Dictionary

.

.NET

(formerly called .NET Core) An open-source, managed computer software framework for Windows, Linux, and MacOS operating systems. It is a cross-platform successor to the .NET Framework.

.NET, .NET Core

2

2FA: Two-Factor Authentication

Two-factor authentication is a specific type of multi-factor authentication (MFA) that strengthens access security by requiring two methods (also referred to as authentication factors) to verify a user's identity. These factors can include something a user knows (e.g., username & password) plus something a user has (e.g., smartphone app) to approve authentication requests. 2FA protects against phishing, social engineering, and password brute-force attacks and secures a user's logins from attackers exploiting weak or stolen credentials.

2FA

3

3DS: 3D Secure

3D Secure is a protocol designed to be an additional security layer for online credit and debit card transactions. The name refers to the “three domains” which interact using the protocol: the merchant/acquirer domain, the issuer domain, and the interoperability domain. This is the tool protecting the two of the most common chargeback codes a merchant will see are Fraud codes, mainly “Fraudulent Transaction” or “Cardholder Does Not Recognise”. 3Ds offers no protection for other chargeback reason codes, like “subscription cancelled”, “product not provided”, “duplicate” codes.

3DS

A

AF: Authentication Factor

An authentication factor is a category of credential that is intended to verify, sometimes in combination with other factors, that an entity involved in some kind of communication or requesting access to some system is who, or what, they are declared to be. Each category of credential is considered a factor. For example, usernames and passwords are the same type of factor, so their combined use is single-factor authentication (SFA), despite the fact that there are two elements involved.

AF

AJAX: Asynchronous JavaScript And XML

Asynchronous JavaScript And XML is a set of web development techniques that uses various web technologies on the client side to create asynchronous web applications. With Ajax, web applications can send and retrieve data from a server asynchronously without interfering with the display and behaviour of the existing page.

AJAX

AML: Anti-Money Laundering

Anti-Money Laundering refers to the web of laws, regulations, and procedures aimed at uncovering efforts to disguise illicit funds as legitimate income.

AML

API Call

The process of sending a request to an API after setting up the right endpoints. Upon receiving the data, it is processed, and feedback is received. For example, by entering a login and password into a website and pressing the ‘Enter’ key, a user made an API call.

API Endpoint

The end of a communication channel. When APIs interact with other systems, each touchpoint of interaction is considered an endpoint. For example, an API endpoint could include a server, a service, or a database where a resource lives. API endpoints specify where resources live and who can access them.

API Gateway

An API management tool that serves as an intermediary between a client and a set of different backend services. API gateways act as gatekeepers and proxies that moderate all API calls, aggregate required data, and return result. Gateways are used to handle common tasks such as API identification, rate limiting, and usage metrics.

API Integration

Connects two or more applications to exchange data between them and connect to the outside world.

API Key

A unique identifier that enables other software to authenticate a user, developer, or API calling software to an API to ensure that this person or software is who it says it is. API keys authenticate the API instead of a user and offer a certain degree of security to API calls.

API Layer

A proxy that joins together all service offerings using a graphic UI to provide greater user interactivity. API layers are language-agnostic ways of interacting with apps and help describe the services and data types used to exchange data.

API Lifecycle

An approach to API management and development that aims at providing a holistic view of how to manage APIs across its different life stages, from creation to retirement. The API lifecycle is often divided into three stages: creation, control, and consumption.

API Portal

A bridge between the API provider and the API consumer. An API portal provides information about the APIs at every stage of the API lifecycle. API portals serve to make APIs public and offer content to educate developers about them, their use, and how to make the most of them.

API Request

Occurs when a developer adds an endpoint to a URL and uses that endpoint to call the server or the database.

API Throttling

Refers to the process of limiting the number of API requests a user can make in a certain period.

API: Application Programming Interface

Application Programming Interface is a way for two or more computer programs to communicate with each other. It is a type of software interface offering a service to other pieces of software. A document or standard that describes how to build or use such a connection or interface is called an API specification. A computer system that meets this standard is said to implement or expose an API. The term API may refer either to the specification or to the implementation.

API

APM: Application Performance Management

Application Performance Management, in the fields of information technology and systems management, refers to the monitoring and management of the performance and availability of software applications. APM strives to detect and diagnose complex application performance problems to maintain an expected level of service. Basically, APM is “the translation of IT metrics into business meaning”.

APM

ASN.1: Abstract Syntax Notation One

Abstract Syntax Notation One is a standard interface description language for defining data structures that can be serialised and deserialised in a cross-platform way. It is broadly used in telecommunications and computer networking, and especially in cryptography. Protocol developers define data structures in ASN.1 modules, which are generally a section of a broader standards document written in the ASN.1 language. The advantage is that the ASN.1 description of the data encoding is independent of a particular computer or programming language. Because ASN.1 is both human-readable and machine-readable, an ASN.1 compiler can compile modules into libraries of code, codecs, that decode or encode the data structures. Some ASN.1 compilers can produce code to encode or decode several encodings, e.g., packed, BER, or XML.

