In a Full Mesh Topology, every device has a dedicated point-to-point link to every other device. If one link fails, data can take an alternative path, ensuring zero downtime for critical systems.

Parameter files act as the rulebook for the CBS. Changes in interest rates or product features are made here without altering the source code, allowing flexibility.

While some banks add QR codes, it is not a mandatory standard feature prescribed under CTS-2010 standards (unlike Void Pantograph, UV Logo, and Watermark).

In Brown Label ATMs, the machine and lease are owned by a third party, but the branding and cash handling are done by the sponsor bank. (White Label ATMs are fully non-bank owned).

The IIN is a 6-digit number issued by NPCI that identifies the bank to which the customer's Aadhaar is linked, enabling Aadhaar-based routing.

INFINET is the communication backbone for the Indian Banking and Financial Sector, managed by IDRBT. It secures critical inter-bank applications like RTGS, NEFT, and NDS.

Blockchain (Distributed Ledger Technology) allows for programmable contracts (Smart Contracts) that automatically execute, enforce, and verify the terms of an agreement without intermediaries.

Phishing typically uses spoofed emails or fake websites to trick users into revealing credentials. It is a "Social Engineering" attack.

The standard UPI limit is ?1 Lakh per day. (Note: For specific categories like IPOs, Retail Direct Scheme, and Medical/Education, the limit has been enhanced to ?5 Lakh, but the general limit remains ?1 Lakh).

EOD is a critical batch process that runs at the end of the business day to ensure all transactions are posted, accounts balanced, and system date is moved to the next working day.

STP means the payment message flows from the remitting bank to the RBI and then to the beneficiary bank automatically without any manual intervention, ensuring speed and accuracy.

In online transactions, the physical card is not presented to a merchant. Authentication relies on details (Card No, CVV, Expiry) and 2FA (OTP), making it a CNP transaction.

2FA combines: 1. Knowledge (PIN/Password), 2. Possession (Card/Token/Phone), 3. Inherence (Fingerprint/Iris). "Desire" is not an authentication factor.

The National Payments Corporation of India (NPCI) functions as the Bharat Bill Payment Central Unit (BBPCU) responsible for setting standards and operating the BBPS.

Hypertext Transfer Protocol Secure (HTTPS) uses TLS/SSL encryption to secure the data transferred between the user's browser and the bank's server, preventing eavesdropping.

AI algorithms analyze vast data for patterns (Fraud Detection), interact with customers (Chatbots), and assess risk profiles (Credit Scoring) efficiently.

While the facility is available for cheques of ?50,000 and above, banks have the discretion to make it mandatory for cheques for amounts of ?5 Lakh and above to prevent high-value fraud.

The Customer Information File (CIF) or Customer ID is the unique key assigned to a customer. Multiple accounts (Savings, Loan, FD) are linked to this single CIF to provide a 360-view of the customer relationship.

Skimming involves placing a discreet device over the card slot to read the magnetic stripe data, which is then used to clone the card for fraudulent use.

The Reserve Bank of India regulates PPIs under the Payment and Settlement Systems Act, 2007. Issuers must obtain authorization from RBI.

Like the mythical wooden horse, a Trojan appears useful/harmless to trick the user into installing it, after which it executes malicious code (stealing data, creating backdoors).

A firewall acts as a barrier between a trusted internal network and untrusted external networks (internet), blocking unauthorized access while permitting legitimate traffic.

Data integrity ensures that data remains unaltered during storage, transmission, and processing, which is vital for banking financial records.

The limit for IMPS transactions was enhanced from ?2 Lakh to ?5 Lakh to facilitate larger instant transfers.

Digital channels (Internet/Mobile) have negligible marginal costs compared to physical infrastructure (Branch/ATM) or human-assisted channels.

Asymmetric encryption (Public Key Infrastructure) is crucial for digital banking security (like SSL/TLS) because it allows secure exchange of data without sharing the private secret key.

e-NACH reduces the turnaround time for mandate registration by using electronic authentication via Netbanking or Debit Card, replacing physical paper mandates.

Interest calculation for millions of accounts is resource-intensive. Batch processing runs this as a background job (usually at night) to avoid slowing down the system during banking hours.

V-CIP uses video chat and geotagging to verify the customer remotely. RBI treats it as equivalent to physical KYC, allowing full account functionality.

