Access Charge: A surcharge incurred daily for cellular use while roaming.
This does not include airtime charges.
Account Number: A unique sequence of numbers assigned to a cardholder
account which identifies the issuer and the type of financial transaction card.
Account Take Overs (ATO'S): Fraud whereby a legitimate cardholder's
account is compromised by a suspect calling the issuer. The suspect request
a "same name" new card be issued to a new address or requesting a secondary card
be issued in a different name (to a new address).
Activation: The process of matching a cellular telephone number and
Electronic Serial Number (ESN) at the switch to provide cellular service.
Acquirer: An Association member who signs up merchants with the ability
to accept credit cards, and then processes the receipts that result from cardholder
transactions with their merchants.
Acquirer Bank (also called Merchant Bank): A bank that enrolls merchants
to accept credit or debit cards in lieu of cash for goods and services. A
bank may be both an issuer and an acquirer bank.
Address Verification Service (AVS): A fraudulent use prevention system
that allows mail-order/telephone-order merchants to automatically verify that a
billing address provided by a cardholder is the same as the cardholder's billing
address currently on file with the Issuer. This service helps merchants minimize
the risk of accepting fraudulent mail and telephone order transactions.
Affinity Card: A credit card (usually MasterCard or Visa) that has
a promotion arrangement with an affiliated organization. The organization
is often a charity or non-profit group, whose logo usually receives a percentage of
the amount charged on the card.
Agent Reference File: A comprehensive data base on all independent
and third-party agents who are currently or have been registered with the Visa Agent
Registration Program. As part of their pre-registration background check on
prospective agents, members must query the file to see if the agent to be registered
is listed on the file.
Agent Registration Program: A Visa-sponsored program that ensures proper
oversight and monitoring of Members' business relationships with independent sales
organizations (ISOs), third-party servicers, and independent contractors.
Members must register all independent and third-party agents with the program and
file quarterly reports with it on the activities and performance of these agents.
Algorithm: A sequence of steps, which can be carried out mechanically,
and which yields a defined result. Algorithms are used to verify magnetic
stripe information on bank cards.
Altered Card: A card on which the original account number, embossed
information, or information encoded on the magnetic strip has been changed to allow
fraudulent use.
Association : -- Mastercard and Visa: Organizations established by
issuers and acquirers to manage the credit card process. To become a member,
an organization must apply. If qualifications are met, they sign an agreement
and are issued a license to participate.
Attack: An action conducted by an adversary, the attacker, on a potential
victim.
Authentication: The process of verifying the true origin or nature
of the sender and/or the integrity of the text of a message.
Authorization: The approval given by the card issuer (or its agent)
to permit a credit card transaction at a merchant location. This procedure
ensures that the card being used has not been reported stolen, lost, or counterfeited
and that the cardholder has sufficient available credit.
Authorization Center : Facilities established by Members in-house or
by third-party processors to respond to merchants' or other Members' requests for
authorization for transactions or cash advances. Authorization centers may
also respond to referral or Code 10 calls.
Authorization Monitoring: Electronic systems used by Members to screen
authorization transactions over a given period of time - for example, a day, week
or month - for evidence of potential fraud.
Authorization Number: When the transaction is over the floor limit,
the merchant contacts the credit card company by telephone requesting authorization
to make the transaction. This procedure ensures that the card being used has
not been reported stolen or lost and that the cardholder has sufficient available
credit.
Authorization Request: A request for approval by the merchant to validate
a cardholder sales transaction.
Automatic Cardholder Database Update (Auto-CBD): An on-line system
that automatically updates information on the Visa Exception File. The system
monitors Issuers' authorization responses and compares them with data currently
on the Exception File. If an account designated by an Issuer for pickup is
not on the Exception File, Auto-CDB immediately adds it to the file.
Automated Referral Service (ARS): An electronic call-transfer system
designed by Visa to reduce the amount of time it takes to process calls from merchants
or Members responding to a referral message. ARS cuts processing time for
these calls by switching them directly to the Issuer.
Automatic Roaming: An agreement between cellular carriers that allows
subscribers to use their cellular phones in the other carriers' service areas.
The prefix of the cellular number is recognized at the visitor's switch, allowing
calls to be placed automatically.
Automated Teller Machine (ATM): An unmanned electronic device that
performs basic teller functions such as accepting deposits, account transfers, account
balance inquiries, and cash withdrawals. Cash withdrawals by credit or debit
cards usually require the use of PIN numbers.
Average Run: The length of time - in days - between which the first
and last fraudulent transaction are charged to an account.
Backdoor: Also called a trapdoor. An undocumented way of gaining access
to a program, online service or an entire computer system. The backdoor is written
by the programmer who creates the code for the program. It is often only known by
the programmer. A backdoor is a potential security risk.
Bankcard: A card issued by a bank or financial institution.
Bank Credit Cards (e.g., MasterCard, Visa, etc.): A card issued by
banks offering revolving, extended credit to the cardholder who is given the choice
(on each occasion when an account is presented) of paying in full (in which case
no interest is payable) or paying a lesser amount with interest charged on the outstanding
balance. A cash advance can also be obtained with interest charged from the
day the cash is received.
Backup: Copy of files and programs made to facilitate recovery, if necessary.
Bank Identification Number (BIN): A unique number always beginning
with the digit 3-American Express, 4-Visa, 5-MasterCard, 6-Discover. The BIN
appears as the first four-or-six-digit numbers identifying a card's issuing bank.
Bankruptcy Criminal Pursuit Program: A Visa Bankruptcy recovery Program
that investigates and promotes federal prosecution in cases of bankruptcy fraud
where patterns of repeated and premeditated abuse have resulted in substantial losses.
Bankruptcy Fraud: Filing for bankruptcy, often under false or illegal
circumstances, in an attempt to avoid payment of the outstanding debt. In
some cases, perpetrators are truly insolvent but have obtained and/or used a bank
card in a fraudulent or abusive manner just prior to filing for debt relief.
Bankruptcy Mills: Law firms that specialize in encouraging debtors
to file for bankruptcy even when other debt payment options may still be available.
These firms generally have a high volume of bankruptcy cases in court at any one
time and may use potentially fraudulent or abusive practices in filing these petitions.
Bankruptcy Notification Service (BNS): A service jointly developed
by Visa and MasterCard to monitor bankruptcy filings in U.S. courts and notify Issuers
of any current cardholders who have filed for debt relief and have outstanding charges
on their accounts. BNS is a mandated service and uses the Issuers' Clearinghouse
Service to provide Issuers with daily notifications of bankruptcy filings, dismissals,
and discharges.
Biometric Authentication: Any method of verifying the identity of a
person by measuring individual biological characteristics (e.g., fingerprinting,
retinal scanning).
Bluetooth: A wireless technology that operates in the 2.4-GHz spectrum. It
typically has a range of 30 feet and a maximum theoretical throughput of 720 Kbps.
Boiler Room: A single room or small office from which a fraudulent
scam is committed. For example, in fraud scams involving electronic data capture
(EDC) terminals, perpetrators might set up a boiler room with several EDC terminals.
The room would then be used for the sole purpose of having accomplices enter fraudulent
transactions through the terminals.
Broker: An individual who finds merchants with valid merchant agreements
to launder sales drafts for merchants without valid agreements. The broker
receives a percentage of the value of the laundered drafts and may also seek out
fraudulent telemarketers or other fraud perpetrators with sales drafts to be laundered.
