Home LinkBooklets LinkResources LinkPresentations LinkBackground Image
Background Image
Background Image
Background Image
FFIEC Information Technology
Examination Handbook
Glossary

 

 

 Go to top of page
Start of P Words
  

P2P
Peer-to-peer communication, the communications that travel from one user’s computer to another user’s computer without being stored for later access on a server. E-mail is not a P2P communication since it travels from the sender to a server, and is retrieved by the recipient from the server. On-line chat, however, is a P2P communication since messages travel directly from one user to another.

Pandemic
An epidemic or infectious disease that can have a worldwide impact.

Passwords
A secret sequence of characters that is used as a means of authentication.

Patch
Software code that replaces or updates other code. Frequently patches are used to correct security flaws.

Paying Bank
A paying bank is the institution where a check is payable and to which it is sent for payment.

Payment
A transfer of value.

Payment System
The mechanisms, rules, institutions, people, markets, and agreements that make the exchange of payments possible.

Payments System Risk policy (PSR)
The Federal Reserve’s Payments System Risk (PSR) policy addressing the risks that payment systems present to the Federal Reserve Banks, the banking system, and to other sectors of the economy.

PBX
1) Acronym for private branch exchange. A telephone system within an enterprise that switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines. 2) Private branch exchange. A telephone system within an enterprise that switches calls between enterprise users on local lines while allowing all users to share a certain number of external phone lines.

PBX
PBX is an acronym for private branch exchange.

Penetration Test
The process of using approved, qualified personnel to conduct real-world attacks against a system so as to identify and correct security weaknesses before they are discovered and exploited by others.

Permanent Virtual Circuit (PVC)
PVC is a pathway through a network that is predefined and maintained by the end systems and nodes along the circuit, but the actual pathway through the network may change due to routing problems. The PVC is a fixed circuit that is defined in advance by the public network carrier. Refer to switched virtual circuit for an additional virtual circuit option.

Personal Digital Assistant (PDA)
A pocket-sized, special-purpose personal computer that lacks a conventional keyboard.

Person-to-person (P2P) Payment
On-line payments using electronic mail messages to invoke a transfer of value between the parties over existing proprietary networks as on-us transactions.

Phase
A project segment.

PKI
Abbreviation for “public key infrastructure.” The use of public key cryptography in which each customer has a key pair (i.e., a unique electronic value called a public key and a mathematically-related private key). The private key is used to encrypt (sign) a message that can only be decrypted by the corresponding public key or to decrypt a message previously encrypted with the public key. The public key is used to decrypt a message previously encrypted (signed) using an individual's private key or to encrypt a message so that it can only be decrypted (read) using the intended recipient’s private key. See Encryption.

Platform
The underlying computer system on which applications programs run. A platform consists of an operating system, the computer system's coordinating program, which in turn is built on the instruction set for a processor or microprocessor, and the hardware that performs logic operations and manages data movement in the computer.

POD
Proof of deposit. The verification of the dollar amount written on a negotiable instrument being deposited.

Point-of-sale (POS) Network
A network of institutions, debit cardholders, and merchants that permit consumers to make direct payment electronically at the place of purchase. The funds are withdrawn from the account of the cardholder.

Pop-up Box
A dialog box that automatically appears when a person accesses a webpage.

Port
Either an endpoint to a logical connection, or a physical connection to a computer.

POTS
Plain old telephone system. Basic telephone service.

Presentment Fee
A presentment fee is a fee that an institution receiving a check may impose on the institution that presents the check for payment. For checks presented by 8 a.m. local time, however, no presentment fee may be charged.

Private Key
See PKI.

Private Label Card
See Store card.

Project
A task involving the acquisition, development, or maintenance of a technology product.

Project Management
Planning, monitoring, and controlling an activity.

Protocol
1) A format for transmitting data between devices. 2) A standard way of carrying out data transmission between computers.

Proxy Server
An Internet server that controls client computers’ access to the Internet. Using a proxy server, a company can stop employees from accessing undesirable websites, improve performance by storing webpages locally, and hide the internal network's identity so monitoring is difficult for external users.

Public Key
See PKI.

 Go to top of page
Start of Q Words
  

There are no words starting with "Q" at this time.

 Go to top of page
Start of R Words
  

RAID
Redundant array of independent disks. The use of multiple hard disks to store the same data in different places. By placing data on multiple disks, I/O operations can overlap in a balanced way, improving performance. Since multiple disks increase the mean time between failures (MTBF), storing data redundantly also increases fault-tolerance.

