Browse — Information Class · PII
94 terms
TermTypeDefinitionClassificationsUpdated
Access ListnounRoster of individuals authorized admittance to a controlled area.ArtifactRestrictedPII
activity reportingnounThe action of providing an description of an account holder's activity.ArtifactRegulatedPII
backgroundnounA persons previous experience, education, or social circumstances.ArtifactRegulatedPII
Basic AuthenticationnounBasic Authentication is the simplest web-based authentication scheme that works by sending the username and password with each request.CredentialRestrictedPII
Call TreenounA documented list of employees and external entities that should be contacted in the event of an emergency declaration.ArtifactInternalPII
Cash LetternounA group of checks accompanied by a paper listing sent to a clearinghouse, a Federal Reserve Bank, or another institution. A cash letter contains a number of negotiable items, mostly checks, accompanied by a letter that lists the amounts and instructions for transmittal to another bank. May also be called a transmittal letter. An incoming cash letter is one that is received by an institution from a clearinghouse, a Federal Reserve Bank, or another institution and contains checks written on accounts at the institution that were cashed elsewhere. An outgoing cash letter is one that is being sent to a clearinghouse, a Federal Reserve Bank, or another institution and contains checks deposited at the institution, which are written on accounts at other institutions.ArtifactRegulatedPII
ClaimantnounAn entity which is or represents a principal for the purposes of authentication, together with the functions involved in an authentication exchange on behalf of that entity. A claimant acting on behalf of a principal must include the functions necessary for engaging in an authentication exchange. (e.g., a smartcard [claimant] can act on behalf of a human user [principal])IdentityRegulatedPII
ConsumernounUsually refers to an individual engaged in non-commercial transactions.IdentityRegulatedPII
Consumer AccountnounA deposit account held by a participating depository financial institution and established by a natural person primarily for personal, family, or household use and not for commercial purposes.DataRegulatedPII
Consumer informationnounFor purposes of the Information Security Standards, “consumer information” means any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report that is maintained by or on behalf of a financial institution for a business purpose, such as information that an institution obtains about a loan applicant or a prospective employee from a consumer report.DataRegulatedPII
contact informationnounInformation usually containing the person's telephone number(s), fax number, address, and electronic mail address(es).DataRegulatedPII
criminal records checknounThe purpose of this task is to determine if a person has been convicted of a crime.ProcessRegulatedPII
customer accountnounA client's formal contract with an individual or organization whereby the client receives goods or services.IdentityRegulatedPII
customer data privacynounThe ability an organization or individual has to determine what customer data in a computer system can be shared with third parties.RequirementRegulatedPII
customer informationnounA term used in the Information Security Standards to mean any record containing non-public personal information about a customer, whether in paper, electronic, or other form, that is maintained by or on behalf of a financial institution.DataRegulatedPII
customer information systemnounFor purposes of the Information Security Standards, “customer information systems” means any methods used to access, collect, store, use, transmit, protect, or dispose of customer information.SystemRegulatedPII
Data ElementnounA basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Examples of data elements include gender, race, and geographic location.DataPII
Digest AuthenticationnounDigest Authentication allows a web client to compute MD5 hashes of the password to prove it has the password.ControlPII
Direct debitnounElectronic transfer, usually through ACH, out of an individual's checking (or savings) account to pay bills, such as mortgage payments, insurance premiums, and utility payments. Also referred to as "direct payment."DataRegulatedPII
Direct depositnounElectronic deposits or credit, usually through ACH, to an individual's deposit account. Common uses of direct deposit include payroll payments, Social Security benefits, and income from investments such as CDs, annuities, and mutual funds.DataRegulatedPII
Distinguishing IdentifiernounInformation which unambiguously distinguishes an entity in the authentication process.CredentialRestrictedPII
Electronic Benefits Transfer (EBT)nounA type of EFT system involving the transfer of public entitlement payments, such as welfare or food stamps, through direct deposit or point-of-sale technology (see POS). The recipient can be given an identification card, similar to a benefit card, and a PIN allowing access to the benefits through an electronic network.SystemRegulatedPII
Electronic check conversionnounThe process by which a check is used as a source of information for the check number, the customer's account number, and the number that identifies the financial institution. The information is used to make a one-time electronic payment from the customer's account -- an electronic fund transfer. The check itself is not the method of payment.ProcessRegulatedPII
Financial EDI (FEDI)nounFinancial electronic data interchange. An instrument for settling invoices by initiating payments, processing remittance data and automating reconciliation, through the exchange of electronic messages.DataRegulatedPII
FingernounA protocol to lookup user information on a given host. A Unix program that takes an e-mail address as input and returns information about the user who owns that e-mail address. On some systems, finger only reports whether the user is currently logged on. Other systems return additional information, such as the user's full name, address, and telephone number. Of course, the user must first enter this information into the system. Many e-mail programs now have a finger utility built into them.NetworkPII
Gramm-Leach-Bliley Act (GLBA)nounThe act, also known as the Financial Services Modernization Act of 1999, (Pub.L. 106-102, 113 Stat. 1338, enacted November 12, 1999), required the federal banking agencies to establish information security standards for financial institutions.FrameworkRegulatedPII
