a detailed report about a service provider's controls (people, process and procedures) and a procedure for verifying that the information in the report is accurate.

  • SOX Section 404 (Sarbanes-Oxley Act Section 404)

    SOX Section 404 (Sarbanes-Oxley Act Section 404) mandates that all publicly-traded companies must establish internal controls and procedures for financial reporting... (Continued)

  • subpoena

    A subpoena is a command issued by a court in which a person or corporation is required to physically appear before, or produce specific evidence to, that court... (Continued)

  • Suspicious Activity Report (SAR)

    A Suspicious Activity Report (SAR) is a document that financial institutions must file with the Financial Crimes Enforcement Network (FinCEN) following a suspected incident of money laundering or fraud.

  • V

    virtual asset

    A virtual asset is a representation of currency in some environment or situation, such as a video game or a financial trading simulation exercise... (Continued)

  • VOIPSA (Voice over IP Security Alliance)

    VOIPSA (Voice over IP Security Alliance) is a cross-industry coalition of individuals and organizations from the security and VoIP communications sectors.

  • W

    wiretap Trojan

    A wiretap Trojan is a program that surreptitiously records VoIP calls.

-ADS BY GOOGLE

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

ComputerWeekly.com

Close