ASN.1

Asymmetric encryption

Asymmetric encryption allows users to encrypt information using shared keys. A user needs to send a message across the internet, but the user does not want anyone but the intended recipient to see what is written. Asymmetric encryption can help you achieve that goal.

Asymmetric encryption, Asymmetric cryptography

Authentication

​The process of identity verification and then granting the determined authorization. Thus, it provides at least a certain level of protection in computer systems, networks, databases, websites, and other network-based applications and services.​

B

BER: Basic Encoding Rules

Basic Encoding Rules specifies, in general terms, a partially self-describing and self-delimiting protocol for encoding ASN.1 data structures. Each data element is to be encoded as a type identifier, a length description, the actual data elements, and, where necessary, an end-of-content marker. These types of encodings are commonly called type–length–value (TLV) encodings. However, in BER's terminology, it is identifier-length-contents. This type of format would allow a receiver to decode the ASN.1 information from an incomplete stream, without requiring any pre-knowledge of the size, content, or semantic meaning of the data, though some specifics of the protocol would need to be provided or reverse-engineered from representative samples of traffic or software.

BER

BIC: Bank Identifier Code

Bank Identifier Code is used to identify banks and financial institutions worldwide. ISO 9362 is an international standard for BIC, a unique identifier for business institutions, approved by the International Standards Organisation (ISO). BIC is also known as SWIFT-BIC, SWIFT ID, or SWIFT code, after the Society for Worldwide Interbank Financial Telecommunication (SWIFT), which is designated by ISO as the BIC registration authority. BIC was defined originally as Bank Identifier Code and is most often assigned to financial organisations; when it is assigned to non-financial organisations, the code may also be known as Business Entity Identifier (BEI). These codes are used when transferring money between banks, particularly for international wire transfers, and also for the exchange of other messages between banks. In the process of the Single Euro Payments Area (SEPA), the European central banks have agreed on a common format based on IBAN and BIC including an XML-based transmission format for standardised transactions. A SWIFT/BIC code consists of 8-11 characters and follows a format that identifies your bank, country, location, and branch.

BIC

Bandwidth

The amount of data being sent over the network between the two systems that are communicating.

C

C-Sharp

A general-purpose, high-level programming language supporting multiple paradigms. C# encompasses static typing, strong typing, lexically scoped, imperative, declarative, functional, generic, object-oriented (class-based), and component-oriented programming disciplines.

C#

CER: Canonical Encoding Rules

Canonical Encoding Rules is a restricted variant of Basic Encoding Rules (BER) for producing unequivocal transfer syntax for data structures described by ASN.1. Whereas BER gives choices as to how data values may be encoded, CER (together with DER) selects just one encoding from those allowed by the basic encoding rules, eliminating the rest of the options. CER is useful when the encodings must be preserved; e.g., in security exchanges.

CER

CHF: Cryptographic Hash Function

Cryptographic Hash Function is a hash algorithm (a map of an arbitrary binary string to a binary string with fixed size of n bits) that has special properties desirable for a cryptographic application. CHFs have many information-security applications, notably in digital signatures, MACs, and other forms of authentication. They can also be used as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect duplicate data or uniquely identify files, and as checksums to detect accidental data corruption.

CHF

CI/CD Continuous Integration (CI) / Continuous Deployment (CD)

Continuous Integration (CI) / Continuous Deployment (CD) are a set of operating principles and a collection of practices and agile methodologies that enable development teams to deliver better and faster changes to their code. CI/CD is one of the most important DevOps practices as it gives teams the tools to focus on meeting their business requirements, code quality, and security needs.

CI/CD

CONNECT Method

This HTTP method is used to start a two-way communications (a tunnel) with the requested resource.

CRM: Customer Relationship Management

Customer Relationship Management is a process in which a business or other organisation administers its interactions with customers, typically using data analysis to study large amounts of information. CRM systems compile data from a range of different communication channels, including a company’s website, telephone, email, live chat, marketing materials and more recently, social media. They allow businesses to learn more about their target audiences and how to best cater for their needs, thus retaining customers and driving sales growth. CRM may be used with past, present or potential customers. The concepts, procedures, and rules that a corporation follows when communicating with its consumers are referred to as CRM. This complete connection covers direct contact with customers, such as sales and service-related operations, forecasting, and the analysis of consumer patterns and behaviours, from the perspective of the company.

CRM

CRUD: Create, Read, Update, and Delete

Create, Read, Update, & Delete refers to the necessary functions to implement a storage application, such as a hard drive. Unlike random access memory and internal caching, CRUD data is typically stored and organised in a database, which is simply a collection of data that can be viewed electronically.

CRUD

CSS: Cascading Style Sheets

Cascading Style Sheets is a style sheet language used for describing the presentation of a document written in a markup language such as HTML or XML. CSS is a cornerstone technology of the web, alongside HTML and JavaScript.