UPI LITE allows users to make small value transactions (up to ?500) without entering a UPI PIN, improving success rates and reducing load on the core banking system.

Service-Oriented Architecture (SOA) breaks down banking functions into distinct, self-contained units ("services") like account validation, interest calculation, etc. These services can be reused across different channels (Mobile, ATM, Net Banking), reducing development time for new products and ensuring consistency across the bank's technology ecosystem.

ISO 20022 uses the MX message format (based on XML), which carries much more data than the older MT format. This "rich data" allows banks to transmit detailed remittance information, improve anti-money laundering (AML) screening, and automate reconciliation processes, significantly reducing errors in cross-border payments.

Initially set at ?5,000, the RBI enhanced the limit for e-mandates on cards and UPI for recurring payments (like subscriptions, insurance premiums) to ?15,000 without the need for Additional Factor of Authentication (AFA/PIN) during the transaction execution, improving convenience for users.

Pharming is more dangerous because it manipulates the DNS (Domain Name System) server or the user's host file. Even if the user types the correct website address (e.g., www.bank.com), they are redirected to a fraudulent site without clicking any suspicious link, making it harder to detect than Phishing.

NFC (Near Field Communication) is a short-range wireless connectivity standard. It allows two devices (the card and the POS terminal) to communicate when they are brought within a few centimeters (typically < 4 cm) of each other, enabling "Tap and Pay".

BBPS has a tiered structure. The Biller Operating Unit (BOU) is the entity responsible for onboarding billers (like electricity boards, telecom companies) into the BBPS ecosystem. The Customer Operating Unit (COU) interacts with the customer (payer).

A Data Warehouse acts as a central repository of integrated historical data. Data Mining uses algorithms on this warehoused data to discover hidden patterns, correlations, and insights (e.g., predicting which customers are likely to default or identifying cross-selling opportunities).

SaaS is a cloud model where software applications are hosted by a vendor and made available to customers over the internet (e.g., Google Drive, CRM software), eliminating the need for banks to install and maintain the software locally.

In a DDoS attack, the traffic comes from hundreds or thousands of sources (zombie computers/bots), making it nearly impossible to stop the attack simply by blocking a single IP address. This makes DDoS much more destructive and harder to mitigate than simple DoS.

To enhance security, RBI mandated that merchants and payment aggregators cannot save actual card details (Card-on-File). They must use "Tokens" generated by the Card Network/Issuer. Only the Issuer and Network can store the real data.

NPCI launched RuPay to provide a domestic, cost-effective alternative to international card schemes like Visa and Mastercard, reducing the reliance on cross-border payment processing.

In Star Topology, all nodes connect directly to a central device (hub/switch). It is a single point of failure; if the hub goes down, communication between all connected nodes stops.

NACH Credit is a "Push" system used to distribute funds to many beneficiaries (One-to-Many) like subsidies or salaries. NACH Debit is a "Pull" system used to collect funds from many payers (Many-to-One) like utility bills or loan repayments.

Zero Trust assumes that threats exist both inside and outside the network. It requires strict identity verification for every person and device trying to access resources, regardless of whether they are sitting within the network perimeter or outside.

This feature allows Full-KYC Wallet users to scan any standard UPI QR code of a merchant and pay using their wallet balance, breaking the closed-loop restriction of wallets.

The Delivery Channel Interface allows transactions initiated at various touchpoints (ATMs, Phones) to be routed to the Core Banking System for processing and response.

LSPs act as the interface for digital loans. RBI mandates that LSPs must be monitored by the Regulated Entities, and the loan disbursal/repayment must flow directly between the RE and the borrower, bypassing the LSP's pool account.

The Void Pantograph is a hidden feature. When a cheque is photocopied or scanned, the word "VOID" or "COPY" clearly appears on the copy, making it impossible to use the copy for fraud.

Ransomware (like WannaCry) encrypts the user's data and demands a ransom (usually in crypto) for the decryption key. It is a major threat to banking data availability.

FASTag is a reloadable tag employing RFID technology. It is affixed on the vehicle's windscreen and enables automatic deduction of toll charges when the vehicle passes through the toll plaza.

VPN creates an encrypted "tunnel" over the internet. It is essential for Work From Home scenarios or connecting remote branches securely to the CBS without a dedicated leased line.

mPOS is a cost-effective alternative to traditional bulky POS machines. It allows small merchants to accept card payments using their mobile phones linked to a small card reader.

e-Rupee is the digital form of legal tender issued by the RBI. Unlike cryptocurrencies (which are private and volatile), CBDC is sovereign currency and exchanges 1:1 with cash.