Brute force: Refers to a programming style that does not include any shortcuts
to improve performance, but instead relies on sheer computing power to try all possibilities
until the solution to a problem is found.
Bug: An error or defect in software or hardware that causes a program
to malfunction. According to folklore, the first computer bug was an actual bug.
Discovered in 1945 at Harvard, a moth trapped between two electrical relays of the
Mark II Aiken Relay Calculator caused the whole machine to shut down.
CD-ROM: Abbreviation of Compact Disc-Read-Only Memory. A type of optical
disk capable of storing large amounts of data -- up to 1GB, although the most common
size is 650MB (megabytes). A single CD-ROM has the storage capacity of 700 floppy
disks, enough memory to store about 300,000 text pages.
CD-ROMs are stamped by the vendor, and once stamped; they cannot be erased and filled
with new data.
Cable modem: A modem designed to operate over cable TV lines.
Call Back (Welcome Call): A program whereby customer service representatives
call all new customers to welcome them as new customers, verify all billing information
(name, billing address, rate plan, etc.), and answer any questions. A call
back program can detect fraud quickly by discovering customers who did not authorize
service, or gave wrong billing information. A call back program also detects
data entry errors that prevent legitimate customers from being billed properly.
Calling Area: The local coverage area for cellular phone service is also
known as a number plan area (NPA). The local coverage area may include multiple
area codes.
Card Activation: An alternative bank card delivery method in which
Issuers wait to confirm that a card has been received by the valid cardholder before
activating the account. Cards are blocked at the time of mailing; for a card
to be activated, the cardholder must call the Issuer to confirm receipt and provide
positive proof of identity.
Card Recovery Bulletin: An international printed list of lost/stolen
counterfeit and other cards that Issuers have listed for pickup. The Card
Recovery Bulletin is only printed in countries outside the United States .
Card Security Features: Alphanumeric, pictorial, and other design and
functional elements on bank cards. The exact physical dimensions and placement
of these features are difficult to copy exactly. Card security features are
checked by merchants at the point of sale to ensure the card valid.
Card Verification Code (CVC): A unique three-digit "check number" encoded
on the magnetic strip of all valid MasterCard cards. The number is calculated
by applying an algorithm - a mathematical formula - to the stripe-encoded account
information and is verified on-line at the same time a transaction is authorized.
Card Verification Value (CVV): A unique three-digit "check number"
encoded on the magnetic strip of all valid Visa cards. The number is calculated
by applying an algorithm - a mathematical formula - to the stripe-encoded account
information and is verified on-line at the same time a transaction is authorized.
Cardholder: An individual to whom a card has been issued. There
can be more than one card issued to a particular account.
Cardholder Risk Identification Service (CRIS): A transaction scoring
and reporting service that employs neutral network technologies to develop risk-scoring
models that identify fraudulent transaction patterns. The service, available
by subscription, can be used by Issuers as a stand-alone fraud detection system
or as a complement to their internal fraud detection methods.
Cash Advance: Cash obtained by a cardholder through the presentation
of the card at a bank or through an Automated Teller Machine (ATM).
Calling Area: The local coverage area for cellular phone service, also
known as a number plan area (NPA). The local coverage area may include multiple
area codes.
Cell: The geographic coverage area assigned to a fixed-location cellular
transmitting and receiving station. The average range of a cell is 2 to 10
miles depending on terrain and system design. A cellular phone call passes
from cell to cell as the caller moves from one transmitting/receiving station to
another.
Cellular Telecomm Public Switch Telephone Network (PSTN): Each central
office has one or more designated three-digit NXX codes, where N can be any number
from 2 to 9, and X can be any number from 0 to 9.
Change of Address Fraud: A type of fraudulent application scam in which
a perpetrator requests a change of address and an additional card for the account
of a legitimate cardholder. The perpetrator then uses the additional card
to charge fraudulent transactions to the account.
Charge Card: Type of card issued by American Express, Dinners Club
and Carte Blanche; bills are payable when received or at the end of 30 days.
Chargeback: A dispute procedure whereby the Issuer contends a transaction
was presented in violation of bankcard rules/procedures and returns the transaction
to the acquirer for redress.
Chip: A piece of silicone etched with an electronic circuit.
These computer chips are used in smart cards, the new generation of cards, which
may replace magnetic-striped cards.
Chipped Up Phone: A fraudulently modified cellular telephone in which
the microchip which contains the cellular telephone's ESN has been altered.
Cloned Phone: An illegally altered phone that duplicates a valid Mobile
Identification Number (MIN) and Electronic Serial Number (ESN) so that calls placed
on it will appear as billable calls on an existing customer's statement.
Co-branding: A card-issuing agreement between a bank and a commercial
organization, such as the Chemical Bank/Shell MasterCard. The Issuer and the
organization are the two brand names appearing on the card.
Code 10: The term used by merchants or Members when they call an authorization
center to let the center know they are suspicious of a card, cardholder, or transaction.
Code 10 calls are generally switched directly to Issuers for special handling.
Collective Pursuit: A bankruptcy fraud recovery method in which several
Members with outstanding bank card debts charged by an individual bankruptcy fraud
perpetrator collectively hire an attorney and pursue recovery efforts together.
Collusive Merchant: A service establishment that conspires with third
parties to defraud a card issuer. Most often, no merchandise is exchanged
and the fraud proceeds are shared in cash.
Commercial Mail Receiving Agency (CMRA): A for-profit company that
rents mail boxes to the general public.
Control Signal: A channel that transmits digital control information
from a base station to a mobile station. Each cell has at least one control
channel. Channels used for control channels are separate from those used for
voice.
Counterfeit Card: An unauthorized instrument which purports to be a
genuine card, but has been fraudulently manufactured. Often the credit card
industry mistakenly refers to altered cards as counterfeit. For Secret Service
purposes, a counterfeit card begins with counterfeit plastic stock.
Counterfeit Paper: A sales draft or other record of transaction arising
from the fraudulent use of an altered or counterfeit card which shows either the
purchase of goods or services from a merchant or a cash disbursement
Credit Card: A plastic card used to purchase goods or services and
to obtain cash advances on credit. The cardholder is subsequently billed by
the issuer for repayment of the credit extended.
Credit Card Manufacturer: A vendor who manufactures credit cards in
accordance with the card issuer's specifications. This includes printing,
laminating, affixing various security features, embossing, and encoding.
Credit Line (credit limit): The available line of credit applied to
a specific credit card account.
Credit Voucher: Credit transaction presented to the bank by the merchant.
The merchant is crediting the cardholder's account for the return of goods or services.
Creditors' Meeting: A meeting at which an individual filing for bankruptcy
and his or her lawyer meet with the individual's creditors and answer any questions
they may have about financial information contained in the bankruptcy petition.
The creditors’ meeting is a required part of all bankruptcy proceedings and occurs
20-30 days after the petition for debt relief is filed
Cryptography: The method and practice of transforming confidential
information into a form that is unintelligible to any unauthorized personnel.
DHCP (Dynamic Host Configuration Protocol): A specification for service
provided by a router, gateway, or other network device that automatically assigns
TCP/IP network settings (including an IP address) to any device that requests one.
DOCSIS (Data Over Cable Service Interface Specification): An industry standard
that defines how cable modems communicate over cable TV lines.