CSS

CSV: Comma-Separated Values

A comma-separated values file is a delimited text file that uses a comma to separate values. Each line of the file is a data record. Each record consists of one or more fields, separated by commas. A CSV file typically stores tabular data (numbers and text) in plain text, in which case each line will have the same number of fields. More information regarding the CSV specification is found here.

CSV

Cache

Software or hardware component that stores data so users can access and retrieve that data faster. Cached data might be the result of a copy of certain data stored elsewhere. Cache reads data and retrieves it faster.

Character encoding

Character encoding is the process of assigning numbers to graphical characters, especially the written characters of human language, allowing them to be stored, transmitted, and transformed using digital computers. The numerical values that make up a character encoding are known as "code points" and collectively comprise a "code space", a "code page", or a "character map".

Checksum

A checksum is a small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage. By themselves, checksums are often used to verify data integrity but are not relied upon to verify data authenticity. The procedure which generates this checksum is called a checksum function or checksum algorithm. Depending on its design goals, a good checksum algorithm usually outputs a significantly different value, even for small changes made to the input. This is especially true of cryptographic hash functions, which may be used to detect many data corruption errors and verify overall data integrity; if the computed checksum for the current data input matches the stored value of a previously computed checksum, there is a very high probability the data has not been accidentally altered or corrupted. Checksum functions are related to hash functions, fingerprints, randomization functions, and cryptographic hash functions. However, each of those concepts has different applications and therefore different design goals. Checksums are used as cryptographic primitives in larger authentication algorithms. Check digits and parity bits are special cases of checksums, appropriate for small blocks of data (such as Social Security numbers, bank account numbers, computer words, single bytes, etc.). Some error-correcting codes are based on special checksums which not only detect common errors but also allow the original data to be recovered in certain cases.

Ciphertext

Ciphertext is encrypted text transformed from plaintext using an encryption algorithm. Ciphertext can't be read until it has been converted into plaintext (decrypted) with a key. The decryption cipher is an algorithm that transforms the ciphertext back into plaintext.

Client

A device that communicates with a server. A client can be a desktop computer, a laptop, a smartphone, or an IoT-powered device. Most networks allow communication between clients and servers as it flows through a router or switch.

Cloud Computing

Refers to the delivery of different services through the Internet. These resources include tools and applications like data storage, servers, databases, networking, and software. Rather than keeping files on a proprietary hard drive or local storage device, cloud-based storage makes it possible to save them to a remote database. As long as an electronic device has access to the Internet, it has access to the data and the software programs to run it. Cloud computing is a popular option for people and businesses for a number of reasons including cost savings, increased productivity, speed and efficiency, performance, and security. Cloud computing is not a single piece of technology - rather it is a system comprised primarily of three services: Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS), and Platform-as-a-Service (PaaS).

Column

In a relational table, a column is a set of values of a particular data type. The term attribute is also used to represent a column.

Column, Attribute

Compliance

Refers to a focus on performing AML procedures that discourage and prevent potential violators from engaging in money laundering fraud or crime.

Cryptography

In computer science, cryptography refers to secure information and communication techniques derived from mathematical concepts and a set of rule-based calculations called algorithms, to transform messages in ways that are hard to decipher.

D

DB: Database

An organised collection of structured information, or data, typically stored electronically in a computer system. A database is usually controlled by a DataBase Management System (DBMS). A database consists of several tables. Each table is made up of several rows (i.e., records). Each row is composed of several columns (i.e., fields).

DB

DD: Due Diligence

Refers to an investigation, audit, or review performed to confirm facts or details of a matter under consideration. In the financial world, due diligence requires an examination of financial records before entering into a proposed transaction with another party.

DD

DELETE Method

This HTTP method deletes the specified resource.

DER: Distinguished Encoding Rules

Distinguished Encoding Rules is a restricted variant of Basic Encoding Rules (BER) for producing unequivocal transfer syntax for data structures described by ASN.1. Like DER encodings are valid BER encodings. DER is the same thing as BER with all but one sender's options removed. DER is a subset of BER providing for exactly one way to encode an ASN.1 value. DER is intended for situations when a unique encoding is needed, such as in cryptography, and ensures that a data structure that needs to be digitally signed produces a unique serialised representation. DER can be considered a canonical form of BER. DER is widely used for digital certificates.

DER

DOM: Document Object Model

Document Object Model is a cross-platform and language-independent interface that treats an HTML or XML document as a tree structure wherein each node is an object representing a part of the document. The DOM represents a document with a logical tree. Each branch of the tree ends in a node, and each node contains objects. DOM methods allow programmatic access to the tree; with them one can change the structure, style or content of a document. Nodes can have event handlers attached to them. Once an event is triggered, the event handlers get executed.

DOM

DTD: Document Type Definition

The definition of a document type in XML, consisting of a set of markup tags and their interpretation.

DTD

Definitions

The syntax for any properties intended to be used in API development.

Developer Portal

Interfaces that bridge the gap between API providers and API consumers. It’s called a developer portal because most of the API consumers are developers. Developer portals aim at educating developers on how to use APIs and provide all the information users need to leverage APIs.

Downtime

The time that a server is not in operation.

