Acquirer: Institution, or its agent, which acquires data relating to a transaction and forwards the data into the interchange system. In the context of ATMs this would typically be the ATM owner.

Acquirer Processor: a financial institution that acquires financial transactions from ATMs, POS terminals etc, sends these via a switch to the issuer processor for authorization and then settles authorized transactions.

Automated Teller Machine (ATM): an unmanned terminal that carries out automated teller functions like dispensing cash, balance enquiries, check deposit acceptance, PIN change, mini statement requests etc. The two most common ATMs are Through-the-Wall (Wall Mounted) ATMs and Stand-Alone (Convenience) cash machines. Also known as Automated Banking Machine (Canada) or Cash Dispenser.

Cardholder: the customer associated with the primary account related to the card in question. Individual authorized to use card.

Card Issuer: the financial institution or its agent that issues the card to the cardholder. Also known as just the Issuer.

Card Trapping/Fishing: illegal capture of ATM cards by using fishing probes/hooks usually made by plastic ribbons or thin metal ribbons, inserted into the card reader throat and preventing the ejection of the card to the Customer.

Card Verification: a cryptographic process used to prevent the magnetic stripe from being recreated from the data embossed on the card. The primary account number, card expiration date, and service code are encrypted with the DES algorithm using a pair of Card Verification Keys, to produce a Card Verification Value (CVV). Also known as Card Validation.

Certified Device: an ATM, POS terminal or related equipment that is certified as meeting the required standards.

Chip & PIN: the migration to EMV-compliant smart cards for PIN-based transactions. See also EMV Cards.

Compromise: a violation or security breach that causes, or may cause, the disclosure of sensitive or confidential data. This includes the unauthorized disclosure, modification, substitution or use of encryption keys or key-related material.

Cryptographic Algorithm: a mathematical formula that transforms data in order to hide/encrypt or reveal/decrypt its contents. Usually used in conjunction with a cryptographic key.

Cryptographic Key: a value used with an algorithm to encrypt and decrypt data.

Cryptography: the discipline that embodies principles, means, and methods for the transformation of data in order to hide its content, prevent its undetected modification, and/or prevent its unauthorized use.

Data Encryption Algorithm: a published encryption algorithm that is used to protect critical information by encrypting data based on a variable secret key.

Data Encryption Standard: (DES) is a symmetric key encryption algorithm using a 64 bit key, where 56 bits are used for encryption and 8 bits used for parity checking.

DES Key: a secret value input into the DES algorithm to encrypt or decrypt data.

Electronic Funds Transfer Network: an EFT network is an ATM or POS processor. The EFT network handles ATM and/or POS transactions and allows bank customers to use their ATM cards at its ATMs and/or at a merchant's POS terminals.

Electronic Key Entry: the entry of cryptographic keys into a secure cryptographic device in electronic form using a key-loading device. Thereby the user entering the key may have no knowledge of the value of the key being entered.

EMV Cards: Smart Payment Cards developed by a consortium consisting of Europay, MasterCard and Visa.

Encrypting PIN Pad: (EPP) is a keyboard device that encrypts the PIN at the point of entry.

Firmware: program/data permanently stored in hardware, such as ROM, PROM, or EPROM, so that the program/data cannot be dynamically written or modified during execution.

Independent Sales Organization: (ISO) in this context, is an organization that deploys ATMs and POS terminals at merchants, gas stations, hotel lobbies, etc. In the USA, ISOs must be sponsored by a financial institution.

Independent ATM Deployer: (IAD) in this context, is an organization that deploys ATMs for banks in India.

Interchange Network: a business and processing arrangement that allows the settlement of financial transactions where the card issuer is different from the transaction acquirer.

Issuer Processor: a financial institution that issues the ATM card to the bank customer. They are responsible for verifying their own customer PINs whether the customer is using one of the bank's own ATMs or another bank's ATMs. If the customer uses another bank's ATM, the issuer processor receives the ATM transaction from the acquirer processor via a switch.

Key: a series of digits that is used to encrypt and decrypt data. See also Cryptographic Key.

Key Custodian: a person authorized to handle all or part of an encryption key throughout the key's lifecycle from generation through to destruction.

Magnetic Stripe: a magnetic stripe is located on the back of an ATM or bankcard and is used to encode specific information about the card and the cardholder.

Manual Key Loading: the entry of cryptographic keys or key components into a secure cryptographic device by key custodians from a printed form using, for example, buttons, thumb wheels, or a keyboard.