DSSS (direct-sequence spread spectrum) and FHSS (frequency-hop spread spectrum):
Two incompatible technologies used to transmit data over radio waves. With DSSS,
used in 802.11b, transmissions are spread across the spectrum via overlapping channels.
With FHSS, which was implemented in early 802.11 products and cordless phones, transmissions
jump randomly from one frequency to another.
EAP (Extensible Authentication Protocol): A flexible authentication
framework that lets wireless adapters communicate with back-end authentication servers
such as RADIUS. The most common EAP types are EAP-TLS (EAP–Transport Layer Security),
EAP–TTLS (EAP–Tunneled Transport Layer Security), and PEAP (Protected EAP).
Dailies: Mailings of new or replacement credit cards by financial institutions.
Replacement cards are issued for lost, stolen and damaged cards, but do not include
monthly mailings of cards covering those that have expired.
Data Capture (also called: Electronic Data Capture): The process of
collecting and transmitting the data encoded on the magnetic strip of a credit card.
This information enters the system at a merchant's point-of-sale terminal.
Account information on the card, along with financial data related to the sale,
is transmitted for authorization and payment.
Data Encryption Standard (DES): An encryption method approved by the
U.S. government and standardized by ANSI that uses private key cryptography.
Widely used by the financial industry, where it is known as DEA (data encryption
algorithm), but less secure than the public key cryptography used today.
Debit Card: A debit card is an instrument of payment which may be used
to obtain cash, goods, and services and is linked to the cardholder's bank account.
A debit card is different from a credit card in that the cardholder's account is
electronically debited at the time of the transaction. There is no extended
credit facility with this type of card.
Dedicated Line: A circuit leased by a customer for exclusive use.
Also known as a Private Line.
Defraud the United States : This term is not defined in 18 USC 1028,
but it is not intended to be limited to misrepresentations related to financial
fraud and would also include the misrepresentative use of false identification to
obstruct functions of government.
Financial Fraud-Example: Use of identification document to negotiate
stolen U.S. Treasury checks or stolen U.S. Savings Bonds.
Misrepresentative use-Example: Displaying to a Secret Service Agent
another individual's driver's license for the purpose of trying to deceive or mislead
the agent.
DSL modem: Refers collectively to all types of digital subscriber lines,
the two main categories being ADSL and SDSL. Two other types of DSL technologies
are High-data-rate DSL (HDSL) and Very high DSL (VDSL).
Deposit Account: A business checking account designated by the merchant
through which all bank card transactions and adjustments will be processed by bank.
Dial-back Modem: Hampers unauthorized access to the switch from a remote
location by calling back pre-programmed numbers for access to the switch.
Digital Cash: Funds stored in an on-line account which can be transferred
over the Internet between any two parties. It may also be stored in an electronic
purse via an electronic wallet.
Digital Certificate: A kind of digitally signed message that contains
information about a public key and the owner of a public key. In the secure
protocol for electronic commerce standard being developed by Visa, a certificate
issue and signed by Visa binds the public key to the account number.
Digital Signature: Information encrypted with an entity's private key,
which is appended to a message to assure the recipient of the authenticity and integrity
of the message. Provides that the message was signed by the entity owning,
or with access to, the private key.
=
Discount Rate: The fee a merchant bank charges for handling the merchant's
sales drafts or electronic sales transactions. This is usually a small percentage
of each transaction amount.
Document Making Implement: This term is defined in 18 USC 1028 to mean:
". . . any implement or impression specifically designed or primarily used for making
an identification document, a false identification document or another document-making
implement."
This includes plates, dyes, stamps, molds, and other "tools," used to make identification
documents. Also included are any official seal or signature, or text in a
distinctive type face and layout that, when reproduced, are part of an identification
document. In cases where specialized paper, ink or other materials are used
in the production of identification document, those items would be document-making
implements. A device specifically designed or primarily used to produce a
small, hand assembled, laminated identification card bearing a photograph is another
example of a document-making implement.
Download: To copy data (usually an entire file) from a main source to a peripheral
device. The term is often used to describe the process of copying a file from an
online service or bulletin board service (BBS) to one's own computer. Downloading
can also refer to copying a file from a network file server to a computer on the
network.
Draft Capture Terminals: Terminals that capture and store all relevant
information about each transaction. Each day's transactions are balanced and
then transmitted electronically to the merchant's processor or merchant bank for
payment.
Drop Mailing (also called drop shipping): An alternative delivery method
for bank cards. Cards to be mailed are presorted and bundled by ZIP code and
then shipped by private transportation companies directly to the cities or post
offices where they are to be delivered.
Dual Control: A risk management procedure in which access to a secure
area, such as a safe or other place where bank cards are being held prior to mailing,
is controlled by a lock, combination, or other security devices that requires the
presence of two people, each with a separate key or part of the combination, to
open.
Dual Dating: Listing both the expiration date and the effective date
on a credit card.
Electronic Commerce: The purchase of goods and services over the Internet
without paper transaction between buyer and seller. Conducting business on-line.
This includes, for example, buying and selling products with digital cash and via
Electronic Data Interchange (EDI).
Electronic Data Capture (EDC): An electronic system that uses a data-capture
terminal located at a merchant's place of business to record and authorize transactions.
Authorized transactions are then automatically stored and processed at the end of
each business day, and funds are transferred directly to the Acquirer's, and then
the merchant's, account within 48 hours.
E-mail: Short for electronic mail, the transmission of messages over communications
networks.
Electronic Purse (EP): A smart-card that can be loaded and re-loaded
with money for small-value purchases.
Electronic EPROM (Erasable Programmable Read-Only Memory): An integrated
circuit memory that can be programmed from an external source and erased, for reprogramming,
by exposure to ultraviolet light.
Electronic Terminal: A point-of-sale terminal (POS), an automated teller
machine, a cash dispensing machine, an automated gasoline dispenser, etc., used
at a point of transaction to generate electronic data. This data is transmitted
for the initiation or approval of a transaction.
Electronic Serial Number (ESN): A unique identification number for
each cellular phone that is usually contained in the Numeric Assignment Module (NAM)
which is automatically transmitted to the base each time a cellular call is placed.
The ESN is different from the phone's model number or equipment number and generally
is not printed on the outside of the equipment to protect against theft. The
ESN may be hexadecimal (8 positions), or decimal (11 positions).
Electronic Wallet: A super smart card of some sort of pocket-size reader/writer
for a standard smart card which allows complex financial transactions to be entered,
usually via a keyboard. Electronic wallet systems allow multiple purse applications
to be interrogated more effectively.
Embossing Machine: A machine that is used to emboss the account information
on a card.
Encoding Machine: A machine used to encode account information on the
magnetic stripe on a card.
Encryption: A transformation of information to make the information
intelligible to unauthorized parties. The authorized person has an electronic
key to recover the original text by the reverse process, decryption. The translation
of data into a secret code. Encryption is the most effective way to achieve data
security. To read an encrypted file, you must have access to a secret key or password
that enables you to decrypt it. Unencrypted data is called plain text; encrypted
data is referred to as cipher text.
There are two main types of encryption: asymmetric encryption (also called public-key
encryption) and symmetric encryption.
Enhanced Services: Custom calling features such as call forwarding,
no answer transfer, busy transfer, and call waiting.
ESN Change: The electronic serial number (ESN) must be changed at the
cellular switch whenever a customer changes equipment of an activated cellular phone
and retains his or her mobile ID number. Frequent ESN changes from one sales
agent or store location could indicate fraud, such as stockpiling valid ESN's
for resell. All ESN change requests must be submitted in writing and include
a reason for the request.
