September 29, 2015 First Data is committed to maintaining the safety and security of sensitive data. In adherence with this principle First Data has established new standards—in alignment with industry best practices—around the encryption of communications over public networks. The National Institute of Standards and Technology (NIST) identified SSL (Secure Socket Layer) and earlier versions of TLS (Transport Layer Security, the successor protocol to SSL) as weak secure network communication protocols that are not acceptable for the protection of data. Upgrading to a current, more secure version of TLS is the only known way to remediate these vulnerabilities. In addition, the PCI Security Standards Council set a deadline of June 30, 2016 for migrating from SSL and early versions of TLS. All POS Software/Terminals, Gateways, APIs and NAMS that fail to upgrade may not continue to process transactions via Datawire Secure Transport (Datawire). Datawire will remove SSLv3, TLS v1.0 and SHA-1 TLS certificates and move to SHA-256 TLS certificates. The deadline for this change is June 30, 2016. Datawire will continue to offer support of SSLv3 and TLS v1.0 for POS for Software/Terminals, Gateways, NAMs and APIs until June 30, 2016. However, after June 30, 2016, Datawire will not support SSLv3, TLS v1.0 or SHA-1 certificates. Converting to a dialup may be an option for those that cannot support TLS v1.2 security protocol. The security Protocol TLS v1.2 is currently available in Datawire’s production environment. POS Software Vendors/Gateways can start testing in the staging area to get prepared for the June 30, 2016 deadline. Client Impact Clients will need to use POS Software, Terminals, NAMS and Gateways supporting TLS v1.2 and SHA-256 TLS certificates by June 30, 2016. VARs are responsible for servicing their POS system and for configuring their software to the new requirements. Clients will have to contact their VAR directly and find out what software updates their system will need in order to be compliant with the TLS v1.2 encryption standards and to ensure there will be no interruption to their payment processing. Users of MicroNode Models 1100 and 1400 will have updates automatically pushed to devices as long as they are connected to the internet. The 960 models will be out of scope and will not be affected by the updates. Vendor Impact Vendors will be responsible for updating their merchants POS Software/VARs, Gateways and APIs to support TLS v1.2 and SHA-256 TLS Certificates before June 30, 2016. Vendors will need to contact their merchants to notify merchants when the update has been made to their POS or VAR. © 2015 First Data Corporation. All Rights Reserved. All trademarks, service marks and trade names referenced in this material are the property of their respective owners. Datawire API Users will need to contact the Datawire integration team at securetransport.integration@firstdata.com to receive the latest APIs and finalize the verification of updates which will help avoid any service interruptions. Testing in the Datawire Staging (Testing) area should be completed first before updating the APIs in Production. Testing can start immediately with the Datawire integration team. Vendors/Clients that integrated with the Datawire NAM will contact the Datawire integration team at securetransport.integration@firstdata.com to receive a new installation package and complete verification of the updates. Only Vendors may contact the Datawire integration team to request testing in the staging area once updates have been made to their software at securetransport.integration@firstdata.com. For more information around the PCI guidelines please reference the PCI website. First Data is a global leader in payment technology solutions, and the safety and security of our clients’ data is our highest priority. First Data employs a dedicated team of global cybersecurity experts that monitor, evaluate and address potential security concerns 24 hours a day, seven days a week. As trends and practices evolve in the marketplace, First Data will continue to invest in innovative technology solutions to remain at the forefront of cybersecurity and data protection. Please contact your Account Manager or Relationship Manager if you have any more questions. Thank you, Datawire Support Team © 2015 First Data Corporation. All Rights Reserved. All trademarks, service marks and trade names referenced in this material are the property of their respective owners.