TransArmorSM A Secure Transaction ManagementSM Solution Overview March 2010

Impact of Credit Card Fraud More than 280 million payment card records were breached in 2008 alone1 Merchants have collectively spent more than $1B on PCI-DSS compliance as part of their security systems2 The value of credit card numbers make them the most targeted information for theft1 The average cost of coping with a data breach in 2008 rose to $6.6 million—a 40 percent increase since 20063 1 Verizon, 2009 Data Breach Investigations Report, Verizon Business RISK Team, 2009 2 Letter to Bob Russo of the PCI Security Standards Council from the National Retail Federation, et. al., June 9, 2009. 3 Ponemon Institute, 2008 Annual Study: Cost of a Data Breach, February 2009

Merchant Fraud Problems and Costs Merchant-based vulnerabilities appear at almost any point in the card processing environment – in transit, at rest, in use Merchants take on significant risk by collecting and managing credit card data for business and marketing purposes. Costs associated with an incident are unexpected and unknown until something happens, putting Merchants at further financial risk Upfront costs to protect against vulnerabilities and meet PCI standards have escalated rapidly over the past few years Credit card numbers exist in too many places putting merchants at risk

Solving the Card Data Problem Reduce the number of places where card data exists Point-of Sale systems CRM systems MIS databases / reports Remove the burden of protecting payment card data from the merchant Reduce the Card Data Environment and PCI compliance efforts 2008 was a record year for number of records compromised: 285 million. Just three industries—Retail, Financial Services and Food and Beverage—accounted for three-quarters of the 2008 breaches. 99.9 percent of the records were compromised from servers and applications. As a percentage of caseload for the Verizon Business RISK Team, payment card breaches remain near the 80 percent mark and far outnumber the other data types. They consume 98 percent of all records compromised in 2008. Fraudulent use of stolen card data was confirmed in 83 percent of Verizon’s cases. 91 percent of all compromised records were linked to organized criminal groups. In 66 percent of the cases, the breach involved data that the organization didn’t even know was on the system. TransArmorSM, a Secure Transaction ManagementSM Solution

Introducing TransArmorSM The First Data® TransArmorSM solution moves the burden of protecting payment card data from the merchant to First Data using a multi-level defense Combines encryption and tokenization to protect data at every processing stage Complimentary to Card Authentication technologies Removes payment card information from the merchant completely by replacing the Permanent Account Number (PAN) with a ‘Token’ Maintains all the merchant’s business benefits of storing the payment card data without the associated risk Warrants the Token against compromise and fraudulent use

How it Works Merchant Environment First Data Datacenter SafeProxy 3 1 First Data Switch Issuer 2 Encryption 4 5 Financial Token 1. Credit Card is swiped at the merchant’s POS 2. PAN/Track data/exp dates encrypted using a Public Key in the POS device and sent to First Data 3. Encrypted Transaction is Decrypted using Private Key in First Data’s HSM 4. Card number is passed to bank for authorization and SafeProxy server for tokenization 5. Authorization and token are returned to the merchant 6. Token is stored in place of the card number in all places 7. Adjustments, refunds, ‘Card not present’, and settlement use the token in place of the card number 6 Merchant Environment First Data Datacenter 4 Transaction Log Settlement Data Warehouse 6 SafeProxy Analytics Anti Fraud 6 6

Technologies Leveraged Two-level approach to protecting data at every point Public/Private Key encryption (Asymmetric) Data encrypted at capture with Public Key and can only be decrypted by the Private Key held by First Data Encryption is only used to protect PAN during transit or offline situations Tokenization Replacement of PAN with a random number (Token) - no key to “crack” or steal Token uses the same number format as the card data - last 4 digits of PAN are retained in the token 1:1 Mapping of token to a PAN - the same card always returns the same token Token replaces the card data in the merchants system

Benefits The First Data® TransArmorSM solution removes sensitive payment card data from Merchants’ systems Key Benefits Risk Reduction Increases security of payment card transactions protecting your brand reputation & revenue stream Less complex and more secure than encryption alone Warrants against a compromise on the Token Cost Savings Significantly reduces PCI remediation timelines (up to 50%)1 Significantly reduces PCI compliance scope (up to 80%)2 Operational cost that scales with consumption vs. large, recurrent capital outlays Business Continuity Hardware, card association and merchant acquirer agnostic Integrates with VARs and Third Party solutions Enables continued analytics and reporting capabilities Enables cloud computing scenarios 1Interview with Coalfire Systems 2Interview with Securitymetrics

How Can You Get Started? Contact your First Data Sales Representative Availability in early 2010 Message specifications available soon