ESN/Telephone Number Mismatch Report: A billing report that lists all
calls by ESN and mobile ID number, and flags the calls whose ESN does not match
the activating ESN. This report is an important tool for identifying customers
who have "tumbled" their ESN, thereby producing phantom calls that cannot be billed.
Exception File: A worldwide data base of account numbers of lost/stolen
or other cards Issuers have listed for pickup, referral, or other special handling.
The account numbers for all transactions rerouted to Visa's stand-in processing
system are checked against the Exception File.
Expired Card: A card on which the expiration data embossed and/or
encoded by the Issuer has expired.
Face-to-Face Transactions: Transactions in which both the cardholder
and the card are present at the point of sale.
Factoring or Laundering: The depositing by a merchant of a sale draft
for a transaction that was not made directly between the merchant and the cardholder,
but rather by a third party for whom the merchant is depositing the draft.
False Identification: This term is defined in 18 USC 1028 to include
counterfeited, altered, stolen and:
". . .(other than one issued lawfully for the use of the possessor). . ."
This definition would include genuine identification documents obtained by fraud.
Files: A collection of data or information that has a name, called the filename.
Almost all information stored in a computer must be in a file. There are many different
types of files: data files, text files, program files, directory files, and so on.
Firewall: A system designed to prevent unauthorized access to or from a private
network. Firewalls can be implemented in both hardware and software, or a combination
of both. Firewalls are frequently used to prevent unauthorized Internet users from
accessing private networks connected to the Internet, especially intranets.
There are several types of firewall techniques:
• Packet filter: Looks at each packet entering or leaving the network
and accepts or rejects it based on user-defined rules. Packet filtering is fairly
effective and transparent to users, but it is difficult to configure. In addition,
it is susceptible to IP spoofing.
• Application gateway: Applies security mechanisms to specific applications,
such as FTP and Telnet servers. This is very effective, but can impose a performance
degradation.
• Circuit-level gateway: Applies security mechanisms when a TCP or
UDP connection is established. Once the connection has been made, packets can flow
between the hosts without further checking.
• Proxy server: Intercepts all messages entering and leaving the network.
The proxy server effectively hides the true network addresses.
In practice, many firewalls use two or more of these techniques in concert.
A firewall is considered a first line of defense in protecting private information.
For greater security, data can be encrypted.
Floor Limit: A monetary amount above which a particular transaction
requires an authorization. Floor limits vary from merchant to merchant.
Most merchants operating with point-of-sale terminals have "zero" floor limits and
cards are swiped for authorization on all purchases regardless of the amount.
Fraud Reporting Program: A computerized data-gathering and processing
system to collect, compile, and analyze information on confirmed fraudulent transactions.
Fraud Applications: Submission of an application for a credit card
account where any of the personal, financial, or other requested information is
fraudulent.
Fraudulent Use: The use of an illegally obtained account number, as
opposed to a card, to make a fraudulent transaction. The term refers to a
broad range of fraud scams where physical possession of a card is not necessary;
for example, unauthorized use, telemarketing fraud, and EDC fraud.
Hard disk: A magnetic disk on which you can store computer data. The
term hard is used to distinguish it from a soft, or floppy, disk. Hard disks hold
more data and are faster than floppy disks. A hard disk, for example, can store
anywhere from 10 megabytes to hundreds of gigabytes, whereas most floppies have
a maximum storage capacity of 1.4 megabytes.
A single hard disk usually consists of several platters. Each platter requires two
read/write heads, one for each side. All the read/write heads are attached to a
single access arm so that they cannot move independently. Each platter has the same
number of tracks, and a track location that cuts across all platters is called a
cylinder. For example, a typical 84 megabyte hard disk for a PC might have two platters
(four sides) and 1,053 cylinders.
Heavy User Report: A billing report that identifies accounts with excessive
airtime. The accounts are listed by mobile ID, agent ID, and activation date. Fraud
should be suspected if the accounts are new, list the same agent ID, and/or have
mail returned for "no such address" or "address unknown".
Heuristics: Of or relating to exploratory problem-solving techniques that
utilize self-educating techniques (as the evaluation of feedback) to improve performance.
Hexadecimal: A base 16 numbering system in which codes 0-9 and A-F
represent decimal values 0-15.
Hologram: A three-dimensional/alternating laser-produced image.
It is currently being used as a security device on certain bank cards to combat
alteration and counterfeit.
Home Pages: The first screen of electronic bulletin boards on the WEB
where businesses, or individuals, post information or encourage dialogue.
In some cases, home pages are the vehicle for selling products or conducting business
virtually.
IACCI Network: A computer-based (E-Mail) network for IACCI members
to use for passing information related to financial systems fraud.
Identification Document: This term is defined in 18 USC 1028 to mean:
"Document made or issued by or under the authority of . . . (a governmental entity)
which, when completed with information concerning a particular individual, is of
a type intended or commonly accepted for the purpose of identification of individuals."
The document must be issued by a government agency and must be intended to identify
a particular person. The term includes blank documents.
Whether a document is "intended" to identify an individual is determined by looking
at the purpose for which the governmental agency issued it.
An identification document will normally include such identifying elements as an
individual's name, address, date or place of birth, physical description, photograph,
fingerprints, employer, profession, occupation, or any unique number assigned to
an individual by a governmental entity.
Examples of identification documents include but are not limited to the following:
passports, alien registration cards, credentials, birth certificates, driver's licenses,
social security cards, badges (if such badge has a unique number on it which is
assigned to a particular individual or a police officer for the purpose of identifying
such individual or police officer).*
*Note: The definition of the term identification document
under section 1028 does not cover certificates of title or registration documents
for motor vehicles since such documents identify vehicles, not persons.)
Imprinter: A mechanical device used at the merchant location, to reproduce
the embossed characters from a credit card onto a sales draft/slip.
Incollect: The amount the home carrier pays to the serving carrier
for roaming services provided to the home carrier's subscribers. The home
carrier collects this amount from within its subscriber base.
Independent Contractor: A 1099 employee who is hired by an ISO or Member
to perform Visa program-related work. The work of an independent contractor
is managed directly by the ISO or Member, and the contractor must be registered
with the Visa Agent Registration Program.
Independent Sale Organization (ISO): An organization or individual
who is not a Member and who contracts with a Member to solicit cardholder or merchant
accounts or provide other merchant account-related services.
In-House Bankruptcy Recovery Program: An in-house Visa program aimed
at reducing a Member's bankruptcy fraud losses by investigating accounts for potential
fraud and pursuing recovery strategies that do not require the hiring of an attorney.
Instant messaging: A type of communications service that enables you to create
a private chat room with another individual. Typically, the instant messaging system
alerts you whenever somebody on your private list is online. You can then initiate
a chat session with that particular individual.
Interchange: The exchange of transaction data between issuing banks
and merchant banks in the bankcard system. This is a service performed by
MasterCard or Visa.
Internet: A global network of networks, providing on-line information
access, communications tools and commercial opportunities for an estimated 40 million
users, with 200 million projected in the next two years. The Internet is not synonymous
with World Wide Web.
Internet Engineering Task Force (IETF): A consortium that develops
Internet standards.
