Security. Global. In this bulletin... Bulletin No September 2013

Transcription

1 Global Security Bulletin No September 2013 In this bulletin... 3 Upcoming Expiration of the Security Certificates for PCI PTS POI V1 compliant Payment Terminals 6 Manage My Fraud and Risk Programs to Replace MasterCard Alerts 11 MasterCard Secure 2014 Program Updates 13 MasterCard Secure Directory Server IP Address Change and Proxy Update 15 MasterCard Secure Directory Server Upgrading SSL Libraries Reminder 16 MasterCard Secure Legacy Connectivity Decommission Reminder 18 Dual Message Stand-In Parameters for ATM Transactions 20 Vendors for Card Production Monthly Edition 25 Acquirers No Longer Accepting Chargebacks 27 Notification of Chargebacks Under the Global Merchant Audit Program Enclosures Calendar of Events Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) Acquirers No Longer Accepting Chargebacks Global Merchant Audit Program Chargebacks Legal Notices 2013 MasterCard. Proprietary. All rights reserved. Production Review Due

2 Contact Information About This Bulletin The monthly Global Security Bulletin is the primary source of changes to security information for customer security personnel. Changes to international Standards announced in this bulletin with an effective date are effective as of that date, regardless of when any such change is published in a manual or other document. If no effective date is specified in the article, the change is effective immediately. NOTE All articles apply to all customers unless specified otherwise. For More Information Some articles in this bulletin include specific contacts for more information. Customers with questions about other articles should contact their regional Help Desks or the Customer Operations team in their region or in St. Louis, Missouri, at: : : (in Canada and U.S. regions) (Spanish language support) Canada, Latin America and the Caribbean, Europe, South Asia/Middle East/Africa, and U.S. regions Asia/Pacific: Australia and New Zealand Brunei/Malaysia Cambodia/Laos/Vietnam China, Hong Kong, and Taiwan Indonesia Japan/Guam/Myanmar Korea Philippines Singapore Thailand Spanish language support Vendor Relations, all regions [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] 2 Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

3 Upcoming Expiration of the Security Certificates for PCI PTS POI V1 compliant Payment Terminals Topic(s): Fraud/Risk, PIN, POI/POS Terminal, Security Applies to: Acquirers Processors Summary: MasterCard reminds acquirers and processors that the security certificates for PIN Entry Devices (PEDs) compliant with version 1.0 (V1) of the Payment Card Industry (PCI) PIN Transaction Security (PTS) Point-of-Interaction (POI) Standard will expire on 30 April Action Indicator: A Attention warranted Effective Date: 30 April 2014 Summary The security certificates of PEDs at the POI installed under the PCI PTS POI V1 1 Standard will expire on 30 April After this date, these devices must not be used in any new installations. Devices approved under the PCI PTS POI V1 Standard reflect the level of security testing and evaluation available at the time. However, as time moved on and hacking methods evolved, these devices have become increasingly vulnerable to attack. Compliance Requirements for Acquirers Under the MasterCard PED Standards, acquirers must: For new installations, only use devices that have a valid PCI certificate. Acquirers should verify their certificates against the list of Approved PTS Devices on the PCI Security Standards Council (SSC) website: Website: approved_pin_transaction_security.php 1. As of V3, the PCI SSC renamed the PCI PED Standard as the PCI PTS POI Standard. Upcoming Expiration of the Security Certificates for PCI PTS POI V1 compliant Payment Terminals Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

4 Comply with the device management requirements (specifically those outlined in Requirements 29 and 32) of the PIN Security Requirements v1.0 document on the PCI SSC website under the PTS tab: Website: MasterCard also reminds acquirers and processors that noncompliance with the MasterCard PED Standards may result in: Noncompliance assessment fees or other disciplinary action; Potential financial responsibility for fraudulent transactions effected at noncompliant devices; and Potential responsibility for an account data compromise (ADC) event attributable to such use. Security Best Practices for Terminal Devices MasterCard encourages acquirers and processors to adopt the following security best practices for payment terminals, which will potentially reduce the likelihood of successful attacks: Terminal Replacement Plan Acquirers and processors should develop a plan for replacing devices that have expired certificates at the first opportunity following the device s expiration date. Such a plan should also take into account devices installed under more recent versions of the PCI PTS POI Standard. NOTE The certificate expiry date for PCI PTS POI V2-compliant devices is 30 April 2017, and the certificate expiry date for PCI PTS POI V3-compliant devices is 30 April The practice of replacing terminals should be part of the acquirer s migration plan, so that devices are retired from the acceptance network to minimize risk while optimizing these devices business life span. When migrating, ideally acquirers and processors should use devices compliant with the latest version of the PCI PTS POI Standard. A payment terminal replacement plan should also address malfunctioning devices and consider any models identified in MasterCard Global Security Bulletins (currently and in the future) as at-risk devices. Malfunctioning devices may be replaced with a device of the same generation; whereas, at-risk models should be immediately removed from the acceptance network. 4 Upcoming Expiration of the Security Certificates for PCI PTS POI V1 compliant Payment Terminals Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

5 Terminal Inventory Maintenance Acquirers and processors should maintain a documented, current inventory of their PCI PTS POI-compliant devices. Devices included in the inventory should have a unique identifier and be assigned an actual physical location of installment or storage. This inventory may be paper-based or electronic. The use of an electronic terminal management system is recommended. Skimming and Theft Prevention Acquirers should help ensure that their merchants and processors adhere to the applicable procedures outlined in the Skimming Prevention Best Practices for Merchants document on the PCI SSC website under the Fact Sheets & Info Supps tab: Website: It is particularly important that measures against device theft and unauthorized replacement are observed. Acquirers should ensure that merchants train their staff to report any incidents discovered as a result of visual inspections. Resale Prevention to the Secondary Market MasterCard discourages the resale of terminals with expired certificates to the secondary market. Prompt Reaction to MasterCard Security Announcements MasterCard continues to monitor and assess threats to payment terminals. In the event that MasterCard deems it necessary to release information about a specific compromise, MasterCard may from time to time make specific announcements (for example, unscheduled retirement dates for specific terminal models). Acquirers and processors should be prepared to promptly react to such announcements. For More Information Customers with questions about this article should contact: Fernando Lourenco Business Leader, Payment System Integrity, Transaction Security : [email protected] Customers with general questions about device security at the POI should send an message to: POI Security [email protected] Upcoming Expiration of the Security Certificates for PCI PTS POI V1 compliant Payment Terminals Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

6 Manage My Fraud and Risk Programs to Replace MasterCard Alerts Topic(s): Fraud/Risk, Security Applies to: Issuers Acquirers Processors Summary: Effective 15 September 2013, MasterCard will replace the MasterCard Alerts product with the Manage My Fraud and Risk Programs application. Customers must register for the new application s Report a Potential Account Data Compromise (ADC) and View MasterCard Data Compromise Alerts under the Manage My Fraud and Risk Programs application. Existing users that currently have access to MasterCard Alerts will not be migrated to the new Manage My Fraud and Risk Programs application. Action Indicator: M Mandate R Customer must register to have access to product or service Effective Date: 15 September 2013 Overview of MasterCard Alerts Replacement Effective 15 September 2013, MasterCard will replace the existing MasterCard Alerts with the Manage My Fraud and Risk Programs application. Manage My Fraud and Risk Programs is an application available on MasterCard Connect that replaces MasterCard Alerts and serves as the distribution method for account data compromise (ADC) events and permits issuers and acquirers to submit requests for ADC investigations. Principal customers previously registered for MasterCard Alerts must sign up for the Manage My Fraud and Risk Programs application through MasterCard Connect by 15 September All customer ID/ICA numbers must be registered for Manage My Fraud and Risk Programs through MasterCard Connect. Customers that do not register will incur noncompliance fees as follows. Billing Event Description Billing Event Rate (USD) Rate (BRL) MasterCard Alerts System Noncompliance 2SC1361 5,000 13,500 6 Manage My Fraud and Risk Programs to Replace MasterCard Alerts Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

7 Existing users of the MasterCard Alerts product will not automatically be provisioned for the Manage My Fraud and Risk Programs application. Customers previously registered for MasterCard Alerts must order the new product and provision their necessary customer ID/ICA numbers for Manage My Fraud and Risk Programs through MasterCard Connect. Companies must register at least two users for View MasterCard Account Data Compromise (ADC) Alerts and Report a Potential Account Data Compromise (ADC) under the Manage My Fraud and Risk Programs for the following ICA types: CM Cirrus and Maestro CS Cirrus EM Europay Cirrus and Maestro MC MasterCard MS Maestro In addition, the ICA numbers must be in Assigned or Live status. To request access, customers should go to the MasterCard Connect Store to order the Manage My Fraud and Risk Programs application using the following steps. 1. Go to 2. Log on using your User ID and Password. 3. Open Store on the MasterCard Connect home page. 4. Scroll down the list of available applications to select Manage My Fraud and Risk Programs. 5. Add Manage My Fraud and Risk Programs to Cart. 6. Open Cart and then Check Out. Additional ordering options will require the user to select Report a Potential Account Data Compromise (ADC) and if applicable, View MasterCard Account Data Compromise (ADC) Alerts. Each option will include the ability to select the appropriate ICA numbers for registration. Each ICA number listed in the drop down selection must have at least two users registered. Both issuers and acquirers can select Report a Potential Account Data Compromise (ADC) while only issuers can View MasterCard Account Data Compromise (ADC) Alerts. NOTE Each customer ID/ICA number listed in the drop down must have at least two users registered. Adding and Removing Customer ID/ICA s Use the Manage Subscription functionality in the MasterCard Connect Store to add and remove ICA data access for the Manage My Fraud and Risk application. If there is a need for additional ICA data, customers can manage the subscription to request the additional access. Manage My Fraud and Risk Programs to Replace MasterCard Alerts Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

8 1. Go to 2. Log on using your User ID and Password. 3. Click Store. 4. Locate Manage My Fraud and Risk Programs. 5. Under Subscription (to the right of the application) click Manage. The system will open a window that contains the customer ID/ICA number. 6. Check the box(es) next to the customer ID/ICA number(s) to add the access. Uncheck the ICA(s) to remove the access. NOTE Do not uncheck an ICA number that is already checked unless you want to remove your access. If you uncheck an ICA number, your access to the data for that ICA number will be removed. 7. Click Place Order. The system will display a confirmation message confirming that the subscription has been updated. Further instructions for ordering and provisioning the Manage My Fraud and Risk Programs application is available through the Support section of the MasterCard Connect home page. From the Support menu, click Help and go to the How Do I Order Applications and How Do I Manage Subscriptions. Reporting a Potential Account Data Compromise (ADC) A customer must use the revised ADC Reporting Form in the Manage My Fraud and Risk Programs application to report and provide information about an ADC Event or Potential ADC Event. The use of this form is important as it provides a central location for all ADC Event or Potential ADC Events and is monitored daily by MasterCard. A registered user may access the ADC Reporting Form by following these steps: 1. Go to 2. Log on using your User ID and Password. 3. Click Applications, and then click Manage My Fraud and Risk Programs. 4. Under Manage My Fraud and Risk Programs, click Report a Potential Account Data Compromise (ADC) at the left of the screen. 5. Read the Terms and Conditions, check the box to accept the Terms and Conditions, and click Save & Continue. 6. The member customer ID/ICA number will be automatically populated on the Welcome screen. Customers will see their institution name, along with provisioned selections for their customer ID/ICA number and institution type from a dropdown box. Once selections are made, click Save & Continue to progress to the reporting form. 8 Manage My Fraud and Risk Programs to Replace MasterCard Alerts Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

9 Customers will have access to their submitted forms via the enhanced product, along with the ability to provide additional information at the request of MasterCard. For ADC Reporting Form field definitions, refer to the MasterCard Alerts and ADC Reporting Form Field Definitions in the Account Data Compromise User Guide. All account files must be submitted in either text format or Excel format and contain at least 10 valid accounts for review by MasterCard. Customers that do not submit a file that meets the validation requirements will be sent an asking to resubmit the account file with the proper requirements. For further information regarding required account file format, refer to Appendix A of the Account Data Compromise User Guide. Customers will receive an confirmation of submittal indicating a file was received for a specific case. If the file does not meet validation requirements, customers will also receive an notification with instructions on how to resubmit their account file using the Manage My Fraud and Risk Programs product. View MasterCard Account Data Compromise Alerts A customer must use View MasterCard Account Data Compromise (ADC) Alerts to review and download at-risk accounts. If applicable, a registered user may access the View MasterCard Account Data Compromise (ADC) Alerts by following these steps: 1. Go to 2. Log on using your User ID and Password. 3. From the top of the MasterCard Connect home page, click Applications, and then click Manage My Fraud and Risk Program. 4. Under Manage My Fraud and Risk Program, click View MasterCard Account Data Compromise (ADC) Alerts located on the left side of the screen. Customers will see their provisioned alerts for download, with columns for Alert, Dissemination Date, Case Type, of Accounts, Data Elements At-Risk, and Alert Narrative. Customers can select one or more Alert s to view in either.txt or.csv format by checking the box and select Retrieve Alerts. For Alert field definitions, refer to the Manage My Fraud and Risk Programs Dissemination File Format and Field Definitions in the Account Data Compromise User Guide. Manage My Fraud and Risk Programs to Replace MasterCard Alerts Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

10 Important Information Regarding Enhanced ADC Alert Supplemental Data Customers will have the ability to download ADC Alert data in either.txt or.csv format in the new Manage My Fraud and Risk Programs application. The.txt file option will only provide the primary account number (PAN) data, while the.csv option will provide several additional supplemental data fields with varying lengths and start positions. The.txt file option for downloading ADC Alert data will combine all account data for all impacted provisioned ICAs into one file. This is applicable to either one Alert or multiple Alerts are selected for download. In addition to PAN, the.csv file option for downloading ADC Alert data will provide the user additional supplemental data elements as announced in Global Operations Bulletin No. 8, 1 August For additional details about the supplemental data elements provided in the.csv file, refer to the MasterCard Alerts Dissemination File Format and Field Definitions in the Account Data Compromise User Guide. For More Information Customers with questions about the information in this article should contact Customer Operations using the Contact Information provided in this bulletin, their regional Help Desk, or a regional Customer Security and Risk representative. An updated Account Data Compromise User Guide will be published in October 2013 before the implementation of the Manage My Fraud and Risk Programs application. 10 Manage My Fraud and Risk Programs to Replace MasterCard Alerts Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

11 MasterCard Secure 2014 Program Updates Topic(s): Authorization, Chargebacks, Clearing, E-commerce, Fraud/Risk, Merchant Applies to: Issuers Acquirers Processors Summary: MasterCard is notifying issuers, acquirers, and processors of the following planned MasterCard Secure updates for 2014: Attempts Server for stand-in authentication of Merchant Verification Enrollment Requests History Server for transaction tracking Customer Database and Information Certification Action Indicator: M Mandate C A Coding or development changes typically required Attention warranted Effective Date: During 2014 Background The processing of MasterCard Secure transactions began in Over the past ten years, MasterCard has been improving the program with various technical enhancements and program rules. MasterCard is taking the next major program enhancements with the implementation of the Attempts Server, History Server, and Customer Database and Information Certification. Attempts Server Used to provide Accountholder Authentication Value (AAV) stand-in processing when The Issuer s Access Control Server (ACS) is not available The cardholder s enrollment data is not available on the issuer s ACS The issuer is not enrolled in the Secure Program History Server Used for MasterCard to track all final disposition of transaction authentication. Customer Database and Information Certification Used for enhanced relationship management of issuers, acquirers, merchants, and service providers (ACS and MPI). MasterCard Secure 2014 Program Updates Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

12 Implementation Considerations The following should be considered by issuers and acquirers for the MasterCard Secure program enhancements. The Attempts Server will require all Merchant Plug-in (MPI) providers to communicate UCAF AAV values to Acquirer authorization processors. This communication is required for all transactions where the Directory Server provides stand-in authentication for cards that are not enrolled in the MasterCard Secure program with their ACS service provider or ACS service provider is not available to authenticate the cardholder. As Attempts Processing implements, the MasterCard stand-in AAV values will be based on a common MasterCard key for AAV generation rather than the issuers specific key. This will impact any issuer who is performing their own AAV Validation when authorizing their transactions. MasterCard will change the MasterCard on-behalf AAV Validation service to appropriately validate both the issuer s key and MasterCard stand-in key. Issuers with concerns with AAV Validation as part of their authorization should contact MasterCard Secure Customer Support. The History Server will require all ACS service providers to communicate the details of all authentication transactions to the History Server as per the 3-D Secure protocol. Issuers should immediately contact their ACS service providers to ensure their provider can support communication to the MasterCard History Server. The new Customer Database and Information Certification will require all issuers and acquirers to maintain their enrollment and processing information for card ranges, merchants, service providers, authentication method, and specific contact and technical information. ACS and MPI service providers are also required to maintain their information for customer relationship management and processing certification/audit. Operational Impacts MasterCard will communicate specific operational impacts for communication to the History Server, processing of Attempts Server stand-in authentication UCAF AAV values and new Customer Enrollment and Information attestation forms in a future Global Operations Bulletin. For More Information Customers with questions about these updates should contact: [email protected] 12 MasterCard Secure 2014 Program Updates Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

13 MasterCard Secure Directory Server IP Address Change and Proxy Update Topic(s): MasterCard Secure Applies to: Acquirers Processors Summary: Effective 2 February 2014, the MasterCard Secure Directory Server URL at directory.securecode.com will be moving to a new IP address ( ). Action Indicator: C Coding or development changes typically required A Attention warranted Effective Date: 2 February 2014 Overview As part of the ongoing improvements to provide the greatest reliability of MasterCard Secure, effective 2 February 2014 at 03:00 St. Louis, Missouri, time, the MasterCard Secure Directory Server URL at directory.securecode.com will move to a new IP address ( ). During this update, the Directory Server will migrate to an HTTP/1.1 compliant proxy, which will improve overall connectivity resiliency and performance. This update will not affect any acquirers, merchants, or Merchant Plug-in (MPI) providers that use the directory.securecode.com URL and do not block untrusted IP addresses via whitelisting (a firewall configuration that allows only specific IP addresses to access the network). Any acquirers, merchants, or MPI providers that have whitelisted the current IP address on their firewalls or applications will need to make updates to also trust the new IP address prior to the change. MasterCard Secure Directory Server IP Address Change and Proxy Update Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

