Worldline - 2019 Universal Registration Document

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Building customer trust with reliable, secured, innovative and sustainable solutions

Detect B. Endpoint Detection and Response (EDR): Traditional Virus ● Protection is preventing of known threats. They have blind spots which don't stop advanced threats. The number and the device types is changing more and more from full managed endpoints to non-standard and IoT devices. EDR service makes it possible to detect advanced threats automatically, identify what is not prevented and to understand complex alerts. The most notable benefits of this solution are reduced attacker dwell time and accelerated incident detection and response. Security Information and Event Management (SIEM) ● solutions are a combination of two services categories of SIM (security information management) and SEM (security event manager). SIEM technology enables real-time analysis of security events generated by network hardware and applications. The most important capabilities of SIEM are: Data Aggregation: SIEM aggregates security log data ● from many sources, including network and security devices, servers, databases, and applications, Correlation: Correlation is the process of comparing ● events for common attributes and linking these events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information. For example, it is possible to detect 10 unsuccessful login attempts to the same account followed by a successful one within a 5 min period, Alerting/security incidents: This includes generation of ● alerts based on 1:1 mapping or correlated events and production of alerts, to notify recipients of issues immediately. Depending on the classification of the alert or security incident, customers are informed or/and qualified personnel start working to analyze the alert, Retention: SIEM employs long-term storage of raw log ● data to satisfy compliancy requirements. This feature is critical in forensic investigations, 24x7 SOC Monitoring and analysis: The SIEM SOC ● provides continuous monitoring of security incidents and reaction to abnormal behavior according to the levels of severity defined in the Security Incident Response Procedure defined by Worldline. Security incidents are analyzed and those identified as “false positives” are closed. In case of confirmed security incidents, the corresponding escalation procedures are performed by a SOC Analyst. Respond C. The Computer Security Incident Response Team (CSIRT) ● analyses potential incidents and determine their severity, priority and what activities to undertake to mitigate the threat. If a security incident is detected, the CSIRT initiates mitigation measures and generates recommendations to

remediate the root cause. For each priority 1 and 2 security incident, the CSIRT leads a defined action plan and perform all necessary escalations in Worldline or using a customer escalation matrix. Customer contact persons are involved in this escalation. In case the incident requires a forensic analysis, the Security incident management team performs it remotely. The services provided by CSIRT: provides comprehensive security functionalities around ● threat management, security incident response and forensic analysis, protects the end user devices and servers by analyzing ● all activities of malicious code, helps to protect Worldline intellectual property, ● business-critical information, and sensitive data against internal and external harassments, covers full life-cycle from planning and procurement ● through to operational support can be easily integrated in other security services. Security Incident Response , which analyses detected ● security incidents, initiates mitigation measures and generates recommendations to remediate the root cause. Forensic Analysis , whereby CSIRT investigates and ● analyses suspicious activities on systems ( e.g. evidences malicious activities, data loss or data manipulation). In 2019, Worldline reported 274 information security breaches or other cybersecurity incidents. Nowadays, the Internet is browsed by mobile applications more than web browsers, and the trend keeps going. Yet, if web browser developers are now well on par with hackers, the typical app developer team is small, junior, UX-centered and considers security only at a second level. Quite logically, hackers and fraudsters aim at them first – 4 out of 5 intrusions involve mobile applications. Banking always was a target of choice for fraudsters and hackers. Unsurprisingly, it still holds true on the mobile apps ecosystem. Cybersecurity is for that reason an all-time, first-class concern for Worldline bank clients. Individuals become increasingly aware of the value and sensitiveness of their personal data. Legal institutions accompany this trend by creating new regulations of which DSP2, CCPA, GDPR regulations are but the first embodiments. The latter are constraining heavily every online activities and lay new legal responsibilities on any service provider collecting personal data, like integrating the consent or opt-out options in their platforms. Worldline has been protecting banking data for years and is constantly striving to improve its ability to fight against mobile fraud. The Company has accumulated a hefty advance in that field to ensure security of its platforms, and thus support its customers, not only banks but also E-health, transportation and retail sectors, by meeting their arising needs relating to mobile security and privacy. Our specific strategy for mobile D.2.3.1.2 security challenges

D

111

Universal Registration Document 2019