Intruder: An adversary who is conducting or has conducted an intrusion or
attack against a victim host, site, network or organization. Since the label of
intruder is assigned by the victim of the intrusion and is therefore contingent
on the victim’s definition of encroachment, there can be no ubiquitous categorization
of actions as being intrusive or not. From the victim’s viewpoint, an intruder is
usually an entity (person or organization) that has successfully attacked the victim.
It is unclear whether one who conducts an unsuccessful attack is an intruder. If
an intrusion is required to be an intruder, then it seems that all intruders are
attackers, but all attackers are not necessarily intruders.
IS-41: The standard for interswitch communication required for hand
off between two cellular carriers and sharing customer database information on features
and billing. In final form, IS-41 will allow pre first-call validation.
IS-54: The "dual-mode" technical standard, whereby both analog and
digital phones will interface with the cellular system. Besides defining how
the digital/analog phones communicate with the cellular switch, IS-54 contains the
protocol for "authentication", an enhanced method of verifying valid customers through
PIN code and call counter technology.
Issuer: An Association member who enters into a relationship with a
cardholder for the issuance of one or more cards. Issuers carry the credit
card loan or maintain the related checking account. This is the best known
side of the bank card business.
Issuer Bank: A bank that issues a credit or debit card to the cardholder.
Issuer Identification Number: A number identifying a credit card Issuer
within the industry. The account number on the card has certain identification
features which are unique to the Issuer. These features vary from company
to company.
Issuer Limits: A Visa electronic authorization service (such as Positive
Cardholder Authorization Service), the Issuer Limit is the transaction amount above
which a merchant's request for authorization is routed directly to the Issuer.
When a transaction is below the Issuer Limit, the authorization request may be rerouted
either to the Issuer or to VISA STIP, depending on the Issuer's authorization system
and the response parameters chosen for that system.
Issuers' Clearinghouse Service (ICS): A bank card application verification
system cosponsored by Visa and MasterCard. ICS verifies an applicant's address,
phone number and social security number, and whether he/she has a history of excessive
applications or credit card fraud or abuse. ICS is mandated for U.S. Members.
Key: A sequence of alphanumeric characters used to encrypt and decrypt
data.
Laundering (Third-Party Draft Laundering; also referred to as "Factoring"):
The process whereby a merchant authorized to accept bankcards processes "outside"
sales (in violation of Title 18 USC 1029 and bankcard rules) from merchants not
approved to accept bankcards. Often, fraudulent telemarketing sales are "laundered"
through accounts of collusive merchants for a fee.
Cardholder complaints result in fraud losses when the offending telemarketer disappears
and the laundering merchant cannot cover the chargeback liability.
Line Range : Last four digits in a phone number.
Lost/Stolen Card: The general fraud category designating all situations
in which legitimate cardholder loses their card or has it stolen. With the
exception of the NRI and fraudulent application category, lost/stolen refers to
most situations in which a valid card is obtained by illegal means.
Magnetic Stripe: A stripe of magnetic information affixed to the back
of a plastic card (credit or debit) at the time of its manufacture. It contains
in very specific format order, customer and account information including limitations.
It should be noted that there are numerous methods used to alter or erase this information.
The most common method is to simply use a rubber eraser to distort the data thereby
forcing the retailer to manually punch in the fraudulently embossed account information.
Magnetic Stripe Encoder/Decoder Machine: A machine that encodes and
decodes account information on magnetic stripe cards. This machine is portable
and commercially available.
Magnetic Stripe Reading Terminal: A terminal located at the point of transaction
which is capable of reading the magnetic stripe on an access device.
Mail Drop: A private or commercial post office (i.e., one not rented
from the U.S. Postal Service) or other nonresidential private address - for example,
an office address with a specific room or suite - used by an individual for fraudulent
purposes.
Mail House: An independent contractor who prepares large mailings for
other companies. A mail house does not combine and presort mailings as do
presort houses.
Mail Order/Telephone Order (MO/TO): Businesses where the primary or
a major source of income comes from merchandise or services sold by mail or telephone.
Such transactions are frequently charged to customers' bank card accounts.
Media: Objects on which data can be stored. These include hard disks, floppy
disks, CD-ROMs, and tapes.
Member: An organization which is a Member of Visa and MasterCard which
issues cards and/or signs merchants.
Merchant: A supplier of goods or services. Merchants who are
members of a credit card association or company are referred to as retailers, traders,
or establishments.
Merchant Agreement: The contract between a merchant and a merchant
bank permitting the merchant to participate in the Visa and MasterCard payment system,
to accept Visa and MasterCard cards for payment of goods and services, and requiring
that the merchant abide by certain rules governing the acceptance and processing
of transactions. Merchant agreements may stipulate merchant liability with
regard to chargeback’s and may specify timeframes within which merchants are to
deposit transactions and respond to requests for information.
Merchant Identification Number: A unique number assigned to each merchant
by their bank.
Merchant Fraud: Merchant fraud occurs when a merchant knowingly accepts
stolen, counterfeit or other fraudulent credit cards; then submits the fraudulent
sales transactions or vouchers to his acquiring bank or card company for payment.
Message Digest: A mathematical value of fixed length created when information
is processed using a hashing algorithm. The value is uniquely correspondent
to the data from which it was generated.
MOD-10 Check-Digit Algorithm: The standard mathematical formula that
is used to create and verify the validity of a bank card account number.
"MO/TO" Fraud (mail order/telephone order): Fraudulent transactions
resulting from mail or telephone orders, where neither the card nor cardholder is
present at the point of sale.
Mobile : A cellular phone that is installed in a vehicle. Mobile
phones generally are three watts and feature an external antenna.
Mobile Identification Number (MIN): A 34-bit digital representation
of the 10-digit directory telephone number (NPA-NXX-LINE) assigned to a cellular
phone or Mobile Identification Number.
Mobile Telephone Switching Office (MTSO): The MTSO switches cellular
phone traffic and records the cellular call details on a tape that is forwarded
to the carrier's rating/billing vendor.
Multi-User: An individual or business that has more than one cellular
line service. Generally, two or more cellular phones are being billed to the
same address.
Negative File: A field that contains invalid electronic serial numbers
(ESN's) and mobile telephone numbers (MIN's) that should be denied service.
The clearinghouses each maintain a negative file, and each carrier maintains their
local negative file at their switches.
Neural Networks: Computer programs utilized by the credit card issuers
to assist in detecting credit card fraud. These programs attempt to detect
a fraudulent transaction or series of transactions by comparing the sale(s) with
a previously established pattern of use by the true cardholder.
Never Received Issued Fraud (NRI): Fraud related to credit cards which
were issued but never received by the true cardholders. NRI fraud involves
thefts of cards being mailed or shipped to cardholders.
No Incoming Calls: A carrier restriction that prevents incoming calls
to the assigned cellular number. This is an optional service feature.
No Outgoing Calls: A carrier restriction that prevents the subscribers
from placing outgoing calls. This is an optional service feature.
Non-Received Item (NRI): The loss or theft of a bank card that has
been mailed to, but not received by, a cardholder and has also not been returned
to the Issuer.
Non-wireline: A cellular carrier that generally does not provide conventional
telephone services. Non-wireline carriers are designated by the FCC as “A”
carriers.
NRI Interim Reporting: A computer program developed by Visa for completing
and processing PS604s to report cases of NRI. As of October 1, 1993, members
with sales volume of $50 million or more for the calendar quarter ending March 31,
for any year, are required to use the NRI Interim Reporting program for completing
and submitting PS604s on all NRI cases.