This principle ensures that a teller can only access cash modules, while a loan officer accesses loan modules, preventing unauthorized access and potential fraud.

NEFT operates in half-hourly batches throughout the day (24x7). In a 24-hour cycle, there are 48 batches (00:30 to 00:00).

Payment Card Industry Data Security Standard (PCI-DSS) is a set of security standards designed to ensure that all companies that accept, process, store or transmit credit card information maintain a secure environment.

Bharat QR is an interoperable QR code solution that enables customers to pay using their debit/credit cards (by scanning via banking app) without needing a physical POS terminal.

Big Data is characterized by high Volume (amount of data), high Velocity (speed of data generation), and high Variety (structured and unstructured data types).

LAN covers a building; WAN covers countries; MAN covers a city (like a cable TV network or city-wide bank branch connectivity).

Currently, CTS operates in 3 grids: Northern Grid (New Delhi), Southern Grid (Chennai), and Western Grid (Mumbai). All cheques are cleared through one of these grids.

The RBI-DPI comprises 5 broad parameters: Payment Enablers, Payment Infrastructure (Demand-side factors), Payment Infrastructure (Supply-side factors), Payment Performance, and Consumer Centricity. The Base Period for the index has been set as March 2018 (Score = 100). It helps in mapping the deepening of digital payments in India accurately.

FAR is a critical security metric. It measures the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. In high-security banking applications (like vaults or server rooms), the system is tuned to have an extremely low FAR, even if it means a slightly higher False Rejection Rate (FRR).

EMV (Europay, Mastercard, and Visa) is the global standard for chip-based debit and credit cards. Unlike magnetic stripes which contain static data that can be easily copied/skimmed to create counterfeit cards, EMV chips generate a unique transaction code for every transaction, making cloning extremely difficult and enhancing security.

A Payment Gateway acts as a technological pipe to transmit data. A Payment Aggregator (PA) facilitates merchants to accept various payment instruments without the need for the merchant to create a separate payment integration system of their own. PAs handle the actual funds, settling them to merchants, and are thus regulated by RBI (Guidelines on PA/PG).

Vishing stands for "Voice Phishing." Criminals pose as bank officials, RBI agents, or tech support over a phone call to create a sense of urgency (e.g., "Your card is blocked") and manipulate victims into sharing OTPs, PINs, or passwords. Smishing involves SMS; Phishing involves Email.

RPA uses software "bots" to mimic human actions for routine tasks. It is ideal for processes that are repetitive, prone to human error, and follow strict rules (like account opening forms processing, reconciliation of ATM transactions), freeing up humans for higher-value work.

MPLS is a routing technique that directs data based on short path labels rather than long network addresses. It is highly reliable, secure (acts like a private network), and supports Quality of Service (QoS), ensuring that critical banking transactions get priority over other traffic like emails.

RBI permits FLDG arrangements between Regulated Entities (Banks/NBFCs) and their partner LSPs (Fintechs), subject to a strict cap of 5% of the amount of the loan portfolio. This ensures the lender still holds the primary credit risk while allowing fintech innovation.

A Honeypot is a security mechanism set up to detect, deflect, or counteract attempts at unauthorized use of information systems. It consists of a computer, data, or network site that appears to be part of a network, but is actually isolated and monitored, looking like a valuable target to hackers.

While the general UPI transaction limit is ?1 Lakh, NPCI has enhanced the limit to ?5 Lakh for specific use cases like IPO applications, RBI Retail Direct Scheme, and payment for educational/medical institutions to encourage digital adoption for high-value payments.

Data Centers are rated from Tier 1 to Tier 4 based on uptime and redundancy. Tier 4 is the highest standard, offering Fault Tolerance (no single point of failure), independent dual-powered cooling/power paths, and 99.995% uptime guarantee, crucial for 24x7 banking operations.

A System Audit looks at the technical aspects (hardware, software, security settings). A Process Audit looks at the human/operational aspect—whether users are following the Standard Operating Procedures (SOPs), like password hygiene, maker-checker discipline, and authorization workflows.

Green Banking aims to reduce the carbon footprint. Technologies that promote paperless transactions (Net banking, E-Statements, Mobile Wallets) directly support this by saving paper and reducing the need for physical transport.