14 Impact on Acquirers, Merchants, and MPI Providers As per 3-D Secure protocol, all requests to the MasterCard Secure Directory Server should use the URL (directory.securecode.com) for connectivity. If the current MasterCard Secure Directory Server IP has been added to any firewall or application whitelists, the new IP address ( ) will need to be added as a trusted IP address in order to maintain connectivity after 2 February 2014 at 03:00 St. Louis time. For More Information Customers with questions about this upcoming change should contact MasterCard Secure Customer Support. [email protected] 14 MasterCard Secure Directory Server IP Address Change and Proxy Update Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

15 MasterCard Secure Directory Server Upgrading SSL Libraries Reminder Topic(s): MasterCard Secure Applies to: Issuers Acquirers Processors Summary: Effective 30 September 2013, MasterCard will upgrade secure sockets layer (SSL) libraries on the MasterCard Secure Directory Server (DS). Action Indicator: M Mandate Effective Date: 30 September 2013 Overview On 30 September 2013, MasterCard will upgrade secure sockets layer (SSL) libraries on the MasterCard Secure Directory Server (DS). OpenSSL is an open source cryptography toolkit implementing the SSL and Transport Layer Security (TLS) protocols. This change will not impact the general SSL/TLS functionality as it exists today. This change should not impact Issuer Access Control Servers (ACSs) or ACS providers that are using applications that support updated versions of OpenSSL. Impact to Acquirers, Merchants, and MPI Providers According to the 3-D Secure protocol, all requests to the MasterCard Secure Directory Server should be sent using applications that support updated versions of OpenSSL. If any requests are being generated by applications using outdated OpenSSL versions to connect to the MasterCard Secure DS, they will be required to upgrade their SSL libraries before 30 September For More Information Customers with questions about this upcoming change should contact: MasterCard Secure Customer Support [email protected] MasterCard Secure Directory Server Upgrading SSL Libraries Reminder Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

16 MasterCard Secure Legacy Connectivity Decommission Reminder Topic(s): MasterCard Secure Applies to: Issuers Acquirers Processors Summary: This article announces a new date for the removal of legacy connectivity to the MasterCard Secure Directory Server (DS), which uses the 12.x.x.x Internet Protocol (IP) address range. Action Indicator: M Mandate Effective Date: 31 October 2013 Overview In Global Operations Bulletin No. 5, 1 May 2013, MasterCard announced that effective 30 June 2013, MasterCard will remove the legacy connectivity to the MasterCard Secure DS, which uses the 12.x.x.x IP address range. This date has been extended to 31 October 2013, to better support our customers. The legacy IP range (12.x.x.x) is no longer considered valid for MasterCard Secure DS due to several infrastructure changes that have occurred. The address has remained active to allow migration to the URL as customer schedules permitted, but can no longer be supported after 31 October This will not impact any acquirers, merchants, or Merchant Plug-in (MPI) providers that are currently using the MasterCard Secure Directory Server Uniform Resource Locator (URL) (directory.securecode.com) or that are using the current IP address to connect (which uses the 216.x.x.x IP address range). 16 MasterCard Secure Legacy Connectivity Decommission Reminder Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

17 Impact to Acquirers, Merchants, and MPI Providers According to the 3-D Secure protocol, all requests to the MasterCard Secure DS should use the URL (directory.securecode.com) for connectivity. If any requests are using the legacy IP range (12.x.x.x) to connect to the MasterCard Secure Directory Server, they must migrate to the URL before 31 October If for any reason the MPI software requires an IP address to be used in place of a URL, the IP address of directory.securecode.com is This can also be found by performing a domain name server (DNS) lookup of the URL. MasterCard strongly recommends that customers use the directory.securecode.com URL to reduce the number of changes that may be required in the future. For More Information Customers with questions about this upcoming change should contact: MasterCard Secure Customer Support [email protected] MasterCard Secure Legacy Connectivity Decommission Reminder Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

18 Dual Message Stand-In Parameters for ATM Transactions Topic(s): ATM, Authorization Applies to: Issuers Processors Summary: In preparation for EMV migration in the U.S. region, MasterCard implemented PIN bypass changes in Dual Message Stand-In processing announced in the Release 13.Q2 Document. Issuers should leverage PIN validation for ATM transactions processed during Dual Message Stand-In processing. Effective immediately, MasterCard has reverted ATM limits for Dual Message Stand-In processing above the zero limit default to zero to encourage customers to review parameter settings and consider the PIN Validation Service. Single Message Stand-In ATM processing is not impacted by this implementation. Action Indicator: A Attention warranted Effective Date: Immediately Background In preparation for EMV 2 migration in the U.S. region, MasterCard implemented PIN bypass changes in Dual Message Stand-In processing announced in the Release 13.Q2 Document. As a best practice, MasterCard recommends customers leverage card security services during Stand-In processing, as announced in the article BIN Management Best Practices in Stand-In Processing published in Global Operations Bulletin No. 1, 2 January To encourage best practices as EMV evolves, MasterCard recently announced a rate reduction for Stand-In PIN validation in Global Pricing Bulletin No. 5, 26 April 2013, which reduced the fees from USD 0.01 per transaction to USD 0 (no charge). Effective immediately, MasterCard has reverted the ATM limits for Dual Message Stand-In processing above the zero limit default to zero to encourage customers to review their parameter settings and consider the PIN Validation Service. Single Message Stand-In ATM processing is not affected by this implementation. 2. EMV is a global standard established by EMVCo LLC for credit and debit payment cards based on chip card technology. EMVCo LLC was formed in 1999 by Europay, MasterCard, and Visa to manage, maintain, and enhance the EMV Integrated Circuit Card Specifications for Payment Systems. Go to for details. 18 Dual Message Stand-In Parameters for ATM Transactions Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

19 Recommendations Customers should review all of their Stand-In parameters routinely as best practices to align the parameters with their evolving portfolio needs. If customers would like to raise Dual Message Stand-In ATM parameters above the zero defaults, PIN validation is recommended. Customers should consider leveraging one of the following card security services: Mag Stripe Validation Service provides additional testing of the magnetic stripe, or card validation code 1 (CVC 1) data, using a Data Encryption Standard (DES) algorithm to validate the legitimacy of the card and the authenticity of the point-of-sale (POS) or ATM transaction. M/Chip Validation Service evaluates the chip cryptogram data received in the authorization request to validate the authenticity of chip cards for POS, ATM, and contactless transactions. MasterCard PayPass Validation Service provides additional testing of magnetic stripe or CVC 3 data, to authenticate cards used for contactless transactions. MasterCard Secure authenticates the cardholder using a unique personal code during authorization to ensure their online transactions are legitimate. PIN Validation Service ensures the legitimacy of transactions requiring a cardholder PIN. For More Information Customers with questions regarding this article should contact the MasterCard Customer Operations team, which will be able to direct inquiries to the appropriate MasterCard representative for further details. Customer Operations : (in Canada and U.S. regions) (Spanish language support) [email protected] Dual Message Stand-In Parameters for ATM Transactions Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

20 Vendors for Card Production Monthly Edition Topic(s): Chip, Cirrus Card, Debit, Fraud/Risk, Maestro Card, MasterCard Card, Security Applies to: Issuers Processors Summary: Each month in the Global Security Bulletin, MasterCard publishes a list of vendors certified as meeting the following requirements for card production services of any MasterCard, Maestro, or Cirrus card: MasterCard Physical Security Standards for Plastic Card Vendors Logical Security Requirements for Card Personalization Bureaus Security Requirements for Mobile Payment Provisioning The requirements also pertain to derived branded products and related sensitive components and data. Action Indicator: I Informational only (no action required) Effective Date: 13 September 2013 Background MasterCard publishes a monthly edition of the Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) list in the Global Security Bulletin to identify vendors certified for card production services. The list provides vendor names by region and includes the various services that they provide. In addition, the list indicates vendors by country for convenience of use. NOTE The vendor listing by country also gives customers a clearer view of the market within their own countries. 20 Vendors for Card Production Monthly Edition Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

21 MasterCard publishes the monthly edition of the list of certified vendors to provide customers with critical changes regarding: New vendors Vendor decertification or partial decertification Vendor extension of the card production activities certified Change of company name or legal entity ownership Vendor site address change Contact information changes Refer to Chapter 2 (MasterCard Card Production Standards) of the Security Rules and Procedures manual for a description of the Global Vendor Certification Program (GVCP), its program management, the certification process, the Logical Security Program requirements, and customer obligations. Definitions of The following activities are card production services. A customer employing a vendor to perform any such service on its behalf in connection with the issuance of cards, access devices, or mobile payment devices must ensure that the vendor has been certified by MasterCard under the GVCP. Chapter 2 (MasterCard Card Production Standards) of the Security Rules and Procedures manual provides further information about card production. The following tables describe the card manufacture services, card personalization services, and other specialized services performed in connection with card production. Card Manufacture Service Card manufacture Definition Process by which an integrated circuit is permanently attached to a payment card to become an integral part of the card. Card production process composed of one or more of the following: Pre-press (card design layout, printing films, and printing plates generation) White plastic sheets printing Sheets assembly Sheets lamination Sheets cutting or punching Hologram and signature panel hot stamping Vendors for Card Production Monthly Edition Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

22 Card Personalization Service Definition Personalization process that creates raised characters on a plastic card body. Process by which personalization data is written onto a magnetic stripe residing on the card. Process by which a card or PIN mailer is individually packaged and sent to a presort facility or delivered to the postal service for delivery to the cardholder. Personalization process for unembossed cards that writes data on the card by a technology other than embossing such as laser engraving, thermal transfer, or indent printing. Process of writing data to the integrated circuit by means of electrical or electromagnetic interaction between the chip and personalization device. usually occurs subsequent to chip embedding but may also occur prior to or during chip embedding. Specialized Card Production Service Card fulfillment Data preparation Disaster recovery Definition Stand-alone service by which a newly issued or reissued card is combined with additional materials resulting in a complete package ready for distribution to the cardholder. A facility approved for personalization services is also approved for card fulfillment as part of its personalization activity. Stand-alone service by which issuer and cardholder data are processed and configured for subsequent personalization by the issuer or different certified vendor. A facility approved for personalization services is also approved for data preparation as part of its personalization activity. Card production at a facility established and activated exclusively during an emergency event pursuant to a certified vendor s Business Continuity Plan (BCP). Card production at this facility is only authorized for the vendor that established it. The disaster recovery facility must not be used to alleviate capacity restraints associated with normal card production. These facilities are evaluated against a subset of the security requirements and must be upgraded to compliance with the full set of security requirements upon activation. 22 Vendors for Card Production Monthly Edition Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

23 Service Mobile provisioning Partial manufacture PIN printing Definition Service whereby a Trusted Service Manager (TSM) loads a payment application, provides personalization data, or sends post-issuance application management commands to a mobile payment device via an over-the-air (OTA) communication method. Facility that produces card components containing sensitive security features or personalization data where the full card is subsequently completed by a certified vendor. Stand-alone service whereby a PIN mailer is printed and mailed. A facility approved for personalization services is also approved for PIN mailing as part of its personalization activity. Monthly Edition The enclosed Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) list provides a current listing of all vendors certified for card production services, effective 13 September NOTE This vendor list supersedes all lists that MasterCard previously published. NOTE For More Information Send an message to the MasterCard GVCP central address listed below or to any of the following individuals if you: Have any questions about the program, the vendors on the enclosed list, or the activity that the vendors are certified to perform Find that a vendor listed does not comply with the MasterCard Physical Security Standards for Plastic Card Vendors, the Logical Security Requirements for Card Personalization Bureaus, the Security Requirements for Mobile Payment Provisioning, or all applicable MasterCard Standards and security best practices Want to receive a copy of the MasterCard Physical Security Standards for Plastic Card Vendors, the Logical Security Requirements for Card Personalization Bureaus, or the Security Requirements for Mobile Payment Provisioning The MasterCard Physical Security Standards for Plastic Card Vendors and the Logical Security Requirements for Card Personalization Bureaus documents are published through the Publications product on MasterCard Connect. Vendors for Card Production Monthly Edition Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

24 Name Contact Information Werner Fischer Global Vendor Certification Program Helen Paschenko Product Management Help Desk Global Vendor Certification Program : : : : [email protected] [email protected] [email protected] 24 Vendors for Card Production Monthly Edition Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

25 Acquirers No Longer Accepting Chargebacks Topic(s): Chargebacks, Fraud/Risk, Security Applies to: Issuers Acquirers Processors Summary: Effective immediately, MasterCard no longer requires the acquirers listed in the attached Microsoft Excel file to accept chargebacks for fraudulent transactions that occurred at the merchant locations listed. Issuers no longer may charge back any transactions as specified in a previous Global Security Bulletin, regardless if the central processing date occurred within the period listed in the previous bulletin. Action Indicator: F Financial impact Effective Date: Effective immediately Background Recent Global Security Bulletins identified the acquirers for the merchant locations listed in the attached Microsoft Excel file for violations of the Global Merchant Audit Program (GMAP) as referenced in Rule 8.2 of the Security Rules and Procedures manual. NOTE The merchant information is shown as it appears in the System to Avoid Fraud Effectively (SAFE) database. To ensure that the data is accurate, customers should carefully enter the merchant information into SAFE. Acquirer Responsibilities MasterCard no longer requires the acquirers for these merchants to accept chargebacks for fraudulent transactions at these merchant locations for message reason code 4849 Questionable Merchant Activity. Acquirers No Longer Accepting Chargebacks Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

26 Merchant Listings To view the merchant chargeback information, open the attached Microsoft Excel file. MasterCard also provides the chargeback information in the portable document format (PDF) file in the MasterCard Bulletins product on MasterCard Connect. Acquirers are listed numerically by member ID (acquirer ID) within each region. Merchants are listed alphabetically. Not applicable (N/A) indicates that a chargeback period no longer applies to the acquirer and merchant listed, as of the date of the merchant s first publication in the Acquirers No Longer Accepting Chargebacks file. Actual dates listed in the Chargeback End Date column are in the mm/dd/yy format. The Month/Year Added column indicates the month and year in which MasterCard added the merchant to the file. NOTE MasterCard recommends that users sort the information by date to review the applicable chargebacks. MasterCard no longer requires acquirers to accept chargebacks for the merchants listed as of the date of the merchant s first publication in the Acquirers No Longer Accepting Chargebacks file, which corresponds to the month and year listed in the Month/Year Added column. For More Information Customers with questions about the information in this article should contact Customer Operations using the Contact Information provided in this bulletin, their regional Help Desk, or a regional Customer Security and Risk representative. 26 Acquirers No Longer Accepting Chargebacks Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

27 Notification of Chargebacks Under the Global Merchant Audit Program Topic(s): Chargebacks, Fraud/Risk, Security Applies to: Issuers Acquirers Processors Summary: The acquirers listed in the attached Microsoft Excel file must accept chargebacks for all fraudulent transactions (excluding fraudulent application, account takeover, and never-received-issue transactions) that occurred at the merchant locations listed, during the time period listed for each merchant. Issuers may charge back transactions reported to the System to Avoid Fraud Effectively (SAFE) to the appropriate acquirers. Action Indicator: F Financial impact Effective Date: Effective immediately Background MasterCard replaced the Merchant Audit Program and Excessive Counterfeit Merchant Program with the Global Merchant Audit Program (GMAP), as described in Rule 8.2 of the Security Rules and Procedures manual. NOTE The merchant information is shown as it appears in the SAFE database. To ensure that the data is accurate, customers should carefully enter the merchant information into SAFE. Acquirer Responsibilities MasterCard requires each acquirer listed in the attached Microsoft Excel file to accept chargebacks for all fraudulent transactions (excluding fraudulent application, account takeover, and never-received-issue transactions) that occurred at the merchant locations identified herein for the period indicated. Notification of Chargebacks Under the Global Merchant Audit Program Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

28 If MasterCard extends a chargeback end date for a merchant location listed in the attached file, the acquirer must accept chargebacks for the merchant through the chargeback extended date. These chargebacks are for violations of the GMAP, as described in Rule 8.2 of the Security Rules and Procedures manual. NOTE A number of the reported violations may have resulted from customer failure to cooperate with the MasterCard audit requirements. Issuer Chargeback Rights Issuers may charge back fraudulent transactions reported to SAFE to the appropriate acquirers according to the chargeback procedures outlined in section 3.24 of the Chargeback Guide for message reason code 4849 Questionable Merchant Activity. Issuers have 120 days from the St. Louis Operations Center (Central Site) processing date, or an extended period of 120 days from the publication date of the first Global Security Bulletin that listed the merchant location, to charge back fraudulent transactions that occurred during the chargeback period. For the purposes of calculating the extended 120-day period, the Month/Year Added column indicates the month and year that corresponds to the first bulletin publication that listed the merchant location. NOTE Merchant Listings To view the merchant chargeback information, open the attached Microsoft Excel file. MasterCard also provides the chargeback information in the portable document format (PDF) file in the MasterCard Bulletins product on MasterCard Connect. Acquirers are listed numerically by member ID (acquirer ID) within each region. Merchants are listed alphabetically. Dates listed in the Chargeback Start Date, Chargeback End Date, and Chargeback Extend Date columns are in the mm/dd/yy format. Merchant information will remain in the file each month for 120 days past the Chargeback End Date, or Chargeback Extend Date if populated. The Month/Year Added column indicates the month and year in which MasterCard added the merchant to the file. MasterCard recommends that users sort the information by date to review the applicable chargebacks. 28 Notification of Chargebacks Under the Global Merchant Audit Program Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