Numbering Plan Area (NPA): A distinctive three-digit code where the
first digit can be any number 2 to 9, a 1 or 0 as the middle digit, and any number
as the last digit. The NPA designates a specific numbering plan area (area
code). NPA is also another name for your local calling and billing area.
An NPA may contain multiple area codes.
Numeric Assignment Module (NAM): The computer chip that identifies
your phone to a Mobile Telephone Switching Office (MTSO) and cell site. The
NAM must be programmed with the phones unique ESN and MIN in order to transmit and
receive calls on a cellular phone.
NXX: A three-digit code, where N can be any number 2 to 9, and X can
be any number from 0 to 9, which designates a central office. A central office
may have multiple NXX's.
Off-peak Time: The hours during which a system is least used.
Some carriers offer discounted airtime charges during these hours. In cellular
systems, off peak generally is between 7:00 p.m. and 7:00 a.m. as well as weekends
and holidays. (Hours vary from carrier to carrier)
One Hour Liability: The algorithm adopted by the clearinghouses that
shifts liability to the serving carrier one hour after the negative entry timestamp
for service provided to the MIN/ESN combinations on the Negative File.
Open to Buy: The difference between the credit card limit assigned
to a cardholder account and the present balance (including authorization outstanding)
on that account. (Also called available credit.)
Operating system: The most important program that runs on a computer. Every
general-purpose computer must have an operating system to run other programs. Operating
systems perform basic tasks, such as recognizing input from the keyboard, sending
output to the display screen, keeping track of files and directories on the disk,
and controlling peripheral devices such as disk drives and printers.
Operating systems can be classified as follows:
• Multi-user: Allows two or more users to run programs at the
same time. Some operating systems permit hundreds or even thousands
of concurrent users.
• Multi-processing: Supports running a program on more than
one CPU.
• Multi-tasking: Allows more than one program to run concurrently.
• Multi-threading: Allows different parts of a single program
to run concurrently.
• Real Time: Responds to input instantly. General-purpose operating
systems, such as DOS and UNIX, are not real-time. Operating systems provide a software
platform on top of which other programs, called application programs, can run. The
application programs must be written to run on top of a particular operating system.
Packet: A piece of a message transmitted over a packet-switching network.
See under packet switching. One of the key features of a packet is that it contains
the destination address in addition to the data. In IP networks, packets are often
called datagram’s.
Paper: A sales draft, transaction record, order form, credit voucher,
cash disbursement draft, call detail report, electronic record or other obligation
arising from the use of a card, and bearing either the imprint or other reproduction
of embossed or encoded information contained on such card.
Paper-Draft Merchant: A merchant who obtains authorization over the
telephone or from an authorization-only terminal and submits copies of sales drafts
to the acquiring bank for payment. (These are merchants who do not use electronic
data capture systems.)
Password: A secret series of characters that enables a user to access
a file, computer, or program. On multi-user systems, each user must enter his or
her password before the computer will respond to commands.
Patch: A temporary fix to a program bug. A patch is an actual piece of object
code that is inserted into an executable program.
Payment Device: A card issued by a financial institution or other approved
institution which gives a cardholder access to a credit or debit account.
Peak Time: The hours of heaviest usage of a system. In cellular
systems, peak time generally is from 7:00 a.m. until 7:00 p.m. Monday through Friday
(hours vary from carrier to carrier). Usage rates generally are higher during
peak time than during off-peak time.
Personal Identification Card: This term is defined in 18 USC 1028 to
mean:
“. . . an identification document issued by a state or local government solely for
the purpose of identification . . ."
This document is normally issued by state departments of motor vehicles to provide
an identification document for those persons who do not possess a driver's license.
It is a document issued by the agency for the sole purpose of identifying the bearer.
Personal Identification Number (PIN): Sometimes called Personal Identification
Code (PIC), this is an alpha and/or numeric code which is used to identify the card
presenter at a magnetic stripe reading terminal. Most present day usage of
PIN numbers is with Automated Banking Machines (ABMs) and direct payment in stores.
Phantom Customer: A fraudulent activation of a customer account that
does not exist or that cannot be billed for payment.
Phishing: The act of sending an e-mail to a user falsely claiming to be an
established legitimate enterprise in an attempt to scam the user into surrendering
private information that will be used for identity theft.
Point of Compromise: A location where details of genuine charge, credit
or debit cards are compromised or stolen. Embossed features and/or the encoded
information on the magnetic stripe are captured for fraudulent use by criminals.
Often an owner or employee steals account numbers from merchant records then sells
them to those involved in credit card fraud schemes.
Point-of-Sale (POS) Authorization System: A system of terminals and
communication links on which merchants get authorization for credit card transactions.
When a merchant swipes a card through the terminal in a store, the card number is
sent electronically to the bank. The bank checks the number against a list
of lost/stolen cards, checks for credit available, and returns a positive or negative
response to the merchant.
Point-of-Sale Terminal (POS): An electronic terminal placed at a merchant
location which accepts and records, via the magnetic stripe, financial data from
a credit or debit card. The terminal then transmits the data via telephone
lines to the bank or card company for authorization and payment (POS terminal may
not store data if it is an authorization only terminal).
PVC Polyvinyl chloride: The type of plastic used to make credit cards.
Port: In TCP/IP and UDP networks, an endpoint to a logical connection. The
port number identifies what type of port it is. For example, port 80 is used for
HTTP traffic.
Portable: Portable cellular phones contain their own power supplies
and can be used anywhere there is service. Typically, a portable is the size
of a handset on a traditional phone although many now can fit inside a jacket pocket.
Positive Authorization Capacity Management (PACM): An electronic authorization
management system that monitors the number of authorization requests for individual
Issuers. When the number of authorization requests being received by an Issuer
meets or exceeds its capacity to respond, the system routes low-risk transactions
to Visa STIP.
Positive Cardholder Authorization Service (PCAS): An electronic authorization
system that uses Issuer-specific limits to determine which transaction are switched
to Visa STIP for authorization and which are routed directly to Issuers.
Positive Roamer Verification (PRV): Lists the ESN's of all phones reported
stolen and all ESN's disconnected for non-payment. Cellular carriers can subscribe
to this system from EDS PCC so that every call placed by cellular phone will be
checked against the cellular industry negative file to determine if the phone was
reported stolen or if service has been disconnected for non-payment. If the
phone's ESN is on the list, that caller will not be able to place a second call.
Positive Validation Service (PVS): Lists the ESN's of all phones reported
stolen and all ESN's disconnected for nonpayment. Cellular carriers can subscribe
to this system from GTE Telecommunication Services, Inc. so that every call placed
by a cellular phone will be checked against the cellular industry negative file
to determine if the phone was reported stolen or if the service has been disconnected
for nonpayment. If the phone's ESN is on the list, that caller will not be
able to place a second call.
Presort Houses: Independent contractors who sort and bundle mail for
several businesses simultaneously. All envelopes to be delivered to a specific
ZIP code are mixed and prepared for bulk mailing together to avoid creating large,
and easily identifiable, bundles of similar-looking envelopes.
Private Key: A key kept secret by the owner. It is used to create
a digital signature to decrypt messages or files.
Processor: A silicon chip that contains a CPU. In the world of personal
computers, the terms microprocessor and CPU are used interchangeably. At the heart
of all personal computers and most workstations sits a microprocessor.
