Organizational Objectives | CATMi

ATM Glossary

Not sure what all those ATM industry terms mean or acronyms stand for? Our ATM glossary is just one more way we provide ongoing support and resources for our members and the general public.

  • A

    Acquirer: Institution, or its agent, which acquires data relating to a transaction and forwards the data into the interchange system. In the context of ATMs this would typically be the ATM owner.

    Acquirer Processor: a financial institution that acquires financial transactions from ATMs, POS terminals etc, sends these via a switch to the issuer processor for authorization and then settles authorized transactions.

    Automated Teller Machine (ATM): an unmanned terminal that carries out automated teller functions like dispensing cash, balance enquiries, check deposit acceptance, PIN change, mini statement requests etc. The two most common ATMs are Through-the-Wall (Wall Mounted) ATMs and Stand-Alone (Convenience) cash machines. Also known as Automated Banking Machine (Canada) or Cash Dispenser.

  • C

    Cardholder: the customer associated with the primary account related to the card in question. Individual authorized to use card.

    Card Issuer: the financial institution or its agent that issues the card to the cardholder. Also known as just the Issuer.

    Card Trapping/Fishing: illegal capture of ATM cards by using fishing probes/hooks usually made by plastic ribbons or thin metal ribbons, inserted into the card reader throat and preventing the ejection of the card to the Customer.

    Card Verification: a cryptographic process used to prevent the magnetic stripe from being recreated from the data embossed on the card. The primary account number, card expiration date, and service code are encrypted with the DES algorithm using a pair of Card Verification Keys, to produce a Card Verification Value (CVV). Also known as Card Validation.

    Certified Device: an ATM, POS terminal or related equipment that is certified as meeting the required standards.

    Chip & PIN: the migration to EMV-compliant smart cards for PIN-based transactions. See also EMV Cards.

    Compromise: a violation or security breach that causes, or may cause, the disclosure of sensitive or confidential data. This includes the unauthorized disclosure, modification, substitution or use of encryption keys or key-related material.

    Cryptographic Algorithm: a mathematical formula that transforms data in order to hide/encrypt or reveal/decrypt its contents. Usually used in conjunction with a cryptographic key.

    Cryptographic Key: a value used with an algorithm to encrypt and decrypt data.

    Cryptography: the discipline that embodies principles, means, and methods for the transformation of data in order to hide its content, prevent its undetected modification, and/or prevent its unauthorized use.

  • D

    Data Encryption Algorithm: a published encryption algorithm that is used to protect critical information by encrypting data based on a variable secret key.

    Data Encryption Standard: (DES) is a symmetric key encryption algorithm using a 64 bit key, where 56 bits are used for encryption and 8 bits used for parity checking.

    DES Key: a secret value input into the DES algorithm to encrypt or decrypt data.

  • E

    Electronic Funds Transfer Network: an EFT network is an ATM or POS processor. The EFT network handles ATM and/or POS transactions and allows bank customers to use their ATM cards at its ATMs and/or at a merchant's POS terminals.

    Electronic Key Entry: the entry of cryptographic keys into a secure cryptographic device in electronic form using a key-loading device. Thereby the user entering the key may have no knowledge of the value of the key being entered.

    EMV Cards: Smart Payment Cards developed by a consortium consisting of Europay, MasterCard and Visa.

    Encrypting PIN Pad: (EPP) is a keyboard device that encrypts the PIN at the point of entry.

  • F

    Firmware: program/data permanently stored in hardware, such as ROM, PROM, or EPROM, so that the program/data cannot be dynamically written or modified during execution.

  • I

    Independent Sales Organization: (ISO) in this context, is an organization that deploys ATMs and POS terminals at merchants, gas stations, hotel lobbies, etc. In the USA, ISOs must be sponsored by a financial institution.

    Independent ATM Deployer: (IAD) in this context, is an organization that deploys ATMs for banks in India.

    Interchange Network: a business and processing arrangement that allows the settlement of financial transactions where the card issuer is different from the transaction acquirer.

    Issuer Processor: a financial institution that issues the ATM card to the bank customer. They are responsible for verifying their own customer PINs whether the customer is using one of the bank's own ATMs or another bank's ATMs. If the customer uses another bank's ATM, the issuer processor receives the ATM transaction from the acquirer processor via a switch.

  • K

    Key: a series of digits that is used to encrypt and decrypt data. See also Cryptographic Key.

    Key Custodian: a person authorized to handle all or part of an encryption key throughout the key's lifecycle from generation through to destruction.

  • M

    Magnetic Stripe: a magnetic stripe is located on the back of an ATM or bankcard and is used to encode specific information about the card and the cardholder.