29 For More Information Customers with questions about the information in this article should contact Customer Operations using the Contact Information provided in this bulletin, their regional Help Desk, or a regional Customer Security and Risk representative. Notification of Chargebacks Under the Global Merchant Audit Program Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Production Review Due

30 Calendar of Events The calendar of events provides significant dates for security-related events. Refer also to the consolidated Calendar of Events on MasterCard Connect. New! Revised! September MasterCard has published a monthly edition of the list of vendors certified as meeting the MasterCard Physical Security Standards for Plastic Card Vendors for card production services of any MasterCard, Maestro, or Cirrus card. For more information, refer to Global Security Bulletin No. 9, 13 September MasterCard will implement the Manage My Fraud and Risk Programs product, which replaces the MasterCard Alerts system. For more information, refer to Global Security Bulletin No. 9, 13 September MasterCard Academy of Risk Management will host Principles of Fraud Management for Issuers and Acquirers in Nairobi, Kenya. To register, go to or send an message to [email protected] MasterCard Academy Europe will host MasterCard Mobile Proximity Payments in Waterloo, Belgium. To register, go to or visit our website at or send an message to [email protected]. New Date! MasterCard Academy Europe will host MasterCard Chargebacks Seminar in Waterloo, Belgium. To register, go to or visit our website at or send an message to [email protected]. 30 MasterCard will update secure sockets layer (SSL) libraries on the MasterCard Secure Directory Server (DS). For more information, refer to Global Security Bulletin No. 7, 15 July Calendar of Events Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Calendar-1

31 New! October MasterCard Academy Europe will host MasterCard Mobile Proximity Payments in Kiev, Ukraine (in the Russian language). To register, go to or visit our website at or send an message to [email protected]. 7 MasterCard Academy Europe will host Debit: ATM and Maestro Chargebacks in Waterloo, Belgium. To register, go to or visit our website at or send an message to [email protected]. 8 9 MasterCard Academy of Risk Management will host Principles of Fraud Management for Issuers and Acquirers in Sydney, Australia. To register, go to or send an message to [email protected]. 8 9 MasterCard Academy Europe will host Exploring the EMV 4.2 Standard in Moscow, Russian Federation (in English interpreted into Russian language). To register, go to or visit our website at or send an message to [email protected] MasterCard Academy of Risk Management will host Arbitration and Compliance Workshop in St. Louis, Missouri,. To register, go to or send an message to [email protected]. 9 MasterCard Academy Europe will host Business Opportunities with Chip in Istanbul, Turkey. To register, go to or visit our website at or send an message to [email protected]. 10 MasterCard Academy Europe will host Chip and your Business in Istanbul, Turkey. To register, go to or visit our website at or send an message to [email protected]. Calendar-2 Calendar of Events Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved.

32 October The Global Academy of Risk Management (ARM) will host a preconference training seminar, An Insider s Guide to Protecting Your Business and Improving Compliance Performance, in conjunction with the risk management conference in St. Julian s, Malta. For more information, refer to Global Security Bulletin No. 7, 15 July The Global Academy of Risk Management (ARM) will host a preconference training seminar, Payment Card Industry (PCI) Updates What s New in Data Security Standard (DSS) 3.0, Point-to-Point Encryption (P2PE), and Tokenization, in conjunction with the risk management conference in St. Julian s, Malta. For more information, refer to Global Security Bulletin No. 7, 15 July MasterCard will add functionality to allow users to submit batch chargebacks and System to Avoid Fraud Effectively (SAFE) items in NICS. For more information, refer to Global Security Bulletin No. 8, 15 August MasterCard will revise its Standards regarding a Loss Control Program (LCP) and a Fraud Management Program (FMP) for the Maestro brand. For more information, refer to Global Security Bulletin No. 8, 15 August Global Academy of Risk Management (ARM) will host a risk management conference in St. Julian s, Malta for customers in the Europe region. For more information, refer to Global Security Bulletin No. 7, 15 July The Global Academy of Risk Management (ARM) will host the 2013 Merchant Risk Summit in St. Julian s, Malta for customers in the Europe region. For more information, refer to Global Security Bulletin No. 8, 15 August The Global Academy of Risk Management (ARM) will host the 2013 European Chargeback Conference in St. Julian s, Malta for customers in the Europe region. For more information, refer to Global Security Bulletin No. 8, 15 August Calendar of Events Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Calendar-3

33 October MasterCard will extend the Standards associated with issuer and acquirer handling of fraudulent accounts to Cirrus card transactions for the Dual Message System. For more information, refer to Global Security Bulletin No. 4, 15 April MasterCard will revise its Standards to require the use of different Chip Card Validation (CVC) and CVC 1 values on newly issued and reissued chip cards. For more information, refer to Global Operations Bulletin No. 11, 1 November MasterCard will revise its Standards regarding global floor limits. For more information, refer to Global Security Bulletin No. 2, 15 February MasterCard will extend the Standards associated with issuer and acquirer handling of fraudulent accounts to Cirrus card transactions for the Single Message System. For more information, refer to Global Security Bulletin No. 4, 15 April MasterCard Academy Europe will host MasterCard PayPass Workshop in Barcelona, Spain. To register, go to or visit our website at or send an message to [email protected] MasterCard Academy Europe will host Introduction to Chargebacks in London, United Kingdom. To register, go to or visit our website at or send an message to [email protected] MasterCard Academy Europe will host MasterCard Advanced Chargebacks Seminar in Barcelona, Spain. To register, go to or visit our website at or send an message to [email protected]. 31 MasterCard will remove the legacy connectivity to the MasterCard Secure Directory Server (DS), which uses the 12.x.x.x Internet Protocol (IP) address range. For more information, refer to Global Security Bulletin No. 7, 15 July Calendar-4 Calendar of Events Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved.

34 November MasterCard Academy Europe will host Fraud Management for Acquirers in Stockholm, Sweden. To register, go to or visit our website at or send an message to [email protected]. 7 8 MasterCard Academy of Risk Management will host Efficient Chargeback Processing Seminar in New Orleans, Louisiana,. To register, go to or send an message to [email protected]. 13 MasterCard Academy Europe will host Exploring the M/Chip Card Specifications in Paris, France. To register, go to or visit our website at or send an message to [email protected] MasterCard Academy of Risk Management will host Principles of Fraud Management for Issuers and Acquirers in Guangxi, China (in Chinese language). To register, go to or send an message to [email protected] MasterCard Academy of Risk Management will host Principles of Fraud Management for Issuers and Acquirers in Taipei, Taiwan. To register, go to or send an message to [email protected] MasterCard Academy Europe will host How Chip Works for Debit and Credit Cards in Athens, Greece. To register, go to or visit our website at or send an message to [email protected]. 26 MasterCard Academy Europe will host Protecting Your Business with MasterCard (Compliance) in London, United Kingdom. To register, go to or visit our website at or send an message to [email protected]. Calendar of Events Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Calendar-5

35 November MasterCard Academy Europe will host Regulatory Update in London, United Kingdom. To register, go to or visit our website at or send an message to MasterCard Academy Europe will host Security and Key Management for Chip Cards in Athens, Greece. To register, go to or visit our website at or send an message to TBD MasterCard Academy of Risk Management will host Principles of Fraud Management for Issuers and Acquirers in Sao Paulo, Brazil (in Portuguese language). To register, go to or send an message to December MasterCard Academy Europe will host a two-hour virtual training class on Overview of Fraud Management. To register, go to or visit our website at or send an message to [email protected] MasterCard Academy of Risk Management will host Principles of Fraud Management for Issuers and Acquirers in Dubai, United Arab Emirates. To register, go to or send an message to [email protected] MasterCard Academy Europe will host Fraud Management for Issuers in London, United Kingdom. To register, go to or visit our website at or send an message to [email protected]. Calendar-6 Calendar of Events Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved.

36 December MasterCard Academy Europe will host MasterCard Mobile Proximity Payments in London, United Kingdom. To register, go to or visit our website at or send an message to 15 MasterCard will implement the Issuer Monitoring Program (IMP). For more information, refer to Global Security Bulletin No. 6, 14 June New! New! February The MasterCard Secure Directory Server URL at directory.securecode.com will be moving to a new IP address ( ). For more information, refer to Global Security Bulletin No. 9, 13 September April Security certificates for the Payment Card Industry (PCI) PIN Transaction Security (PTS) Point-of-Interaction (POI) Standard will expire. For more information, refer to Bulletin No. 9, 13 September October MasterCard will revise its Standards regarding global floor limits. For more information, refer to Global Security Bulletin No. 2, 15 February April Acquirers must include the Cardholder Verification Method (CVM) Results (tag 9F34 ) in all authorization messages containing data element (DE) 55. For more information, refer to Global Security Bulletin No. 8, 13 August Calendar of Events Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved. Calendar-7

37 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) Published 13 September 2013

38

39 Table of Contents Vendors Certified for Card Production Activities... 2 Asia/Pacific Region... 4 Canada Region Europe Region Latin America and the Caribbean Region South Asia/Middle East/Africa Region U.S. Region Vendor Agents Vendors (Certified) by Country Asia/Pacific Region Canada Region Europe Region Latin America and the Caribbean Region South Asia/Middle East/Africa Region U.S. Region Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

40 Vendors Certified for Card Production Activities The following pages contain an alphabetical listing of vendors certified to provide card production services for any MasterCard, Maestro, or Cirrus card, grouped by region. MasterCard defines the list of vendor card production activities as follows. Card Manufacture Service Card manufacture Definition Process by which an integrated circuit is permanently attached to a payment card to become an integral part of the card. Card production process composed of one or more or the following: Pre-press (card design layout, printing films, and printing plates generation) White plastic sheets printing Sheets assembly Sheets lamination Sheets cutting or punching Hologram and signature panel hot stamping Card Personalization Service Definition Personalization process that creates raised characters on a plastic card body. Process by which personalization data is written onto a magnetic stripe residing on the card. Process by which a card or PIN mailer is individually packaged and sent to a presort facility or delivered to the postal service for delivery to the cardholder. Personalization process for unembossed cards that writes data on the card by a technology other than embossing such as laser engraving, thermal transfer, or indent printing. Process of writing data to the integrated circuit by means of electrical or electromagnetic interaction between the chip and personalization device. Chip personalization usually occurs subsequent to chip embedding but may also occur prior to or during chip embedding September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

41 Specialized Card Production Service Card fulfillment Definition Stand-alone service by which a newly issued or reissued card is combined with additional materials resulting in a complete package ready for distribution to the cardholder. A facility approved for personalization services is also approved for card fulfillment as part of its personalization activity. Data preparation Stand-alone service by which issuer and cardholder data are processed and configured for subsequent personalization by the issuer or different certified vendor. A facility approved for personalization services is also approved for data preparation as part of its personalization activity. Disaster recovery Card production at a facility established and activated exclusively during an emergency event pursuant to a certified vendor s Business Continuity Plan (BCP). Card production at this facility is only authorized for the vendor that established it. The disaster recovery facility must not be used to alleviate capacity restraints associated with normal card production. These facilities are evaluated against a subset of the security requirements and must be upgraded to compliance with the full set of security requirements upon activation. Mobile provisioning Service whereby a Trusted Service Manager (TSM) loads a payment application, provides personalization data, or sends post-issuance application management commands to a mobile payment device via an over-the-air (OTA) communication method. Partial manufacture Facility that produces card components containing sensitive security features or personalization data where the full card is subsequently completed by a certified vendor. PIN printing Stand-alone service whereby a PIN mailer is printed and mailed. A facility approved for personalization services is also approved for PIN mailing as part of its personalization activity. MasterCard has certified the following vendors for the services indicated. The key contacts are listed as follows: (P) = Primary contact (S) = Security contact Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

42 Asia/Pacific Region Abnote (Australasia) Pty. Ltd. 81 Williamson Road Ingleburn, New South Wales 2565 Australia (P) Andrew Smith (S) Gregoire Maes Mobile provisioning Abnote NZ Ltd. 25 Halwyn Drive Hornby, Christchurch New Zealand 8042 (P) Andrew Smith (S) Paul Williams Abnote NZ Limited 12 Piermark Drive Albany, Auckland 0632 New Zealand (P) Stephen Morgan (S) Andrew Smith Allcard Plastics Philippines, Inc. Lot 3 Block 17 E Rodriguez Jr. Avenue Corner Titan St. Acropolis Subdivision Quezon City Philippines 1110 (P) Roy Ebora (S) Allieta Cue Asia Pacific Card and System Sdn. Bhd. No. 1, Lebuh 1, Bandar Sultan Sulaiman, Taiwanese Industrial Park, Pelabuhan Klang Selangor Malaysia (P) Eddie Huo Shao Wei (S) NG Soon Teck Card manufacture Mobile provisioning Card manufacture Card manufacture 4 13 September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

43 Asia/Pacific Region Asia Smart Cards Centre (M) Sdn. Bhd. LG Floor, Wisma Boustead, 71 Jalan Raja Chulan, Kuala Lumpur Malaysia (P) Koh Chor Meng (S) Khadijah Bt. Engku Salleh Beautiful Card Corporation No. 4 Wenming 1st St. Guishan Shiang Taoyuan County Taiwan (R.O.C.) (P) Katherine Liao (S) Richie Ku Beijing Datang Smartcard Technology Co., Ltd. 6 Yongjia North Road Haidian District Beijing China (P) Shi Chunguang (S) Gao Yuxin Beijing Watchdata System Co. Ltd. No. 3 Anqing St. Konggang Industry Zone B Shunyi District Beijing China (P) Ma Lianhua (S) Wu Lili Card manufacture Card manufacture Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

44 Asia/Pacific Region Biosmart Co., Ltd Duk San-Dong, Asan City Chung Nam Korea (P) Hyejung Lim (S) Jessie Ryu Card manufacture Cassis Sdn. Bhd. Suite P5-01, Fifth Floor Podium Block, Menara Keck Seng 203 Jalan Bukit Bintang Wilayah Persekutuan Kuala Lumpur Mobile provisioning Malaysia (P) Serina Lee Onn Wei (S) Christina Lai Hui Fuen (S) Chua Tian Yee Chan Wanich Security Printing Company Ltd. 192 Suksawad Road Prasamutjedee Samutprakarn Bangkok Thailand (P) Marachai Kongboonma (S) Paul Iu Dai Nippon Printing Co., Ltd , Minamisuna Koto-ku Tokyo Japan (P) Takahiro Onodera (S) Haruo Takahashi Dai Nippon Printing Co. Ltd. Nara Plant: Oaza Toin Kawanishi-Cho Shiki-gun, Nara Pref. Japan (P) Hiroshi Nishioka (S) Tadaki Fujioka Card manufacture Mobile provisioning Telex: J22737 DNPRINT Card manufacture 6 13 September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

45 Asia/Pacific Region Dai Nippon Printing Co. Ltd. Ushiku Plant: 70 Tsukuba-Minami Okubara Industrial Park 1650 Okubara-cho Ushiku-shi, Ibaraki-ken Japan (P) Mikio Kushima (S) Tetsuo Nogami Card manufacture Dai Nippon Printing Co. Ltd. Warabi Plant: 4-5-1, Nishiki-Cho Warabi-shi, Saitama-ken Japan (P) Yuji Egawa (S) Masayuki Iijima Telex: J22737 DNPRINT Data preparation Data Products Toppan Forms Ltd. 218 Latkrabang Industrial Estate 23 Chalongkrung Road Lumpratiew, Latkrabang Bangkok Thailand (P) Apichart Ariyaviriyanant (S) Jaroonruk Prakobwaithayakij DataSonic Corporation Sdn. Bhd. No. 11G, Ground Floor The Highway Centre, Jalan 205 Section 51 Petaling Jaya Selangor Malaysia (P) Chris Tan (S) Chan Kaang Huei Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

46 Asia/Pacific Region Dz Card (Malaysia) Sdn. Bhd. 5, Jalan Empat 4 off, Jalan Chan Sow Lin Kuala Lumpur Malaysia (P) Rubendran J.Retnam (S) Aaron Le Boutillier Dz Card (Thailand) Ltd. 139 Bangplee Industrial Estate M00 17 Bangna-Trad Road Bangplee, Samutprakan Thailand (P) Aaron Le Boutillier (S) Harry Gundelach Dz Card (Philippines) Inc. dz Card Building, Sta. Agueda Avenue, Pascor Drive, Sto. Nino Paranaque City 1704 Philippines (P) Jean Jacobi (S) Harry Gundelach Eastcompeace Technology Co. Ltd. No. 8 Ping Gong Zhong Road Nanping, Zhuhai Guangdong China (P) Catherine Lee (S) Megan Joo Foongtone Technology Co., Ltd. No. 7-1 Lane 365, Sec 1 Chung Yung Road Tu Chen City, Taipei HSien Taiwan 236 (P) John Tu (S) P.J. Lee Card manufacture Card manufacture Card manufacture Card manufacture 8 13 September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

47 Asia/Pacific Region Fujian Hongbo Printing Shares Co., Ltd. Factory #50, Changle Airport Industrial Concentration Zone Fuzhou Fujian Province China (P) Joe Pang (S) Hank K Card manufacture Gemalto Pte Ltd. 12, Ayer Rajah Cresent Singapore (P) Ramon Padiernos (S) Chue Fook Wah Gemalto PTY Ltd. 13 Redl Drive Mitcham VIC Australia 3132 (P) Graham Adams (S) Matthew Richardson Gemalto Sdn. Bhd. Level 2, Plaza See Hoy Chan Wilayah Persekutan Kuala Lumpur Malaysia (P) Charlie Nair (S) Chua Fook Wah Gemalto Philippines Inc. Bldng 7A, Southern Luzon International Business Park Batino Calamba Laguna Philippines 4027 (P) Fook Wah Chue (S) Kevin Liu Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