Three basic characteristics differentiate microprocessors:
• Instruction set: The set of instructions that the microprocessor can execute.
• Bandwidth: The number of bits processed in a single instruction.
• Clock speed: Given in megahertz (MHz), the clock speed determines
how many instructions per second the processor can execute.
In both cases, the higher the value, the more powerful the CPU. For example, a 32-bit
microprocessor that runs at 50MHz is more powerful than a 16-bit microprocessor
that runs at 25MHz.
In addition to bandwidth and clock speed, microprocessors are classified as being
either RISC (reduced instruction set computer) or CISC (complex instruction set
computer).
Program: An organized list of instructions that, when executed,
causes the computer to behave in a predetermined manner. Without programs, computers
are useless.
A program is like a recipe. It contains a list of ingredients (called variables)
and a list of directions (called statements) that tell the computer what to do with
the variables. The variables can represent numeric data, text, or graphical images.
There are many programming languages -- C, C++, Pascal, BASIC, FORTRAN, COBOL, and
LISP are just a few. These are all high-level languages. One can also write programs
in low-level languages called assembly languages, although this is more difficult.
Low-level languages are closer to the language used by a computer, while high-level
languages are closer to human languages.
PS604s: A U.S. Postal form used for reporting cases of NRI to postal
inspectors. As of October 1, 1995, members with sales volumes of $50 million
or more for the calendar quarter ending March 31 of any year must fill out and submit
PS604s through the NRI Interim Reporting Program.
Public Key: A key that is available publicly. Used to verify
signatures that were created with the matched private key. Also used to encrypt
messages or files that can only be decrypted using the matched private key.
Public Key Cryptography: A field of cryptography introduced in 1976
by Whitfield Diffie and Martin Hellman in order to simplify key management.
Depends on a matched pair of inverse keys such that information encrypted with one
key can only be decrypted with the other. Provides users with the ability
to encrypt and decrypt data or text, which eliminates having to keep the key secret
to avoid compromising security.
Purge Data: The data at which a computer record or other electronically
stored data is deleted from a computer data base or other file.
Reaffirmation Agreement: A written, legally binding document in which
a debtor in bankruptcy agrees to pay the outstanding account debt owed to a specific
Member or Members. In return, the Member agrees to refrain from any further
legal proceedings against the individual in the current bankruptcy proceedings.
Reaffirmation agreements are often used to recover bankruptcy fraud losses without
initiating formal legal action against the fraud perpetrator.
Referral Messages: A "call" or "call center" response to a merchant's
or Member's request for an authorization. A referral message indicates that
the Issuer needs more information about the transaction or cardholder before an
approval can be issued.
Re-Issues: Monthly mass mailings of financial institutions' credit card renewals.
Reseller: A business entity that purchases large blocks (typically
100) of cellular telephone numbers wholesale from a carrier and retails the numbers
through a direct sales organization and/or agents to the end user market.
Resellers establish their own policy for sales, credit checks, deposits, activations,
collections, and fraud detection.
Restricted Card Bulletin: MasterCard and Visa jointly provide a bi-weekly
bulletin to authorized merchants which contains a list of invalid account numbers
(e.g., lost, stolen, altered, and counterfeit).
Restricted Card List: Electronic files or printed warning bulletins
containing lists of invalid account numbers, used to advise merchants not to honor
transactions on certain accounts.
Retailer Card (Private Label Card, Store Card): A charge card issued
by a particular retailer. This type of card is usually only good for purchases
from that particular retailer. (Examples: gas stations, department stores)
Risk: possibility of loss or injury.
Roamer: A cellular customer who places calls outside of his or her
home service area, whether the visited area is serviced by the customer's cellular
carrier or another carrier.
Roamer Access Number: The phone number that must be dialed by someone
calling you when you are roaming, prior to dialing the number of your phone, if
automatic call forwarding services are not activated.
RSA: A public key encryption system that supports message encryption,
digital signatures and digital certificates. The secure transaction technology
(STT) being developed takes advantage of this system.
Sales Draft (Sales Voucher): A paper document completed by the merchant
at the time of sale to record a transaction made by a cardholder. A copy is
provided to the cardholder as a record of the transaction.
Security Features: Particular devices utilized in credit card production
to help secure the card against counterfeiting and fraud. Typical security
features include holograms, fine-line printing, unique embossed features, tamper-resistant
signature panels, special fonts, hidden fluorescent features, card validation dates
and card validation codes in magnetic stripes.
Secure Hypertext Transfer Protocol (S-HTTP): A mechanism to enable
spontaneous, secure commercial transactions on the World Wide Web. Uses HyperText
Transfer Protocol (HTTP, the technical protocol that performs the function necessary
to display documents on the WEB) and is thus limited to WWW browsers and servers.
Secure Sockets Layer (SSL): A mechanism developed by Netscape Communications
to enable spontaneous, secure commercial transactions on the Internet, including
Gopher, Telnet, WWW and other protocols.
Secure Transactions Technology (STT): The system for secure buying
and selling over the Internet being developed by Visa and MicroSoft. Takes
advantage of RSA.
Settlement: The process by which acquirers and issuers exchange financial
data and funds resulting from credit card transactions.
Skimming: Replication of electronically transmitted full track data
to allow or enable valid authorization to occur.
Smart Cards: An access device card with a microchip similar to those
in computers and other electronic products. The microchip is embedded within
a plastic card without affecting its thickness or other dimensions. The microchip
is more upgradeable than the magnetic stripe and is extremely difficult to compromise.
Many manufacturers have a built-in, self-destruct mechanism in the event of tampering.
Microchips are available with up to 8K of memory.
Sniffing: A program and/or device that monitors data traveling over
a network. Sniffers can be used both for legitimate network management functions
and for stealing information off a network. Unauthorized sniffers can be extremely
dangerous to a network's security because they are virtually impossible to detect
and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's
arsenal.
On TCP/IP networks, where they sniff packets, they're often called packet sniffers.
Split Sale : Preparation of two or more sales drafts for a single transaction
on one card account, in order to avoid authorization procedures.
Spoofing: Unauthorized use of legitimate Identification and Authentication
data, however, it was obtained, to mimic a subject different from the attacker.
Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
Stand-In Processing: Visa's and MasterCard's on-line authorization
processing system that responds to merchants' requests for transaction authorization
either when Issuers are unable to respond or when they have chosen to let Visa and
MasterCard process certain transaction.
Stolen Blanks: Authentic credit cards stolen, prior to embossing, from
the manufacturer, during shipment, or at the issuing bank.
Stored Value Cards: Cards purchased by the cardholder for an agreed
price. The cards are used to purchase goods and services. They are read
at POS terminals, where the dollar amount for the item purchased is deducted from
the card's "Stored Value." An example is the stored value telephone calling
cards (not to be confused with calling cards which bill your established account
monthly). (Stored value cards are usually reloadable)
Sub-Agent: Contracts with an agent to sell the cellular phone equipment
and service of the carrier that agent represents. A sub-agent can contract
with multiple agents to represent multiple carriers.
Swipe Reader: A magnetic stripe reader in which the magnetic stripe
is read by passing the card manually through the reader past the magnetic heads.
Switch: The switch acts as the nerve center of a cellular system.
It interconnects one or more central offices with the cell sites, handles cell site
and radio frequency (RF) control, performs audio switching, and generates billing
statistics.
System Identification Number (SID): A 5-digit identification code assigned
to each carrier by the FCC. A carrier may have more than one SID depending
on the number of markets served.
