Robert Steinman, COO Robert@tenderarmor.com The Most Trusted Cards in the Market Robert Steinman, COO Robert@tenderarmor.com

The one truth in banking… Loss of trust > loss of $$$

$38 Billion in card-not-present (CNP) fraud losses globally per year and steadily increasing – the largest fraud category by more than 3-1 (Javelin 1/17)

ACI Universal Payments 2016 U.S. Stats 67% of consumers would adopt a security service like CVV+ from a bank (TA Q1/16 and Amex 8/16) 54% of consumers use their payment cards less after the card has been compromised (TA Q1/16 and Amex 8/16) 87% of US merchants are using the card security code in ecommerce transactions (US Payment Card Forum 3/17) ACI Universal Payments 2016

ACI Universal Payments 2016 Worldwide Stats 1 out of 86 Transactions is a fraudulent attempt 40% after experiencing fraud of consumers use the replacement card less 30% have experienced card fraud in the past five years ACI Universal Payments 2016

Why do banks need to prevent fraud? Lessen False Positive Declined Authorizations International Mandates Diminish Replacement Cards Costs Increases Revenues

A dynamic, two-factor, fraud prevention solution that works on all card types and channels

524

Enrollment Sign up through your bank website: Select cards you want to protect Choose communication method(s) – mobile app, text, email, text-on-demand Choose how often your CVV+ code changes

Seasoned Industry Professionals Madeline Aufseeser, CEO Nationally recognized & highly-respected 30 year well connected industry veteran analyst, speaker, product leader with Fortune 500 experience Robert Steinman, COO Concept leader, software engineer, proven successful entrepreneur Rodman Reef, CSO and Director Global payments expert & former Chairman and CEO of Citibank’s Citishare Corporation, EMV Migration Forum member, former director of NYCE, Maesto, The Clearing House’s Payments Co. & the EFTA Lester Diaz, CTO Former platform engineer and architect at FIS with 15+ years experience Lillie Platko, Marketing Executive Former group head MasterCard U.S. Debit Products & JPMC veteran Andy Copeman, European Business Development European payment industry leader. PSD2 expert. Experience; Aite Group, and RBS Tony Emrick, U.S. Business Development former senior business leader STAR network Advisory Board Members: Dan Henry, former CEO NetSpend Steven Bishop, former CTO FIS and Sandi Finn, entrepreneur, 30 year marketing professional and President of Cross Country Home Services

Merchant Processor Card Network Issuer Card Issuer (Bank) When a consumer makes a purchase the merchant requests cardholder authentication and confirmation that the funds are available Cardholder authentication can be completed by the Card Network, Issuer Processor or Card Issuer CVV+ can reside in any one of these locations

Dynamic Security Code Cards Feature CVV+ Dynamic Security Code Cards 3D Secure Protects CNP transaction from clearing authorization if the card is lost, stolen, account take-over, or compromised and not reported  Supports CNP phone transactions not just online Consumer controlled product vs. merchant controlled No merchant integration required Supports any card type Supports multiple cards and card types in a single installation Preventive vs detective No special device required Methodology detached from card, account, & PCI data Works on existing cards in market Reduces false positive declined transactions

Why choose CVV+ Fraud prevention not a detection or clean-up solution Authenticates the cardholder with the issuing authorizing entity not just a specific transaction Works in the existing eco-system without merchant dependency PCI compliant, meets regulatory objectives (PSD2) We’re Simple!

A Closer Look - Limitations & Vulnerabilities Comparison Pts 3D Secure CVV+ Required constituent adoption Merchants, issuers, and consumers: If a merchant is not using 3D secure than the issuer’s cardholder is not protected (no adoption, no coverage), unlikely there will be 100% 3DS adoption by all merchants which means banks and cardholders are still vulnerable Issuers and consumers: CVV+ is transparent to merchants and does not require merchants to adopt the service or change anything about the way they accept or process a transaction Interchange and liability shift Favors the merchant: 3DS creates a liability shift for the transaction reducing interchange rates merchants pay and reduces revenue bank card issuer receives. Subsequent fraudulent transactions become issuer responsibility (for any reason: account take over at the merchant and “friendly” fraud are two examples) No change: Issuers maintain interchange income at current rates and have no more or less liability responsibility Transaction types 1.0 online only, 2.0 most ecommerce channels: 3DS does not work for phone orders representing 20% of all CNP transactions in the US & higher in Europe with even higher fraud dollar volumes. Nor can 3DS work at the POS Online, phone, mobile, and POS: In addition to transactions such as online, CVV+ supports phone orders and can function as a dynamic PIN replacement at the POS. Additionally, CVV+ has other use cases such as call center cardholder authentication Authentication target Detection solution that authenticates the specific transaction: If the consumers’ merchant online account is hacked, the fraudster can start transacting because the card is already stored on file. 3DS only authenticates the transaction not the consumers’ merchant accounts, the consumer device, or consumers themselves Prevention solution that authenticates the cardholder: CVV+ authenticates the cardholder so if an individuals merchant or bank account is hacked and the security code printed on the card is entered and not the CVV+ code the transaction will get declined Static vs. dynamic data 3DS 1.0 Static data for authentication 3DS 2.0 Dynamic data on stepped up authentication requests only Dynamic data all the time: CVV+ uses a dynamic code that can change as frequently as the bank or cardholder wishes Controlling party Merchant decision when to invoke 3DS and cardholders opt-in: Merchants use risk based scoring models to decide when to use 3DS for both passive and stepped up authentication. Stepped up authentication requires further cardholder input during transactions. Issuer offers service and cardholders enroll either opt-in or mandated: All transactions for enrolled cardholders when the card security code is requested, no other cardholder action required Installation Requires special Access Control Server be deployed & system updates for issuers and merchants Easy deployment with choice of: SaaS Web API model or HSM deployment in data center

67% Key Findings Product Adoption & Usage Cardholder respondents say the product: 80% is “easy to understand” 69% is ”relevant” and “logical” 74% will make them feel safer when shopping online 70% feel it is believable and trustworthy Sparks Research: Online shopper study, 2016 67% of consumers are “likely” to use the product

CVV+ Pricing Includes: Comparable with typical EMV card replacement costs – annual FI price per enrolled card $3.00 - $5.00 based on FI portfolio size and cardholder enrollment method Includes: Supporting daily CVV+ security code delivery and transaction messaging White label English language website page templates for Bank websites CVV+ iPhone and Android mobile app Annual software upgrades and check-ups Unlimited consumer transaction model One time fees Re-occurring fee with minimum card enrollments Service implementation Annual software maintenance or licensing Monthly card on file

Robert Steinman, COO Robert@tenderarmor.com Thank-you for your interest in our service Any questions – Just call us, we are happy to help Robert Steinman, COO Robert@tenderarmor.com