All Exam Topic Areas Flashcards

1
Q

Risk that a party to a transaction cannot provide the necessary funds as contracted for settlement to take place on the scheduled date.

A

Credit Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risk that a transaction is altered or delayed due to an unintentional error.

A

Operational Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk that a payment transaction will be initiated or altered in an attempt to misdirect or misappropriate funds.

A

Fraud Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk that the inability or unwillingness of one funds transfer system participant to settle its commitments will cause other participants to be unable to settle their commitments.

A

Systemic Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk that occurs when a party to a transaction fails to comply, either knowingly or inadvertently, with payment system rules and policies, regulations and applicable U.S. and state law.

A

Compliance Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk that occurs when an ODFI permits an Originator or Third-Party to use its routing number to send files directly to the ACH Operator.

A

Direct Access Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk that occurs when a negative publicity regarding a financial institution’s business practices leads to a revenue loss or litigation.

A

Reputation Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk that arises from a financial institution relying upon outside parties to perform services or activities on its behalf.

A

Third-Party Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Risk that occurs from an institution’s failure to enact appropriate policies, procedures or controls to ensure it conforms to laws, regulations, contractual arrangements and other legally binding agreements and requirements.

A

Legal Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Risk associated with foreign exchange.

A

Transaction Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Current and potential risk to earnings or capital arising from a financial institution’s inability to settle an obligation for full value when it is due.

A

Liquidity Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Risk might arise from making poor business decisions, from the substandard execution of decisions, from inadequate resource allocation or from failure to respond well to changes in the business environment.

A

Strategic Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Risk that occurs because of theft from deposit accounts by way of multiple access points.

A

Cross-Channel Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Risk to each party of a contract that the counterparty will not live up to its contractual obligations.

A

Counterparty Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Process of planning, organizing, leading and controlling the activities of an organization to minimize the effects of risk on that organization.

A

Enterprise Risk Management (ERM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Voluntary private-sector organization formed in 1985 dedicated to improving the quality of financial reporting.

A

Committee of Sponsoring Organizations (COSO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Governs the provisions of intraday credit (daylight overdrafts) in accounts at the Reserve Banks.

A

Federal Reserve Board’s Payments System Risk (PSR) Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Examples of operational risk with ACH payments.

A

(1) Missed transmission deadlines; (2) Hardware/software failures and loss of power; (3) Clerical errors; (4) Inadequate procedures; (5) Inadequate training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Examples of operational risk with card payments.

A

(1) Processing risks; (2) Employee and/or service provider errors; (3) Hardware and software failure, including service provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Examples of operational risk with check payments processed through Remote Deposit Capture (RDC).

A

(1) Faulty equipment; (2) Inadequate procedures; (3) Inadequate training; (4) Poor image quality; (5) Resubmission of file or redeposit of physical items; (6) Technology-related issues, such as failure to maintain compatible and integrated IT systems; (7) Reliability of RDC vendor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Examples of operational risk with wire payments.

A

(1) System failure caused by breakdown in hardware/software; (2) System disruption; (3) System compromise; (4) Inadequate procedures; (5) Inadequate training

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Examples of operational risk with emerging payments.

A

(1) Inadequate procedures; (2) Inadequate training; (3) Reliability of vendor; (4) Employee or end user errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Examples of fraud risk with ACH payments.

A

(1) Misappropriation of funds; (2) Misdirect payment; (3) Account takeover; (4) Business email compromise scam; (5) Vendor impersonation fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Examples of fraud risk with card payments.

A

(1) Lost or stolen cards; (2) Phishing scams; (3) Skimmers; (4) Data breaches; (5) Counterfeit or altered cards; (6) Unauthorized use of a Cardholder’s card number for card-not-present transactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Examples of fraud risk with check payments.

A

(1) Lost or stolen checks; (2) Alteration of deposited items; (3) Forged or missing endorsement; (4) Deposit of counterfeit items; (5) Check kiting; (6) Redeposit of items/duplicate presentment through RDC; (7) Proper disposal of deposited items by RDC customers; (8) Insider fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Examples of fraud risk with wire payments.

A

(1) Malware, spyware and viruses; (2) Business email compromise; (3) Money laundering; (4) Dishonest employees; (5) Lack of dual controls or segregation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Examples of fraud risk with emerging payments.

A

(1) Speed of processing; (2) Reduced reaction time to fraud; (3) Breaches/data security; (4) Malware, spyware and viruses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Examples of credit risk with ACH credit payments.