48 Asia/Pacific Region Gemalto Pte Ltd. 9 Tai Seng Drive Lobby B #02-02P Singapore (P) Raman Ponnappan (S) Bruno Escude Gemalto Taiwan Ltd. Basement 1, No. 192 Lien Cheng Road Chung Ho, Taipei County 235 Taiwan (P) Fook Wah Chue (S) Ray Chien Giesecke & Devrient Australasia Pty Ltd. Victoria Plant: 94 Rushdale Street Knoxfield, Victoria 3180 Australia (P) Ajith Chrathilaka (S) Scott O Hara Sydney Plant: 9 Rachael Close, Silverwater Silverwater NSW 2128 Australia (P) Ajith Chrathilaka (S) Scott O Hara Giesecke & Devrient (China) Information Technologies Co., Ltd. 399 Huoju Avenue Nanchang High-New Tech. Development Zone Nanchang City Jiangxi Province China (P) Qun Hu (S) Hongying Zhu Mobile provisioning September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

49 Asia/Pacific Region Goldpac Secur-Card Ltd. Goldpac Building Fuxi-QianShan Zhuhai China (P) David Lu (S) Roger Lu Goldpac Secur-Card Ltd. Shanghai Branch No. 166 of Min Dong Road Pudong New Area Shanghai China (P) David Lu (S) Jason Zhang Guangdong Chutian Dragon Smart Card Co., Ltd. Zhuweitian Yifa Industrial Zone of Fenggang Dongguan Guangdong Province China (P) Annabelle Tang (S) Joy Fu Hengbao Co. Ltd. Hengtang Industrial Zone Dangyang City, Jiangsu Province China (P) Zhou Jiang (S) Wang Yan Card manufacture Card manufacture Card manufacture Hitachi Maxell, Ltd Card manufacture , Kagamida Oyamazaki-cho Otokuni-gun, Kyoto Japan (P) Ikuo Yamazaki (S) Shigeo Komori Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

50 Asia/Pacific Region Huangshi G&D Wa Security Card Ltd. Hangzhou Road West, Huangshi City, Huangshi, Hubei Province China (P) Xiao Wei (S) Hu Qun ICK Co., Ltd. 96BL, 1Lb, Sungseo 3 rd Industrial Complex Dalseo-Gu, Daegu Korea (P) Daniel Lee (S) Min Soo Bang IRIS Corporation Berhad IRIS Smart Technology Complex, Technology Park Malaysia; Bukit Jalil Kuala Lumpur Malaysia (P) Chim Ka Kew (S) Heng Wa Seng Jing King Technology Holdings Ltd. Jing King Weder Technology Company Ltd. Ping Shin Road, Qiu Kong Keng Industrial Estate, Shang MuGu Ping Hu, ShenZhen GuangDong China (P) Neo Geng (S) Anton Ho Card manufacture Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

51 Asia/Pacific Region KONA C Co., Ltd Daemyeoung-ri Daegot-myeon Gimpo-si, Kyunggi-do Korea (P) Cho Chungil (S) Shin Soo Dong KONA M Co., Ltd. 341 Jangsu-ro iwol-myeon Iwol-Myun Jincheon-Gun Chungcheongbuk- Do Korea (P) Suk Ho Pyun (S) Phabian Son Kyodo Printing Co. Ltd Fujimi Tsurugashima Shi Saitama-Ken Japan (P) Hideyuki Suzaki (S) Akio Shouji MK Smart Joint Stock Company Lot 40, Quang Minh Industrial Zone, Me Linh Hanoi Vietnam 1000 (P) Nguyen Quoc Bao (S) Tran Quy Natec Incorporated , Minamishimizu-cho Sakai City, Osaka, Japan (P) Shunsuke Shimazu (S) Keiji Rikuno Card manufacture Card manufacture Card manufacture Card manufacture Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

52 Asia/Pacific Region Network for Electronic Transfers (Singapore) Pte Ltd. 11 UBI Road 1 #05-01Meiben Industrial Building Singapore (P) Lawrence Houng (S) Toh Chai Hou Nihonboueki Printing Co., Ltd Kamiyabe-cho, Totsuka-ku Yokohama-shi Kanagawa Japan (P) Shane Hirooka (S) Atsushi Nakamata Oberthur Card Systems Science Technology (Shenzhen) Co., Ltd. 4/F, Great Wall Technology Building 3#, No. 2 Kefa Road Science Technology Park Nanshan District Shenzhen China (P) Daniel Lu (S) Bosson Didier Oberthur Technologies Australia Pty Ltd. 23 Tarlington Place Smithfield 2164 NSW Australia (P) Jackie Fitzpatrick (S) John Arakelian Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

53 Asia/Pacific Region Oberthur Technologies Korea Inc. 1-5F HC Haus Building 38-7 Nonhyeon-dong, Gangnam-gu Seoul Korea (P) William Gye (S) CK Kim Oberthur Technologies (Philippines) Inc. Warehouse 2-B, Building I, Jannov Plaza, 2295 Chino Roces Avenue Makati City 1231 Philippines (P) Angel Marbella (S) Cesar Cecillano Omnisystem Co., Ltd , Hangmok-Ri Shinchang-Myon, Asan City Chungnam Korea (P) Seong Kim (S) Jae-young Lee Placard Pty. Ltd. 40 London Drive Bayswater, Victoria 3153 Australia (P) Tess Barone (S) Carmel Howard Qingdao Rongjia Security Printing Co., Ltd. No. 31A Shangdong Road Shong Province QingDao China (P) Zhimin Sui (S) Weijiang Han Card manufacture Card manufacture Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

54 Asia/Pacific Region Shanghai Axalto IC Card Technologies Co. Ltd. No 399 Jian Yun Rd. Pudong New District Shanghai China (P) He Zhigang (S) Zou Longde Shanghai Oriental Magnetic Card Engineering Co. Ltd. No. 98 XinGao Road QingPu Industry Park Shanghai Shanghai China (P) Eric Li (S) Snow Xue Shanghai Pu Jiang Smart Card Systems Co. Ltd. No.100, Lane 7488, HuTai Road Shanghai China (P) Zhou Yun (S) He Wenting ShenZhen Einolda Smart Card Manufacturing Co. Ltd. Build. 8, 2nd Industrial Park Xinxing, Xinhe, Fuyong Town Shenzhen, Baoan District China (P) Ricky Lee (S) Grace Wong Shenzhen Takcere Credit Card Manufacturing Ltd. No. 3 Anxing Road Block 3 Anliang Sanjiaolong Industrial Zone Henggang Town Shenzen China (P) Kevin Wong (S) Ali Chen Card manufacture Card manufacture Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

55 Asia/Pacific Region Shoei Printing Co. Ltd Mizusawa 2 Chome Miyamae-Ku Kawasaki City, Kanagawa-Ken Japan (P) Tomohiro Nakata (S) Ryoko Iri Shoei Printing Co. Ltd Chome Momodani, Ikuno-Ku Osaka Japan (P) Tomohiro Nakata (S) Ryoko Iri Silone Cardtech Co., Ltd. No.169, Xiangyang Road Shigu Village, Tangxia DongGuan City China (P) Stanley Cheung (S) ChaoFu Xiong Taiwan Name Plate Co. Ltd. No. 36, Hwa Ya 1 st Road Hwa Technology Park, Kueishan Tao Yuan 333 Taiwan (P) Julie Lin (S) Vicky Su Card manufacture Card manufacture Card manufacture TECO Smart Technologies Co. Ltd. No. 1568, Chung Shan Road Section 1, Kuang-In, Taoyuen 328 Taiwan (P) Julie Hsiao (S) Alex Fu Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

56 Asia/Pacific Region Telecommunication Laboratories Chunghwa Telecom Co., Ltd. No. 99, Dianyan Rd. Yangmei City Taoyuan County Taiwan (P) Chien-Ming Li (S) Yen-Hsu Chiang Thai British Security Printing Public Co. Ltd. 41/1 Moo 10, Soi Wat Suan Som Poochao-Sarming Prai Road Somrongtai, Phrapradaeng Samutprakarn Thailand (P) Thanapat Wongkomet (S) Wachiranuch Tuankam Tianjin Global Magnetic Card Co. Ltd. No. 325 Jiefang Nan Road Hexi District Tianjin China (P) Vivian Yang (S) Jinhong Lee Toppan Communication Products Co. Ltd. (Asaka) Nobidome 7 Chome Niza-Shi Saitama Japan (P) Hiroaki Tomatsu (S) Ken Nakanishi Toppan Communication Products Co. Ltd. (Takino) , Kotaka, Kato-shi Hyogo Prefecture Japan (P) Shigeki Nojima (S) Hidehiko Hoso Mobile provisioning Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

57 Asia/Pacific Region Toppan Communication Products Co. Ltd. (Ranzan) 6-2 Hanamidai Ranzan-machi, Hiki-gun Saitama Prefecture, Japan (P) Akira Miyashita (S) Naoshi Asuke Toppan Communication Products Co., Ltd. Honjo Data Receiving Center 32-5, Honjo 1-chome Sumida-ku Tokyo Japan (P) Yoshiyuki Takaku (S) Tadayoshi Yabe Toppan Forms Card Technologies Ltd. 27 Wang Lok Street Yuen Long Industrial Estate Wang Chau, Yuen Long, N.T. Hong Kong SAR China (P) Nichols Leung (S) Kent Tsang TungKong Inc Jichang Rd. Jinan Shong Province China (P) Gao Zhan (S) Liu Zhijun Ubivelox 827 Sayang-ri, Munback-myun Jincheon-Gun South Korea (P) Jae Yoo (S) Jin-Han Yoo Card manufacture Data preparation Card manufacture Card manufacture N/A Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

58 Asia/Pacific Region Watchdata Technologies Pte Ltd. 8 Admiralty Street The Adimrax #01-11 Singapore (P) Richard Ni (S) Tan Yong Yuan Wuhan Tianyu Information Industry Co., Ltd. Tianyu Building Huazhong University of Science Technology Industry Park East Lake Zone Wuhan City, Hubei Province China (P) Yuan Wangjin (S) Zhu Jianxin YBL Co. Ltd Osan-Ri Jori-Eup Paju-si, Kyonggi-Do Korea (P) Simon Sung (S) Park-IL Zhongchao Credit Card Industry Development Co. Ltd. No. 28 Shengfang Rd, Daxing Industry Development Zone Daxing District Beijing China (P) Qi Xin (S) Yin Ming Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

59 Canada Region Archway Marketing 2450 Stanfield Road Unit C Mississauga, Ontario Canada L4Y 1S2 (P) Steve Peterson (S) Francis Pestana CPI Card Group Canada, Inc. 460 Applewood Crescent Concord, Ontario L4K4Z3 Canada (P) Felipe Papaleo (S) Ashok Baria Gemalto Canada Inc John Lucas Drive Burlington, Ontario L7L6A8 Canada (P) Francois Radet (S) Patrick Faulkner Giesecke & Devrient Systems Canada Inc. 316 Markl Street Markham, Ontario L6C0C1 Canada (P) Fred Hopper (S) Mark McGinnis Giesecke & Devrient Systems Canada, Inc Andre Avenue Dorval Quebec H9P1K6 Canada (P) Fred Hopper (S) Mark McGinnis Card fulfillment Card manufacture Card manufacture Mobile provisioning Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

60 Canada Region Oberthur Technologies of Canada 1840 Woodward Drive Ottawa, Ontario Canada K2C0P7 (P) Jeff Ferguson (S) William Pereira Synergex Logistics 1280 Courtney Park Drive East Mississauga, Ontario L5T 1N6 Canada (P) Matt Reiter (S) Joe Summers N/A Card fulfillment September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

61 Europe Region Agencija za Komercijalnu Djelatnost d.o.o Savska cesta 31c Zagreb Croatia (P & S) Blaz Svilicic Allpay Limited Fortis et Fides Whitestone Business Park Hereford United Kingdom HR1 3SE (P) Justine Norman (S) Simon Cook Any Biz Tonsagi Nyomda Nyrt. Fatyolka u. 1-3 Budapest, H-1106 Hungary (P) Kristof Kalauz (S) Gabor Peter Card manufacture N/A N/A Card manufacture Mobile provisioning Austria Card Plastikkarten und Ausweissysteme Ges. GmbH Lamezanstrasse Vienna Austria (P) Georg Pruefert (S) Rea Lucan Card manufacture Mobile provisioning Austria Card SRL Sos.Odaii nr , Sector 1 Bucharest Romania (P) Rol Werner (S) Ciprian Baciu Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

62 Europe Region Austria Card Polska SP. Zoo Wegrzce Wielkie 448 Wegrzce Wielkie, Malopolska Poland PL (P) Krzystof Kuzma (S) Anetta Wallner Azericard Ltd. 67, Nizami Street AZ1005 Baku Azerbaijan (P) Anar Sultanov (S) Emil Karimov BamCard TRG Heroja 10/II Saravejo Bosnia Herzegovina (P) Hamza Adilovic (S) Almir Dzinovic Bankalararasi Kart Merkezi (BKM A.S.) Nispetiye Caddesi Akmerkez E3 Blok Kat 3 Etiler Istanbul Turkey (P) Berna Sirel (S) Gorkem Durgut Bank Zachodni WBK S.A. Pl. Wolności Poznanń Poland (P) Marcin Maslowski (S) Olga Kaczmarowska Bilesim A.S. Buyukdere Caddesi NO:41 C BLOK MASLAK Istanbul Turkey (P) Omer Kanat Ungor (S) Ender Avci Mobile provisioning September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

63 Europe Region Borica Bankservice AD 117 Tzarigradsko Chaussee Blvd Sofia Bulgaria (P) Valeri Ivanov (S) Christo Kostov Cedicam 90 Avenue LanessanChampagne au Mont d Or Lyon France Champagne au Mont d Or France (P) Gilbert Lyonnet (S) Christophe Dumas Centrum Kart S.A. Ul. Gieldowa Warsaw Poland (P) Antares Gryczan (S) Maria Siekierzycka Cetis, Graphic & Documentation Copova 24 SI-3000 Celje Slovenia (P) Roman Znidaric (S) Bostjan Kolar CF Card Factory GmbH Im Tal 10 Hessisch Lichtenau Germany (P) Marco Loding (S) Stephan Rüttimann Comcard GmbH Hammerbrucker Strasse Falkenstein Germany (P) Ralph Siegel (S) Ulrich Thoss Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

64 Europe Region Compunet Cards s.r.l. Zona Industriale Blocco Palma 2 Catania Italy (P) Antonio Fiorini (S) rea Trombetta Contiforme Soluçoes Graficas Integradas S.A. Estrada Nacional 249 Aboboda-Lisboa Carcavelos Portugal (P) Antonio Ribeiro de Almeida (S) Marco Da Cunha Beira CPI Card Petersfield Ltd. The New Mint House Bedford Road Petersfield, Hampshire GU 32 3AL United Kingdom (P & S) Rob France CPS Technologies 14 Rue des Aqueducs Craponne France (P) Julien Schilling (S) Olivier Cau Dz Card (Denmark) A/S Maglebjergvej 5D Copenhagen Kongens Lyngby Denmark 2800 (P) Jesper Hansen (S) Alexander Afreedi Dzetta Processing Center 2d Silikatniy proezd, Moscow Russian Federation (P) Astemir Datiev (S) Veniamin Semushkin Card manufacture Card manufacture Mobile provisioning September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

65 Europe Region E-Kart Electronik Kart Sistemleri San. Ve Tic. A.S. GOSB, Kemal Nehrozoglu Cad. No. 503 Kocaeli, Gebze Turkey (P) Gozde Koksal Yurittas (S) Adil Culha Elkart Sp.z.o.o. Rybaki Street 35/ Warsaw Poland (P) Adam Kokoszkiewicz (S) Paweł Bortnik EPC Electronic Payment Cards GmbH Louisenthal Gmund am Tegernsee Germany (P) Dr. Jurgen Moll (S) Martin Fischer Euro P3C 49 Rue Marc Seguin Mulhouse France (P) Thierry Rigate (S) Patrick Loiseau Euro P3C 2 Bis, Rue du Pavillon Z.I. de Beaucouze Beaucouze Cedex France (P) Thierry Rigate (S) Patrick Loiseau Evry Card AB Ekenbergsvegen 113 Solna Sweden (P) Tommy Johansson (S) Daniel Hjort Card manufacture Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

66 Europe Region Evry Card AS Mellomvika Mo I Rana Norway (P) Ivar Erlsen (S) Christer Jonsson Exceet Card AG Edisonstraat 3 D Unterschleissheim, Munich Germany (P) Stefan Lefnaer (S) Uwe Gail Exceet Card AG Senefelderstrasse Paderborn Germany (P) Frank Ludwig (S) Uwe Krieger Exceet Card Nederland Neutronstraat 8 PO Box AM Groningen The Netherlands (P) Johan de Vries (S) Helmut Fischer Fabrica Nacional de Moneda y Timbre Calle Jorge Juan Madrid Spain (P) Alberto Sanchez Bermejo (S) Jose Deza Federal State Unitary Enterprise (Goznak) 105 Mira Prospect Moscow Russian Federation (P) Roman S. Sobolev (S) Elena A. Kuhovarenko Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

67 Europe Region First Data DBA First Data Data preparation Global & FDR Limited E-Shelter Gmbh & Co Room E5.01 Eschborner Lstrabe 100-D Frankfurt Germany (P) Joachim Pfisterer (S) Gilbert Gundelwein First Data Hellas S.A. Stratopedou ABIP 2 Krioneri Ave Attica Greece (P) Micaela Vaxevanoglou (S) Efstathios Mavrovouniotis First Data Polska SA 92 Al. Jerozolimskie Street Warsaw Poland 00/807 (P) Anna Gawda-Kisiala (S) Agnieszka Sobotka First Data Slovakia, a.s. Rontgenova 1 P.O. Box 79 SK Bratislava 5 Slovakia (P) Martin Navara (S) Robert Slavkovsky Gemalto AB Gotalandsvagen 230 Stockholm Sweden (P) Janne Saarinen (S) Philippe Piet PIN printing Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