E

eKYC: Electronic Know Your Customer

electronic Know Your Customer is an expression used to describe digital KYC processes. eKYC is the remote, paperless process that minimises the costs and traditional bureaucracy necessary in KYC processes.

Electronic Know Your Customer, Electronic Know Your Client

eKYC

Endpoint

Refers to the point of entry in a communication channel when two systems are interacting. It refers to touch points of the communication between an API and a server.

External APIs

An API that is designed to be accessed by the outside public. Unlike internal APIs, APIs are consumed by external developers outside of the company. External APIs represent a secure way of sharing data and content outside a company.

F

FIFO: First In First Out

First In First Out, in computer science, a method for organising the manipulation of a data structure where the oldest entry is processed first.

FIFO

FTP: File Transfer Protocol

File Transfer Protocol refers to a method of exchanging files from one computer to another.

FTP

Field

A table consists of several records (i.e., rows). Each record can be broken down into several smaller entities known as fields.

Framework

Contains libraries of code, instructions, and APIs from which developers and API consumers can obtain data from an application.

G

GET Method

Refers to a method for requesting data from a specified resource using HTTP. A user can also use it to derive a specific variable from a group of variables.

GraphQL

A query language that enables clients to define the structure of data. This means that developers can use GraphQL to ask for specific data and return that data from multiple sources.

H

HEAD Method

This is almost identical to GET, but without the response body. In other words, if GET /users returns a list of users, then HEAD /users will make the same request but will not return the list of users. HEAD requests are useful for checking what a GET request will return before actually making a GET request – like before downloading a large file or response body.

HMAC: Hash-based Message Authentication Code

(sometimes expanded as either Keyed-Hash Message Authentication Code or Hash-based Message Authentication Code) In cryptography, is a specific type of MAC involving a cryptographic hash function and a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and authenticity of a message. HMAC can provide authentication using a shared secret instead of using digital signatures with asymmetric cryptography. It trades off the need for a complex public key infrastructure by delegating the key exchange to the communicating parties, who are responsible for establishing and using a trusted channel to agree on the key prior to communication.

Hash-based Message Authentication Code, Keyed-Hash Message Authentication Code, HMAC Secret Key

HMAC

HTML: HyperText Markup Language

HyperText Markup Language is the standard markup language for documents designed to be displayed in a web browser. It is often assisted by technologies such as Cascading Style Sheets and scripting languages such as JavaScript.

HTML

HTTP Methods

GET, POST, PUT, HEAD, DELETE, PATCH, OPTIONS, CONNECT, and TRACE are the most common HTTP actions. In other words, they represent Create, Read, Update, and Delete (CRUD) operations within a database.

HTTP: Hypertext Transfer Protocol

Hypertext Transfer Protocol is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.

HTTP

HTTPS: Hypertext Transfer Protocol Secure

Hypertext Transfer Protocol Secure is a protocol that aims to establish a secure connection between servers. It is not possible to connect securely to a website with HTTP. HTTPS makes it possible to connect to websites such as HTTP in a secure way.

HTTPS

I

IBAN: International Bank Account Number

International Bank Account Number is an internationally agreed system of identifying bank accounts across national borders to facilitate the communication and processing of cross border transactions with a reduced risk of transcription errors. An IBAN uniquely identifies a customer account at a financial institution. It was originally adopted by the European Committee for Banking Standards (ECBS) and since 1997 as the international standard ISO 13616 under the International Standards Organisation (ISO). The current version is ISO 13616:2020, which indicates the Society for Worldwide Interbank Financial Telecommunication (SWIFT) as the formal registrar. Initially developed to facilitate payments within the EU, it has been implemented by most European countries and numerous countries in other parts of the world. As of May 2020, 77 countries were using the IBAN numbering system. An IBAN consists of up to 34 alphanumeric characters comprising a country code; two check digits; and a number that includes the domestic bank account number, branch identifier, and potential routing information. The check digits enable a check of the bank account number to confirm its integrity before submitting a transaction.

IBAN

IEC: International Electrotechnical Commission

International Electrotechnical Commission is an international standards organisation that prepares and publishes international standards for all electrical, electronic, and related technologies – collectively known as "electrotechnologies". IEC standards cover a vast range of technologies from power generation, transmission & distribution to home appliances & office equipment, semiconductors, fibre optics, batteries, solar energy, nanotechnology, and marine energy as well as many others. The IEC also manages 4 global conformity assessment systems that certify whether equipment, systems, or components conform to its international standards. All electrotechnologies are covered by IEC Standards, including energy production and distribution, electronics, magnetics & electromagnetics, electroacoustic, multimedia, telecommunication, and medical technology, as well as associated general disciplines such as terminology and symbols, electromagnetic compatibility, measurement and performance, dependability, design and development, safety, and the environment.

IEC

IP Address: Internet Protocol Address

Internet Protocol address is a numeric label assigned to each device participating in a network, such as a computer or a printer. Therefore, every host or device on a network and on the Internet must have a unique IP address to identify itself. The Internet Assigned Numbers Authority (IANA) manages the IP address space allocations worldwide and delegates five Regional Internet Registries (RIRs) to assign IP address blocks to local Internet registries.

