|
|
|
GLOSSARY OF EBT
AND SMART CARD TERMINOLOGY
A
Access: Interaction between a user and a database that allows information and/or funds to flow from one to the other.
Access Control: Tasks performed by hardware, software, and administrative controls to monitor a system operation, ensure data integrity, perform user identification, record system access and changes, and grant access to users.
Access Control Mechanism: Hardware or software features, operating procedures, management procedures, and various combinations of these designed to detect and prevent unauthorized access and to permit authorized access in an automated system.
American National Standards Institute (ANSI): The organization responsible for the standardization of technical terminology, specifications, and units of measurement in the United States.
American Standard Code for Information Interchange (ASCII): A computer code consisting of 128 alphanumeric and control characters, each encoded with 7 bits [8 including parity check], used for the exchange of information between computerized systems.
Audit Trail: Records of transactions that provide collective documentary evidence of routes for data processing. Used to trace forward from original transactions to related records and reports, or backward from records and reports to source transactions.
Authentication: A function for establishing the validity of the claimed identity of a user, device, or another entity in an information or computer system.
Authorization: The power given to specified individuals which allows them to approve transactions, procedures, or total systems, including granting of access rights to a user, program, or process.
Automatic Identification [Auto ID]: A means of identifying an item or a person through technological surveillance systems and entering the data automatically into a database. The most widely used technology at present is bar code; others include optical character recognition [OCR], magnetic ink character recognition [MICR], and radio frequency [RF], machine vision, magnetic stripe and voice systems.
Automated Teller Machine (ATM): Probably the most widely used means of electronic funds transfer. An ATM is connected to a financial network that allows a person to change their financial account through the deposit, withdrawal, or transfer of funds.
Availability: A condition in which data, information, and communications systems are accessible and usable on a timely basis and in the required manner without special skills as a prerequisite for use.
B
Bar Code: An array of paralleled rectangular bars and spaces arranged according to the encoding rules of a particular symbology.
Bar Code Character: A group of bars and spaces within a bar code that represent a single letter, number, or other character.
Bar Code Symbol: The combination of characters required by a particular symbology, including start/stop characters, quiet zones, data characters, and check characters that form a complete scannable symbol.
Binary: A numbering system in which numbers are expressed as combinations of the digits 0 and 1, based on powers of 2. In computing these can be represented electrically by "off" and "on", or in bar codes by narrow and wide bars or spaces.
Biometric Technology: A form of verification that uses technology to identify features particular to an individual's body. Measurable bodily phenomenon include appearance (e.g. race, gender, hair color), social behavior (e.g. visible handicaps, habituated body signals), bio-dynamics (e.g. handwritten signature, voice characteristics), natural physiography (e.g. fingerprints, DNA patterns, and retinal scans), and imposed physical characteristics (e.g. brands and bar codes, embedded microchips and transponders).
Bit: Abbreviation for binary digit. 1. A single element [0 or 1] in a binary number. 2. A unit of information or information capacity in a binary storage device.
C
Card: A three by two inch piece of plastic that serves as the physical platform for such technologies as bar codes, micro chips, and magnetic stripes. Examples include library cards, credit cards, and access cards.
Card Acceptance Device (CAD): A device that contains functions that, in conjunction with a card, performs a transaction.
Compartmentalization of Data: The storage of computer data for specific applications or programs.
Computer Matching: The expropriation of data maintained by two or more personal data systems in order to merge previously separate data about large numbers of individuals.
Confidentiality: The protection of certain types of information from being disclosed to unauthorized individuals, entities or processes.
Contact-less card: There are two types of contact-less cards. The first is a contact-less proximity card in which the card is read by inserting it in a special reader. The second is a remote contact-less card in which the card can be read from a distance, such as at a toll booth.
Cryptography: The principles, means, and methods of rendering information unintelligible, and for restoring encrypted information to intelligible form. See encryption and decryption.
D
Data: The representation of information in a manner suitable for communication, interpretation, storage or processing.
Data Trail: A succession of identifiable transactions.
Decryption: The process of rendering encrypted information into its original, intelligible form.
Digital Certificate: See user certificate.
Digital Signature: Represents the legal authority of an individual's handwritten signature, only it is typed and in digital form.
E
Electronic Benefit Transfer (EBT): The electronic transfer of government benefits-- be they in the form of funds or information-- to individuals through the use of Internet-based technologies such as smart cards, automated teller machines, and point-of-sale terminals.
Electronic Funds Transfer (EFT) : The use of Internet-based technologies to transfer funds electronically. Examples include credit cards, debit cards, and check cards.
Electronic Fund Transfer Act of 1978 (EFT Act): Regulation E: The regulation concerning EBT implementation. Defines rights and obligations with respect to electronic transactions affecting "consumer accounts" at "financial institutions." In particular, it prescribes restrictions on non-solicited issuance of "access devices" which initiate such transactions; it establishes the terms of disclosure and conditions of providing such a service; it requires documentation in the form of receipts and periodic account statements; and it sets forth limitations on consumer liability and procedures for resolving errors.
