1. Page 1 Business Banking Certification Training Table of Contents v. 4.18.1 Proprietary and Confidential TOPIC SECTION Overview1 Setting up the Admin Platform2 Accessing your FI Admin Platform Setting up Administrators and Policies Establishing Communications Mapping BAI Transactions Setting up Companies Managing Companies Administering the Customer Platform3 Accessing the Customer Platform Administering the System Customer Platform Basic Services4 Managing Accounts Adding a Stop Payment Submitting Request Forms Accessing SSO Products Customer Platform Transferring Funds5 ACH Book Transfer EFTPS Wire Transfer Admin Platform: Managing Operations6 Processing Files Running Reports Managing Security & Communications Case Study

2. Page 2 Intuit Proprietary and Confidential Business Banking Certification: Overview Business Banking Certification Objectives By the end of this course, you will be able to do the following:  Perform the necessary setup required for new FI employees and new customers  Establish global policies in the FI Admin Platform  Incorporate security best practices  Train business customers on how to use the platform  Support customer questions and issues  Process customer files  Manage day to day operational tasks

3. Page 3 Overview Intuit Financial Services University Business Banking Certification Training

4. Page 4 Intuit Proprietary and Confidential Business Banking Certification: Overview Business Banking FIAP – Financial Institution Administration Platform (aka FI Admin Platform) oFI Super User oFI Administrator CCP – Commercial Customer Platform oCompany Administrator oUser Administrator oUser SSO Terms to Know

5. Page 5 Intuit Proprietary and Confidential Business Banking Certification: Overview Technical Considerations Browser and Operating Systems Supported 1.Go to the Client Site (https://www.diclientsite.com) and log in with your DI number and current password. 2.Select Browser Policy in the Products & Services menu. 3.Click the link for “Intuit Financial Services Browser Policy”. The information here provides our main policy on browsers; options on the left provide further information on IE, Firefox, and more.

6. Page 6 Intuit Proprietary and Confidential Business Banking Certification: Overview Technical Considerations General Notes The screens in the Business Banking system have been designed to support a resolution of 1024 x 768 pixels or higher. You must enable Java in your browser. In all cases, the system supports ONLY the Java Virtual Machines supplied with the browsers – at present, no 3rd- party plug-ins are supported. You must enable cookies in your browser. Sample questions to ask a commercial client having login issues: Do you have Java enabled? Do you have cookies enabled? What browser and version are you using?

7. Page 7 Intuit Proprietary and Confidential Business Banking Certification: Overview Common Field Formats Phone numbers are automatically formatted with parentheses for the area code and a dash for the number. The extension is maintained as a separate field. Email addresses must contain an @ sign and a period. Email help will reference user@company.com as the example. Dollar amounts are automatically formatted with a dollar sign, comma, and decimal where appropriate. NOTE: You must enter a decimal and the cents for amounts that are not a whole dollar amount (for example, “100” is formatted to be “$100.00” as opposed to “$1.00”). ZIP Codes are 5 digits (additional 4 are optional and are automatically formatted with a dash). Dates are automatically formatted as mm/dd/yyyy.

8. Page 8 Intuit Proprietary and Confidential Business Banking Certification: Overview The Wildcard Feature When you place the wildcard at the beginning of the search string, it means that a data string must exactly match the pattern at the end in order to qualify as a match. When you place the wildcard at the end of the string, it means that the beginning of the data string must exactly match the pattern at the beginning in order to qualify as a match. Search StringMatchesDoes not match abc*abc, abcdef1abc, abner *abcabc, 123abcabcd, crab *abc*abc, abcd, 1abcabner, crab

9. Page 9 Intuit Proprietary and Confidential Business Banking Certification: Overview Common Button Formats Add - adds a new database record. Update - saves changes to an existing database record. Delete - removes a record from the database. Reset - removes changes to data-entry fields and returns the field values to their prior settings within the record. Submit - sends a request or initiates an action other than add, update, or delete. Main - returns the user to the Administration Menu in the Financial Institution Administration Platform or the user’s main screen in the Commercial Customer Platform. List - displays a summary of all database information pertaining to the current screen.

10. Page 10 Intuit Proprietary and Confidential FIAP Security Encryption Data encryption is a way of translating data into a form that is unintelligible without a deciphering mechanism; helps to protect against proprietary information getting into unauthorized hands. Intuit Financial Services requires browsers to have 128-bit encryption. User Authentication – One Factor Two-part login: a User ID and password are required for access. Password expiration is set to 30 days. Access to the FIAP is denied after three (3) incorrect passwords. The Super User must contact Intuit Financial Services to get reset. Financial institution administrators must contact the Super User. Note: A failed login attempt results from an invalid User Password entry or an invalid MFA challenge response. User Authentication – Multi-factor (above plus just one of the options below) 1.Phone OTP: For financial institutions that do not have the Business Banking VIP product Uses a one-time passcode (OTP) sent to voice mail, text or email Required for all FI Administrators upon every login 2.Token OTP: For financial institutions that have the Business Banking VIP product Uses a one-time passcode obtained from a physical token device Required for all FI Administrators upon every login IP Address Restriction Option to whitelist the external IP addresses where you do your administrative maintenance Consider setting up VPN-only access. Inactivity Timeout Feature Business Banking automatically logs the FI Administrator off of the system after 30 minutes of inactivity. This setting can not be changed. Access Rights Option to configure Dual Admin controls to reduce the rights of any one FI Administrator. Always provision unique login credentials for FI Administrators and educate users to never share credentials. Business Banking Certification: Overview

11. Page 11 Intuit Proprietary and Confidential CCP Security Business Banking Certification: Overview Encryption Same requirements as for FIAP (see previous page). User Authentication – One Factor A Company ID and password and User ID and password are required for access. The first part identifies the business and the second part identifies the individual user. The financial institution may choose to disable the Company Password, thus creating a three-part login for all businesses. Password expiration is set by the financial institution. Access to the CCP is denied after three (3) incorrect passwords. The Company Administrator must contact the financial institution to get reset. Other company users must contact the Company Administrator or a User Administrator. Note: A failed login attempt results from an invalid User Password entry or an invalid MFA challenge response. User Authentication – Multi-factor (above plus just one of the options below) 1.Phone OTP (“Enhanced MFA” in your contract) Uses a one-time passcode (OTP) sent to voice mail, text or email Users can enroll a computer to bypass this requirement for future logins 2.Token OTP (“Business Banking VIP” in your contract) Uses a one-time passcode obtained from a physical token device Required for all users at the business, at every login Note: A financial institution can enable Phone OTP for some businesses and Token OTP for other businesses if both products are in the contract. Inactivity Timeout Feature Business Banking automatically logs users off of the system after a designated period of inactivity. The Company Administrator and/or User Administrator can specify the length of inactivity for their business, which then applies to all users at that company. If no timeout is set, the default timeout is 10 minutes. Separation of Duties for Wire/ACH For ACH, EFTPS, and Wire Transfer, it is suggested to enable: “Require Approval” - requires an explicit approval for each initiated transaction “Require Approval by Other User” - if approval is required for any initiated transaction, an authorized user other than the initiator must give the approval “Restrict Initiation if User Limits are Exceeded” - users cannot exceed their set daily or transaction initiation limits ever

12. Page 12 Intuit Proprietary and Confidential Visit the Security section of the Client Site for information on various security topics, such as: Encryption Network Security (e.g. firewalls) Security Bulletins Data Center Operations webcast Consumer materials Intuit Financial Services' security products Security Business Banking Certification: Overview