A

(1) Originator fails to fund ODFI for credit entries initiated; (2) RDFI posted credit entry prior to Settlement Date

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Examples of credit risk with ACH debit payments.

A

(1) ODFI is unable to recover funds from Originator for returned debit entries; (2) RDFI is untimely in returning debit entries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Maximum timeframe an ODFI is exposed to credit risk for ACH credit origination.

A

Up to two banking days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Maximum timeframe an ODFI is exposed to credit risk for ACH debit origination.

A

(1) Up to 60 days from the Settlement Date for consumer Standard Entry Class (SEC) codes per the ACH Rules; (2) Up to 60 days from the consumer’s statement date per Regulation E

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Examples of credit risk with card payments.

A

(1) Merchant declares bankruptcy, commits fraud or is otherwise unable to pay its chargebacks causing the Acquiring Financial Institution to pay the Card Issuer; (2) With EMV, the Card Issuer may encounter credit risk due to fallback transactions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Examples of credit risk with check payments.

A

(1) Bank of First Deposit (BOFD) credits the account holder provisionally and settlement does not occur for several days; (2) Paying Bank misses deadline for processing returns and adjustments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Examples of credit risk with emerging payments.

A

(1) Failure or bankruptcy of entity initiating payment; (2) Funds availability prior to receiving final settlement; (3) Per-transaction dollar limits being set too high; (4) Funds unavailable to satisfy debit return

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Examples of credit risk with wire payments.

A

(1) Originating/Sender Bank makes an irrevocable payment on behalf of a customer through an extension of credit; (2) Beneficiary Bank does not post the payment properly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Card payment system is governed by these rules and regulations.

A

(1) Regulation E; (2) Regulation Z; (3) Card Association Rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Wire payment system is governed by these rules and regulations.

A

(1) UCC 4A; (2) OFAC; (3) Bank Secrecy Act (BSA); (4) Regulation E, Subpart B; (5) Regulation J; (6) Regulation CC; (7) Federal Reserve Operating Circulars 1, 5 & 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Check payment system is governed by these rules and regulations.

A

(1) Regulation CC; (2) UCC Article 3; (3) UCC Article 4; (4) Regulation J, Subpart A; (5) Federal Reserve Bank Operating Circular 3; (6) ECCHO Rules

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

ACH Network is governed by these rules and regulations.

A

(1) ACH Rules; (2) EFTA and Regulation E; (3) Regulation CC; (4) Regulation D; (5) 31 CFR Part 203, 208, 210 & 370; (6) UCC Articles 4 & 4A; (7) BSA/AML; (8) State EFT Acts; (9) FRB Operating Circular 4; (10) Private Sector ACH Operator Rules; (11) OFAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Emerging payments are governed by these rules and regulations.

A

Generally, these are ACH or card transactions; therefore, the respective payment system rules and regulations would apply.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

A company or individual that has been authorized by the Receiver to initiate either a credit or debit ACH entry to their account.

A

Originator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

An individual or company that has authorized an Originator to initiate an ACH entry to their account with the RDFI.

A

Receiver

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

A financial institution that receives payment instructions from Originators and forwards the entries to the ACH Operator.

A

Originating Depository Financial Institution (ODFI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

A financial institution that receives ACH entries from the ACH Operator and posts the entries to the accounts of its depositors.

A

Receiving Depository Financial Institution (RDFI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

The central clearing facility for ACH transactions.

A

ACH Operator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

A third-party that processes ACH files and/or entries on behalf of financial institutions and/or Originators.

A

Third-Party Service Provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

A third-party that provides ACH services to the Originator, and, in that capacity, acts as an intermediary between the Originator and ODFI.

A

Third-Party Sender

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

An entity that issues a credit or debit card to the Cardholder.

A

Card Issuer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

The financial institution that contracts with a merchant to initiate payment requests to a card association or company in the context of credit and debit card payments.

A

Acquirer (Processor, Merchant Bank or Merchant Processor)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

A person or entity that is issued a credit or debit account that is accessed using a card.

A

Cardholder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Network which provides switching facilities for the routing of credit, debit and ATM card transactions between Acquirers and Card Issuers

A

POS/ATM/Credit Card Network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Financial institution identified by the routing number encoded on the MICR line of a check.

A

Paying Bank (Payor’s Depository Financial Institution)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

The party to whom a check is made payable.

A

Payee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

The first bank to which a check is deposited or transferred.