68 Europe Region Gemalto Cards SRL Via Galileo Ferraris 80/ Marcallo Con Casone Italy (P) Andrea Gambini (S) Flaviano Modini Gemalto Danmark A/S Borupvang 1B 2750 Ballerup Denmark (P) Michael Reimer (S) Tomas Velaniskis Gemalto GmbH Mercedesstrasse 13 D Filderstadt (Sielmingen) Germany (P) Klaus Meyer (S) Rainer Weber Gemalto LLC Moscow 9 Godovikova Street, Bldg. 31 Moscow Russian Federation (P) Jean-Paul Ternisien (S) Andrei Baranovski Gemalto Oy Myllynkivenkuja Vantaa Finland (P) Helvi Salminen (S) Janne Saarinen Gemalto S.A. 14 Route du Saint-Laurent BP Champray-les Tours Cedex France (P) Peter Cairns (S) Jacques Klufts Card manufacture Mobile provisioning September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

69 Europe Region Gemalto S.A. Avenue du Pic de Bertagne Parc d Activites de Gemenos BP Gemenos Cedex France (P) Claire Sylvestre (S) Rolfi Alain Gemalto SP, S.A. Calle Llevant 12 Poligono Industrial del Llevant Parets del Valles Barcelona Spain (P) Alejro Romero (S) Nicolas Seoane Gemalto Sp. z o.o. ul. Skarszewska 2 Tczew Poland (P) Marek Baberowski (S) Krzysztof Matraszek Gemalto Systems & Cards SRL Via Ferraris Marcallo con Casone (MI) Italy (P) Flaviano Modini (S) rea Gambini Gemalto UK Ltd. 300/350 NEST Business Park Havant Hampshire PO9 5TL United Kingdom (P) Howard Berg (S) Tomas Velaniskis Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

70 Europe Region Gemalto UK Ltd. Concorde Way Segensworth North Fareham Hampshire PO 15 5RX United Kingdom (P) Howard Berg (S) Tomas Velaniskis Giesecke & Devrient GB Ltd. Unit 1, Westlinks Alperton Lane, Wembley Middlesex HA0 1ER United Kingdom (P) Donald MacDonald (S) David Williams Giesecke & Devrient GmbH Prinzregentenstrasse Munchen Germany (P) Fulvio Famularo (S) Manfred Sixt Giesecke & Devrient 3S GmbH Prinzregentenstr. 159 c/o Giesecke & Devrient GmbH Munich Germany (P) Rainer Renz (S) Frank Birkmair Giesecke & Devrient N.V. Leuvensteenweg 573/ Zaventem Belgium (P) Jean Louis Dieu (S) Marc Degembes Partial manufacture Mobile provisioning September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

71 Europe Region Giesecke & Devrient Slovakia s.r.o. Ltd. Dolne Hony Nitra Slovakia (P) Dr. Ivan Moroz (S) Filip Zelingr Card manufacture Global Payments Europe, s.r.o. V Olsinach 80/ Praha Czech Republic (P) Miroslav Immer (S) Mroslav Janak Grafocard d.o.o. Partizanski put 515 B Sopot, Belgrade Serbia (P) Nebojsa Maric (S) Ivana Milosevic GyD Iberica Unipersonal S.A. Carrer del numero 114, 27 Poligon Pratenc Barcelona Spain E (P) Francesc Leiva (S) Rosa Aguilo GyD Iberica Unipersonal S.A. C/ Verano 15 Torrejon de Ardoz Madrid Spain (P) Francesc Leiva (S) Rosa Aguilo Card manufacture Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

72 Europe Region Imprensa Nacional Casa da Moeda S.A. (INCM) Avenida Antonio Jose de Almeida Lisboa Portugal (P) Jose Rosmaninho (S) Cristina Rainha Info Direct Barcelona 2003 s.l. Avda. Dels Alps, Cornella de Llobregat Barcelona Spain (P) Josep Artigas Mas (S) Oscar Ferre Lecum Inform P. Lykos S.A. 7 th klm Varis Koropi Av Koropi Attiki Greece (P) Yiannis Mathes (S) Dimtris Lyberopoulos Intaremit S.A. Calle Vitoria, 21 Bis Zona Industrial 10 Naves 3 a 6 Anuntzibai Areta (Alava) Spain (P) Joseph Schembri (S) Jose Luis Delgado Intelicard SRL Localita Sa Stoia Zona Industriale Iglesias (CI) Italy (P) Luca Picardi (S) Stefano Atzori Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

73 Europe Region International Card System AD Kuzman Josifovski Puti Skopje Republic of Macedonia (P) Stefan Karagyozov (S) Lidija Vucidolova Bogoevska Intesa SanPaolo Card Jankomir 25 Zagreb Croatia (P) Tatjana Novak (S) Jasna Fumagalli N/A JCC Payment Systems Ltd. 1 Stadiou Street, Nissou Industrial Area, Nicosia 2571 Cyprus (P) reas Savva (S) Paris Erotokritou JSC Novacard Kazanskaya Square, Nizhny Novgorod Russian Federation (P) Vasily Zakhartsov (S) Artyom Avdeev Mapikart Tanitim Hizmetleri ve Dis Ticaret Ltd. Hadimkoy Yolu Onerli Cad. Hatira Sok. No. 4 Arnavutkoy Instanbul Turkey (P) Zafer Saglam (S) Murat Mayda MegaCard Nordic AB Kvittenvägen 26 Strangnas Sweden (P) Michael Nyberg (S) Mikael Holmin Card manufacture Card manufacture N/A Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

74 Europe Region Mega Network SRL Via Migliara, Sabaudia (LT) Italy (P) Vari Massimiliano (S) Mioara Ciobanu Metalplex S.p.A. Zona Industriale Ponte Valentino Benevento Italy (P) Pierpaolo Gallucci (S) Michele Gallucci MFGroup SPA Via Braine, 54 Rioveggio (Bologna) Italy (P) Sro Mucelli (S) Pierpaolo Pasotti Millikart Limited Liability Company (LLC) Millikart Limited Liability Company (LLC) 5A Ali Mustafayev Street Baku Azerbaijan AZ1111 (P) Jalal Orujov (S) Elnur Mammadov Monet+, Corp. 505 Za Dvorem Zlín-Stipa Czech Republic (P) Bretislav Endrys (S) Aurel Babic Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

75 Europe Region Morpho BV Oudeweg 32 Postbus GH GH Haarlem The Netherlandss (P) Coen Postma (S) Gertjan Koudijs Morpho Cards Czech s.r.o. Jelinkova 1174/3 Ostrava Svinov Czech Republic (P) Blanka Havlásková (S) Stanislav Pospisek Morpho Cards GmbH Konrad-Zuse-Ring Flintbek Germany (P) Michael John Turk (S) Rol Appel Multicard Ltd. Haros ur Budapest XXII Hungary (P) Katalin Hiller (S) Peter Berzlanovits MultiCarta Ltd. 43 Vorontsovskaya Street Moscow Russian Federation (P) Kirill Solntsev (S) rew Buzin Multimedia Business 7 Voie de l oree Val de Reuil France (P) Simon Zagdoun (S) Bruno Salinier Card manufacture Card manufacture Card manufacture Mobile provisioning Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

76 Europe Region NagraID SA Cret-du-Locle La Chaux-de-Fonds NE / Switzerland (P) Claude-Olivier Gertsch (S) Monika Castelan Giron NagraID SA Combeta La Chaux-de-Fonds Switzerland (P) Claude-Olivier Gertsch (S) Monica Castelan Giron NagraID Security SA Le Crêt-du-Locle Le Crêt-du-Locle Switzerland (P) Claude-Olivier Gertsch (S) Cyril Lalo National Bank, The Institute for Manufacturing Banknotes Coins Topcider Pionirska 2 Belgrade Serbia (P) Mihailo Mircic (S) Bojana Jovanovic National Credit Cards (CJSC) 8 Kommunisticheskaya Street Togliatti Samara Region Russian Federation (P) rey Slesarenko (S) Vladimir Ponimanskiy Nitecrest Ltd. Unit Marathon Place Moss Side Industrial Estate Leyl Lancashire PR26 7QN United Kingdom (P) Kathryn Jeffers (S) LeeRoy Pye Card manufacture Disaster recovery Partial manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

77 Europe Region Oberthur Technologies The Netherlands B.V. Fisherpad KS Sittard The Netherlands (P) Anton de Jong (S) Harry Lormans Oberthur Technologies Romania SRL 46 Iancului Street, District Bucharest Romania (P) Bogdan Brasov (S) Radu Opris Oberthur Technologies Czech Republic Ve Zlíbku 1800 Horní Počernice Prague Czech Republic (P) David Viska (S) Hrvoje Vincekovic Oberthur Technologies Iberica S.A.U. Pol. Ind. can Mascaro c/vial Uno, La Palma de Cervello Barcelona Spain (P) Frederic Moreno (S) Jesus Este Oberthur Technologies Iberica S.A.S.U. C/Metano, 4B Torrejon de Ardoz Madrid Spain (P) Ignacio Ureta (S) Monica Jimenez Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

78 Europe Region Oberthur Technologies kft. Oberthur Building To-Park, 3301/ Torokbalint Hungary (P) Gabriella Rajki (S) Zoltan Ugron Oberthur Technologies S.A. 14, Rue des Cortots Centre Industriel des Cortots Parc d Activites de Cortots Fontaine-les-Dijon France (P) Jean Christophe Baille (S) Jerome Clauzel Oberthur Technologies Finland Oy Vallikallionkatu 7 Espoo FI Finland (P) Aarre Jarvinen (S) Satu Seppanen Oberthur Technologies S.A. Avenue d Helmstedt BP Vitre France (P) Laurent Augagneur (S) Laurent Gary Oberthur Technologies Italia SRL Via Monte Spluga, Baranzate Milano Italy (P) Claudio Valle (S) Lorenzo Bastanzetti Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

79 Europe Region Oberthur Technologies Latvia SIA Varkalu Street 13 LV 1067 Riga Latvia (P & S) Janis Brezinskis Oberthur Technologies Norway A.S. Godesetdalen 10/ Stavanger Norway N-4034 (P) Frank Hermansen (S) Bente Larsen Oberthur Technologies Poland Sp. z o.o ul. Napoleona 4c Kobylka k/warszawy Poland (P) Magdalena Kolacz-Frelik (S) Hubert Naumczyk Oberthur Technologies Sweden AB Markorvagen Strangnas Sweden (P) Lennart Johansson-Ax (S) Reas Be Oberthur Technologies UK Ltd. Alexra Way Ashchurch Business Centre Tewkesbury, Gloucestershire GL20 8GA United Kingdom (P) Nigel Barnes (S) Warren McIvor Card manufacture Mobile provisioning Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

80 Europe Region OK Processing Ltd. 6/21 Building 3 Liza Chaikina Street Moscow Russian Federation (P) Aleksr Zykov (S) Anna Travina ooo Alioth ZAO Plemkhos Naro-Osanovsky Village Sof ino Naro-Osanovsky rural district Odintsovsky region Moscow Russian Federation (P) Igor Vasiliev (S) Sergey Nekrasov (S) Dmitry Rastanin Oren-Kart Ltd. Montazhnikov 32/2 Orenburg Russian Federation (P) Alexandr Konoval (S) Andrey Frolov Orga Zelenograd Smart Cards & Systems Solnechnaya alleya, 3 Moscow, Zelenograd Russian Federation (P) Vladislav Moskowchuk (S) Dmitry Prokofyev OTP Card Factory Ltd. 9 Baber Street Budapest, H-1131 Hungary (P) Tamas Szabo (S) Gabor Lehel Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

81 Europe Region Perm Printing Factory of Goznak Shosse Kosmonavtov, 115 Perm Russian Federation (P) A.P. Nikitin (S) A.I. Romanov Plastic Card Enterprise Limited 4, Novopromyslova St. Novi Petrivtsi, Vyshgorodskyi Region, Kyivska obl Ukraine (P) Elena Lyutovicho (S) Helena Tanakova PlastKart Akilli Kart Iletisim Sistemleri San ve Tic A.S. Alipasa Koyu Sinekli Yolu Sillivri Istanbul Turkey (P) Ali Yildiz (S) Cetin Guldali Polly-Service Ltd. 64, Lenina Str Kiev Ukraine (P) Polina Khoroshchak (S) Roman Danilyuk Polska Wytwornia Papierow Wartosciowych S.A. Karczunkowska Street, 30 Warsaw 2871 Poland (P) Dariusz Mellin (S) Malgorzata Pierzchala Card manufacture Card manufacture Card manufacture Mobile provisioning Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

82 Europe Region Provus Kart Hizmetleri A.S. Deposite Is Merkezi/A6 Blok at: 2 No: Ikitelli Organize Sanayi Bolgesi/Basaksehir Istanbul Turkey (P) Hasan Peksen (S)Selcuk Bingul Provus Service Provider S.A. 2h Vasile Milea Blvd, Sector 6 Bucharest Romania (P) Idris Berber (S) Alida Roman Quipu Shpk Rexhep Mala Nr Prishtina Kosovo (P) Björn Pysall (S) Ardian Xh. Behluli Rabobank Nederland De Maas PL Best The Netherlands (P) Rob Aerdts (S) Jacques Bloos Raiffeisendruckerei GmbH Niederbieberer Strasse Card manufacture Neuwied-Ortsteil Segendorf Germany (P) Gunther Visse (S) Pia Mayer-Korbach September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

83 Europe Region Rosan Finance 9/4, Svyazistov str Card manufacture Krasnoznamensk, Moscow Region Russian Federation (P) Oleg Aibazov (S) Konstantin Kazantcev Rosan SPb 10 A, Kurchatova Street St. Petersburg Russian Federation (P) Nina Severina (S) Valeriy Borisenko S.A.E.T.I.C., S.A. Calle Bonavista 3b Sant Just Desvern/Barcelona Spain (P) Gustavo Guillamet (S) Natalia Alos Julia Sberbank of Russia 19 Vavilov St. Moscow Russian Federation (P) Denis V. Aksenov (S) Sergei N. Bondarev Schreiner Group GmbH & Co. KG Waldvoegeleinstrasse 12 Munich Germany (P) Richard Stooss (S) Kai Schnapauff SELP-SECURE SAS Rue Louis Pergaud Chaumes de Grelet 1600 Angouleme France (P) Matthieu Leclerc (S) Sebastien Chambre Card manufacture Partial manufacture Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

84 Europe Region SIBS - Cartoes, Produçao e Processamento de Cartoes S.A. Avenida Paul Harris, 1 - Bloco B Vale Flores, Ranholas Sintra Portugal (P) Rui Pina (S) Eduardo Galvao Sigma Schede Srl Via dei Castelli Romani, Pomezia (ROMA) Italy (P) Giulia Martella (S) Fabio Coscarella Sinergia Sistema Di Servizi Scarl Via Duca di Calabria, 120/ Firenze Italy (P) Emmanuele Messeri (S) Marco Monti Sistemas y Tratamientos Tecnicos S.A. (STT) C/ Aragoneses 2, Acceso Alcobendas (Madrid) Spain (P) Alejro Guillamet (S) Venancio Guillamet Sitronics Smart Technologies, LLC 12-2, 1 st Zapadnyi proezd Moscow, Zelenograd Russian Federation (P) Anna Pershina (S) Sergey Mikerin Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

85 Europe Region Smart Paynetwork S.A. 94 Capt. Octav Cocarascu Bucharest Romania (P) Dana Isaila (S) Marius Cornea ST Microelectronics SRL Z.I. Marcianise Sud Marcianise (CE) Italy (P) Fabio Cuomo (S) Attilio De Rosa Card manufacture Swiss Post Solutions GmbH Kronacher Strasse Bamberg Germany (P) Eva Wiesmuller (S) Uwe M. Storc Tag Systems Finland Oy Koivuhaantie Vantaa Finland (P) Riine Sarkki (S) Tero Veijonen Tag Systems Finland Oy Biekensalas street 6 Riga Lativa LV-1004 (P) Gerd Miller (S) Valda Zute Tag Systems S.A. Ctra de la Cornella, nº 49 AD 500 orra La Vella Principality of Andorra (P) Joaquim Miro (S) Josep Maldonando N/A Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

86 Europe Region Tag Systems Smart Solutions, S.L. 48, Calle Madrid Madrid Spain (P) Miguel Lobo Abad (S) David Palacios Burgos Tag Systems Sp. z.o.o. ul. Annopol 4A, bud. F Warsaw Poland (P) Waldemar Kalowski (S) Andrzej Ulejczyk TC&S Technologies Cards & GmbH Odenwaldstrasse Neu-Isenburg Germany (P) Torsten Bruns (S) Georg Vaskor Thames Card Technology Ltd. Thames House Arterial Road SS6 7UO Rayleigh, Essex United Kingdom (P) Richard Martin (S) John Millard TNT UK Limited Unit 3a Festival Way Festival Leisure Park SS14 3WB Basildon, Essex United Kingdom (P) Paul Nye (S) Alex Morris Trevica S.A. 1, Al. Krakowska Sekocin Nowy Poland (P) Erwin Ziarkiewicz (S) Marcin Cichocki Card manufacture PIN printing Mobile provisioning September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

87 Europe Region Trub AG Hintere Bahnhofstrasse Aarau Switzerland (P) Stefan Blum (S) Michael Steiner Trub AG Suhrenmattstrasse Unterentfelden Switzerland (P) Stefan Blum (S) Michael Steiner Trub Baltic AS Laki 5 Tallinn (Laki) Estonia (P) reas Lehmann (S) Liis Vilde United Card Service 22 Smolnaya Str Moscow Russian Federationt (P) Vladimir Komlev (S) Evgeny Sysoev Znak, Ltd. 64, Lenin St. Kiev Ukraine (P) Igor Popovich (S) Elena Bura Card manufacture Disaster recovery Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

