TransArmor SM A Secure Transaction Management SM Solution

1. TransArmorSMA Secure Transaction ManagementSMSolution Overview March 2010

2. Impact of Credit Card Fraud • More than 280 million payment card records were breached in 2008 alone1 • Merchants have collectively spent more than $1B on PCI-DSS compliance as part of their security systems2 • The value of credit card numbers make them the most targeted information for theft1 • The average cost of coping with a data breach in 2008 rose to $6.6 million—a 40 percent increase since 20063 1 Verizon, 2009 Data Breach Investigations Report, Verizon Business RISK Team, 2009 2 Letter to Bob Russo of the PCI Security Standards Council from the National Retail Federation, et. al., June 9, 2009. 3 Ponemon Institute, 2008 Annual Study: Cost of a Data Breach, February 2009

3. Merchant Fraud Problems and Costs • Merchant-based vulnerabilities appear at almost any point in the card processing environment – in transit, at rest, in use • Merchants take on significant risk by collecting and managing credit card data for business and marketing purposes. • Costs associated with an incident are unexpected and unknown until something happens, putting Merchants at further financial risk • Upfront costs to protect against vulnerabilities and meet PCI standards have escalated rapidly over the past few years Credit card numbers exist in too many places putting merchants at risk

4. Solving the Card Data Problem • Reduce the number of places where card data exists • Point-of Sale systems • CRM systems • MIS databases / reports • Remove the burden of protecting payment card data from the merchant • Reduce the Card Data Environment and PCI compliance efforts TransArmorSM, a Secure Transaction ManagementSM Solution

5. Introducing TransArmorSM • The First Data® TransArmorSM solution moves the burden of protecting payment card data from the merchant to First Data using a multi-level defense • Combines encryption and tokenization to protect data at every processing stage • Complimentary to Card Authentication technologies • Removes payment card information from the merchant completely by replacing the Permanent Account Number (PAN) with a ‘Token’ • Maintains all the merchant’s business benefits of storing the payment card data without the associated risk • Warrants the Token against compromise and fraudulent use

6. How it Works 3 1 First Data Switch Encryption 2 4 Merchant Issuer 5 SafeProxy Financial Token 6 Merchant Environment 4 First Data Datacenter Transaction Log Settlement Data Warehouse 6 6 6 Analytics Anti Fraud

7. Technologies Leveraged Two-level approach to protecting data at every point • Public/Private Key encryption (Asymmetric) • Data encrypted at capture with Public Key and can only be decrypted by the Private Key held by First Data • Encryption is only used to protect PAN during transit or offline situations • Tokenization • Replacement of PAN with a random number (Token) - no key to “crack” or steal • Token uses the same number format as the card data - last 4 digits of PAN are retained in the token • 1:1 Mapping of token to a PAN - the same card always returns the same token • Token replaces the card data in the merchants system

8. The First Data®TransArmorSM solution removes sensitive payment card data from Merchants’ systems Benefits 1Interview with Coalfire Systems 2Interview with Securitymetrics

9. How Can You Get Started? • Contact your First Data Sales Representative • Availability in early 2010 • Message specifications available soon