A

Bank of First Deposit (Payee’s Depository Financial Institution)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

The party obligated to pay on a check.

A

Payor (Check Writer, Maker or Drawer)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

A voluntary association of depository institutions that facilitate the clearing of checks or electronic items through the direct exchange of funds between members.

A

Clearing House

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Private depository institution, Bankers’ Bank or Federal Reserve Bank providing clearing or settlement services to a Paying Bank or Bank of First Deposit.

A

Correspondent Bank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Financial institution that creates the image of the original check.

A

Truncating Bank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Financial institution that produces the Substitute Check or Image Replacement Document (IRD).

A

Reconverting Bank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Sender of the payment order in a funds or securities transfer.

A

Originator

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Financial institution that initiates a funds transfer on behalf of the Originator.

A

Originating/Sender Bank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Entity that processes and settles Fedwire Funds.

A

Federal Reserve Bank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Financial institution identified in a funds transfer to be credited pursuant to the payment order.

A

Beneficiary’s Bank

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Person or entity to be paid in a funds transfer.

A

Beneficiary

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Type of retail processing where a card payment is expected after the goods or services have been received; typically refers to credit payments (e.g., credit card).

A

Pay Later

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Type of retail processing where a card payment is expected when the goods or services are received; generally associated with debit payments (e.g., debit card).

A

Pay Now

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

Type of retail processing where a card payment is made for goods or services with prepaid or stored-value cards.

A

Pay Before

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Delivery system that enables paper checks to be processed remotely.

A

Remote Deposit Capture (RDC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Check created by a Payee based on the account holder’s authorization that does not bear a signature.

A

Remotely Created Check (RCC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

A check that never appears in paper form.

A

Electronically Created Item (ECI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

An entry to the record of an account to represent the transfer or removal of funds from the account.

A

Debit Entry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

An entry to the record of an account that represents the transfer or placement of funds into the account.

A

Credit Entry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

A payment card issued to a person for purchasing goods and services through an electronic transfer of funds from a demand deposit account rather than using cash, checks or drafts at the point-of-sale.

A

Debit Card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

A card indicating the holder has been granted a line of credit to make purchases or withdraw cash up to a prearranged ceiling.

A

Credit Card

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

A card-based payment system that assigns a value to the card; some cards can be “reloaded” through various methods and others are designed to be discarded.

A

Prepaid/Stored Value Card

76
Q

A bank account established directly or indirectly by an employer on behalf of an employee to which an employee’s wages are electronically transferred to.

A

Payroll Card Account

77
Q

Global network messaging service supporting correspondent banking and financial market utilities.

A

SWIFT

78
Q

Multilateral systems that provide the infrastructure for transferring, clearing and settling payments, securities and other financial transactions among financial institutions or between financial institutions and the system.

A

Financial Market Utilities (FMUs)

79
Q

A set of specifications, standards or conventions that enable computer programs to exchange information.

A

Application Program Interface (API)

80
Q

Computer-to-computer exchange of business documents and payment-related information in a standard electronic format between business partners.

A

Electronic Data Interchange (EDI)

81
Q

Hosted service offering that acts as an intermediary between business partners to transmit data (i.e., business documents).

A

Value Added Network (VAN)

82
Q

An international standard-setting body composed of representatives from various national standards organizations.

A

International Organization for Standards (ISO)

83
Q

A type of database that is consensually shared and synchronized across nodes in a network spread across multiple sites, institutions or geographies.

A

Distributed Ledger Technology (DLT)

84
Q

Uses algorithms to enable transactions to be aggregated in blocks, which are added to a chain of existing blocks using a cryptographic signature.

A

Blockchain

85
Q

Total process required to identify, control and minimize the impact of uncertain events.

A

Risk Management

86
Q

Amount of risk, on a broad level, an entity is willing to accept in pursuit of value.

A

Risk Appetite

87
Q

Acceptable level of variation relative to achievement of a specific objective.

A

Risk Tolerance

88
Q

Overall process of risk identification, analysis and evaluation.

A

Risk Assessment

89
Q

Finding, recognizing and describing risks.

A

Risk Identification

90
Q

Process to comprehend the nature of risks and determine the level of risks.

A

Risk Analysis

91
Q

Process of comparing risk analysis results to determine if risk is at an acceptable level.

A

Risk Evaluation

92
Q

Process to determine the likelihood of an adverse event or threat occurring and the potential impact of such an event on the institution.