ISO: International Standards Organisation

International Standards Organisation (also known as International Organisation for Standardisation) is an international standard development organisation composed of representatives from the national standards organisations of member countries. ISO was founded on 23 February 1947, and (as of November 2022) it has published over 24,500 international standards covering almost all aspects of technology and manufacturing. It has 811 Technical committees and sub committees to take care of standards development. The organisation develops and publishes standardisation in all technical and nontechnical fields other than electrical and electronic engineering, which is handled by the IEC. It is headquartered in Geneva, Switzerland, and works in 167 countries as of 2023. The 3 official languages of the ISO are English, French, and Russian.

International Standards Organisation, International Organisation for Standardisation

ISO

IaaS: Infrastructure-as-a-Service

Infrastructure-as-a-Service is a cloud computing service that involves a method for delivering everything from operating systems to servers and storage through IP-based connectivity as part of an on-demand service. Clients can avoid the need to purchase software or servers, and instead procure these resources in an outsourced, on-demand service.

IaaS

J

JQ: JQuery

jQuery is a JavaScript framework designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax. JQ's syntax is designed to make it easier to navigate a document, select DOM elements, create animations, handle events, and develop Ajax applications. JQ also provides capabilities for developers to create plug-ins on top of the JavaScript library. This enables developers to create abstractions for low-level interaction and animation, advanced effects and high-level, theme-able widgets. The modular approach to the JQ library allows the creation of powerful dynamic web pages and Web applications.

JQ

JS: JavaScript

JavaScript is programming language that is one of the core technologies of the web, alongside HTML and CSS. JS is a high-level, often just-in-time compiled language that conforms to the ECMAScript standard. It has dynamic typing, prototype-based object-orientation, and first-class functions. It is multi-paradigm, supporting event-driven, functional, and imperative programming styles. It has application programming interfaces (APIs) for working with text, dates, regular expressions, standard data structures, and the Document Object Model (DOM). JS does not include any input/output (I/O), such as networking, storage, or graphics facilities. In practice, the web browser or other runtime system provides JS APIs for I/O. JavaScript is not to be confused with Java.

JS

JSON: JavaScript Object Notation

JavaScript Object Notation is a lightweight data-interchange format based on a subset of the JavaScript programming language standards. JSON has the advantage that it is both easy for humans to read and write and for machines to parse and generate. It is a format that is completely agnostic to languages and uses conventions that are familiar to programmers of the C-family of languages.

JSON

Java

A high-level, class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible. It is a general-purpose programming language intended to let programmers write once, run anywhere (WORA), meaning that compiled Java code can run on all platforms that support Java without the need to recompile. Java applications are typically compiled to bytecode that can run on any Java virtual machine (JVM) regardless of the underlying computer architecture. The Java runtime provides dynamic capabilities (such as reflection and runtime code modification) that are typically not available in traditional compiled languages. Java is not to the confused with JavaScript.

K

KBA: Knowledge-Based Authentication

Knowledge-Based Authentication is an authentication method based on a series of knowledge questions that are used to verify a person's identity in order to prevent access of an unauthorized person to an account.

KBA

KYC: Know Your Customer

Know Your Customer, also known as Know Your Client, are guidelines and regulations in financial services that require professionals to verify the identity, suitability, and risks involved with maintaining a business relationship with a customer. The procedures fit within the broader scope of anti-money laundering (AML) and counter terrorism financing (CTF) regulations.

Know Your Customer, Know Your Client

KYC

L

LIFO: Last In First Out

Last In First Out, in computer science, a method for organising the manipulation of a data structure where the newest entry is processed first.

LIFO

Latency

The delay before a transfer of data begins following an instruction for its transfer. Also known as the total amount of time it takes for a request to complete.

M

MAC: Message Authentication Code

Message Authentication Code or authentication tag, in cryptography, is a short piece of information used for authenticating a message, i.e., to confirm that the message came from the stated sender (its authenticity) and has not been changed. The MAC value protects a message's data integrity, as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content. This MAC acronym is not the be confused with the use of MAC as Media Access Control address (in communications).

MAC

MD5: Message Digest 5

Message Digest 5 is an algorithm that is a widely used hash function producing a 128-bit hash value. MD5 can be used as a checksum to verify data integrity against unintentional corruption. Historically it was widely used as a cryptographic hash function; however it has been found to suffer from extensive vulnerabilities. It remains suitable for other non-cryptographic purposes, e.g., for determining the partition for a particular key in a partitioned database, and may be preferred due to lower computational requirements than more recent SHAs.

MD5

MFA: Multi-Factor Authentication

Multi-Factor Authentication is a multi-step account login process that requires users to enter more information than just a password. For example, along with the password, users might be asked to enter a code sent to their email, answer a secret question, or scan a fingerprint.

