Protecting your Merchant Accounts from Unauthorized Intrusion

Overview

First Data rigorously protects the privacy of our customers. It is our strict policy to never request sensitive account information such as account numbers, user names or passwords via unsecured channels such as e-mail. Any e-mail you or your merchants receive that asks for account information should be treated as unauthorized and should not be given a response. This type of unauthorized request is called phishing.

What is Phishing?

Online phishing (pronounced "fishing") is an attempt to trick someone into revealing personal or financial information online. Phishers use phony Web sites or deceptive e-mail messages that mimic trusted businesses and brands to steal protected information such as user names, passwords and credit card numbers. While we continue to take every possible step to prevent such attacks, responsibility also rests on each business to educate its employees on these scams to reduce risk and avoid becoming a victim.

Protecting Against Phishing Attempts

Most importantly, remember First Data never requests sensitive account information such as account numbers, user names or passwords via unsecured channels such as e-mail.

Please follow these steps if you, anyone in your organization or any of your merchants has doubts about an email relevant to payment processing or receives a phishing email that claims to come from First Data.

• If you or your merchants are sent a questionable e-mail, do not respond or click on any links.
• If you or your merchants have received a phishing e-mail marked from First Data and has already responded with information, contact us immediately.

E-Mail Best Practices

Here are additional tips to help your organization protect against phishing attempts.

• Be defensive with your personal and company information.
• Evaluate all communications carefully.
• Be suspicious of every request for proprietary information unless initiating a transaction yourself.
• Be wary of clicking links in e-mail messages and instant messages.
• Remember phishing sites can look extremely realistic. Bona fide organizations rarely initiate online requests for such information.
• Use extreme caution when providing sensitive data, especially in an e-mail message, instant message or pop-up window.
• Navigate directly to trusted Web sites by entering the URL in the browser Address Bar, rather than navigating through embedded hyperlinks.
• Check to see if there is HTML (unlikely in an authentic communication) or other errors(spelling, grammar).
• When you are entering personal or financial information on a Web site, check the security certificate and/or make sure the site utilizes Secure Hypertext Transfer Protocol (represented by a Web address prefix of “https”).

If you have any questions or security concerns, please do not hesitate to contact us. We value your business and are ready to assist you.