A

Risk Measurement

93
Q

Informed decision to accept or take a particular risk.

A

Risk Acceptance

94
Q

Risk is accepted as tolerable and falls within the risk appetite.

A

Risk Acceptance without Treatment

95
Q

Risks that are monitored and reviewed to ensure they remain within the risk appetite.

A

Risk Acceptance with Treatment

96
Q

Informed decision to withdraw from or not become involved with an activity to avoid exposure to unwanted or unacceptable risks.

A

Risk Avoidance

97
Q

Form of risk treatment involving an agreed-upon distribution of risk with other parties.

A

Risk Sharing

98
Q

Form of risk sharing that allocates risk equitably.

A

Risk Assignment

99
Q

Group of individuals that are elected as, or elected to act as, representatives of the stockholders to establish corporate management-related policies.

A

Board of Directors (Board)

100
Q

Highest-ranking executive in an organization responsible for making major corporate decisions, managing overall operations and resources, and acting as the main point of communication with the Board.

A

Chief Executive Officer (CEO)

101
Q

Group of individuals at the highest-levels of management of an organization who have the day-to-day tasks of managing the organization.

A

Senior Management Team (Executive Management, Management Team)

102
Q

Group of individuals that may elect directors of an organization, including the CEO and CFO, and benefit through dividends or share buybacks.

A

Shareholders

103
Q

Defines the course of action adopted for the sake of expediency and facilitation of objectives.

A

Policy

104
Q

Defines the manner in which an organization will proceed, perform or affect something to accomplish the objectives of a policy.

A

Procedures

105
Q

Method used to calculate the creditworthiness of an individual or business.

A

Credit Analysis

106
Q

Clear, written guidelines that set the terms and conditions for supplying services on credit, qualification criteria, procedures for making collections and steps to be taken in case of customer delinquency.

A

Credit Policy

107
Q

Process of reducing risks through the introduction of specific controls and risk transfer.

A

Risk Mitigation

108
Q

A comprehensive written plan to maintain or resume business in the event of a disruption.

A

Business Continuity Plan (BCP)

109
Q

Process of identifying the potential impact of uncontrolled, non-specific events on an institution’s business processes.

A

Business Impact Analysis (BIA)

110
Q

Comprehensive strategies to recover, resume and maintain all critical business functions.

A

Business Continuity Strategy

111
Q

Testing method ensures critical personnel from all areas are familiar with the business continuity plan (BCP) and may be used as an effective training tool.

A

Tabletop Exercise/Structured Walk-Through Test

112
Q

Testing method used to apply a specific event scenario to the business continuity plan (BCP).

A

Walk-Through Drill/Simulation Test

113
Q

Testing method involves actual mobilization of personnel to other sites attempting to establish communications and perform actual recovery processing as outlined in the business continuity plan (BCP).

A

Functional Drill/Parallel Test

114
Q

Testing method involves a simulated real-life emergency and all or portions of the business continuity plan (BCP) are implemented by processing data/transactions using back-up media at the recovery site.

A

Full-Interruption/Full-Scale Test

115
Q

Name the four steps included in business continuity planning (BCP).

A

(1) Business Impact Analysis; (2) Risk assessment; (3) Risk management; (4) Risk monitoring and testing

116
Q

Step in the BCP process that identifies the potential impact of uncontrolled, non-specific events on an institution’s business processes.

A

Business Impact Analysis

117
Q

Step in the BCP process that evaluates business processes and BIA assumptions using various threat scenarios.

A

Risk Assessment

118
Q

A technique used to internally assess the effectiveness of risk management and control processes.

A

Control Self-Assessment

119
Q

A plan that defines the action steps, involved resources and communication strategy upon identification of a threat or potential threat event, such as a breach in security protocol, power or telecommunications outage, severe weather or workplace violence.

A

Incident Response Plan

120
Q

A method used to mitigate credit risk, also required by the ACH Rules.

A

Exposure Limits

121
Q

Frequency in which a business continuity plan should be reviewed by internal or external auditors.

A

At least annually

122
Q

Frequency in which an enterprise-wide business continuity tests should be conducted.

A

At least annually, or more frequently depending on changes in the operating environment

123
Q

Controls to detect and/or prevent errors or misappropriations.

A

Financial Controls

124
Q

Controls that align with board-approved risk appetite and inform employees of management’s expectations.