88 Latin America and the Caribbean Region AMF Medios Transaccionales S.A. Av. Quilin 3700, Macul Santiago de Chile Region Metropolitana Chile (P) Jose Miguel Martinez (S) Christian Parra Archivert S.A. Alberto Pepper 1792 Región Metropolitana Santiago Chile (P) Cristian Riveros (S) Diego Errazuriz Asociados Undurraga Impresores Ltda. Juan Mira 1020 Quinta Normal, Santiago Santiago Region Metropolitana Chile (P) Carlos Undurraga (S) Nicolas Orrego Bancard, S.A. Avda. Brasilia 765 C/Siria Republica de Siria Y Fray Luis de Leon Asuncion Paraguay (P) Josefina Cabral (S) Daniel Ruiz Credimatic S.A. Pedro Carbo 613 e/luque Y Aguirre Edificio Vignolo Torre Norte 3er. Piso Guayaquil Ecuador (P) Lenin Fuentes (S) Edith Ausay Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

89 Latin America and the Caribbean Region Dispapeles S.A. Calle 103 No Bogota, D.C. Colombia (P) Francisco Javier Nino Moreno (S) Sandra Milena Martinez Editora Alterosa Ltda. Av. Tom Jobim, 2700 Cidade Industrial Contagem Minas Minas Gerais Brazil (P) Carlos Alberto Rangel Proenca (S) Alexre Araujo Rezende Card manufacture EMSA S.A. Buenos Aires 484, 5th Floor Office 25 Ciudad Vieja Montevideo Uruguay (P) Maria del Carmen Kramer (S) Gastón Peña Gemalto Mexico S.A. of C.V. Trigo No. 150, Col. Granjas Esmeralda Mexico D.F. C.P (P) Emilio Espinosa (S) Jose Luis Pavon Boylan Gemalto do Brazil Cartoes e Terminais Ltda. Av. Nossa Senhora da Boa Esperanca Pinhais Parana Brazil (P) Paulo Moreira (S) Jose Luiz Pellegrini Card manufacture Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

90 Latin America and the Caribbean Region Gemalto do Brazil Cartoes e Terminais Ltda. Rua Bahia, 277 Barueri Sao Paulo Brazil (P) Paulo Moreira (S) Sro Mitsuhashi General Plastic Corp S.A. Los Patos 2526 Capital Federal Buenos Aires Argentina 1283 (P) Eduardo Voloschin (S) Sergio Jose Giesecke & Devrient America Do Sul Industria E Comercio De Smart Cards S/A Estrada de Santa Isabel, Itaquaquecetuba Sao Paulo Brazil (P) Delfin dos Santos Ferreira Neto (S) Renato Laginestra Giesecke y Devrient de Mexico, S.A. de C.V. Av. Santa Rosa No. 11, Col. La Joya Ixtacala, Tlalneplantla de Baz CP Estado de Mexico Mexico (P) Rafael Oscos (S) Oscar Marquez Hogier Gartner Cia S/A Carrera 65 No Bogota, Cundinamarca Colombia (P) Alvaro Gartner Valencia (S) Carlos Gartner Card manufacture Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

91 Latin America and the Caribbean Region Informatica y Telecomunicaciones Av. Principal de Boleíta Norte c/ alle Moraima Edificio DRAZA Piso Caracas Venezuela (P) Claret Ortiz (S) Margarita Rodriguez Intelcav Cartoes Ltda. Alameda Caiapos, Barueri Sao Paulo Brazil (P) Gerson Alvares Perez (S) Maria Cecilia Loverro Intelcav Cartoes Ltda. Rua Irmao Gabriel Leao, Getulio Vargas Rio Gre do Sul Brazil (P) Jorge Tamajusuku (S) Eduardo Kaplan Card manufacture Inteligensa S.A de C.V. Num. 151, San Andres Atoto Mexico City Naucalpan De Juarez Mexico (P) Luis Omar Pelcastre Cario (S) Carlos Alberto Avendano Morales Logikard C.A. PasajeTerranova Oe10-89 San Juan Alto de Cumbaya Quito P. Ecuador EC (P) Frank Nankervis (S) Marcelo Maldonado Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

92 Latin America and the Caribbean Region MC Cartoes Plasticos Ltda. Rua Castor, 51 - Galpao 4 Sao Paulo SP Brazil (P) Eduardo Tenguan (S) Renato Morandim Morpho Cards do Brasil S.A. Av. Independencia, Taubate Sao Paulo Brazil (P) Eliel Marcos R. Fonseca (S) Richard Marques Morpho de Colombia S.A.S. Avenida El Dorado No Bogota, Cundinamarca Colombia (P) Carlos Narvaez (S) Mario Ordonez Morpho Cards de Colombia S.A.S. Calle 29 Norte No. 6AN 40 Cali, Valle Colombia (P) Carlos Narvaez (S) Mario Ordoñez Morpho Cards de Colombia S.A.S. Cra. 42 Autopista Sur No. 85A 95 Autopista Itagui Medellin Colombia (P) Carlos Narvaez (S) Mario Ordonez ext Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

93 Latin America and the Caribbean Region Morpho Cards Mexico S.A. de C.V. Aztecas nº 23 Col. Santa Cruz Acatlá Naucalpan Mexico C.P (P) Eliel Fonseca (S) Hector Soval MyCard S.A. de C.V. Boutros #1 (El Sauz) Tequisquiapan Tequisquiapan Queretaro Mexico (P) Liliana Garcia Aguirre (S) Alejro Vázquez Newtech Solutions Group Centro Letonia, Torre ING- Bank Av. Principal de La Castellana Piso 15 Office Caracas Mira Venezuela (P) Rafael Pereyra (S) Albaro Larrazabal Oberthur Technologies De Mexico S. DE R.L. DE C.V. Anahuac 150B, Col. El Mirador C.P Mexico City Distrito Federal Mexico (P) Monica Morales (S) Leonardo Chong de los Palos Oberthur Technologies of Peru S.A. Carretera Central KM 17-5 Chaclacayo District Lima 8 Peru (P) Maribel Mejia (S) N/A Card manufacture N/A Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

94 Latin America and the Caribbean Region Oberthur Technologies Ltda. Diagonal 19D No Barrio Cundinamarca Bogota DC Colombia (P) Sra Villanueva (S) Marino Alfonso Pernia Guerrero Oberthur Technologies Sistemas de Cartões Ltda. Rua Soluçôes do Lar Street 370 Cotia, Sao Paulo Brazil (P) Luciano Toledo (S) Marlus Fida Operadora de Tarjetas de Crédito NEXUS S.A. Mac-Iver 440, Piso 15 Santiago Chile (P) Christian Cordoba (S) Nicolas Ortiz Castillo Procesos de Medios de Pago S.A. Porta 111-6th floor Miraflores Lima Peru L18 (P) Giovanni Zevallos (S) Cesar Molina TAG CADENA S.A.S. Carrera 50 N 97a Sur 150 La Estrella Antioquia Columbia (P) Jose Pablo Gil Echavarria (S) Luis Alfonso Villegas Aguilar Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

95 Latin America and the Caribbean Region Techvan Technologia em Cartoes e Crachas Ltda. Rua Arthur Lopes 218 Imbiribeira Recife Pernambuco Brazil (P) Ivo Giaretton (S) Claudio Vieira Thomas Greg & Sons Grafica e Servicos Ltda. Rua Gal. Bertoldo Klinger, 69/89/131 Sao Bernardo Do Campo Sao Paulo Brazil (P) Cleber Rodrigo Costa (S) Claro Pinheiro Policarpo Thomas Greg & Sons de Venezuela, C.A. EMA Avenida Florencio Jimenez c/calle 15 de Pueblo Nuevo Nro Barquisimeto Lara 3001 Venezuela (P) Leonardo Vega (S) Moises Diaz Total System de Mexico, S.A. de C.V. Parque Industrial Toluca 2000 Av. Central Manzana 2 Lote II Toluca, Edo. Mexico (P) Francisco Tamayo Romero (S) Joaquin Cordova N/A Card manufacture Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

96 Latin America and the Caribbean Region Unibanca S.A. Prolongacion Arenales 575 Miraflores Lima 18 Peru (P) Jorge Valdivia (S) Victor Rubio Chavez Vale Presente S.A. Alameda Arapoema 529 Barueri Sao Paulo Brazil (P) Marcelo Scarpa Rezende Leite (S) Robson Dantas Silva Valid Soluciones: E Servicos De Seguranca Em Meios De Pagamento E Identificacao S.A. Calle Jose C. Paz 3640 C1437IPQ Capital Federal Buenos Aires Argentina (P) Daniel Futej (S) Pablo Heller Valid Soluciones: E Servicos De Seguranca Em Meios De Pagamento E Identificacao S.A. Estrada do Ingai, 200 Campo do Grupe Aldeia da Serra Barueri Sao Paulo Brazil (P) Daniel Impieri (S) Rogério Pereira N/A Chip personalization Card manufacture Valid Solucoes E Servicos De Seguranca Em Meios De Pagamento E Identificacao S.A. Rua Laura Maiello Kook, Card manufacture Sorocaba Sao Paulo Brazil (P) Sueli A. Uliana (S) Valdir Ribeiro September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

97 South Asia/Middle East/Africa Region Advanced Smart Card Co. Lot 13/C, Second Industrial Zone 6 of October City Giza Egypt (P) Dr. Hany Mohamed Assal (S) Mohamed Desouky Card manufacture Altech West Africa Limited 1, Ilupeju By pass, Ilupeju Lagos Nigeria (P) Mike Hooper (S) Sola Bajomo Arab Financial Company B.S.C. AFS Tower Tarfa Bin Al Abd Avenue Bldg. 155, Road 2004 Al Hoora 320 Manama Kingdom of Bahrain 2152 (P) Kunal Taneja (S) Neil Pavis Arab Financial Company B.S.C. (c) Bldg. 928, Road 431 Flat Jannusan 504, Budaiya Highway Manama (Jannasan) Kingdom of Bahrain (P) Kunal Taneja (S) Neil Pavis Berkeley Cupola Nigeria Ltd. 6B Akwuzu Street Lekki Phase 1 Lekki, Lagos Nigeria (P) Tunde Kilaso (S) Tajudeen Salaudeen N/A Disaster recovery Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

98 South Asia/Middle East/Africa Region Cleopatra Silicon Valley Area A1A Third Industrial Area 10 th of Ramadan Egypt (P) Mohammed Halawa (S) Safaa Abdelwahed Behairy CMS Info Systems Pvt. Ltd. Plot No. 3, Sector 19E Vashi New Mumbai Maharashtra India (P) Mokam Singh (S) Sudev Muthya ColorPlast Systems Pvt Ltd. C-08 Sector 65 Noida Uttar Pradesh India (P) Aseem Batra (S) Ayush Batra Cupola Plastics Cards Limited PO Box 17349, Plot No. MO-0142 Jebel Ali Free Zone Dubai United Arab Emirates (P) Biju Thomas (S) Muzaffar Khckhar De la Rue Currency Security Print Limited Ruaraka, Off Thika Road Nordin Road PO Box Nairobi Kenya (P) Amos Ngomo (S) Fatuma Ali Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

99 South Asia/Middle East/Africa Region Dz Card (India) Pvt. Ltd. Plot No , EHTP Sector 34 Gurgaon Haryana India (P) Shailesh Patel (S) Soumya Ranjan Biswal ECS Limited Maasai Rd. Nairobi Kenya (P) rew Kimani (S) Grace Njuguna Electronic Document Center L.L.C. Karama Central Post Office Bldg. P.O. Box 50000, Dubai United Arab Emirates (P) Abdulla Malhammadi (S) Anwar Yousuf Electronic Payplus Limited KM 34, Lekki- Epe Expressway, Lakowe Ibeju-Lekki Lagos Nigeria (P) Bayo Adeokun (S) Abdul Adejoh EMP Middle East Abdeiraheem Alwaked St. Shmisani Building #43 Amman PO Box Jordan (P) Ahmed Al-Hamami (S) Eng. Adel Azmi N/A Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

100 South Asia/Middle East/Africa Region Finatech N 9, lot 92 Zone Industrielle Taoufik Bouskoura Casablanca Morocco (P) Abdelouahed Megoussi (S) Nawal Zennouhi Future Card Industries LLC Industrial Area 13 PO Box Sharjah United Arab Emirates (P) Ayhan Yalcintas (S) BalasujaI Velayutha Raja Gemalto Southern Africa Pty Ltd. 13 Friesl Avenue Long Meadow Business Park Modderfontein South Africa (P) Clinton Morrison (S) Nico Van Den Heever Card manufacture Giesecke & Devrient India Pvt. Ltd N/A Plot No. 118, Neelangarvai Village Perungudi Industrial Estate Thomas Mount Panchayat Union Tambaram Talkuk Chennai, Tamil Nadu India (P) Colin Mayne (S) Gurpal Singh Global Payment Road 383, Block 316, Building 128 Manama Kingdom of Bahrain 2110 (P) Ali Arab (S) Ebrahim Amin September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

101 South Asia/Middle East/Africa Region Golden Chip Company 42 St. 2nd Industrial City PO Box 809 Dammam Kingdom of Saudi Arabia (P) Adel AlJabr (S) Ala Al-Deek Gulf Printing Products Manufacturers Factory (GEPCOM) PO Box nd Industrial City Riyadh Kingdom of Saudi Arabia (P) Ahmed Taleb Abed (S) Abdullah Abed Inkript Cards sal Bldg. 7, Str. 12, Sector 1 Bshamoun Industrial Zone Beirut Lebanon 13/5592 (P) Joanna Maouad (S) Ali Mehio Inlays India Pvt. Ltd. Plot 60-61, NSEZ, Phase II Dadri Road Noida, Uttar Pradesh India (P) Jerome Bouvard (S) Kuldeep Luthra Card manufacture Card manufacture Card manufacture Partial manufacture International Smart Card Factory Company Building No. 84/45 King Fahad Rd. Al-Aqeeq Riyadh Kingdom of Saudi Arabia (P) Mansoor Ali (S) John Alissi ext Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

102 South Asia/Middle East/Africa Region Jeraisy Group Cardtec Factory Industrial District 2 PO Box 477 Riyadh Kingdom of Saudi Arabia (P) Khalil Kassas (S) Asem Zaidan M-Tech Innovations Ltd. Plot No. P-1/2, Rajiv Ghi Infotech Park Phase - I, Hinjewadi Mulshi, Dist. Pune Pune Maharashtra India (P) Kapil R.Ghi (S) VM Ghi Madras Security Printers Private Limited 72, Thiruvottiyur High Road Tamil Nadu Chennai India (P) P. Rajah Sunder Singh (S) P. Sam Prasad Masria Card Aziz Sedqy Compound, Dawar Al Ashir, Third Industrial Zone 10th of Ramadan Industrial City Cairo Egypt (P) Rana Nafie (S) Amr Rashad Card manufacture Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

103 South Asia/Middle East/Africa Region MCT Cards & Technology Pvt. Ltd. Property on Plot No.22, Survey 433/1, Shivalli Village Industrial Area Karnataka State Manipal India (P) Girish Kini (S) Sairam R Bhat MCT Cards & Technology Pvt. Ltd. D197 DTC Industrial Area MIDC Turbhe Maharashtra State Navi Mumbai India (P) Girish Kini (S) Sairam R Bhat Obernet International LLC Al Wasel Road Jumeirah Dubai 4487 United Arab Emirates (P) Muhammad Arsalan (S) Mehmet Ascioglu Oberthur Technologies India Private Limited A-201, Sector 63 Noida Gautam Budh Nagar India (P) Atul Jain (S) Pankaj Gupta Oberthur Technologies India Private Limited Atos Plot No 38-A1, Doddanekkundi Indl Area II Phase, Bengaluru Mahadevapura India (P) Adinarayana Venkatesh (S) Pankaj GuptaYogesh Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

104 South Asia/Middle East/Africa Region Oberthur Technologies South Africa (Pty) Ltd. 10 Cleveland Road Johannesburg (Cleveland) South Africa 2094 (P) Hennie Du Plessis (S) Linda Scheepers Payment Exchange International (a.k.a. Payment Express Ltd.) (PEX) 45 Cyber City, c/o MINDSPACE Ebene Mauritius (P) Umesh Keetharuth (S) Chitra Gunnoo Plastic Card s Manufacturing Company Ltd. Street 415, Jeddah Industrial City Phase 4 P.O. Box :2824 Jeddah, Western Kingdom of Saudi Arabia (P) Wael Al-Hashah (S) Ruben P. Villarosa PT Gemalto Smart Cards Suit 105E & 106E, Building E Mulia Business Park Jl. M.T. Haryono Kav Jakarta Indonesia (P) Aulia Primana (S) Chue Fook Wah PT Giesecke & Devrient Indonesia Jalan Kapuk Kamal No. 45 Jakarta Indonesia (P) Akhmad Fadlilah (S) Clifford Lim Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

105 South Asia/Middle East/Africa Region PT Jasuindo Tiga Perkasa TBK Lingkar Timur Desa Banjarsari Kecamatan Buduran Sidoarjo Jawa Timur Indonesia (P) Allan Wibisono (S) Freddy Samuel PT Jaya Smart Technology Jl. Raya Kapuk Kamal No. 45 Jakarta Utara Indonesia (P) Irma Halim (S) Fitria Susilo Card manufacture Card manufacture PT Oberthur Technologies Indonesia Soewarna Annex Building, Soewarna Business Park, Block G Lot 3, Soekarno Hatta International Airport Jakarta Indonesia (P) Winarja Wahyudi (S) Frans Mesona Hulu PT Wahyu Kartumasindo International Jalan.Beringin Blok F-12, No.3 Delta Silicon II Lippo Cikarang (Jakarta) West Java Indonesia (P) Windarto Hadi Saputro (S) Lia Yuliana Secure ID Limited Plot K9 Apapa Oshodi Express Way Iyana Isolo 234 Lagos Nigeria (P) Kofo Akinkugbe (S) Fola Olusanya Card manufacture N/A Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

