Information securit਀茀 We use a variety of methods to keep our network secure and data safe. We also apply best practices that align with security industry standards for protecting personal information. Our policies safeguard the collection, use, and disclosure of that information. Data securit਀茀 As a global provider of payments and financial services technology solutions, one of our top priorities is protecting the security and confidentiality of consumers’ personal data and financial information. A昀昀irm maintains a data security program designed to be e昀昀ective at protecting sensitive data and resilient in responding to the cybersecurity threats਀㠀 Key components of A昀昀irm’s data security program include: Data Protectio਀砀 Physical Security and Resilienc਀茀 A昀昀irm uses industry-standard encryption A昀昀irm hosts its systems in state-of-the-art data both in transit on the internet and at rest centers that maintain strict controls around access, on our systems. redundancy, and environmental hazard protections. Threat Monitorin਀焀 A昀昀irm uses processes, tools and technologies to ensure the safety and integrity of A昀昀irm’s data and systems. Security monitoring includes detecting and responding to network intrusions as well as suspicious activity on our systems, such as unusual login attempts. Independent Assuranc਀漀 Application Securit਀茀 A昀昀irm engages trusted firms to conduct in-depth A昀昀irm designs its websites and applications with a focus third-party audits of our data security throughout the on consumer data security. Our developers continuously year against security control frameworks, including work to improve our code and review it regularly for flaws, NIST CSF, PCI DSS, and AICPA Trust Service Criteria; and we use web application firewalls to stop potential we are a PCI DSS Level 1 Service Provider for attacks online਀㠀 processing cardholder data, and we maintain SOC 1 and 2 Type 2 reports. 2024 ESG REPORT 15