RBI allows outsourcing of non-core activities (like IT support, hardware maintenance). However, Core Management Functions , including decision-making regarding credit, policy formulation, internal audit, and compliance, cannot be outsourced as it compromises the bank's control and accountability.

Smart contracts are digital protocols (code) deployed on a blockchain. They automatically execute transactions (like releasing funds) only when specific pre-defined conditions are triggered (e.g., goods delivered), eliminating the need for intermediaries and increasing trust.

The IFSC structure is: First 4 chars = Bank Code (Alphabetic); 5th char = 0 (Zero) (Reserved for future use); Last 6 chars = Branch Code (Numeric/Alphabetic). Example: SBIN0001234.

CTS standards mandate using the TIFF (Tagged Image File Format) . Three images are captured: 1. Front Grayscale (for visual details), 2. Front Black & White (Binary, for MICR reading), 3. Back Black & White (Binary, for endorsements).

MMID is a 7-digit random number issued by the bank to the customer upon registration for mobile banking. The first 4 digits represent the unique bank code, and the last 3 digits identify the user account. It enables fund transfers using just Mobile No + MMID, preserving privacy of account details.

RSA (Rivest–Shamir–Adleman) is the most widely used Asymmetric Encryption algorithm. It uses two different keys: a Public Key to encrypt data and a Private Key to decrypt it. This is the foundation of secure internet communication (SSL/TLS).

Operational CRM handles customer touchpoints. Analytical CRM works in the backend, analyzing the vast data generated by Operational CRM to provide insights (e.g., "Which customer is likely to buy a home loan?") using Data Mining and BI tools.

NETC (National Electronic Toll Collection) is the flagship program of NPCI developed to meet the electronic tolling requirements of the Indian market using RFID technology (FASTag).

CBDC is sovereign currency in digital form. Unlike bank deposits (liability of the commercial bank), CBDC is a direct claim on the Central Bank. It does not typically earn interest (to prevent it from competing with bank deposits) and exchanges at par with cash.

Cassettes are the removable boxes inside the ATM safe where cash is loaded. Typically, an ATM has 4 cassettes, each configured for a specific denomination (e.g., ?500, ?100, ?200).

MT 103 is the standard format for cross-border customer wire transfers. MT 202 is for bank-to-bank transfers. MT 700 is for Letter of Credit issuance.

A Private Cloud is dedicated infrastructure for a single organization. It offers the highest level of security and control, which is essential for core banking data where data privacy regulations are strict. Public cloud is shared and generally used for non-critical apps.

ML models learn the customer's spending behavior over time. If a transaction occurs that is unusual (e.g., huge amount, strange location, odd time), the ML system flags it instantly as potential fraud, far faster and more accurately than rule-based systems.

To protect merchant funds, RBI mandates strict settlement timelines. For PAs, the final settlement to the merchant must happen typically by T+1 (where T is the date of transaction capture) to ensure liquidity for the merchant.

The AA framework is built on standardised Open APIs. These APIs allow Financial Information Providers (Banks) to share data with Financial Information Users (Lenders) securely and in real-time, only after the customer gives digital consent via the AA handle.

DLP tools monitor data in motion (network traffic), data at rest (storage), and data in use (endpoints) to ensure that sensitive/confidential data is not leaked, emailed, or uploaded to unauthorized external locations.

RBI launches thematic cohorts to encourage innovation in specific areas. The first cohort (2019) was "Retail Payments" (e.g., offline payments), the second was "Cross Border Payments", the third was "MSME Lending", and fourth was "Prevention of Financial Frauds".

Vulnerability Assessment and Penetration Testing (VAPT) is a proactive security measure. While Vulnerability Assessment identifies potential weak points, Penetration Testing goes a step further by actively trying to exploit them to see how deep an attacker can get into the system, helping banks patch holes before real attacks occur.

IMPS offers two main modes: P2P (Person-to-Person) using Mobile Number + MMID, and P2A (Person-to-Account) using Account Number + IFSC. P2A is useful when the beneficiary is not registered for mobile banking but has a bank account.

RPO determines how much data the bank can afford to lose in a disaster. For example, if RPO is 15 minutes, it means backups must be done every 15 minutes, so at most 15 minutes of data is lost. Zero RPO means real-time data replication.