106 South Asia/Middle East/Africa Region Société Maghrébine de Monétique Parc Industriel CFCIM de Bouskoura Lot No. 17 et 18 Casablanca (Bouskoura) Morocco (P) Karim Azzaoui (S) Abdelftah Bakry Syscom Corporation Ltd. DBA Morpho Plot No & , NSEZPhase-II Dadri Road Noida Uttar Pradesh India (P) Jerome Bouvard (S) Rajan Misra Unified Payment Ltd. #3 Idowu Taylor Street Victoria Isl, Lagos Nigeria (P) Ben Edafiadjebre (S) Miriam Imevbore United Plastic Cards Co. UniCard Makkah Street PO Box 4735 Second Industrial City Damman Al-Khobar Kingdom of Saudi Arabia (P) Sami Nassar (S) Mohammed Shakeel Ahmed United Tectsa # , Gonde Dumala Igatpuri Taluka Nashik Maharashtra India (P) Suraj Jhawar (S) Akash Agarwal Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

107 South Asia/Middle East/Africa Region Universal Cards Company 2nd Industrial City PO Box 297 Riyadh Kingdom of Saudi Arabia (P) Abdullah Abed (S) Ariel Rodolfo S. Enchanes Versatile Card Technology Private Ltd. AC 21, IV Main Road SIDCO Industrial Estate Thirumudivakkam, Chennai Tamil Nadu India (P) Pethi T. Sarguru (S) V Sankar Xantium Integrated Solutions (Pty) Ltd. 22 Yaron Avenue, Lea Glen Florida, Roodepoort Johannesburg 1710, Gauteng South Africa (P) Graham Beck (S) Anthony Roux Card manufacture Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

108 U.S. Region ABnote 225 Rivermoor Street Boston, MA (P) Brian Gilbert (S) Lynne McDevitt Archway Marketing & South Diamond Lake Road Rogers, MN (P) Steve Peterson (S) Cyndi Eckart Arroweye Solutions Inc Commercial Way, Suite 100 Henderson, NV (P) Brian Huse (S) Yvonne Gomez CompoSecure, LLC 500 Memorial Drive Somerset, NJ (P) Michele Logan (S) Mary Levitsky CPI Card Group Colorado, Inc W. Centennial Road Littleton, CO (P) Mary Martinez (S) Tim Enright Card manufacture Card fulfillment Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

109 U.S. Region CPI Card Group Indiana, Inc. 613 High Street PO Box Fort Wayne, IN (P) David Rambo (S) Craig Keller Card manufacture CPI Card Group Minnesota, Inc. Plant: 1975 County Rd. B2 Roseville, MN (P) Jeff Levenhagen (S) Chris Erickson Plant: 2430 Prior Avenue Roseville, MN (P) Jeff Levenhagen (S) Chris Erickson Card manufacture Dynamics Inc. 493 Nixon Road Cheswick, PA (P) Jeff Mullen (S) Dale West EFT Source, Inc. 556 Metroplex Drive Nashville, TN (P) William S. Dinker (S) rew Klein Fidelity National Information 1165 Arbor Drive Romeoville, IL (P) Doug Bardolph (S) Robert Stoll Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

110 U.S. Region Fidelity National Information, Inc. (FIS) Roosevelt Boulevard, TA58 St. Petersburg, FL (P) Douglas Bardolph (S) Robert Stoll Fidelity National Information, Inc. (FIS) 8151 Interchange Parkway San Antonio, TX (P) Douglas Bardolph (S) Robert Stoll First Data Resources 7007 N. 97th Circle Omaha, NE (P) Bill Larson (S) Mark Brooks First Data Resources, LLC 240 North Roosevelt Avenue Chandler, AZ (P) Mark Brooks (S) Greg DiGregorio First Data Resources 1449 Kristina Way Cheasapeake, VA (P) Bill Larson (S) Michael Marushia Fiserv Output Solutions St. Paul 1880 Park View Drive Suite 100 Shoreview, MN (P) Teena Ramberg (S) Brett Humphrey Mobile provisioning Mobile provisioning September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

111 U.S. Region Fiserv Solutions, Inc. 575 Brick Church Park Drive Nashville, TN (P) Robert Stonehill (S) Steve Knapp Fiserv Solutions, Inc Directors Row Indianapolis, IN (P) Jerry Carson (S) Kevin Wachtel Gemalto, Inc. 101 Park Drive Montgomeryville, PA (P) Robert Addlesberger (S) Patrice Arrondeau Gemalto, Inc FAA Blvd. Fort Worth, TX (P) Chrasekaran Chinnasamy (S) Jeff D Maddox Giesecke Devrient America, Inc Enterprise Parkway Twinsburg, OH (P) Paul Grospitch (S) Rob Reh InComm Inc. 79 W Street, Suite 25 Murray, UT (P) Nick Roberts (S) Greg McKinley Card manufacture Card manufacture Mobile provisioning Card manufacture Card fulfillment Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

112 U.S. Region Integrated Printing Solutions, Inc South Fulton Street, Suite 100 Centennial, CO (P) Elizabeth Stoller (S) John Benjamin Marketing Advertising Promotions, Inc. 3-4 Edison Place Fairfield, NJ (P) Anthony Sousa (S) Jenny Narciso MT&L Card Products Fulfillment 2911 Kraft Drive Nashville, TN (P) Michael Hale (S) Adam Wittekind Oberthur Technologies of America Corp. Oakls Corporate Center 523 James Hance Court Exton, PA (P) Albert Muccilli (S) Mike Murphy Oberthur Technologies of America Corp Pleasant Valley Road Chantilly, VA (P) Ken Abner (S) Allen Thomsen Card fulfillment Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

113 U.S. Region Oberthur Technologies of America Corp East Ana Street Rancho Dominguez, CA (P) James Peterson (S) Mike Murphy ODW Logistics Inc Williams Road Columbus,OH (P) Larry Ltiser (S) Jeff Clark Card fulfillment Omni Prepaid, LLC 495 Mansfield Avenue Pittsburgh, PA (P) Chris Billiar (S) Christi Caperton x Perfect Plastic Printing Corp. 345 Kautz Road St. Charles, IL (P) Carl Velenti (S) Dave Maresca Shoreline Business Solutions, Inc. 275 Circuit Drive North Kingstown, RI (P) Dwayne Goulding (S) Patricia Angell SK C&C, Inc. 375 Riverside Parkway, S150 Lithia Springs, GA (P) Michael Nelson (S) Jun Hong Card manufacture Mobile provisioning Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

114 U.S. Region Source One Direct 1800 B Northeast Expressway Atlanta, GA (P) Roy Wilkinson (S) John Scarborough TecniCard Inc Coral Way Suite 800 Miami, FL (P) Carlos Lopez (S) Oscar Galvez Total System Inc Stonemill Drive B200 Columbus, GA (P) Will Allred (S) Todd Brenburg Valid NJ 800 Montrose Avenue, CN 1037 South Plainfield, NJ (P) Frank Bottazzi (S) Higrio Carvalho Valid 5200 Thatcher Road Downers Grove, IL (P) Nikola Kirov (S) Push Venkitasamy Valid, Inc Butterfield Road Downers Grove, IL (P) Suresh Kumar (S) Douglas Henk Card manufacture Card manufacture Card manufacture September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

115 U.S. Region Vantiv, LLC 5001 Kingsley Drive Cincinnati, OH (P) Jill Fallon (S) Christy Lutterbie Western Graphics & Data SE Foster Road Portl, OR (P) Scott Mitton (S) Kevin Christensen Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

116 Vendor Agents The following pages contain an alphabetical listing of vendor agents. A vendor agent performs sales and marketing support services on behalf of a certified vendor. The sales agent is not authorized to manipulate cards in any manner. All card production and shipping services are performed by the certified vendor at a facility that complies with MasterCard card production security requirements. Agent Name and Address Contact Associated Vendor Allcard Plastics Philippines, Inc. #48/F, One San Miguel Condominium Pasig City Philippines Asseco Ulica grada Vukovara 269 D Zagreb Croatia Roy C. Chua Allieta C. Cue Igor Grzalija Kerry Loftus Gemalto Pte Ltd Nagra ID Avanza, Inc. Suite 1201, 12/F, 139 Corporate Centre 139 Valero Street Salcedo Village Makati City Philippines 1227 CTS-Caliber Solution Co., Ltd Metchem Building 2 Perez Street, Ermita 100 Hguyen Luong Bang Boulevard District 7 Ho Chi Minh City Vietnam Rajini B. Romero Eastcompeace Technology Co., Ltd. Anne Bui Eastcompeace Technology Co., Ltd. Direct Risk Management LLC Von Karman Avenue 4th Floor Irvine, CA Joesph Baggio Glenn Sieja Nagra ID September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

117 Agent Name and Address Contact Associated Vendor EastCom Peace Mexico SA De CV Amores 1221 DEP 401 Col. Del Valle Benito Juarez Mexico Risto Peng David Liu Taiwan Name Plate Co. Ltd. Elatec Vertriebs GmbH Hans-Pinsel-Str. 10b Haar Germany Benedikt Keisten Eastcompeace Technology Co. Ltd. FIS Organization AG Muhlemattsstrasse 8 Lucerne Switzerland 6004 Foreign Enterprise ATB-LIT Kozlova Str. 27A Minsk Belarus Gemini Exchange International Inc. 43 Visayas Avenue Brgy. Vasra Quezon City Philippines 1128 Alain Favre Jean-Pierre Bucher Shangin Sergey Zykov Sergei Regulus Casareo Raymond Escutin Nagra ID Polska Wytwornia Papierow Wartosciowych S.A Huangshi G&D Wa Security Card Ltd. Ghirla Smart Card Solutions SpA Via Ferraris 80/90 Marcallo Italy Flaviano Modini Ghirla Cards Srl Socio Unico Giesecke & Devrient Asia Pte Ltd. 123 Genting Lane #04-01 Yenom Industrial Building Singapore Ooi Boon Kheng Wee Chee Chong Huangshi G&D Wa Security Card Ltd. Giesecke & Devrient FZE Office # G16 6WB Dubai Airport Freezone PO Box United Arab Emirates Ahmed Assem Iman Ali Huangshi G&D Wa Security Card Ltd. Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

118 Agent Name and Address Contact Associated Vendor Giesecke & Devrient India Pvt. Ltd. Tower D, 5th Floor, Global Business Park MG Road Gurgaon Gurgaon India Gurpal Singh Naresh Rao Huangshi G&D Wa Security Card Ltd. Giesecke & Devrient Italia SRL Via Tommaso Da Cazzaniga, 6 Milano Italy Giesecke & Devrient Southern Africa (Pty) Ltd. Office Park, 100 Northern Parkway, Ormonde Private Bag X20 Southdale Johannesburg South Africa 2135 Global Wave Solutions Sdh. Bhd A Shamelin Business Center Jaln 4/91 Taman Shamelin Perkasa Kuala Lumpur Malaysia GyD Latinoamericana SA Juncal Piso Buenos Aires Argentina C1425AYV Identitech N2 Ltd. Level 1, 240 Jackson Street Petone Lower Hutt New Zealand 5046 Inpas Company, Ltd. 72, Oktyabrskaya str. Moscow Russia IQcard LLC 68/70 Butyrskiy Val. Bld. 9 Moscow Russia Lorenzo Rivaro Stefania Basile Jeanie Erickson reas Luginger KK Tan Angel Ng Agustina Marnotes Mariana Sobrero Wayne Stemp Chris West Ilya Korobov Alexey Kryukovkskiy rey Antipov Yulia Vasina Huangshi G&D Wa Security Card Ltd. Giesecke & Devrient GmbH Giesecke & Devrient GmbH Huangshi G&D Wa Security Card Ltd Taiwan Name Plate Co. Ltd Giesecke y Devrient de Mexico, S.A. de C.V. Intelcav Cartoes Ltda Giesecke & Devrient Australasia Pty Ltd ooo Alioth ooo Alioth September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

119 Agent Name and Address Contact Associated Vendor Ireth SRL Via Genovesi 19 Torino Italy Sabrina Francesconi Walter Summonte Beautiful Card Corporation JP Sistech Pte Ltd. 10 Anson Road #21-02 Singapore Arthur Pok Jing King Technology Holdings Ltd. Lake House Printers Publishers Tony Johnpillai Plc. Arul Jothy No. 41 W AD Ramanayake Mawatha Colombo 2 Sri Lanka MCT Cards & Technology Pvt. Ltd. Macaluso Group LLC, The 271 Route 46 West Suite D103 Fairfield, NJ Joseph D. Macaluso Jo Ann Joseph Marketing Advertising Promotions, Inc. Metchem Industrial Inc Metchem Building 2 Perez Street, Ermita Manila Philippines 1000 Morpho Cards Singapore Pte. Ltd. 21 Media Circle #06-08 Infinite Studios Singapore N/A Eastcompeace Technology Co. Ltd. Fiona Tan-Charlton Syscom Corporation Ltd. DBA Morpho NCR Global Holdings Limited PO Box Plot MO 265 Jebel Ali Freezone United Arab Emirates Newmen Company Limited 51/31 Ramindra Road Bangkok Thailand Ostcard (Ostpack Group) 65, Profsoyuznaya Street Moscow Russian Federation Seep Thapar Sitaraman Laxman April F. Paraguison Prasit Nilket Dmitry Rastanin Semen Davydov Taiwan Name Plate Co. Ltd Eastcompeace Technology Co. Ltd Oren-Kart Ltd. Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

120 Agent Name and Address Contact Associated Vendor Ostpack T Profsoyuznaya str. Bld. 65 Moscow Russian Federation Kiselev Alexr ooo Alioth Borisoglebskaya Marina PT Giesecke & Devrient Indonesia Intil Tower 9th Floor Jl. Jendral Sudirman 32 Jakarta Indonesia PT Jaya Smart Technology Jl. Kapuk Kamal No. 45 Jakarta Indonesia Rosan Asia Kazibek bi str. Bld. 117 of 503 Almaty Kazakhstan RUE (Cryptotech) of Department of the State Signs 32a, Sverdlova Street Minsk Belarus Shanghai Axalto IC Card Technologies Co., Ltd. No Jin Hu Road Shanghai China Ignatius Triharsanto Rama Subbiah Irma Halim Darson Lim Daniyar Baibatshayez Mariya Bogomolva Elena G. Gubareva Aleksr Tkach Chua Fook Wah Kevin Liu Huangshi G&D Wa Security Card Ltd Huangshi G&D Wa Security Card Ltd Rosan Finance Polska Wytwornia Papierow Wartosciowych S.A Gemalto Pte Ltd. Smart Communications 6799 Ayala Ave. Makati City Philippines 1226 Smart Creative 10F, Pearson B/D Shinmoon-ro 2ga Seoul South Korea Symantec Corporation 350 Ellis St. Mountain View, CA Romeao Caliwan Sebastian Arceo Kang Hee Jun Jo Jin Beum Gemalto Pte Ltd. Singapore Eastcompeace Technology Co., Ltd Beautiful Card Corporation Jeff Burstein Nagra ID September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

121 Agent Name and Address Contact Associated Vendor Syscom Corporation Limited 714 Raheja Chambers 213 Naiman Point Mumbai India Rajan Misra Jing King Technology Holdings Ltd. Tecnocomputacion 3000 S.A. Centro Parque Boyaca Piso 16 office 161 Urbanizacion los dos Caminos Mira Mexico 1071 Technomedia Ltd. 230 New Elephant Road Rajamondi Dhaka Dhaka Bangladesh 1205 Unipay Intelligence 2 Rue Jean Rost Orsay Cedex France Gabriel Sternberg Daniel Sternberg Prokash Roy Chowdhury Joshoda Jibon Deb Nath Jean-Charles Renaud Philippe Blot Giesecke y Devrient de Mexico, S.A. de C.V Taiwan Name Plate Co. Ltd NagraID Security SA Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

122 Vendors (Certified) by Country The following pages contain a listing of vendors grouped by region and sorted by country. These tables provide only the names of certified vendors in specific countries. For detailed information about each vendor, refer to the previous section. Asia/Pacific Region Country Australia Australia Australia Australia Australia Australia China China China China China China China China China China China China China China China China China China Vendor Name Abnote (Australasia) Pty. Ltd. Abnote NZ Ltd. Gemalto PTY Ltd. Giesecke & Devrient Australasia Pty Ltd. Oberthur Technologies Australia Pty Ltd. Placard Pty. Ltd. Beijing Datang Smartcard Technology Co., Ltd. Beijing Watchdata System Co. Ltd. Eastcompeace Technology Co. Ltd. Fujian Hongbo Printing Shares Co., Ltd. Giesecke & Devrient (China) Information Technologies Co., Ltd. Goldpac Secur-Card Ltd. Guangdong Chutian Dragon Smart Card Co., Ltd. Hengbao Co. Ltd. Huangshi G&D Wa Security Card Ltd. Jiangxi G&D Chip Card Systems Co. Ltd. Jing King Weder Technology Company Ltd. (Plant) Oberthur Card Systems Science Technology (Shenzhen) Co., Ltd. Qingdao Rongjia Security Printing Co., Ltd. Shanghai Axalto IC Card Technologies Co. Ltd. Shanghai Oriental Magnetic Card Engineering Co. Ltd. Shanghai Pu Jiang Smart Card Systems Co. Ltd. ShenZhen Einolda Smart Card Manufacturing Co. Ltd. Shenzhen Takcere Credit Card Manufacturing Ltd September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