A

Administrative Controls

125
Q

Controls that establish policies and procedures that reduce risk and ensure operating, reporting and compliance objectives are met.

A

Procedural Controls

126
Q

Controls to prevent and detect unauthorized activity.

A

Technical Controls

127
Q

Law to protect consumers purchasing financial products and services requiring that consumers have access to information that lets them choose the option they believe is best for their situation.

A

Unfair, Deceptive or Abusive Acts or Practices (UDAAP)

128
Q

Activity that is inconsistent with or deviating from what is usual, normal or expected.

A

Anomalous Activity

129
Q

Name the FTC’s “four Ps” for evaluating whether a representation, omission, act or practice is likely to mislead.

A

(1) Prominent - will the consumer notice the information; (2) Presented - is the format easy-to.understand; (3) Placement - is the information located where a consumer would expect to look; (4) Proximity - is the information close to the claim it qualifies

130
Q

Name the five steps in the vendor management life cycle according to the FFIEC.

A

(1) Planning; (2) Due Diligence in Vendor Selection; (3) Contract Negotiation; (4) Ongoing Monitoring; (5) Termination

131
Q

A mitigating technique designed to prevent an event from occurring.

A

Preventitive Control

132
Q

A test of an institution’s disaster recovery plan or BCP.

A

Business Continuity Test/Disaster Recovery Exercise

133
Q

A document based on the institution’s test scope and objectives and includes various test methods.

A

Test Plan

134
Q

A testing activity designed to validate the continuity of business transactions and the replication of associated data.

A

Transaction Testing

135
Q

Process by which an organization protects the creation, collection, storage, use, transmission and disposal of information.

A

Information Security

136
Q

Process of verifying the identity of an individual user, machine, software component or any other entity.

A

Authentication

137
Q

Something a person is, something a person knows or something a person has.

A

Authentication Factor

138
Q

Method to verify an identity using one type of authentication factor.

A

Single-Factor Authentication

139
Q

Method to verify an identity using two or more types of authentication factors.

A

Multifactor Authentication

140
Q

Use of different controls at different points in a transaction process.

A

Layered Security

141
Q

Name the authentication factor represented by a biometric characteristic, such as a fingerprint or iris pattern.

A

Something a Person Is

142
Q

Name the authentication factor represented by a password or PIN.

A

Something a Person Knows

143
Q

Name the authentication factor represented by an ATM/debit card, smart card or token.

A

Something a Person Has

144
Q

Challenge questions that do not rely on information that is publicly available.

A

Out-of-Wallet Questions

145
Q

Technique used to establish a “fingerprint identity” of a user’s computer or other web access device.

A

Device Identification

146
Q

Authentication technique that uses one-time cookies, PC configuration, IP address, geo-location and other factors.

A

Complex Device Identification

147
Q

A data security technique that encodes information so that data appears as a meaningless string of letters and symbols during delivery or transmission.

A

Encryption

148
Q

Disposal technique used to destroy sensitive, electronic data on devices by replacing it with new, random data.

A

Overwriting

149
Q

Disposal technique using powerful, varying magnetic fields to scramble data recorded on media.

A

Degaussing

150
Q

Two main types of access control.

A

(1) Physical access control, (2) Logical access control

151
Q

Access control that limits access to buildings, rooms and physical IT assets.

A

Physical Access Control

152
Q

Access control that limits connections to computer networks, system files and data.

A

Logical Access Control

153
Q

Security technique used to regulate who or what can view or use resources in a computing environment.

A

User Access Controls

154
Q

A weakness in automated system security procedures, administrative controls, physical layout, internal controls, etc., that could be exploited to gain unauthorized access to information or to disrupt critical processing.

A

Vulnerability

155
Q

5
Systematic examination of an information system or product to determine the adequacy of security measures and identify security deficiencies.

A

Vulnerability Anaylsis

156
Q

Systematic examination of systems to identify, quantify and prioritize the security deficiencies of the systems.

A

Vulnerability Assessment

157
Q

Payment system governed by the ACH Rules, UCC 4, UCC 4A, Electronic Fund Transfer Act, OFAC, Regulation E, The Right to Financial Privacy, Regulation D and Regulation CC.

A

ACH Network

158
Q

8

Payment system governed by UCC 4A, OFAC, Regulation J and Regulation CC.

A

Wire Transfer Payment System

159
Q

Payment system governed by the Electronic Fund Transfer Act, Regulation Z, Card Association Rules and Fair Credit Billing.

