NetMATRIX (Multi-Application Transaction Routing and Identification eXchange) Terminal Line Encryption - is the complete solution for banks wishing to introduce terminal line encryption into their existing POS network infrastructure. 1. Multi-box, high-performance, high-availability, load-balancing architecture 2. Multi-host links: Performs smart routing to multiple hosts 3. Multiple channels: dial-ups, lease lines, GPRS, broadband 4. End-to-end encryption (E2EE) featuring multiple encryption algorithms : TEA, DES, 3DES, AES 5. Upstream/Downstream encryption 6. Multiple MACing algorithms : X9.9, X9.19, SHA-1 + X9.9, SHA-1 + X9.19 7. Multiple key management schemes: Unique key per terminal, unique key per transaction 8. Supports different messaging formats (full message encryption, selected field encryption) 9. Local and remote secure key injection capabilities 10. Supports leading terminal brands and models 11. PCI compliance With NetMATRIX TLE, we addressed network security and fraud threats with a plug-and-play solution that requires no host changes. In providing critical capabilities such as remote key injection and management, NetMATRIX also addresses other administration and deployment issues such as mixed terminal environments, phased deployments, and key changeovers. Despite its holistic approach to security and encryption, it is also scalable and highly available to meet the demands of mission-critical, high-volume transaction processing environments providing 3-in-1fuctionality: a combination Switching NAC, Concentrator NAC and TLE.

2. Agenda

3. PAYMENT & SECURITY TRENDS

4. Payments: The story so far… “… Globally, the drive to increase (card) payments efficiency and security is relentless…” “… Globalisation is increasingly emphasising the need for widely accessible, seamless, & secure ways of effecting non-cash payments to facilitate consumer spending, and to reduce fraud and money laundering.…” “… More efficient, effective systems could also help lessen systemic risk & potentially provide a source of additional retail revenue for banks.…”

5. Vietnam embraces the electronic era “… Vietnam is regarded by the global banking industry as one of the most fertile growth hotspots in the world, particularly for cards and electronic payments….” VRL Financial News, October 2009

6. Security: The story so far… “… increased incidences of ATM and card skimming.…” “… the need to reassure cardholders about the safety and security of card transactions.…” “ Statistics from 2007 show the level of payment card fraud in Vietnam stood at 0.15 percent of total card payments, a much higher level than the global average of 0.06 percent.”

7. E2EE: What is it? Computer Desktop Encyclopedia “… is defined as the continuous protection of the confidentiality and integrity of transmitted information by encrypting it at the origin and decrypting at its destination.…”

8. E2EE: The story so far… Smart Card Alliance Sept 2009

9. KEY CONCEPTS OF TLE

10. In cryptography, encryption , is the process of transforming information to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (Wikipedia) en·cryp·tion /-'krip-sh&n/

11. MAC-ing is the process of “fingerprinting” data to allow any tampering to be detected, where the fingerprint is encrypted so only Sender/Receiver can form a real MAC and thus, allowing the receiver to authenticate & verify the message Message Authentication Code

12. THE MALAYSIAN EXPERIENCE

13. Real Tapping Threats

14. Wire tapping threats

15. A brief look at history…

16. The Line Encryption Working Group

17. Design Parameters

18. Key Considerations

20. General Approaches Host-based Host HSM NAC NAC-based Host Interception-based Host NAC SNAC NAC NAC NAC NAC NAC

21. Data Center Host NAC TLE: Typical Transaction Flow Terminal Encrypt selected fields in transaction 1 Send to Host 4 Decrypt & validate transaction 2 Reform to original message 3 Response from Host 5 Encrypt & MAC response 6 Decrypt & validate response message 7

22. THE RESULTS

23. The Results… Source: Visa VPSS Payment Security Bulettin, 2006

24. The Results… Source: Visa VPSS Payment Security Bulettin, 2006

25. The Results… Source: Visa VPSS Payment Security Bulettin, 2006

26. The Results… Source: Visa VPSS Payment Security Bulettin, 2006

27. The Results…

28. Payments: The story today… Source: BNM, 2009 Financial Stability and Payment Systems Report 2008

29. Payments: The story today “… (card fraud) losses continued to be insignificant, accounting for less than 0.04% of total card transactions during the year.”

30. PAYMENT SECURITY MYTHS

31. Encryption Myths

32. Summary: Considerations for TLE Addresses all threats Addresses Implementation issues Addresses Deployment Issues Addresses Administration Issues Multi-channel & multi-device Support Remote Key Injection Vendor Independence Performance Cost-Effective

34. WHAT IS NETMATRIX TLE?

35. NetMATRIX TLE (Terminal Line Encryption) is a plug-and-play solution for banks who wish to introduce terminal line encryption into their POS network infrastructure Net MATRIX Terminal Line Encryption

36. NetMATRIX TLE: Approach Host-based Host HSM NAC NAC-based Host Interception-based Host NAC SNAC NAC NAC NAC NAC NAC

37. Key Considerations

38. Key Features

39. Key Features

40. NETMATRIX ARCHITECTURE

41. Credit Card Host NII: 160 “ Typical” Transaction Flow Issuing Bank Host Acquiring Bank EDC Terminals Switching NAC Remote NAC Remote NAC Net MATRIX Acquiring Host 160 Message

42. Credit Card Host NII: 160 NetMATRIX TLE NII: 161 Encrypted Transaction Flow Issuing Bank Host Net MATRIX Acquiring Bank Acquiring Host EDC Terminals Switching NAC Remote NAC Remote NAC 161 Enc Message 160 Enc Message

43. Encrypted Transaction Flow II Credit Card Host NII: 160 NetMATRIX TLE NII: 161 Net MATRIX Acquiring Bank Acquiring Host Issuing Bank Host EDC Terminals Switching NAC Remote NAC Remote NAC 161 Enc Message 160 Enc Message

44. Data Center Host NAC NetMATRIX: How it Works Terminal Encrypt selected fields in transaction 1 Send to Host 4 Decrypt & validate transaction 2 Reform to original message 3 Response from Host 5 Encrypt & MAC response 6 Decrypt & validate response message 7

45. Efficiency: Clustering & Load-Balancing Load Balancing Host NAC TCP/IP Cluster

46. Business Continuity: Auto-Failover TCP/IP Failover Host NAC TCP/IP Cluster

47. GHL SYSTEMS

48. Our Mission To be the leading end-to-end payment services enabler in the Asia-Pacific region, deploying world-class payment infrastructure, technology and services

49. Products & Services offerings World-class payment infrastructure, services and technology: Transaction routers & concentrators Terminal Line Encryption technologies Loyalty & Online Payment solutions Smartcard technologies 24x7 Managed Network Services Consulting Services Terminal Management Solutions Contactless Payments

50. Complete Payment Network Integration

51. Addressing Strategic Needs

54. Malaysia Singapore Indonesia Vietnam Brunei Customer References

55. Philippines China / Hong Kong Middle East Romania Asia/Pacific Australia / New Zealand Thailand Customer References

56. Thank you Alex Tan Vice President – International Sales [email_address]