123 Asia/Pacific Region Country China China China China China Hong Kong Hong Kong Japan Japan Japan Japan Japan Japan Japan Korea Korea Korea Korea Korea Korea Korea Malaysia Malaysia Malaysia Malaysia Malaysia Malaysia Malaysia New Zealand Vendor Name Silone Cardtech Co., Ltd. Tianjin Global Magnetic Card Co. Ltd. TungKong Inc. Wuhan Tianyu Information Industry Co., Ltd. Zhongchao Credit Card Industry Development Co. Ltd. Jing King Technology Holdings Ltd. (Office) Toppan Forms Card Technologies Ltd. Dai Nippon Printing Co. Ltd. Hitachi Maxell, Ltd. Kyodo Printing Co. Ltd. Natec Incorporated Nihonboueki Printing Co., Ltd. Shoei Printing Co. Ltd. Toppan Communication Products Co. Ltd. Biosmart Co., Ltd. ICK Co., Ltd. KONA C Co., Ltd. KONA M Co., Ltd. Oberthur Technologies Korea Inc. Omnisystem Co., Ltd. YBL Co. Ltd. Asia Pacific Card System Sdn. Bhd. Asia Smart Cards Centre (M) Sdn. Bhd. Cassis Sdn. Bhd. DataSonic Corporation Sdn. Bhd. Dz Card (Malaysia) Sdn. Bhd. Gemalto Sdn. Bhd. IRIS Corporation Berhad Abnote NZ Limited Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

124 Asia/Pacific Region Country Philippines Philippines Philippines Philippines Singapore Singapore Singapore South Korea Taiwan Taiwan Taiwan Taiwan Taiwan Taiwan Thailand Thailand Thailand Thailand Vietnam Vendor Name Allcard Plastics Philippines, Inc. Dz Card (Philippines) Inc. Gemalto Philippines Inc. Oberthur Technologies (Philippines) Inc. Gemalto Pte Ltd. Network for Electronic Transfers (Singapore) Pte Ltd. Watchdata Technologies Pte Ltd. Ubivelox Beautiful Card Corporation Foong Tone Technology Co., Ltd. Gemalto Taiwan Ltd. Taiwan Name Plate Co. Ltd. TECO Smart Technologies Co. Ltd. Telecommunication Laboratories Chunghwa Telecom Co., Ltd. Chan Wanich Security Printing Company Ltd. Data Products Toppan Forms Ltd. Dz Card (Thailand) Ltd. Thai British Security Printing Public Co. Ltd. MK Smart Joint Stock Company September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

125 Canada Region Country Canada Canada Canada Canada Canada Canada Canada Vendor Name Archway Marketing CPI Card Group Canada, Inc. Gemalto Canada Inc. Giesecke & Devrient Systems Canada Inc. Giesecke & Devrient Systems Inc. Oberthur Technologies of Canada Synergex Logistics Europe Region Country Andorra, Principality Austria Austria Azerbaijan Azerbaijan Belgium Bosnia & Herzegovina Bulgaria Croatia Croatia Cyprus Czech Republic Czech Republic Czech Republic Czech Republic Denmark Vendor Name Tag Systems S.A. Austria Card Plastikkarten und Ausweissysteme Ges. GmbH Austria Card SRL Azericard Ltd. Millikart Limited Liability Company (LLC) Giesecke & Devrient N.V. BamCard Borica Bankservice AD Agencija za Komercijalnu Djelatnost d.o.o Intesa SanPaolo Card JCC Payment Systems Ltd. Global Payments Europe, s.r.o. Monet+, Corp. Morpho Cards Czech s.r.o. Oberthur Technologies Czech Republic Dz Card (Denmark) A/S Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

126 Europe Region Country Denmark Estonia Finland Finland Finland France France France France France France France Germany Germany Germany Germany Germany Germany Germany Germany Germany Germany Germany Germany Germany Greece Greece Hungary Hungary Vendor Name Gemalto Denmark Trub Baltic AS Gemalto Oy Oberthur Technologies Finl Oy Tag Systems Finl Oy Cedicam CPS Technologies Euro P3C Gemalto S.A. Multimedia Business Oberthur Technologies S.A. SELP-SECURE SAS CF Card Factory GmbH Comcard GmbH Exceet Card AG EPC Electronic Payment Cards GmbH First Data DBA First Data Global & FDR Limited Gemalto GmbH Giesecke & Devrient GmbH Giesecke & Devrient 3S GmbH Morpho Cards GmbH Raiffeisendruckerei GmbH Schreiner Group GmbH & Co. KG Swiss Post Solutions GmbH TC&S Technologies Cards & GmbH First Data Hellas S.A. Inform Processing Lykos S.A. Any Biz Tonsagi Nyomda Nyrt. Multicard Ltd September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

127 Europe Region Country Hungary Hungary Italy Italy Italy Italy Italy Italy Italy Italy Italy Italy Italy Kosovo Latvia Macedonia, Republic of Netherlands Netherlands Netherlands Netherlands Norway Norway Poland Poland Poland Poland Poland Poland Poland Vendor Name Oberthur Technologies kft. OTP Card Factory Ltd. Compunet Cards s.r.l. Gemalto Cards SRL Gemalto Systems & Cards SRL Intelicard SRL Mega Network SRL Metalplex S.p.A. MFGroup SPA Oberthur Technologies Italia SRL Sigma Schede Srl Sinergia Sistema Di Servizi Scarl ST Microelectronics SRL Quipu Shpk Tag Systems Finl OY International Card System AD Exceet Card Nederland Morpho BV Oberthur Technologies The Netherlands B.V. Rabobank Nederl Evry Card AS Oberthur Technologies Norway A.S. Austria Card Polska SP. Zoo Bank Zachodni WBK S.A. Centrum Kart S.A.. Elkart Sp.z.o.o. First Data Polska SA Gemalto Sp. z o.o. Oberthur Technologies Poland Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

128 Europe Region Country Poland Poland Poland Portugal Portugal Portugal Romania Romania Romania Romania Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Russian Federation Serbia Serbia Slovakia Vendor Name Polska Wytwornia Papierow Wartosciowych S.A. Tag Systems Sp. z.o.o. Trevica S.A. Contiforme Soluçoes Graficas Integradas S.A. Imprensa Nacional Casa da Moeda S.A. (INCM) SIBS Cartoes, Produçao e Processamento de Cartoes S.A. Oberthur Technologies Romania SRL Pay Net SRL Provus Service Provider S.A. Smart Paynetwork S.A. Dzetta Processing Center Federal State Unitary Enterprise (Goznak) Gemalto LLC Moscow JSC Novacard MultiCarta Ltd. National Credit Cards (CJSC) OK Processing Ltd. ooo Alioth Oren-Kart Ltd. Orga Zelenograd Smart Cards & Systems Perm Printing Factory of Goznak Rosan Finance Rosan SPb Sberbank of Russia Sitronics Smart Technologies, LLC United Card Service Grafocard d.o.o. National Bank, The Institute for Manufacturing Banknotes Coins Topcider First Data Slovakia a.s September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

129 Europe Region Country Slovakia Slovenia Spain Spain Spain Spain Spain Spain Spain Spain Spain Sweden Sweden Sweden Sweden Switzerland Switzerland Switzerland Turkey Turkey Turkey Turkey Turkey Turkey Ukraine Ukraine Ukraine United Kingdom Vendor Name Giesecke & Devrient Slovakia s.r.o. Ltd. Cetis, Graphic & Documentation Fabrica Nacional de Moneda y Timbre Gemalto SP S.A. GyD Iberica Unipersonal S.A. Info Direct Barcelona 2003 s.l. Intaremit S.A. Oberthur Technologies Iberica S.A.S.U. S.A.E.T.I.C., S.A. Sistemas y Tratamientos Tecnicos S.A. (STT) Tag Systems Smart Solutions, S.L. Evry Card AB Gemalto AB MegaCard Nordic AB Oberthur Technologies Sweden AB NagraID SA NagraID Security SA Trub AG Bankalararasi Kart Merkezi (BKM A.S.) Bilesim A.S. E-Kart Electronik Kart Sistemleri San. Ve Tic. A.S. Mapikart Tanitim Hizmetleri ve Dis Ticaret Ltd. PlastKart Akilli Kart Iletisim Sistemleri San ve Tic A.S. Provus Kart Hizmetleri A.S. Plastic Card Enterprise Limited Polly-Service Ltd. Znak, Ltd. Allpay Limited Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

130 Europe Region Country United Kingdom United Kingdom United Kingdom United Kingdom United Kingdom United Kingdom United Kingdom Vendor Name CPI Card Petersfield Ltd. Gemalto UK Ltd. Giesecke & Devrient GB Ltd. Nitecrest Ltd. Oberthur Techologies UK Ltd. Thames Card Technology Ltd. TNT UK Limited Latin America and the Caribbean Region Country Argentina Argentina Brazil Brazil Brazil Brazil Brazil Brazil Brazil Brazil Brazil Brazil Brazil Brazil Chile Chile Vendor Name General Plastic Corp S.A. Valid Soluciones: E Servicos De Seguranca Em Meios De Pagamento E Identificacao S.A. Editora Alterosa Ltda. Gemalto do Brazil Cartoes e Terminais Ltda. Gemplus Bank Note Giesecke & Devrient America Do Sul Industria E Comercio De Smart Cards S/A Intelcav Cartoes Ltda. MC Cartoes Plasticos Ltda. Morpho Cards do Brasil S.A. Oberthur Technologies Sistemas de Cartões Ltda. Techvan Technologia em Cartoes e Crachas Ltda. Thomas Greg & Sons Grafica e Servicos Ltda. Vale Presente S.A. Valid Soluciones: E Servicos De Seguranca Em Meios De Pagamento E Identificacao S.A. AMF Medios Transaccionales S.A. Operadora de Tarjetas de Crédito NEXUS S.A September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

131 Latin America and the Caribbean Region Country Colombia Colombia Colombia Colombia Colombia Ecuador Ecuador Mexico Mexico Mexico Mexico Mexico Mexico Mexico Paraguay Peru Peru Peru Uruguay Venezuela Venezuela Venezuela Vendor Name Dispapeles S.A. Hogier Gartner Cia S/A Morpho de Colombia S.A.S. Oberthur Technologies Ltda. TAG CADENA S.A.S. Credimatic S.A. Logikard C.A. Gemalto Mexico S.A. of C.V. Giesecke y Devrient de Mexico, S.A. de C.V. Inteligensa S.A de C.V. Morpho Cards Mexico S.A. de C.V. MyCard S.A. de C.V. Oberthur Technologies De Mexico S. DE R.L. DE C.V. Total System de Mexico, S.A. de C.V. Bancard, S.A. Oberthur Technologies of Peru S.A. Procesos de Medios de Pago S.A. Unibanca S.A. EMSA S.A. Informatica y Telecomunicaciones Newtech Solutions Group Centro Letonia, Torre ING-Bank Thomas Greg & Sons de Venezuela, C.A. EMA Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

132 South Asia/Middle East/Africa Region Country Bahrain, Kingdom of Bahrain, Kingdom of Egypt Egypt Egypt India India India India India India India India India India India India India Indonesia Indonesia Indonesia Indonesia Indonesia Indonesia Jordan Kenya Kenya Vendor Name Arab Financial Company B.S.C. Global Payment Advanced Smart Card Co. Cleopatra Silicon Valley Masria Card CMS Info Systems Pvt. Ltd. ColorPlast Systems Pvt Ltd. Dz Card (India) Pvt. Ltd. Giesecke & Devrient India Pvt. Ltd. Inlays India Pvt. Ltd. M-Tech Innovations Ltd. Madras Security Printers Private Limited MCT Cards & Technology Pvt. Ltd. Oberthur Technologies India Private Limited Oberthur Technologies India Private Limited Atos Syscom Corporation Ltd. DBA Morpho United Tectsa Versatile Card Technology Private Ltd. PT Gemalto Smart Cards PT Giesecke & Devrient Indonesia PT Jasuindo Tiga Perkasa TBK PT Jaya Smart Technology PT Oberthur Technologies Indonesia PT Wahyu Kartumasindo International EMP Middle East De la Rue Currency Security Print Limited ECS Limited September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

133 South Asia/Middle East/Africa Region Country Lebanon Mauritius Morocco Morocco Nigeria Nigeria Nigeria Nigeria Nigeria Saudi Arabia, Kingdom of Saudi Arabia, Kingdom of Saudi Arabia, Kingdom of Saudi Arabia, Kingdom of Saudi Arabia, Kingdom of Saudi Arabia, Kingdom of Saudi Arabia, Kingdom of South Africa South Africa South Africa United Arab Emirates United Arab Emirates United Arab Emirates United Arab Emirates Vendor Name Inkript Cards sal Payment Exchange International Finatech Société Maghrébine de Monétique Altech West Africa Limited Berkeley Cupola Nigeria Ltd. Electronic Payplus Limited Secure ID Limited Unified Payment Ltd. Golden Chip Company Gulf Printing Products Manufacturers Factory (GEMCO) International Smart Card Factory Company Jeraisy Group Cardtec Factory Plastic Card s Manufacturing Company Ltd. United Plastic Cards Co. UniCard Universal Cards Company Gemalto Southern Africa Pty Ltd. Oberthur Technologies South Africa (Pty) Ltd. Xantium Integrated Solutions (Pty) Ltd. Cupola Plastics Cards Limited Electronic Document Center L.L.C. Future Card Industries LLC Obernet International LLC Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

134 U.S. Region Country Vendor Name ABnote Archway Marketing Arroweye Solutions Inc. CompoSecure, LLC CPI Card Group Colorado, Inc. CPI Card Group Indiana, Inc. CPI Card Group Minnesota, Inc. Dynamics Inc. EFT Source, Inc. Fidelity National Information Fidelity National Information, Inc. (FIS) First Data Resources First Data Resources, LLC Fiserv Output Solutions St. Paul Fiserv Solutions, Inc. Gemalto, Inc. Giesecke Devrient America, Inc. InComm Inc. Integrated Printing Solutions, Inc. MT&L Card Products Fulfillment Oberthur Technologies of America Corp. ODW Logistics Inc. Omni Prepaid, LLC Perfect Plastic Printing Corp. Shoreline Business Solutions, Inc. SK C&C, Inc. Source One Direct September 2013 Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card)

135 U.S. Region Country Vendor Name TecniCard Inc. Total System Inc. Valid NJ Valid Valid, Inc. Vantiv, LLC Western Graphics & Data Certified Vendors (for Card Production of Any MasterCard, Maestro, or Cirrus Card) 13 September

136 September Acquirers No Longer Required to Accept Chargebacks MasterCard Global Merchant Audit Program (GMAP). September 2013 Global Security Bulletin - NO LONGER REQUIRED TO ACCEPT CHARGEBACKS Region Acquirer ID Acquirer Name Merchant Name Merchant City Merchant State Merchant Country Chargeback Start Date Chargeback End Date Month/ Year Added AP 7780 China Construction Bank HAERBINRONGXINXINGANLI HAERBIN CHN September 1, 2013 September 30, 2013 Aug-13 AP 7780 China Construction Bank SHU XIA CAN YIN SHANGHAI CHN September 1, 2013 September 30, 2013 Aug-13

137 September Global Merchant Audit Program (GMAP) Chargebacks MasterCard Global Merchant Audit Program (GMAP). September 2013 Global Security Bulletin - Accepting Chargebacks - (IPM) Reason 4849 Region Acquirer ID Acquirer Name Merchant Name Merchant City Merchant State Merchant Country Chargeback Start Date Chargeback End Date Month/ Year Added EUR BNP PARIBAS EDREAMS PARIS FRA February 1, 2013 July 31, 2013 Jan-13 EUR BNP PARIBAS BOUYGUESTELECOM NEUILLY S SEI FRA February 1, 2013 July 31, 2013 Jan-13 SAMEA 2176 Vijaya Bank RAGHUVIR PROVISION STO RAJKOT IND September 1, 2013 February 28, 2014 Aug-13 SAMEA ICICI Bank Limited EKART LOGISTICS-SANTAC MUMBAI IND September 1, 2013 February 28, 2014 Aug-13 Page 1 of 2

138 September Global Merchant Audit Program (GMAP) Chargebacks Chargeback Extend Date Jan-14 Jan-14 Page 2 of 2

139 Legal Notices Standards Trademarks Routing Revisions Proprietary Rights Disclaimer From time to time, the author of an article appearing in this Bulletin may attempt to describe, explain, clarify or otherwise elucidate upon a Rule or other Standard or revision thereof. No such description, explanation, clarification or other elucidation shall be deemed to be a Rule or other Standard nor be deemed to accurately describe, explain, clarify or otherwise elucidate upon a Rule or other Standard. In the event the Corporation, in its sole judgement, determines at any time there to be a conflict or discrepancy between a Rule or other Standard and any description, explanation, clarification or other elucidation thereof appearing in this Bulletin, the text of the Rule or other Standard shall be afforded precedence and the conflicting or discrepant description, explanation, clarification or other elucidation shall be deemed of no effect as if never published herein. Trademark notices and registration symbols used in this bulletin reflect the registration status of MasterCard trademarks in the United States. Please consult with the Customer Operations team or the MasterCard Law Department for the registration status of particular product, program, or service names outside the United States. All third-party product and service names are trademarks of their respective owners. MasterCard frequently recommends that persons having certain responsibilities read certain articles. Each customer is responsible for ensuring that it remains in compliance with MasterCard Standards at all times. Thus, it is the responsibility of each customer to determine who within its organization is afforded access to MasterCard information. In the event of a conflict between this document and a subsequently published edition, the subsequently published edition shall have precedence. The information contained in this document is proprietary and confidential to MasterCard International Incorporated, one or more of its affiliated entities (collectively MasterCard ), or both. This material may not be duplicated, published, or disclosed, in whole or in part, without the prior written permission of MasterCard. MasterCard makes no representations or warranties of any kind, express or implied, with respect to the contents of this document. Without limitation, MasterCard specifically disclaims all representations and warranties with respect to this document and any intellectual property rights subsisting therein or any part thereof, including but not limited to any and all implied warranties of title, non-infringement, or suitability for any purpose (whether or not MasterCard has been advised, has reason to know, or is otherwise in fact aware of any information) or achievement of any particular result. Without limitation, MasterCard specifically disclaims all representations and warranties that any practice or implementation of this document will not infringe any third party patents, copyrights, trade secrets or other rights. Legal Notices 1 Global Security Bulletin No. 9, 13 September MasterCard. Proprietary. All rights reserved.