Copyright 2009, First Data Corporation. All Rights Reserved.

TransArmorSM A Secure Transaction ManagementSM

Solution

March 2010

Overview

Copyright 2009, First Data Corporation. All Rights Reserved.

Impact of Credit Card Fraud• More than 280 million payment card records were breached in

2008 alone1

• Merchants have collectively spent more than $1B on PCI-DSS compliance as part of their security systems2

• The value of credit card numbers make them the most targeted information for theft1

• The average cost of coping with a data breach in 2008 rose to $6.6 million—a 40 percent increase since 20063

1 Verizon, 2009 Data Breach Investigations Report, Verizon Business RISK Team, 2009 2 Letter to Bob Russo of the PCI Security Standards Council from the National Retail Federation, et. al., June 9, 2009.3 Ponemon Institute, 2008 Annual Study: Cost of a Data Breach, February 2009

Copyright 2009, First Data Corporation. All Rights Reserved.

Merchant Fraud Problems and Costs• Merchant-based vulnerabilities appear at almost any point in the

card processing environment – in transit, at rest, in use

• Merchants take on significant risk by collecting and managing credit card data for business and marketing purposes.

• Costs associated with an incident are unexpected and unknown until something happens, putting Merchants at further financial risk

• Upfront costs to protect against vulnerabilities and meet PCI standards have escalated rapidly over the past few years

Credit card numbers exist in too many places putting merchants at riskCredit card numbers exist in too many places putting merchants at risk

Copyright 2009, First Data Corporation. All Rights Reserved.

TransArmorSM, a Secure Transaction ManagementSM SolutionTransArmorSM, a Secure Transaction ManagementSM Solution

Solving the Card Data Problem• Reduce the number of places where card data exists

– Point-of Sale systems

– CRM systems

– MIS databases / reports

• Remove the burden of protecting payment card data from the merchant

• Reduce the Card Data Environment and PCI compliance efforts

Copyright 2009, First Data Corporation. All Rights Reserved.

Introducing TransArmorSM

• The First Data® TransArmorSM solution moves the burden of protecting payment card data from the merchant to First Data using a multi-level defense

– Combines encryption and tokenization to protect data at every processing stage

– Complimentary to Card Authentication technologies

– Removes payment card information from the merchant completely by replacing the Permanent Account Number (PAN) with a ‘Token’

– Maintains all the merchant’s business benefits of storing the payment card data without the associated risk

– Warrants the Token against compromise and fraudulent use

Copyright 2009, First Data Corporation. All Rights Reserved.

How it Works

SafeProxy

Merchant

Anti FraudAnalytics

First Data Switch

Issuer

Transaction LogSettlementData Warehouse

1

2

3

4

4

6

6 6

6

Firs

t D

ata

Dat

acen

ter

5

Encryption

Financial Token

Mer

chan

t E

nviro

nmen

t

1. Credit Card is swiped at the merchant’s POS

2. PAN/Track data/exp dates encrypted using a Public Key in the POS device and sent to First Data

3. Encrypted Transaction is Decrypted using Private Key in First Data’s HSM

4. Card number is passed to bank for authorization and SafeProxy server for tokenization

5. Authorization and token are returned to the merchant

6. Token is stored in place of the card number in all places

7. Adjustments, refunds, ‘Card not present’, and settlement use the token in place of the card number

Copyright 2009, First Data Corporation. All Rights Reserved.

Technologies LeveragedTwo-level approach to protecting data at every point

• Public/Private Key encryption (Asymmetric)

– Data encrypted at capture with Public Key and can only be decrypted by the Private Key held by First Data

– Encryption is only used to protect PAN during transit or offline situations

• Tokenization

– Replacement of PAN with a random number (Token) - no key to “crack” or steal

– Token uses the same number format as the card data - last 4 digits of PAN are retained in the token

– 1:1 Mapping of token to a PAN - the same card always returns the same token

– Token replaces the card data in the merchants system

Copyright 2009, First Data Corporation. All Rights Reserved.

BenefitsThe First Data® TransArmorSM solution removes sensitive payment card data from Merchants’ systems

Key Benefits

Risk Reduction

• Increases security of payment card transactions protecting your brand reputation & revenue stream

• Less complex and more secure than encryption alone

• Warrants against a compromise on the Token

Cost Savings

• Significantly reduces PCI remediation timelines (up to 50%)1

• Significantly reduces PCI compliance scope (up to 80%)2

• Operational cost that scales with consumption vs. large, recurrent capital outlays

Business Continuity

• Hardware, card association and merchant acquirer agnostic

• Integrates with VARs and Third Party solutions

• Enables continued analytics and reporting capabilities

• Enables cloud computing scenarios

1Interview with Coalfire Systems2Interview with Securitymetrics

Copyright 2009, First Data Corporation. All Rights Reserved.

How Can You Get Started?• Contact your First Data Sales Representative

• Availability in early 2010

• Message specifications available soon