A

Card Payment System

160
Q

Payment system governed by the Expedited Funds Availability Act, UCC 3, UCC 4, OFAC, Regulation CC and Regulation J.

A

Check Payment System

161
Q

Implements the Expedited Funds Availability Act of 1987.

A

Regulation CC

162
Q

Transactions governed by UCC 4A.

A

Commercial wholesale credits, including wire transfers and CCD/CTX credits

163
Q

Governs the clearing and settlement of ACH credit and debit items by the Federal Reserve Banks, ODFIs and RDFIs.

A

Federal Reserve Bank Operating Circular 4 (OC 4)

164
Q

Provided for within the Debt Collection Improvement Act of 1996 requiring that virtually all non-tax related payments made by the federal government be made via electronic funds transfer.

A

The Electronic Funds Transfer (EFT) Mandate

165
Q

Governs check collection through the Federal Reserve Bank and wire transfer.

A

Regulation J

166
Q

Governs federal government payments made via the ACH Network.

A

Title 31 of the Code of Federal Regulations (CFR) Part 210

167
Q

Provides rules for financial institutions that use EFT to process federal tax payments through EFTPS.

A

Title 31 of the Code of Federal Regulation (CFR) Part 203

168
Q

Governs the handling of payments for the Bureau of Public Debt made through the ACH Network.

A

Title 31 of the Code of Federal Regulation (CFR) Part 370

169
Q

Establishes reserve requirements and identifies non-transaction accounts.

A

Regulation D

170
Q

Implements the Electronic Fund Transfer Act (EFTA).

A

Regulation E

171
Q

Designed to help consumers “comparison shop” for credit by requiring disclosures about terms and cost.

A

Regulation Z

172
Q

Administers economic sanctions and embargo programs that require assets and transactions involving the interest of targeted parties be blocked or frozen.

A

Office of Foreign Assets Control (OFAC)

173
Q

Any agreement, authorization, Written Statement of Unauthorized Debit or other record that requires signatures or similarly authenticated methods may use an electronic signature in conformity with the terms of this Act.

A

Electronic Signatures in Global and National Commerce Act (E-Sign Act)

174
Q

Primary source of rules for the commercial ACH Network defining obligations and liabilities of Participating DFIs.

A

Nacha Operating Rules (a.k.a. ACH Rules)

175
Q

Act, also known as the Financial Services Modernization Act of 1999, required federal banking agencies to establish information security standards for financial institutions.

A

Gramm-Leach-Bliley Act (GLBA)

176
Q

Act requires financial institutions to assist U.S. government agencies to detect and prevent money laundering.

A

Bank Secrecy Act (BSA)

177
Q

Act broadened the scope of the Bank Secrecy Act to focus on terrorist financing.

A

USA PATRIOT Act

178
Q

Program requiring financial institutions to verify the identity of a person seeking to open an account, to maintain records of the information used to verify an identity and to consult government known or suspected terrorist lists.

A

Customer Identification Program (CIP)

179
Q

Governs the treatment of a consumer’s non-public personal information by financial institutions.

A

Regulation P

180
Q

Defines a negotiable check and types of endorsements.

A

Uniform Commercial Code Article 3 (UCC 3)

181
Q

Governs check collection outside the Federal Reserve Bank.

A

Uniform Commercial Code Article 4 (UCC 4)

182
Q

Governs wholesale credit transfers, which include wired funds and CCD and CTX credit entries.

A

Uniform Commercial Code Article 4A (UCC 4A)

183
Q

Defines Federal Reserve Bank and financial institution responsibilities in clearing checks.

A

Federal Reserve Bank Operating Circular 3 (OC 3)

184
Q

Terms under which an institution may access certain services and applications provided by a Federal Reserve Bank and under which an institution may send or receive data from a Federal Reserve Bank by means of an electronic connection.

A

Federal Reserve Bank Operating Circular 5 (OC 5)

185
Q

Defines Federal Reserve Bank and financial institution responsibilities in transmitting funds transfers through the Fedwire Funds Service.

A

Federal Reserve Bank Operating Circular 6 (OC 6)

186
Q

Federal Reserve policy addressing the risks that payment systems present to the Federal Reserve Banks, the banking system and to other sectors of the economy.

A

Payments System Risk (PSR) Policy

187
Q

Reports required to be filed by the Bank Secrecy Act when a financial institution identifies or suspects fraudulent activity.

A

Suspicious Activity Report (SAR)