IdentifiernounA data object - often, a printable, non-blank character string - that definitively represents a specific identity of a system entity, distinguishing that identity from all others.DataPII
identitynounThe set of attribute values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager’s responsibility, is sufficient to distinguish that entity from any other entity.IdentityRegulatedPII
Identity BindingnounBinding of the vetted claimed identity to the individual (through biometrics) according to the issuing authority.ProcessRegulatedPII
identity managementnounThe purpose of this task is to implement a set of functions and capabilities used for assurance of identity information (e.g., identifiers, credentials, attributes).CapabilityRegulatedPII
Identity ProofingnounThe process by which a Credentials Service Provider (CSP) and a Registration Authority (RA) collect and verify information about a person for the purpose of issuing credentials to that person.ProcessRegulatedPII
Identity RegistrationnounThe process of making a person’s identity known to the Personal Identity Verification (PIV) system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system.ProcessRegulatedPII
Image archive (Check 21)nounDatabase for storage and easy retrieval of check images.DataRegulatedPII
Image capture (Check 21)nounThe process of digitizing both sides of physical items and their assorted MICR information as they are processed at the Federal Reserve Bank. Also includes storage of the images for up to 60 days.ProcessRegulatedPII
individualnounA citizen of the United States or an alien lawfully admitted for permanent residence. Agencies may, consistent with individual practice, choose to extend the protections of the Privacy Act and E-Government Act to businesses, sole proprietors, aliens, etc.IdentityRegulatedPII
InterrogationnounUsed to obtain prior indicators or relationships, including telephone numbers, IP addresses and names of individuals, from extracted dataProcessRegulatedPII
JitternounJitter or Noise is the modification of fields in a database while preserving the aggregate characteristics of that make the database useful in the first place.ControlRegulatedPII
Key fobnounA small portable device equipped with chip technology allowing the holder the ability to access network systems, such as those used for payments, and to store personal data.PhysicalRegulatedPII
Magnetic ink character recognition (MICR)nounMagnetic codes found on the bottom of checks, deposit slips, and general ledger debit and credit tickets that allow a machine to scan (capture) the information. MICR encoding on a check includes the account number, the routing number, the serial number of the check, and the amount of the check. The amount of the check is encoded when the proof department processes the check.DataRegulatedPII
Match/matchingnounThe process of comparing biometric information against a previously stored template(s) and scoring the level of similarity.ProcessRegulatedPII
Mobile financial servicesnounThe products and services that a financial institution provides to its customers through mobile devices.CapabilityRegulatedPII
namenounThe word or phrase by which an individual, family, organization, or thing is known or referred to.ArtifactPII
On-us checksnounChecks that are deposited into the same institution on which they are drawn.DataRegulatedPII
Organizational Registration AuthoritynounEntity within the PKI that authenticates the identity and the organizational affiliation of the users.OrganizationRegulatedPII
OriginatornounA person that has authorized an ODFI to transmit a credit or debit entry to the deposit account of a receiver at an RDFI.IdentityRegulatedPII
overdraftnounThe amount by which withdrawals exceed deposits, or the extension of credit by a lending institution to allow for such a situation.DataRegulatedPII
Payroll card accountnounA bank account that is established directly or indirectly by an employer on behalf of an employee to which an electronic funds transfers the employee's wages or compensation on a recurring basis. The payroll card, often branded by one of the credit/debit card associations, provides the employee access to the funds.DataRegulatedPII
personnounThis role focuses on human individuals, partnerships, corporation, limited liability companies, trusts, estates, cooperatives, associations, sole proprietorships, joint stock companies, joint ventures, or other legal entity. Any process or activity that fits into one of these categories should be assigned to this role.IdentityPII
Personal identification numbernounA secret that a claimant memorizes and uses to authenticate his or her identity. PINs are generally only decimal digits.CredentialRegulatedPII
personal identification number informationnounInformation containing an account-holder's secret code that is used to verify the identity of their identity when trying to access a computer system, network, credit card account, ATM, etc.DataRegulatedPII
Personal Identifying Information / Personally Identifiable InformationnounThe information that permits the identity of an individual to be directly or indirectly inferred.DataRegulatedPII
Personal Identity Verification RegistrarnounAn entity that establishes and vouches for the identity of an applicant to a PIV Issuer. The PIV RA authenticates the applicant’s identity by checking identity source documents and identity proofing, and that ensures a proper background check has been completed, before the credential is issued.OrganizationRegulatedPII
Personally identifiable financial informationnounFor purposes of the Information Security Standards, personally identifiable financial information means information (i) a consumer provides to a financial institution to obtain a financial product or service; (ii) about a consumer resulting from any transaction involving a financial product or service between the financial institution and a consumer; or (iii) that a financial institution otherwise obtains about a consumer in connection with providing a financial product or service, such as account balance information, payment history, overdraft history, and credit or debit card purchase information; or the fact that an individual is one of the financial institution’s customers.DataRegulatedPII