EMV Specifications: EMV stands for Europay, MasterCard, Visa. It is a global specification for chip cards and their accompanying terminals and applications.
Encryption: Any process for disguising information to protect it from unauthorized viewing or use. It is the reverse of decryption.
Electrically Erasable Programmable Read-Only Memory (EEPROM): A special nonvolatile memory that can be erased and (re)programmed electrically. Commonly used in contact and contact-less smart cards. Retains the content of its memory even when the power is turned off.
Electric Money Working Group: Office of the Comptroller of the Currency has formed the Electric Money Working Group to analyze E-money's impact on banking regulation and financial stability. Eugene Ludwig was specifically designated by Treasury Secretary Rubin to coordinate the Treasury Department's E-money activities - including stored value cards. The Working Group coordinates presentations to OCC senior staff from Banks and banking organizations on E-money issues. OCC's purpose is to (i) "assure confidence in a payment system that offers security and guarantees privacy" and (ii) generate a "thorough, thoughtful debate on how best to create a truly competitive, high-tech, safe and sound financial services industry and economy."
Erasable Programmable Read-Only Memory: (EPROM) A special nonvolatile memory that can be erased when exposed to strong doses of ultraviolet light. After erasing, EPROM memory can be reprogrammed. Erasing requires physically removing the device and placing it under a strong UV light for several minutes. Programming requires placing it into a special programmer unit.
F
File Protection: The combination of all processes and procedures established in an information system that are designed to inhibit unauthorized access, contamination, or elimination of a file.
Fraud: The unauthorized or illegal use of a system. Fraudulent activities include improper use of benefits, tampering with system protocols, and the creation of a false identification for participation within a system.
G
Government Records Access Management Act (GRAMA): A comprehensive law dealing with the management of government records. Addresses who is entitled to access which records and the exercise and enforcement of access rights. GRAMA is an attempt to balance the public's constitutional right of access to public information, the individual's constitutional right to privacy in relation to personal data gathered by government entities, and public policy interest in allowing a government to restrict access to certain records for the public good.
H
Hybrid Card: A card that contains two or more types of information technologies, such as a card containing a magnetic stripe and an integrated circuit.
I
Integrated Circuit Card: A card with an embedded integrated circuit or chip in the card that allows for three different functions:
1. Memory cards, which can just store data and have no data processing capabilities.
2. Wired Logic or Intelligent Memory cards, which contain also some built-in logic, usually used to control the access to the memory of the card.
3. Processor cards, which contain memory and processor and have thus remarkable data processing capabilities. Very often the data processing power is used to encrypt/decrypt data, which makes this type of card very unique person identification token. Data processing permits also the dynamic storage management, which enables realization of flexible multifunctional card. Also known as a chip card.
Integrity of Data: The state that exists when computerized data is the same as that in source documents and has not been exposed to accidental or malicious alteration or destruction.
Intelligent Smart Card: Contains a microprocessor that stores and secures information while executing programs as required by the card issuer’s specific application needs. Because intelligent cards offer a "read/write" capability, new information can be added and processed.
Internal Security Controls: Hardware, firmware, and software features within a system that restrict access to resources (hardware, software, and data) to authorized subjects only (persons, programs, or devices).
International Organization for Standardization (ISO): The International Organization for Standardization (ISO) is a non-governmental organization established to promote the development of standardization and related activities through a federation of national standard bodies in over 100 countries.
Internet: The global telecommunications infrastructure that permits for the rapid transfer of information.
Inter-operable: The ability to work across all computer platforms.
ISO 7810: the standard developed by the ISO that specifies the physical characteristics standard of identification cards. Specifies ID-1 format (85.60 x 53.98 x 0.76 mm)
ISO 7816: The standard developed by the ISO regarding an integrated circuit card. An integrated Circuit(s) Card is an ID-1 type (specified in ISO 7810) card, into which has been inserted one or more integrated circuits.
ISO 10536: Standard developed by the ISO that specifies requirements for contact-less cards.
J - L
M
Magnetic Stripe Card: A plastic card with a magnetic stripe on the card. The magnet stripe carries information, such as a personal identification number or account number, that allows access to a remote database to change information on that database or allow the transfer of funds.
Memory Smart Card: A smart card that has the explicit use of storing data. May be used to store monetary values or personal information, such as health records.
Monitoring: The recording of relevant information about each operation by a subject or an object, maintained in an audit trail for subsequent analysis.
Multiple Application Card: A card that can support different types of applications (e.g., healthcare, financial services, travel, and nationality programs) on the card itself.
N
O
P
Personal Computer Memory Card Industry Association (PCMCIA): Changed its name to PC Card Industry Association in March 1995 to reflect the wide range of peripheral devices (modems, software, games) that can be used in slots on computers. The smart card industry refers to PC Cards as machine cards and smart cards as people cards.
Personal Data: Any information relating to an identified or identifiable individual by direct (e.g. a social security number) or indirect (e.g. a telephone number) means.