MFA

Metadata

Refers to a set of data that helps identify datasets, providing details and context to describe that particular data better. It is an integral part of online content and data management, which helps users select specific keywords when searching online and allows creators to tag their content to be easily indexed and captured by search engines and website usage trackers.

Microservices

Also known as microservice architecture, refers to a software architecture style that structures apps as a collection of loosely coupled, independent, and highly maintainable services that are organised to enhance an app, website, or platform’s business capabilities.

N

NFC: Near Field Communication

Near Field Communication is the technology that allows two devices (e.g., a smartphone and a payments terminal) to talk to each other when they are in close proximity to one together. NFC is the technology that enables contactless payments.

NFC

NS: NameServer

A computer that runs a program for converting Internet domain names into the corresponding IP addresses and vice versa.

NS

O

OPTIONS Method

This HTTP method describes the communication options for the target resource.

OTP: One-Time Password

One-Time Password is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session. An OTP is more secure than a static password, especially a user-created password, which can be weak and/or reused across multiple accounts. OTPs may replace authentication login information or may be used in addition to it to add another layer of security.

OTP

P

PATCH Method

This HTTP method is used to apply partial modifications to a resource.

PCI DSS: Payment Card Industry (PCI) Data Security Standard (DSS)

Payment Card Industry Data Security Standard is a widely accepted set of policies and procedures intended to optimise the security of credit, debit, and cash card transactions and protect cardholders against misuse of their personal information.

PCI DSS

PEM: Privacy-Enhanced Mail

Privacy-Enhanced Mail is a de facto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining "privacy-enhanced mail". While the original standards were never broadly adopted and were supplanted by PGP and S/MIME, the textual encoding they defined became very popular. The PEM format was eventually formalised by the IETF in RFC 7468.

PEM

PEP: Politically Exposed Person

Politically Exposed Person, in financial regulation, is a term describing someone who has been entrusted with a prominent public function. A PEP generally presents a higher risk for potential involvement in bribery and corruption by virtue of his or her position and the influence that the person may hold. The terms “politically exposed person” and senior foreign political figure are often used interchangeably, particularly in international forums.

PEP

PIN: Personal Identification Number

Personal Identification Number is a secret numerical code issued with a payment card that is required to be entered to complete various financial transactions.

PIN

PIV: Payment Instrument Verification

Payment Instrument Verification, the ISX-patented method, uses the transaction value at the point of sale, such that the sales amount as agreed between the eMerchant and cardholder, is split into two (or more) amounts, with the first amount being a randomly generated value, and the second value being the balancing amount between sales amount and the random value.

PIV

POS: Point of Sale

A Point of Sale is a device that is used to process transactions by retail customers. A cash register is a type of POS. The cash register has largely been replaced by electronic POS terminals that can be used to process credit cards and debit cards as well as cash.

POS

POST Method

Refers to a method used to send data to a server to create or update a specified resource using HTTP.

PUT Method

Refers to a method that is used to send data to a server to create or update a specified resource using HTTP. The difference between POST and PUT is that PUT requests are idempotent. That is, calling the same PUT request multiple times will always produce the same result. In contrast, calling a POST request repeatedly have side effects of creating the same resource multiple times.

PaaS: Platform-as-a-Service

Platform-as-a-Service is considered the most complex of the three layers of cloud computing. PaaS shares some similarities with SaaS, the primary difference being that instead of delivering software online, it is actually a platform for creating software that is delivered via the Internet.

PaaS

Parameters

Special types of variables used in computer programming to pass data between procedures and functions. An argument to a function is referred to as a parameter. Adding three numbers, for example, may require three parameters.

Path

The resource URL that API developers choose to expose their API. Each path can have a GET, PUT, POST, or DELETE HTTP action defined.

Penetration Testing

Also known as pen testing or ethical hacking, simulates attacks on a computer system to identify exploitable vulnerabilities. This type of testing identifies, tests, and highlights vulnerabilities in an organisation’s security posture. Web application firewalls (WAF) are generally augmented by penetration testing in the context of web application security.

Plaintext

Plaintext is intelligible data that has meaning and can be read or acted upon without the application of decryption. Also known as cleartext.

Plaintext, Cleartext

Postman

An API platform for developers to design, build, test, and iterate their APIs.

Private Key

A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data.

Private Key, Secret key

Production Environment

This is where software and other products are actually put into operation as their intended users intend to use them. Developers generally use this term to refer to the setting where end users will actually use the products. In a production environment, software programs and hardware are run in real-time, and it is where organisations and companies perform their daily operations. A staging environment is essentially a test sandbox or a close replica of a live production environment where developers can freely test software. Even though staging and production environments are very similar, they are completely separate.

Properties

Refer to name value pairs that can be used in the API functionality.

Public key cryptography

Public key cryptography is a method of encrypting or signing data with two different keys and making one of the keys, the public key, available for anyone to use. The other key is known as the private key. Data encrypted with the public key can only be decrypted with the private key.

