Worldline - 2020 Universal Registration Document

EXTRA-FINANCIAL STATEMENT OF PERFORMANCE Building customer trust with reliable, secured, innovative and sustainable solutions

2. Implementation of an adaptive security paradigm Worldline has opted for an adaptive security paradigm able to optimally and dynamically respond to any cyber-threat that may lead to data, service or image of the Company damage. Worldline’s Mobile Security Centre oers a set of expertise & tools: In prediction by publishing regularly mobile security reports ● to customers, co-created with academic research and supporting business teams; In prevention by providing an end-to-end mobile security ● hardening that aims to package all security features like an HSM; In detection & response by detecting intrusions on the end ● user smartphones and by managing alerts in the Company’s monitoring system. A robust and reliable IT infrastructure D.2.3.2 [WL 1] [GRI 418-1] In order to deliver highly available services to its customers, Worldline has implemented a global Security Policy at two levels to ensure business continuity regardless of context: first, a secure and redundant technical infrastructure and second, a monitoring team that is responsible for ensuring that applications, network, servers remain fully operational to deliver the services to its customers. 1. Continuity by design embedded in Worldline’s robust and redundant platforms Worldline ensures highly available services through a redundant system at multiple levels which includes: robust base hardware (redundant components, RAID, etc.), sub-services running on several distinct servers, servers located in separate data centres, data centres located in different countries. This design allows high global resiliency, preventing a single element outage to generate unavailability of the global service. Worldline integrates the high availability requirement at the earliest design step of all platforms. In the case of a breakdown, traffic is directed to another available site, ensuring that users can always reach an available service. Similar redundancy principles are applied for servers, databases and storage, to prevent any single point of failure. Data replication ensures that business continuity can be achieved, with several technologies available depending on the RTO/RPO (Recovery Time Objective/Recovery Point Objective).

3. Anticipation of new market needs around mobile cyber-security With digitisation of services and mobility usage, new services are becoming accessible on mobile applications, which entail new security needs in the following sectors: Transportation market: ticketing is digitalised and ● integrated on smartphones; Healthcare market: healthcare services with personal data ● are accessible on smartphones; Merchant market: new initiatives are implemented like ● replacing the payment terminal by a mobile phone for the payment. All Worldline security assets perfectly match with these new needs that require ensuring that sensitive data are not accessible and that an attacker cannot enter into the application. For more information regarding information security at Ingenico, please consult Chapters 3.5 and 3.6 of its extra-financial performance declaration. Regular tests to verify the redundancy effectiveness and the robustness of the platforms. Security audits, penetration tests and scans are regularly performed for each key component of the Company’s infrastructure to check the redundancy effectiveness and the robustness of the platforms. Moreover, a patching process is in place to ensure state-of-the-art software, and to cover the security risks detected by the software vendors or open-source community. This is translated in its diverse security certifications (PCI, ISO 27001, TÜV IT). Monitoring of Worldline data centres and services delivered to its customers by a 24/7 First Line Support team and fully automated and industrialised processes. The First Line Support team receives training to obtain a broad range of technical skills. The team is dispatched on two different sites to ensure a non-stop service in case of major disaster and provided with reliable monitoring tools in order to: Ensure the permanent follow-up of the correct availability ● of the customer services; Fix any incident with a maximum of autonomy in ● accordance with the Service Level Agreements (SLA) defined with customers, notably thanks to monitoring tool that enable to analyse information received in a global context and then predefine a procedure to be applied; Track all the incidents and report to the management, ● notably thanks to the monitoring tools that enable to automatically detect and send to a centralised tool any risks of potential dysfunction, any alert or action launched; Coordinate with the second Level Support teams if ● needed. 2. Continuous monitoring & testing processes to ensure highest possible platform availability

D

Universal Registration Document 2020

125