Personal Identification Number (PIN): A number chosen and reserved by a user to access EBT or EFT programs. A PIN is usually associated with card-based technology use. Once a have has been swiped at a point-of-sale, the user enters a PIN on the terminal in order to verify his/ her use.
Platform: A technological base for the development of particular programs. Such bases include, personal computers, magnetic stripe cards, and smart cards.
Point of Sale (POS) Terminal: A device that has the capability to read and change information on a card to assist in or complete a retail transaction
Primary Account Number (PAN): A number used to identify an account into which funds are electronically deposited.
Privacy: The right for an individual to be free from identification, classification, or observation by another party without their consent. Also involves the right of individuals to control third party access to information about them that may be considered personal in nature.
Privacy Enhancing Technologies (PETs): The use of encryption or data scrambling programs to protect the identity and/or privacy of an Internet user. Involves the use of technology to enforce privacy protection.
Privacy Protection: Implementation of appropriate safeguards to ensure the security and confidentiality of data records, as well as to protect the records against threats or hazards that could result in substantial embarrassment, harm, inconvenience, or unfairness to any person.
Private Key Cryptography: A system of encryption where both the encoding and decoding keys are privately held by the sender and receiver.
Profiling: A technique whereby a set of characteristics of a particular class of person is inferred from past experience, and data-holdings are then searched for individuals with a close fit to that set of characteristics.
Public Key Cryptography: A system of encryption where a public key, that is given free to the public, can be used to encode a message. This message then can only be decoded by the private key, upon which the public key is based. Thus messages can be overtly encoded, without fear of decoding.
Q
R
Regulation E: Mandated through the Electronic Fund Transfer Act of 1978 (EFT Act). A regulation concerning EBT implementation. Defines rights and obligations with respect to electronic transactions affecting "consumer accounts" at "financial institutions." In particular, Regulation E prescribes restrictions on non-solicited issuance of "access devices" which initiate such transactions. It establishes the terms of disclosure and conditions of providing such a service; it requires documentation in the form of receipts and periodic account statements, and sets forth limitations on consumer liability and procedures for resolving errors.
Random Access Memory: RAM A memory that stores data or instructions in static or dynamic cells. Content can be read and written freely. Static RAM can be faster and require low power just to maintain memory contents. Dynamic RAM requires additional refresh circuitry that provides an electrical refresh pulse on a regular basis.
S
Scanner: An electronic device that converts optical information [e.g. a printed bar code or OCR symbol] into electrical signals for subsequent decoding and transmission to a computer. Originally used only for a laser scanner, the term is now used more generally for any optical code-reading device for all automatic identification technologies.
Secure Electronic Transactions (SET): SET is an open specification for the secure purchase of goods and services through any electronic medium.
Security: A condition in which the use of technologies and standard operating procedures protect an operating program from either fraudulent use or information leaks.
Smart Chip or Card: The generic term used for cards or devices that generally have three different meanings:
1. An integrated circuit card with ISO 7816 interface,
2. Processor integrated circuit card, and
3. Personal identity token containing integrated circuits.
The integrated circuit (IC) provides logic and "intelligent" processing capabilities and the ability to store information (memory).
Smart Drivers License: A smart card-based drivers license that contains a digital photo and state record of driver. A terminal in police car could display image for identification and automatically print ticket and record violation on license.
Software: A collective term for computer programs or sets of instruction used to manipulate data and operate the physical components of a computer system.
Spoofing: An attempt to gain access to a system by posing as an authorized user.
Stored Value: A payment system that permits for cardholders to make low cost transactions, traditionally settled with small bills or coins. It functions by loading money/value onto a card; the capital is debited from original balance during each financial transaction involving the card. The card's value may be reinstated after it has become depleted through the deposit of additional funds. Stored value cards are the most common form of smart card technology.
Surveillance: The systematic investigation or monitoring of the actions or communications of one or more persons. May be personal or mass surveillance.
T
Temporary Aid to Needy Families (TANF): The federal program for the distribution of food stamp benefits to qualified families. Administered by states. Program may be run as a form of EBT.
U
Uniform Unclaimed Property Act: (Escheat Property) Empowers states to claim abandoned property, property that has been "dormant" for a prescribed statutory period of years (5 years for most property; 15 years for traveler's checks). Property includes "intangible personal property" and is defined broadly enough to appear to include many, if not all, stored value products.
User Certificate: A form of electronic identification that users present on the Internet when accessing electronic mail or data on networks. Certificates are usually located on computer hard drives. They are protected by a user name and password. Smart cards, too, may contain user certificates.
V
Verification: The process of comparing two levels of system specifications for proper correspondence.
W
Women, Infants, and Children (WIC): A state-run program for the distribution of food benefits to women, infants, and children. Program prescribes particular food items for clients and allocates funds for their acquisition. Program may be run as a form of EBT.
X/Y/Z
Links to other EBT glossaries:
State of Utah Chief Information Officer Glossary
Introduction to Dataveillance and Information Privacy, and Definitions of Terms: By Roger Clarke
Center for Democracy and Technology: Definition of Terms
|
|
|