Master Key: the highest hierarchical level of key encrypting key.

PED: PIN Entry Device. It is required that PIN data should never be compromised through allowing PIN or Key information to be communicated in a non-encrypted form.

Personal Identification Number: PIN, is a code issued to, or selected by, the customer, which is used in conjunction with an ATM or bankcard to effect electronic financial transactions. Usually 4 digits, it can be alphabetic or numeric. If alphabetic the PIN is translated to a numeric value on entry.

Phishing: where unsuspecting users receive emails that attempt to fool them into disclosing online banking passwords, by sending them to a site that mimics the look and feel of their bank's Web site.

PIN Entry Device: PED, is a keypad, laid out in a prescribed format, which is combined with electronic components and housed in a tamper resistant or tamper evident shell, so that it can capture and encrypt entered PINs.

Plain Text: data in its original human readable form. Also known as Clear Text.

Plain Text Key: an unencrypted key.

Primary Account Number: PAN, is the assigned number that identifies the card issuer and the cardholder. It is composed of an issuer identification number, an individual account identification number, and an accompanying check digit.

Skimming: a method of illegally obtaining card track data stored in the magnetic strip of the card through a card reading device.

Smart Card: a card that contains a computer chip with processing and memory capability.

Split Knowledge: a technique where no one person knows the whole. It is used in cryptography to ensure that no single individual knows all the clear text components of an encryption key.

Switch: a node that can route data from one node to another node. In a shared ATM/POS environment the Switch receives transactions from an acquirer processor and routes them to the required issuer processor, and then returns the response from the issuer processor to the acquirer processor.

Tamper-Evident Security Module: TESM, a security device used for encrypting/decrypting data that is highly resistant to penetration, preventing improper access to security related information such as PINs and keys, and that provides evidence of tampering.

Tampering: in this context the interference with, or the attempt to interfere with, a device or object in order to obtain secret or sensitive data.

Tamper Responsive Security Module: TRSM, a security device used for the encrypting and decrypting of data that loses any data if penetrated. Also known as Tamper-Resistant Security Module. Compare with Tamper Evident Security Module.

Terminal: a device that initiates a transaction. In this context, a device such as an ATM or POS terminal, used in conjunction with a card at the point of transaction to perform a financial or related transaction.

Terminal Master Key: TMK, is the Local Master Key stored in the ATM that is used to encrypt the stored Terminal PIN Key. In some cases it is also used as the encryption key to protect the Terminal PIN Key when it is sent from the host.

Terminal PIN Key: TPK, is an ATM resident DES key used for encrypting PINs in outgoing messages. Also, used in the host for decrypting the incoming message.

Triple Data Encryption Standard: Triple DES, or 3DES, is an enhancement to DES that uses either two or three double length DES keys to encrypt and decrypt data.

ABM Automated Banking Machine (Canada)

ATM Automated Teller Machine

CA Certificate Authority

CATMi Confederation of ATM Industry

CSB Certified Service Bureau

CVK Card Verification Key

CVV Card Verification Value

DEA Data Encryption Algorithm

DES Data Encryption Standard

3DES Triple - Data Encryption Standard

DKM Dynamic Key Management

DUKPT Derived Unique Key Per Transaction

ECB Electronic Code Book

EDE Encrypt, Decrypt, Encrypt (alt name for 3DES)

EEP Encrypting PIN Pad

EEPROM Electronically-Erasable Programmable Read Only Memory

EMV Europay, MasterCard, Visa

EPROM Erasable Programmable Read Only Memory

GASA Global ATM Security Alliance

HSM Host Security Module

IAD Independent ATM Deployer

ICC Integrated Circuit Card

ISO Independent Sales Organization (USA)

ISO International Standards Organization

LMK Local Master Key

MAC Message Authentication Code

MD5 Message Digest 5

PAN Primary Account Number

PED PIN Entry Device

PIN Personal Identification Number

PKI Public Key Infrastructure

PVK PIN Verification Key

PVV PIN Verification Value

PROM Programmable Read-Only Memory

RSA Rivest-Shamir-Adleman

SVC Stored Value Card

SHA-1 Secure Hashing Algorithm - 1

TESM Tamper Evident Security Module

TDEA Triple Data Encryption Algorithm (alt name for 3DES)

TRSM Tamper Responsive Security Module

TMK Terminal Master Key

TPK Terminal PIN Key

ZMK Zone Master Key

ZPK Zone PIN Key