32. In this Act, unless the context otherwise requires- "acquirer" means the bank or the financial institution that is authorized to appoint merchants to accept payment device transactions or offers cash disbursement services to payment device holders or both such functions, and where the payment devices accepted by the merchants are cleared and settled and the proceeds are reimbursed by the acquirer; "authorisation" means the process by which an acquirer obtains an approval from the Issuer for a payment device transaction. The authorisation process could be either by voice recognition or by electronic means; "cardholder" means the person or organization named on the face of a payment device to whom or for whose benefit the payment device is issued by an Issuer; "counterfeit payment device" means a counterfeit, fictitious, altered or forged payment device, or a payment device where an identifiable component is counterfeit; "card making or altering equipment" means a part of, or complete equipment or machinery, whether manual, electro magnetic or electronic, used for embossing, encoding, recording or storing data on any payment device and which may also be used for producing counterfeit payment devices; "computer" means an electronic or similar device having information processing capabilities; "data" means a representation of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer or in a payment device or which is stored or generated by a computer; "fraudulent application" means an application made to obtain a payment device which contains any falsified documents, false information, fictitious identity and address or any other false pretences or misrepresentations and which induces the Issuer to issue a payment device; "fraudulent merchant application" means an application made by a person, a body of persons, entity or organization pretending to be a merchant using information that is false, incorrect or misleading in order to mislead the acquirer into believing that the merchant will accept the payment device; "full track data" means the data including the discretionary data encoded on track one and two on the magnetic stripe of a payment device; "holder" means a person to whom a payment device is issued on an application made to an Issuer; "Information" includes data, text, images, sound, codes, computer programmes, databases or microfilm;"information system" includes a system, whether automated or manual (including telecommunications, computer or computer related or interconnected system or sub-systems of equipment or both such systems or sub-systems) which comprises people, machines and methods, that is used to collect, process, store, manipulate, manage, transmit, display, disseminate, switch, interchange, or receive voice or data, or both and includes software, firmware and hardware;"Issuer" means a banking institution or other body, authority or institution legally authorized to issue a payment device and thereby enter into a contractual relationship with the holder thereof; "merchant" means a person or an organisation which is acknowledged by an issuer to sell goods and services or disburse cash on the acceptance of a payment device;"payment device" means-
| (a) a credit card and includes any card, plate, code, account number, microchip, optical instrument or document wherein magnetised encoding has taken place; or |
|
| (b) a device in which account numbers and mandatory or discretionary data or information relating to the holder of such device is recorded and stored by mechanical, electronic, electro magnetic, optical or other means, and which card or device is recognized by the Issuer thereof, and which facilitates-
| | (i) the extension of credit for obtaining goods or services; or | | |
| | (ii) the making of cash withdrawals and doing other acts in relation to a bank account, | | |
|
|
"payment device holder information" includes, any information imprinted, encoded or embossed on the payment device such as the account number or name or address of the holder thereof; "point of sales network" means the network of point of sales terminals deployed by the acquiring bank; "produce" means design, alter, authenticate, duplicate or assemble; "skimming" means the copying of encoded data on the magnetic stripe of one payment device to another genuine or counterfeit device including white plastic; "traffic" includes manufacturing, importing, exporting, keeping with intent to transfer, concealing, buying, selling, giving, receiving, storing, administering, transporting, carrying, sending, delivering, procuring, supplying or distributing without lawful authority or reasonable excuse one or more counterfeit or unauthorised payment devices; "traffic data" means-
| (a) data that relates to the attributes of a communication by means of an information system or computer system; |
|
| (b) generated by an information system or computer system that is part of a service provider; |
|
| (c) data, which shows communications origin, destination, route, time, data, size, duration or details of subscriber information; and |
|
| (d) any data flowing through a communication system. |
|
"unauthrorised payment device" means any payment device which is stolen, lost, expired, revoked, cancelled, suspended or obtained or used by misrepresentation of facts. |
Sri Lanka Consolidated Acts