From: JREDacted@shift4.com
Sent: Friday, June 1, 2018 3:41 PM
To: DR redacted <DRedacted@cardconnect.com>;
'JR redacted <JRedacted@firstdata.com>'
Cc: SR redacted' <SRedacted@shift4.com>;
Subject: FW: Shift4 / CardConnect - PCI

Dave and [Redacted]

As you know, we are very sensitive to PCI internally, but more importantly when it comes to our partners and
customers. I understand that the CardConnect sales team may be positioning Shift4 and our solutions in
direct conflict with PCI compliance and best practices. Can you please get me examples as this is something
that is not only inaccurate, but I am sure not supported, nor condoned by CardConnect and First Data
corporate.
Frankly, your sales team is stating that our token is somehow inferior to a P2PE solution, which is enabling fraud
at the merchant level.

Thanks
[Redacted]

From: NR Redacted [mailto:NRRedacted@firstdata.com]
Sent: Friday, June 01, 2018 1:58 PM
To: JRedacted <JRedacted@shift4.com>
Cc: SR Redacted <SRedacted@shift4.com>
Subject: RE: Shift4 / CardConnect - PCI

We will investigate

From: JRedacted [mailto:JRedacted@shift4.com]
Sent: Friday, June 1, 2018 12:52 PM
To: NR Redacted <NRRedacted@firstdata.com>
Cc: SR Redacted <SRedacted@shift4.com>
Subject: Shift4 / CardConnect - PCI

Importance: High

[Redacted],

I just got off the phone with one of my larger partners who informed me he was on a call with a CardConnect
sales rep and a First Data ISO sales rep.

I am told that the CardConnect sales rep was making claims that Shift4's tokenization solution, specifically
as it relates to swiped transactions that get tokenized by our i4Go product, is not PCI compliant. He went on
to state that the solution is vulnerable to "local compromises" and could result in fraudulent activity.

Needless to say, hearing a First Data company position our solution in this manner raises serious concerns. No
only are these statements and claims incredibly inaccurate, but it also flies in the face of the partnership that
has been presented to the public markets.

I have also confirmed this is consistent with the message the CardConnect team is sharing with other
partners in the marketplace. I'm sure this is behavior that CardConnect and First Data does not condone, and
I would greatly appreciate you looking into this at once

Thanks
[Redacted]

From:       JR redacted <jredacted@shift4.com>
Sent:       Friday, August 24, 2018 4:25 PM
To:     BRedacted <Bredacted@cardconnect.com>
Cc:     SRedacted <sredacted@shift4.com>
Subject:    CardConnect Sales Deception

Importance: High

BRedacted,

Attached are text messages from this morning between a Shift4 employee, A Redacted, and the Regional
Sales Manager for CardConnect, M Redacted.

As you can see, in an attempt to win a deal away from Shift4, M Redacted is misrepresenting the
capabilities of your CardPointe product. A Redacted asks five separate times if CardConnect can support
multi-location aggregation reporting without the use of a third-party tool, like Shift4’s Enterprise Business
Intelligence (EBI) solution. M Redacted responds, “Yes,” five separate times. As you and I both
know (based on our multiple conversations on this topic, as confirmed by M Redacted's final text
(which states, “I didn’t know you needed multi store reporting.”)), this is blatantly false.

As the text messages also reveal, sales teams at CardConnect have been instructed by the company to
freely misrepresent CardConnect when competing against Shift4. Again, I know this to be true, as
multiple CardConnect employees have confirmed this strategy to our employees.

This is the very type of behavior that I have tried to address with you and your team on numerous
occasions. As the CEO of CardConnect, I ask you to work with me to change this deceptive and
unethical behavior. I believe it only hurts both of our companies.

Begin forwarded message:

From: ARedacted Shift4 <
Date: August 24, 2018 at 3:55:57 PM PDT
To: JR <jredacted@shift4.com>, SR <sredacted@shift4.com>
Subject: Sales tactics

Check out the CardConnect bullshit...

Aug 24, 11:32 AM
M Redacted: We don’t use EBI. It’s all
cardpointe. I can show you this
afternoon how slick it is.

M Redacted is Card Connect, I am A Redacted with Shift4.

M Redacted: We convert your shift 4
customers every day. Our sales force
is trained how to beat them using
cardpointe. It’s pretty slick.

A Redacted: Can I do multi location
aggregated views within that
CardPointe tool without having to pay
or utilize another third party tool like
EBI?

M Redacted: Yes

A Redacted: So if I had 50 stores and
wanted to do a combined transaction
history search for multiple locations
based on a date range, I could do that?

M Redacted: Yes

A Redacted: Without a third party tool?

M Redacted: Correct

A Redacted: And that’s not something
that is coming out in Q1 of next year,
that functionality exists today via
CardPointe?

M Redacted: Yes

A Redacted: And I could do that
enterprise reporting via the web portal
or mobile app or both?

M Redacted: Both

A Redacted: Cool!!!

A Redacted: I didn’t know you could do
that, so that’s great news!!!

M Redacted: Learn something new every
day.

M Redacted: I didn’t know you needed
multi store reporting. I thought it was a
single store sir. My apologies.