Hybrid Cloud offers the best of both worlds. Banks can maintain strict compliance and security for core customer data on on-premise/private clouds, while leveraging the massive computing power and lower cost of public clouds for testing, analytics, or peak loads.

Non-repudiation provides proof of the origin and integrity of data. Digital Signatures provide non-repudiation because only the sender has the private key to sign it; thus, they cannot later claim they didn't send it.

NIPL was incorporated in 2020 as a wholly-owned subsidiary of NPCI to internationalize India’s indigenous payment offerings like UPI and RuPay cards, partnering with countries like Singapore, UAE, and Nepal.

Media Access Control (MAC) address is a unique hardware identifier burned into the network card (Layer 2). Internet Protocol (IP) address is a software-assigned address that can change depending on the network location (Layer 3).

The API Gateway sits between the outside world (Fintech apps) and the bank's core systems. It enforces security (authentication, rate limiting), traffic management, and analytics for all incoming API requests.

Keyloggers run silently in the background, capturing everything typed on the keyboard. This is a common method used to steal Netbanking login credentials.

The Issuer Bank issues the tag to the customer (vehicle owner). The **Acquirer Bank** onboards the Toll Plaza operator and acquires the transaction when a vehicle passes through, routing it to the Issuer for debit.

Apache Hadoop is an open-source software framework used for distributed storage and processing of huge datasets (Big Data) using the MapReduce programming model.

"On-us" means the card/account and the terminal belong to the same bank. "Off-us" means they are different (e.g., SBI customer using an HDFC Bank BC point), requiring routing through the NPCI switch.

In Pretexting, the attacker impersonates someone else in authority (e.g., "I am calling from the Bank's Fraud Dept") to manipulate the victim into divulging sensitive data like OTPs.

UAT is crucial to ensure the software handles real-world scenarios correctly. It validates the business logic and usability from the perspective of the people who will actually use the system.

Agent Institutions recruit and manage physical agents (human touchpoints) to allow cash-based bill payments for customers who are not digitally savvy.

IoT refers to a network of physical objects embedded with sensors. Banks use it for collateral management (tracking smart warehouses/vehicles) and transforming payment experiences (smartwatches, cars).

Inherence refers to something the user "is" (Biometrics). Password is "Knowledge" (something you know). OTP/Card is "Possession" (something you have).

NLP is a branch of AI that gives computers the ability to understand, interpret, and respond to text and spoken words in the same way human beings can.

RBI mandates that the core funds of customers in a PPI must not be co-mingled with the company's own funds. An Escrow Account ensures these funds are ring-fenced and used only for settled payments.

Very Small Aperture Terminal (VSAT) allows data transmission via satellite, bypassing the need for physical cables, making it ideal for connecting ATMs and branches in difficult terrains.

BOD is a mandatory process run before any transaction can take place. It updates the system date, checks system health, and enables transaction posting for the new day.

Unlike generic phishing (casting a wide net), Spear Phishing targets specific victims using personalized information (name, role) to increase the success rate of the deception.

5G allows for faster data transfer with minimal delay (latency). This is crucial for real-time fraud detection, high-frequency trading, and immersive customer experiences.

RBI mandated authorized Payment System Operators (PSOs) to implement an ODR system for resolving disputes and grievances related to failed transactions in a transparent, rule-based, and automated manner.

Neobanks operate entirely online/mobile. In India, since RBI does not yet issue virtual banking licenses, they typically partner with licensed scheduled banks to hold customer deposits while providing a superior UI/UX layer.

SSL (Secure Sockets Layer) or its successor TLS (Transport Layer Security) encrypts the link between the web server and the browser, ensuring privacy and data integrity. It turns HTTP into HTTPS.

Big Bang involves switching the entire bank to the new system at once (usually over a weekend). It is riskier but faster than the Phased approach.

SWIFT gpi transformed cross-border payments by providing a unique tracking reference (UETR) that allows banks to track the status of the payment in real-time across the correspondent banking network.

Quantum computers can solve complex mathematical problems much faster than classical computers. This capability could allow them to crack asymmetric encryption algorithms (like RSA) that currently underpin banking security, necessitating a move to Post-Quantum Cryptography.

In SIM Swap, the attacker convinces the mobile operator to issue a new SIM card for the victim's number. Once activated, the attacker receives all SMS/OTPs intended for the victim, bypassing 2FA security.