Real-time Gross Settlement (RTGS) System
A type of payments system operating in real time rather than batch processing mode. It provides immediate finality of transactions. Gross settlement refers to the settlement of each transfer individually rather than netting. Fedwire® is an example of a real time gross settlement system.

Receiver
An individual, corporation, or other entity that has authorized a company or an originator to initiate a credit or debit entry to a transaction account held at its RDFI.

Receiving Depository Financial Institution (RDFI)
Any financial institution qualified to receive debits or credits through its ACH operator in accordance with the ACH rules.

Reciprocal Agreement
An agreement whereby two organizations with similar computer systems agree to provide computer processing time for the other in the event one of the systems is rendered inoperable. Processing time may be provided on a “best effort” or as “time available” basis; therefore, reciprocal agreements are not usually acceptable as a primary recovery option.

Recovery Point Objectives
RPOs represent the amount of data that can be lost without severely impacting the recovery of operations or the point in time in which systems and data must be recovered (e.g., the date and time of a business disruption).

Recovery Site
An alternate location for processing information (and possibly conducting business) in an emergency. Usually distinguished as "hot" sites that are fully configured centers with compatible computer equipment and "cold" sites that are operational computer centers without the computer equipment.

Recovery Time Objectives
The period of time that a process can be inoperable.

Recovery Vendors
Organizations that provide recovery sites and support services for a fee.

Regulation CC
A regulation (12 CFR 229) promulgated by the Board of Governors of the Federal Reserve System regarding the availability of funds and the collection of checks. The regulation governs the availability of funds deposited in checking accounts and the collection and return of checks.

Regulation E
A regulation (12 CFR 205) promulgated by the Board of Governors of the Federal Reserve System to ensure consumers a minimum level of protection in disputes arising from electronic fund transfers.

Replay Attack
The interception of communications, such as an authentication communication, and subsequently impersonation of the sender by retransmitting the intercepted communication.

Repudiation
The denial by one of the parties to a transaction of participation in all or part of that transaction or of the content of the communication.

Reserve Account
A non-interest earning balance account institutions maintain with the Federal Reserve Bank or with a correspondent bank to satisfy the Federal Reserve’s reserve requirements.

Reserve Requirements
The percentage of deposits that a financial institution may not lend out or invest and must hold either as vault cash or on deposit at a Federal Reserve Bank. Reserve requirements affect the potential of the banking system to create transaction deposits.

Retail Payments
Payments, typically small, made in the goods and services market.

Return (ACH)
Any ACH entry that has been returned to the ODFI by the RDFI or by the ACH operator because it cannot be processed. The reason for each return is included with the return in the form of a “return reason code.” (See the NACHA “Operating Rules and Guidelines” for a complete reason code listing.)

Risk
The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems.

Risk Assessment
A process used to identify and evaluate risks and their potential effect.

Router
A hardware device that connects two or more networks and routes incoming data packets to the appropriate network.

Routing
The process of moving information from its source to a destination.

Routing Number
A nine-digit number (eight digits and a check number) that identifies a specific financial institution (also referred to as the ABA number).

 Go to top of page
Start of S Words
  

SAN
Storage area network. A high-speed special-purpose network (or sub-network) that connects different types of data storage devices with associated data servers on behalf of a larger network of users.

SAS 70 Report
An audit report of a servicing organization prepared in accordance with guidance provided in the American Institute of Certified Public Accountants’ Statement of Auditing Standards Number 70.

Scalability
A term that refers to how well a hardware and software system can adapt to increased demands. For example, a scalable network system would be one that can start with just a few nodes but can easily expand to thousands of nodes. Scalability can be a very important feature because it means the entity can invest in a system with confidence they will not quickly outgrow it.

Screen Scraping
A process used by information aggregators to gather information from a customer’s website, whereby the aggregator accesses the target site by logging in as the customer, electronically reads and copies selected information from the displayed webpage(s), then redisplays the information on the aggregator’s site. The process is analogous to “scraping” the information off the computer screen.

Script
(1) A file containing active content; for example, commands or instructions to be executed by the computer. (2) Software program instructions.

SCSI
Small computer systems interface (pronounced ”scuzzy”). A standard way of interfacing a computer to disk drives, tape drives, and other devices that require high-speed data transfer. Also, a secondary SAN protocol that allows computer applications to talk to storage devices.

SDLC
1) Systems Development Life Cycle. A project management technique. 2) The stages through which software evolves from an idea to implementation.

Security Event
An event that compromises the confidentiality, integrity, availability, or accountability of an information system.