    Manual Key Loading: the entry of cryptographic keys or key components into a secure cryptographic device by key custodians from a printed form using, for example, buttons, thumb wheels, or a keyboard.

    Master Key: the highest hierarchical level of key encrypting key.

  • P

    PED: PIN Entry Device. It is required that PIN data should never be compromised through allowing PIN or Key information to be communicated in a non-encrypted form.

    Personal Identification Number: PIN, is a code issued to, or selected by, the customer, which is used in conjunction with an ATM or bankcard to effect electronic financial transactions. Usually 4 digits, it can be alphabetic or numeric. If alphabetic the PIN is translated to a numeric value on entry.

    Phishing: where unsuspecting users receive emails that attempt to fool them into disclosing online banking passwords, by sending them to a site that mimics the look and feel of their bank's Web site.

    PIN Entry Device: PED, is a keypad, laid out in a prescribed format, which is combined with electronic components and housed in a tamper resistant or tamper evident shell, so that it can capture and encrypt entered PINs.

    Plain Text: data in its original human readable form. Also known as Clear Text.

    Plain Text Key: an unencrypted key.

    Primary Account Number: PAN, is the assigned number that identifies the card issuer and the cardholder. It is composed of an issuer identification number, an individual account identification number, and an accompanying check digit.

  • S

    Skimming: a method of illegally obtaining card track data stored in the magnetic strip of the card through a card reading device.

    Smart Card: a card that contains a computer chip with processing and memory capability.

    Split Knowledge: a technique where no one person knows the whole. It is used in cryptography to ensure that no single individual knows all the clear text components of an encryption key.

    Switch: a node that can route data from one node to another node. In a shared ATM/POS environment the Switch receives transactions from an acquirer processor and routes them to the required issuer processor, and then returns the response from the issuer processor to the acquirer processor.

  • T

    Tamper-Evident Security Module: TESM, a security device used for encrypting/decrypting data that is highly resistant to penetration, preventing improper access to security related information such as PINs and keys, and that provides evidence of tampering.

    Tampering: in this context the interference with, or the attempt to interfere with, a device or object in order to obtain secret or sensitive data.

    Tamper Responsive Security Module: TRSM, a security device used for the encrypting and decrypting of data that loses any data if penetrated. Also known as Tamper-Resistant Security Module. Compare with Tamper Evident Security Module.

    Terminal: a device that initiates a transaction. In this context, a device such as an ATM or POS terminal, used in conjunction with a card at the point of transaction to perform a financial or related transaction.

    Terminal Master Key: TMK, is the Local Master Key stored in the ATM that is used to encrypt the stored Terminal PIN Key. In some cases it is also used as the encryption key to protect the Terminal PIN Key when it is sent from the host.

    Terminal PIN Key: TPK, is an ATM resident DES key used for encrypting PINs in outgoing messages. Also, used in the host for decrypting the incoming message.

    Triple Data Encryption Standard: Triple DES, or 3DES, is an enhancement to DES that uses either two or three double length DES keys to encrypt and decrypt data.

  • ATM Abbreviations

    ABM Automated Banking Machine (Canada)

    ATM Automated Teller Machine

    CA Certificate Authority

    CATMi Confederation of ATM Industry

    CSB Certified Service Bureau

    CVK Card Verification Key

    CVV Card Verification Value

    DEA Data Encryption Algorithm

    DES Data Encryption Standard

    3DES Triple - Data Encryption Standard

    DKM Dynamic Key Management

    DUKPT Derived Unique Key Per Transaction

    ECB Electronic Code Book

    EDE Encrypt, Decrypt, Encrypt (alt name for 3DES)

    EEP Encrypting PIN Pad

    EEPROM Electronically-Erasable Programmable Read Only Memory

    EMV Europay, MasterCard, Visa

    EPROM Erasable Programmable Read Only Memory

    GASA Global ATM Security Alliance

    HSM Host Security Module

    IAD Independent ATM Deployer

    ICC Integrated Circuit Card

    ISO Independent Sales Organization (USA)

    ISO International Standards Organization

    LMK Local Master Key

    MAC Message Authentication Code

    MD5 Message Digest 5

    PAN Primary Account Number

    PED PIN Entry Device

    PIN Personal Identification Number

    PKI Public Key Infrastructure

    PVK PIN Verification Key

    PVV PIN Verification Value

    PROM Programmable Read-Only Memory

    RSA Rivest-Shamir-Adleman

    SVC Stored Value Card

    SHA-1 Secure Hashing Algorithm - 1

    TESM Tamper Evident Security Module

    TDEA Triple Data Encryption Algorithm (alt name for 3DES)

    TRSM Tamper Responsive Security Module

    TMK Terminal Master Key

    TPK Terminal PIN Key

    ZMK Zone Master Key

    ZPK Zone PIN Key