Q

Query String

The portion of a URL where data is passed to a web application and/or back-end database. The reason query strings are needed is that the HTTP protocol is stateless by design. For a website to be anything more than a brochure, stated needs to be maintained state (store data). There are a number of ways to do this: on web servers, use session state server-side, on clients use cookies. and in the URLs, store data via a query string.

R

RDBMS: Relational Database Management System

A Relational Database Management System (RDBMS) is a database management system based on the relational model introduced by Codd. In the relational model, data is represented in terms of tuples (i.e., rows). An RDBMS is used to manage a relational database. A relational database is a collection of organised set of tables from which data can be accessed easily. A relational database is the most commonly used database. A relational database consists of a number of tables and each table has its own primary key.

RDBMS

REGEX: Regular Expression

REGular EXpression is a search pattern that works with texts. Regex can be used in many programming languages. It is used to validate and search text in a flexible and short way with specific rules.

REGEX

REST: Representational State Transfer

Representational State Transfer is an application programming interface that conforms to the constraints of the REST architectural style and enables a quicker interaction between different RESTful web services. A stateless Web service must be able to read and modify its resources using a predefined set of operations and a textual representation.

REST

RSA: Rivest-Shamir-Adleman

Rivest-Shamir-Adleman is a public-key cryptosystem that is widely used for secure data transmission. It is also one of the oldest. In a public-key cryptosystem, the encryption key is public and distinct from the decryption key, which is kept secret (private). An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers are kept secret. Messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers. It is a relatively slow algorithm.

Rivest-Shamir-Adleman, RSA Public Keys

RSA

Rate Limit

Refers to the number of API calls an app or user can make within a given time period. If this limit is exceeded, the application or user may be throttled.

Record

A single entry in a database table is called a record or row. A record in a table represents set of related data. Basically, a record is a collection of fields.

Row

Risk

Or AML Risk Assessment, helps companies understand what conditions increase the chances of a customer's involvement in money laundering.

Risk, AML Risk Assessment

S

SDK: Software Development Kit

Software Development Kit is a set of instructions, integrated practices, pieces, code samples, and documentation that enables developers to create software applications on a specific software platform. SDKs can be seen as workshops with everything developers need to build specific software for a particular platform.

SDK

SDLC: Software Development Life Cycle

Software Development Life Cycle is the process of planning, creating, testing, and deploying an information system. SDCL aims at producing quality software at the lowest possible cost in the shortest possible time. SDLC gives developers a structured flow divided into phases to help companies produce high-quality software.

SDLC

SEPA Instant: Single Euro Payments Area Instant

Single Euro Payments Area Instant (also called SEPA Instant Credit Transfers or SCT Instant) are instant transfers in EUR that are executed 24/7/365 and reach the recipient within seconds.

SEPA Instant, Single Euro Payments Area Instant, SEPA Instant Credit Transfers, SCT Instant

SEPA: Single Euro Payments Area

Single Euro Payments Area is a payment-integration initiative of the EU for the simplification of bank transfers denominated in EUR. As of 2020, there were 36 members in SEPA, consisting of the 27 member states of the European Union, the four member states of the European Free Trade Association (i.e., Iceland, Liechtenstein, Norway & Switzerland), and the United Kingdom. Some microstates participate in the technical schemes (i.e., Andorra, Monaco, San Marino & Vatican City). SEPA covers predominantly normal bank transfers.

SEPA

SFA: Single-Factor Authentication

Single-Factor Authentication is the simplest form of authentication method. SFA is the traditional security process that requires a username and password before granting access to a user.

SFA

SHA: Secure Hash Algorithms

Secure Hash Algorithms are a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a United States Federal Information Processing Standard (FIPS), including: SHA-0, SHA-1, SHA-2, and SHA-3.

SHA

SOAP: Simple Object Access Protocol

Simple Object Access Protocol is a protocol specification for exchanging structured data to implement web services. SOAP leverages XML and other application-layer protocols, such as HTTP or SMTP for message transmission. The messaging services provided by SOAP are exclusively XML-based.

SOAP

SWIFT: Society for Worldwide Interbank Financial Telecommunication

The Society for Worldwide Interbank Financial Telecommunication is a Belgian cooperative society providing services related to the execution of financial transactions and payments between certain banks worldwide. Its principal function is to serve as the main messaging network through which international payments are initiated. It also sells software and services to financial institutions, mostly for use on its proprietary "SWIFTNet", and assigns ISO 9362 Business Identifier Codes (BICs), popularly known as "SWIFT codes". The SWIFT messaging network is a component of the global payments system. SWIFT acts as a carrier of the "messages containing the payment instructions between financial institutions involved in a transaction". However, the organisation does not manage accounts on behalf of individuals or financial institutions, and it does not hold funds from third parties. It also does not perform clearing or settlement functions. After a payment has been initiated, it must be settled through a payment system. In the context of cross-border transactions, this step often takes place through correspondent banking accounts that financial institutions have with each other.

SWIFT

SaaS: Software-as-a-Service

Software-as-a-Service is a cloud computing service that involves the licensure of a software application to customers. Licenses are typically provided through a pay-as-you-go model or on-demand.