Security Procedure Agreement
An agreement between a financial institution and a Federal Reserve Bank whereby the financial institution agrees to certain security procedures if it uses an encrypted communications line with access controls for the transmission or receipt of a payment order to or from a Federal Reserve Bank.

Server
A computer or other device that manages a network service. An example is a print server, a device that manages network printing.

Settlement
The final step in the transfer of ownership involving the physical exchange of securities or payment. In a banking transaction, settlement is the process of recording the debit and credit positions of the parties involved in a transfer of funds. In a financial instrument transaction, settlement includes both the transfer of securities by the seller and the payment by the buyer. Settlements can be “gross” or “net.” Gross settlement means each transaction is settled individually. Net settlement means parties exchanging payments will offset mutual obligations to deliver identical items (e.g., dollars or Euros), at a specified time, after which only one net amount of each item is exchanged.

Settlement Date (ACH)
The date on which an exchange of funds with respect to an entry is reflected on the books of the Federal Reserve Bank(s).

Settlement Eligible Instructions
See Matched Instructions.

Short Position
In respect of a currency balance that is less than zero, the amount by which such currency balance is less than zero. An investment position that benefits from a decline in market price. When one sells a currency their position is short.

Short Position Limit
In respect of an eligible currency, the maximum short position a Settlement Member may have at any time in that eligible currency and, unless otherwise reduced pursuant to the CLS Bank Rules, shall equal (i) the total amount of all available committed liquidity facilities in such eligible currency (or such lesser amount that CLS Bank may determine from time to time) minus (ii) the amount of the largest available committed liquidity facility among such liquidity facilities (after taking into account any amounts already drawn.

Single-entry (ACH)
A one-time transfer of funds initiated by an originator in accordance with the receiver’s authorization for a single ACH credit or debit to the receiver's consumer account.

SLA
Service level agreement. SLAs detail the responsibilities of an IT service provider, the rights of the service provider’s customers, and the penalties assessed when the service provider violates any element of the SLA. SLAs also identify and define the service offering itself, plus the supported products, evaluation criteria, and quality of service customers should expect. SLAs are typically measured in terms of metrics. Examples include processing completion times and systems availability times.

Smart Cards
A card with an embedded computer chip on which information can be stored and processed.

Sniffing
The passive interception of data transmissions.

Social Engineering
Obtaining information from individuals by trickery.

SONET
Synchronous optical network. A standard that defines interface standards for connecting fiber-optic transmission systems.

Source Code
Software program instructions written in a format (language) readable by humans.

Source Program
A program written in a programming language (such as C, Pascal, or COBOL). A compiler translates the source code into a machine language object program.

Spiral Development
An iterative project management model that focuses on the identification of project and product risks and the selection of project management techniques that best control the identified risks.

Spoofing
A form of masquerading where a trusted IP address is used instead of the true IP address as a means of gaining access to a computer system.

Spot
The most common foreign exchange transaction. Spot or spot date refers to the spot transaction value date that requires settlement within two business days, subject to value date calculation.

SSL (Secure Socket Layer)
An encryption system developed by Netscape. SSL protects the privacy of data exchanged by the website and the individual user. It is used by websites whose names begin with https instead of http.

Standard Entry Class (SEC) Code
Three-character code in an ACH company/batch header record used to identify the payment type within an ACH batch.

Stateful Inspection
A firewall inspection technique that examines the claimed purpose of a communication for validity. For example, a communication claiming to respond to a request is compared to a table of outstanding requests.

Store card
A credit card issued by a financial institution for a specific merchant or vendor that does not carry a bankcard association logo. Store cards can only be used at the merchant or vendor whose name appears on the front of the card.

Stored- value Card
A card-based payment system that assigns a value to the card. The card’s value can be stored on the card itself (i.e., on the magnetic stripe or in a computer chip) or in a network database. As the card is used for transactions, the transaction amounts are subtracted from the card’s balance. As the balance approaches zero, some cards can be "reloaded" through various methods, and others are designed to be discarded. These cards are often used in closed systems for specific types of purchases.

Suspicious Activity Report (SAR)
Reports required to be filed by the Bank Secrecy Act when a financial institution identifies or suspects fraudulent activity.

Switch
A device that connects more than two LAN segments that use the same data link and network protocol.

System Development Life Cycle (SDLC)
A written strategy or plan for the development and modification of computer systems, including initial approvals, development documentation, testing plans and results, and approval and documentation of subsequent modifications.

System Resources
Capabilities that can be accessed by a user or program either on the user’s machine or across the network. Capabilities can be services, such as file or print services, or devices, such as routers.


Glossary