Term

Apps

Definition
A self-contained program or piece of software designed to
fulfill a particular purpose; an application.

Asymmetric / symmetric
encryption

Symmetric encryption is type of encryption where the

same key is used to encrypt and decrypt the message.
Asymmetric (or public-key) encryption uses one key to
encrypt a message and another to decrypt the message.

Authentication / 2-factor / multifactor authentication

Authentication is any process by which a system verifies the

identity of a User who wishes to access it.
2-factor- something the user has to verify his/ her identity.

Backdoor methods

A backdoor in a computer system

(or cryptosystem or algorithm) is a method of bypassing
normal authentication and securing unauthorized remote
access to a computer, while attempting to remain
undetected.

Brute-force decryption

A method of breaking a cipher (that is, to decrypt a specific

encrypted text) by trying every possible key.

Contactless technology

Contactless technology is a term often used to describe a

set of technologies originally developed to help identify
objects.

Device Description Repository

(DDR)

DDR will be able to make use of repositories to adapt their

content to best suit the requesting device. This will facilitate
the interaction and viewing of Web pages across devices
with widely varying capabilities.

Extended validation digital

certificate

As the highest class of SSL available, Extended Validation

SSL Certificates (EV SSL) activate both the padlock and the
green address bar in all major browsers. EV SSL Certificates
provide the strongest encryption level available and enable
the organization behind a website to present its own
verified identity to website visitors.

Global System for Mobile

communication (GSM)

A standard developed by the European Telecommunications

Standards Institute (ETSI) to describe protocols for second
generation (2G) digital cellular networks used by mobile
phones.

HTTP(S)

HTTP is the foundation of data communication for the World

Wide Web.
1.

Man-in-the-Browser (MitB) Trojan

HTTPS is the use of Secure Socket Layer or Transport

Layer Security as a sub layer under regular HTTP application
layering. HTTPS encrypts and decrypts user page requests
as well as the pages that are returned by the Web server.
Man-in-the-browser, a form of Internet threat related
to man-in-the-middle (MITM), is a proxy Trojan horsethat
infects a web browser by taking advantage of vulnerabilities
in browser security to modify web pages, modify transaction
content or insert additional transactions, all in a completely

covert fashion invisible to both the user and host web

application.
Mobile Wallet

The mobile wallet refers to a mobile technology that is used

similarly to a real wallet. The Mobile Wallet provides a
convenient solution for any business looking to allow
customers to purchase their products online with greater
ease, therefore driving sales.

M-PESA

MPESA is a mobile phone based money transfer and micro

financing service, and is the largest mobile network
operators in Kenya and Tanzania. MPESA allows users with a
national ID card or passport to deposit, withdraw, and
transfer money easily with a mobile device.

NFC

1.

Near Field Communication is a short-range wireless

connectivity standard that uses magnetic field induction to
enable communication between devices when they're
touched together, or brought within a few centimeters of
each other.

One-time password

A one-time password is a password that is valid for only one

login session or transaction.

Out-of-band verification

Out-of-Band Authentication is the use of two separate

networks working simultaneously to authenticate a user.

Phishing

The activity of defrauding an online account holder of

financial information by posing as a legitimate company.

Pingit

Barclays Pingit is a system for the mobile transfer of money

in the United Kingdom.

Push / Pull technology

Push describes a style of Internet-based communication

where the request for a given transaction is initiated by the
publisher or central server.
Pull technology is where the request for the transmission of
information is initiated by the receiver or client.

QR codes

A machine-readable code consisting of an array of black and

white squares, typically used for storing URLs or other
information for reading by the camera on a smartphone.

SMS

1.

Short Message Service is a text messaging service

component of phone, Web, or mobile communication
systems. It uses standardized communications protocols to
allow fixed line or mobile phone devices to exchange short
text messages.

SSL/TLS

1.

Transport Layer Security (TLS) and its

predecessor, Secure Sockets Layer (SSL), are cryptographic
protocols designed to provide communication security over
the Internet.

STK (SIM Application Toolkit)

1.

SIM Application Toolkit (commonly referred to

as STK) is a standard of the GSM system which enables the
Subscriber Identity Module (SIM) to initiate actions which

Transaction authentication
number (TAN)

1.

can be used for various value-added services.

A transaction authentication number (TAN) is used
by some online banking services as a form of single use
one-time passwords to authorize financial transactions.
TANs are a second layer of security above and beyond the
traditional single-password authentication.

Trojan

A Trojan is a generally non-self-replicating type

of malware program containing malicious code that, when
executed, carries out actions determined by the nature of
the Trojan, typically causing loss or theft of data, and
possible system harm.

User agent header field

In computing, a user agent is software that is acting on

behalf of a user.In many cases, a user agent acts as
a client in a network protocol used in communications
within a clientserver distributed computing system. In
particular, the Hypertext Transfer Protocol identifies the
client software originating the request, using a "User-Agent"
header, even when the client is not operated by a user.

WEP

1.

Wired Equivalent Privacy is a security protocol that is

designed to provide a wireless local area network (WLAN)
with a level of security and privacy comparable to what is
usually expected of a wired LAN.

WPA

1.

Wi-Fi Protected Access (WPA) is a security standard

for users of computers equipped with Wi-Fi wireless
connection. It is an improvement on and is expected to
replace the original Wi-Fi security standard, Wired
Equivalent Privacy (WEP).

Zapp

Zero Assignment Parallel Processor. A virtual tree machine

architecture in which a process tree is dynamically mapped
onto a fixed, strongly connected network of processors
communicating by message passing.

List out the benefits of mobile banking

List out the functions of bank and their transaction practices

Analyze and briefly explain how banks protect their data

How encryption and decryption protect data

Analyze the different security issues that take place in banking sector

List out some online frauds.

Why TAN is important. What role it plays?

What are the different protocols that are used for mobile banking

How digital certificate prevent fake documents

What is brute force? How Brute force decryption method works.

How are apps used for mobile banking

Explain in detail on how mobile payment services Pingit and Zapp works.