SaaS

Sanctions

Or sanction screening, is a crucial part of AML compliance for businesses in many industries and it involves checking customers and transactions against various sanction lists to ensure that they are not doing business with individuals, entities, or countries that are prohibited under national or international laws.

Sanctions, Sanction screening

Sandbox

(computer security) A virtual container in which untrusted programs can be safely run; (software development) an environment in which code or content changes can be tested without affecting the original system. A staging environment is essentially a test sandbox or a close replica of a live production environment where developers can freely test software. Even though staging and production environments are very similar, they are completely separate.

Server

A computer that provides data to other computers. Servers are special computers designed to serve the different requests from other devices or clients in any network environment. Files, applications, user information, and various data can be accessed through the server. A server evaluates the client’s requests and can perform these requests within the assigned permissions and authorization. After fulfilling the incoming request, the response is returned to the client.

Stage Environment

(also known as stage) A nearly exact replica of a Production Environment for software testing. Staging environments are made to test codes, builds, and updates to ensure quality under a production-like environment before application deployment. A staging environment is essentially a test sandbox or a close replica of a live production environment where developers can freely test software. Even though staging and production environments are very similar, they are completely separate.

Stage Environment, Staging environment

Status Page

A page that provides an overview of the system status of an application or suite of applications.

Symmetric encryption

Symmetric encryption is a means of protecting data using a secret key to encrypt (lock) and decrypt (unlock) it. The sender and recipient share the key or password to gain access to the information. The key can be a word; a phrase; or a nonsensical or random string of letters, numbers, and symbols.

Symmetric encryption, Symmetric cryptography

T

TAN: Transaction Authentication Number

Transaction Authentication Number is a one-time code used in the processing of online transactions. A TAN represents an additional layer of security beyond a password to securely log into an account or conduct a transaction.

TAN

TRACE Method

This HTTP method is used to perform a message loop-back test that tests the path for the target resource (useful for debugging purposes).

Table

In a relational database, a table is a collection of data elements organised in terms of rows and columns. A table is considered a convenient representation of relations. A table can have duplicate tuples, while a true relation cannot have duplicate tuples. A table is the simplest form of data storage.

Tags

Metadata information about the API that consumers can use to search for the API.

Throttling

A tactic used by most API servers to keep traffic at a reasonable level. The API will start rejecting requests when the rate exceeds a certain amount.

Throttling, Rate limiting

U

UBO: Ultimate Beneficial Owner

Ultimate Beneficial Owner refers to the person or entity that is the ultimate beneficiary of the company. Certain financial and other organisations, including banks, currency exchange offices and insurers, are subject to mandatory disclosure of the UBO if doing business with any party.

UBO

URI: Uniform Resource Identifier

Uniform Resource Identifier is a unique sequence of characters that identifies a logical or physical resource used by web technologies. URIs may be used to identify anything, including real-world objects, such as people and places, concepts, or information resources such as web pages and books.

URI

URL: Uniform Resource Locator

Uniform Resource Locator, colloquially termed a web address, is a reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. A URL is a specific type of Uniform Resource Identifier.

URL

URN: Uniform Resource Name

Uniform Resource Name is used to identify resources in a permanent way, even after that resource does not exist anymore. Unlike a URL, a URN doesn’t provide any information about locating the resource but simply identifies it, just like a pure URI. In particular, a URN is a URI whose scheme is URN.

URN

Uptime

The time that a server is in operation.

V

Versioning

The practice of creating collaborative data sharing and editing controls to ensure that a product continues to give consumers more choices without having to upgrade to the latest version. Versioning is an integral part of the API design. It arms developers with the ability to enhance their API without disintegrating the client’s applications when new versions are developed.

W

WSDL: Web Services Description Language

The Web Services Description Language refers to the standard that defines the information required to use the web service. WSDL is prepared in XML format.

WSDL

Webhook

Or web callback or HTTP push API, is a way for an app to provide other applications with real-time data. Webhooks deliver data directly to other applications, so data is available immediately.

X

XML Schema

XML data that describes the relationship between elements and attributes in some other class of XML data. A schema may or may not include data type representations. XML schemas are a more advanced alternative to DTDs.

XML: Extensible Markup Language

​The eXtensible Markup Language is a markup language and file format for storing, transmitting, and reconstructing arbitrary data. It defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. XML standardizes data communication between platforms that exchange data using the internet. It is often used for data transmission. XML is used in many areas such as transferring databases, creating sitemaps for websites, defining dependencies in software packages, creating file systems.​

XML

Y

YAML: Yet Another Markup Language

A markup language that can be used with many languages and is easy to read and process. With YAML, which is used for configuration and data storage, data can be shaped, and data structures can be processed. YAML can be used to transfer data between different programming languages. YAML is a human-readable data-serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted.

YAML

Z

Zero-day attack

A zero-hour or day zero attack is a computer threat or virus that tries to exploit computer application vulnerabilities that are unknown to others or the software developer, also called zero-day vulnerabilities. Zero-day exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.