Telemarketing: Selling goods or services over the phone by getting
cardholders to quote the account number of a financial transaction card for payment.
A legitimate form of selling, which may be fraudulently abused by high pressure
sales tactics and other schemes.
Telemarketing Fraud: A type of fraud used in which false or inflated
offers of merchandise or services, such as vacations, vitamins, or luggage, are
"sold" promising fabulous prizes, over the phone, by high-pressure salespeople.
In many cases, the true goal of the scam is to get the "marks" to give out their
bank card account numbers. These account numbers are then used to charge fraudulent
transactions.
Terminated Merchant File: A list maintained by MasterCard and Visa
used to help identify merchants that were previously terminated for fraud reasons.
Third-Party Processing: Processing of transactions by parties acting
under contract to issuers or acquirers. (Example: First Data Resources,
Total Systems and Nabanco)
Third-Party Processor: An independent contractor who performs transaction
authorization and processing, account record-keeping, and other day-to-day business
and administrative functions for Members. Third-party processors have a direct
link with the Visa Net system and do not have to be registered with the Visa Agent
Registration Program.
Third-Party Servicer: An organization or individual who is not a Member
and provides processing services such as transaction processing, data capture, or
response to merchant or cardholder account solicitations. Third-party services
are not connected to the Visa Net system and must be registered with the Visa Agent
Registration Program.
Tipper or Tipping Machine: A machine that highlights, with ink, the
embossed characters on a credit card. This machine is portable and commercially
available. It should be noted that this procedure is not a security feature
and not all credit card companies use this method.
Toll Report: A billing report that lists all long distance calls by
mobile ID number, date, time, and destination called. Fraud may be suspected
if an account reflects excessive long distance (toll) charges, especially to international
destinations.
Transaction: The act between the cardholder and merchant, or cardholder
and financial institution, which results in the sale of goods or services.
Transparent Call Forwarding: A level of Roaming America service that
allows calls to the subscriber to be forwarded automatically from the home market
to the roam market.
Transportable: A three-watt, self-contained, cellular phone that has
its own energy source. Transportables frequently are carried in a soft bag
or briefcase.
Transfer: This term is not defined in 18 USC 1028, but, it is intended
to reach individuals who "traffic" in stolen and/or false identification.
The item does not require any exchange of "consideration" (i.e., thing of value)
for the transfer to be affected.
Travel and Entertainment Cards (T&E): Charge cards issued by a
private company that provides credit for a short period between the purchase and
the billing date. Upon receipt of the statement, the cardholder is expected
to settle the outstanding balance in full. (Example: American Express, Diners
Club)
Tumbler Phone: Modified software is illegally placed in a cellular
phone that allows the Electronic Serial Number (ESN) to be changed or "tumbled"
at will, resulting in calls that cannot be billed properly.
Unauthorized Use: A type of fraudulent use in which fraudulent MO/TO
transactions are charged to a bank card account number by perpetrators posing as
valid cardholders. In most cases, the account numbers used in these transactions
are valid, but have been illegally obtained by the perpetrators.
Unique Embossed Character/Symbol: An embossed character controlled
by the Issuer or association which is used as a counterfeit deterrent.
Use: This term is not defined in 18 USC 1028, but it is to be broadly
construed and includes presenting, displaying, certifying, or otherwise giving commonality
to an identification document so that it would be accepted as an identification
document in any manner.
Validation: The process by which the customer service representative
checks the ESN's of every phone presented for activation against the industry negative
file to determine if the request is valid. If the ESN appears on the negative
file, the phone has been reported stolen or deactivated for non-payment and should
not be activated.
VBRP Computer Bulletin Board: A nationwide computer bulletin board
sponsored by the VBRP to alert Members to current bankruptcy fraud activity, share
information on recovery strategies, and facilitate communication between Members
and law firms handling cases for the Collective Pursuit Program.
Virus: A program or piece of code that is loaded onto
your computer without your knowledge and runs against your wishes. Viruses can also
replicate themselves. All computer viruses are manmade. A simple virus that can
make a copy of itself over and over again is relatively easy to produce. Even such
a simple virus is dangerous because it will quickly use all available memory and
bring the system to a halt. An even more dangerous type of virus is one capable
of transmitting itself across networks and bypassing security systems.
Some people distinguish between general viruses and worms. A worm is a special type
of virus that can replicate itself and use memory, but cannot attach itself to other
programs.
Virus Signature: A unique string of bits, or the binary pattern, of
a virus. The virus signature is like a fingerprint in that it can be used to detect
and identify specific viruses. Anti-virus software uses the virus signature to scan
for the presence of malicious code. >
Visa Bankruptcy Recovery Program (VBRP): A coordinated program of services
and resources aimed at helping Members reduce losses due to bankruptcy fraud.
VBRP services are open to all Members and include the Collective Pursuit Program,
the Bankruptcy Criminal Pursuit Program, and the VBRP Computer Bulletin Board.
Visa-Line: A subscription service providing an interactive computer
network dedicated to the communication of time-sensitive risk management and business
information between Visa and its Members and their third-party processors.
Visa-Net: The data processing system, networks and operation which
are used to support and deliver authorization services, exception file services,
clearing and settlement services and any other services.
Voice Authorization: Authorization obtained by a telephone voice operator.
Voice Authorization Center : An authorization center operated either
by card Issuers or by processors on behalf of Issuers to respond to requests for
authorizations for purchases from merchants who do not have terminals, or whose
terminals are not functioning properly, or for transactions for which special assistance
is required.
Vulnerability: A feature or combination of features of a system that
allows an adversary – the intruder – to place the system – your home computer –
in a state that is both contrary to the desires of the people responsible for the
system and increases the risk (probability or consequence) of undesirable behavior
in or of the system. A feature of combination of features of a system that prevents
the successful implementation of a particular security policy for that system. A
program with a buffer that can be overflowed with data supplied by the invoker will
usually be considered vulnerability.
Warning Bulletin: (See Restricted Card List)
White Plastic: A generic term that applies to any piece of plastic,
regardless of the color where an account number, expiration date and cardholder
name has been embossed. There is no resemblance to a MasterCard or Visa card
other than the size. The acceptance of a white plastic card requires conspiracy
between the merchant or employee and the defrauder. The card is then used
to imprint sales drafts, which are deposited into the merchant account.
Wireline: A cellular carrier that provides conventional telephone service
in addition to cellular service. Wireline carriers are designated by the FCC
as “B” carriers.
World Wide Web (WWW): Usually called "the WEB," a set of Internet servers
that provide hypertext to clients running Web browsers.
Worm: A program or algorithm that replicates itself over a computer network
and usually performs malicious actions, such as using up the computer's resources
and possibly shutting the system down.
O Calling: Operator assisted dialing. O calling requires the
user to dial the operator before placing long distance or third party calls.
O+ Calling: All long distance calls must be charged to a credit card.
1+ Calling: Allows the user to place long distance calls by dialing
1+ the area code and phone number.
802.11a, "b," and "g" IEEE specifications defining wireless LAN technologies:
802.11b products operate in the 2.4-GHz radio spectrum and have a maximum data rate
of 11 Mbps. 802.11a products operate in the 5-GHz spectrum at a maximum rate of
54 Mbps. 802.11g products operate in the same 2.4-GHz radio spectrum as 802.11b
products (so the two are compatible) but at a data rate of up to 54 Mbps.