Personally Identifiable InformationnounAny information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.DataRegulatedPII
personnel risk assessmentnounThe purpose of this task is to determine the risk that personnel pose to the organization.ProcessRegulatedPII
pharmingnounThis is a more sophisticated form of MITM attack. A user’s session is redirected to a masquerading website. This can be achieved by corrupting a DNS server on the Internet and pointing a URL to the masquerading website’s IP. Almost all users use a URL like www.worldbank.com instead of the real IP (192.86.99.140) of the website. Changing the pointers on a DNS server, the URL can be redirected to send traffic to the IP of the pseudo website. At the pseudo website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real www.worldbank.com site and conduct transactions using the credentials of a valid user on that website.ThreatPII
PII Confidentiality Impact LevelnounThe PII confidentiality impact level—low, moderate, or high—indicates the potential harm that could result to the subject individuals and/or the organization if PII were inappropriately accessed, used, or disclosed.MetricRegulatedPII
previous residencenounA location where someone was living before where that person is currently living.DataRegulatedPII
Privacy Impact AssessmentnounAn analysis of how information is handled: 1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; 2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system; and 3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.ArtifactConfidentialPII
ProfilingnounMeasuring the characteristics of expected activity so that changes to it can be more easily identified.ProcessRegulatedPII
Pseudonymnoun1. A subscriber name that has been chosen by the subscriber that is not verified as meaningful by identity proofing. 2. An assigned identity that is used to protect an individual’s true identity.CredentialRestrictedPII
ReceivernounAn individual, corporation, or other entity that has authorized a company or an originator to initiate a credit or debit entry to a transaction account belonging to the receiver held at its RDFI.IdentityRegulatedPII
recordnounAnything that is put down in permanent form and preserved as evidence.ArtifactRegulatedPII
RegistrationnounThe process through which a party applies to become a subscriber of a Credentials Service Provider (CSP) and a Registration Authority validates the identity of that party on behalf of the CSP.ProcessRegulatedPII
Registration authoritynounA trusted entity that establishes and vouches for the identity of a Subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).OrganizationRegulatedPII
risk-based authenticationnounAny risk-based system of authentication that detects anomalies or changes in the normal use patterns of a Person and require s additional verification of the Person’s identity when such deviations or changes are detected, such as through the use of challenge questions.ControlRegulatedPII
Sensitive customer informationnounA customer’s name, address, or telephone number, in conjunction with the customer’s social security number, driver’s license number, account number, credit or debit card number, or personal identification number or password that would permit access to the customer’s account. Sensitive customer information also includes any combination of components of customer information that would allow someone to log into or access the customer’s account, such as user name and password or password and account number.DataRegulatedPII
service providernounFor purposes of the Information Security Standards, service provider means any person or entity that maintains, processes, or otherwise is permitted access to customer information or consumer information through its provision of services directly to a financial institution.OrganizationRegulatedPII
SkimmingnounThe unauthorized use of a reader to read tags without the authorization or knowledge of the tag’s owner or the individual in possession of the tag.ThreatRegulatedPII
Sreen scrapingnounA process used by information aggregators to gather information from a customer's website, whereby the aggregator accesses the target site by logging in as the customer, electronically reads and copies selected information from the displayed webpage(s), then redisplays the information on the aggregator's site. The process is analogous to "scraping" the information off the computer screen.ProcessRegulatedPII
System Of RecordsnounA group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.DataRegulatedPII
Tracking CookienounA cookie placed on a user’s computer to track the user’s activity on different Web sites, creating a detailed profile of the user’s behavior.DataRegulatedPII
Training Effectiveness EvaluationnounInformation collected to assist employees and their supervisors in assessing individual students’ subsequent on-the-job performance, to provide trend data to assist trainers in improving both learning and teaching, and to be used in return-on-investment statistics to enable responsible officials to allocate limited resources in a thoughtful, strategic manner among the spectrum of IT security awareness, security literacy, training, and education options for optimal results among the workforce as a whole.MetricInternalPII
U.S. PersonnounFederal law and Executive Order define a U.S. Person as: a citizen of the United States; an alien lawfully admitted for permanent residence; an unincorporated association with a substantial number of members who are citizens of the U.S. or are aliens lawfully admitted for permanent residence; and/or a corporation that is incorporated in the U.S.IdentityRegulatedPII
User IDnounUnique symbol or character string used by an information system to identify a specific user.IdentityRegulatedPII
User IdentificationnounThe process, control, or information by which a user identifies himself or herself to the system as a valid user (as opposed to authentication).ProcessRegulatedPII
Web BugnounMalicious code, invisible to a user, placed on Web sites in such a way that it allows third parties to track use of Web servers and collect information about the user, including IP address, host name, browser type and version, operating system name and version, and Web browser cookie.ThreatRegulatedPII
WEB SEC codenounAn ACH debit entry initiated by an originator resulting from the receiver's authorization through the Internet to make a transfer of funds from a consumer account of the receiver.ArtifactRegulatedPII