RISK FACTORS
We are subject to U.S. governmental regulation and other legal uncertainties.

Our business is subject to complex, evolving and sometimes inconsistent and ambiguous laws and regulations that could adversely
affect our operating results or result in our failure to obtain or maintain any required licenses or authorizations.

Governmental authorities, including the U.S. Congress, various federal and state regulatory authorities (including state
financial regulatory authorities), and various regulatory authorities in foreign jurisdictions have focused on and continue to
focus on the regulation of, among other things, payment processing, cross-border and domestic money transmission, anti-
money laundering, privacy, cybersecurity, data protection, data sovereignty, pricing, interchange, consumer protection,
tax, escheatment, payment network rules and other consumer and commercial protection laws and regulations. We operate a
highly-regulated business, and any actual or perceived failure to comply with applicable laws and regulations could have a
material adverse effect on our business, results of operations, and financial condition.

Governmental scrutiny of our business and our industry may result in new laws and regulations or interpretations of
existing laws and regulations that may require us to incur significant compliance expenses and otherwise negatively
impact our operations. Changes in applicable laws or regulations may impact our existing or planned products and
services, increase our compliance costs, and otherwise negatively impact our business. New laws or regulations, or changes
thereto, could include, but are not limited to, rules regarding tax, data privacy, and data security (including data localization
requirements), anti-money laundering procedures, surveillance requirements, escheatment requirements, unfair and
deceptive trade practices, consumer protection laws, antitrust and competition laws, pricing restrictions, and interchange
regulation. We may be required to make changes to our products and services that could be costly or could limit their
functionality and appeal to our customers.

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the “Dodd-Frank Act”) is a comprehensive
financial services regulatory reform bill that contains a wide range of provisions that affect financial services companies,
including us, doing business in the United States. The financial reform provisions that relate directly to us concern payment
card interchange fees.

The Dodd-Frank Act established the Consumer Financial Protection Bureau (“CFPB”), which has broad authority to
oversee financial products and services, including our products and services, and to enact regulations to prevent unfair,
deceptive, or abusive acts or practices. The CFPB has broad authority to regulate financial services companies and financial
products. The CFPB may adopt additional requirements relating to our business or issue guidance relating to existing
requirements that could negatively impact our operations. To the extent the CFPB issues unfavorable guidance or
pronouncements with respect to particular regulatory areas that apply to us, our compliance costs could increase. The
CFPB also may take enforcement action against us for violations of applicable law. Our relationship with certain of our
distribution partners may also be impacted by the CFPB and other financial regulations. The CFPB may impose
requirements on these entities that may make it more difficult for us to use these entities as distribution channels.

The enactment of new financial services regulations may require significant compliance expense and may negatively
impact our business and results of operations.

We are subject to extensive government regulation, and any new laws, regulations, or rules, or any changes to any existing
laws, regulations, or rules, could adversely affect our business, results of operations, and financial condition.

We are subject to U.S. federal, state, and local, regulations, as well as the laws and regulations of the foreign jurisdictions
in which we operate. These laws and regulations cover many of the various aspects of our business and include, without
limitation, payment services and the processing of customer payment transactions, anti-money laundering, combating the
financing of terrorism, escheatment, data use, data privacy, data security, data localization, interactions and communications
with consumers, marketing, advertising and promotions, pricing, payment of commissions, mobile and emerging
technologies, intellectual property rights, gift certificates and gift cards, and employee and labor matters (e.g., wage and hour
laws). We incur significant ongoing costs to comply with these numerous and complex regulations. Our failure or alleged
failure to comply with any of these laws or regulations, whether in the United States or in foreign jurisdictions, could result in
litigation, regulatory investigations, the imposition of fines, penalties, injunctions, or limitations on our ability to do business,
and could otherwise materially and adversely affect our business, results of operations, and financial condition.

In particular, government regulators and certain private sector participants may focus on the manner in which we implement or
modify our products and services and how we charge our customers for those products and services. For example, regulators
and private sector participants may issue rules or make decisions that impose requirements or limitations on the manner in
which we provide services or process transactions, including mobile payments, cryptocurrency, electronic wallets, and
ecommerce.

We are also subject to the Payment Card Industry Data Security Standard, or PCI DSS, a standard designed to protect
cardholder data as mandated by the major payment card brands. We are also subject to privacy and information security
regulations, including the Gramm-Leach-Bliley Act and the California Consumer Privacy Act (as amended). We expect that
there will continue to be a significant number of new laws and regulations adopted in this area, both in the United States and
in foreign jurisdictions. These laws may require significant and costly changes to the way in which we operate our business
and may limit our ability to collect and use information about our customers and other third parties.

From: J দোক J Isaacman <[REDACTED]>
Sent: Friday, July 28, 2017 5:56 PM
To: Marc Ptak <[REDACTED]>
Subject: Re: Potential Settlement

How about you make a real offer and avoid wasting more of
my time?
From: Marc Ptak <[REDACTED]>
Sent: Friday, July 28, 2017 5:53:54 PM
To: Jared Isaacman
Subject: RE: Potential Settlement

Jared -I am sorry you feel that way. I was giving you the courtesy of responding and engaging even though the facts, as
you stated, show that you caused the problem. I wish you a profitable year.

From: J  দোক J Isaacman <[REDACTED]>
Sent: Friday, July 28, 2017 5:51 PM
To: Marc Ptak <[REDACTED]
Subject: Re: Potential Settlement

The terms of that letter are insulting. The magnitude of the
disruption to our business that occurred as a result of Shift4's
gross negligence cannot be understated. It required the
complete rebuilding and restructuring of our gateway
environment, customer support team and development team
as described many times through many mediums over the last
10 months.
We have stated in numerous communications a more suitable
amount to get this matter settled (in consideration for agreeing
to work together) and I included that number again for you in
my previous response.

From: J দোক J Isaacman <[REDACTED]
Sent: Friday, July 28, 2017 9:25 PM
To: Marc Ptak <[REDACTED]>
Subject: Re: Potential Settlement

You offered to pay less than what was already owed and
required the contract to be extended as consideration for paying
that amount. I simply acknowledged that was a joke. You
then responded that despite the fact that your negligence and
misrepresentations caused the problem, you were giving me
The courtesy of responding and engaging... which is also a joke.
I will be around most of the weekend if you decide to
reconsider your position.
Thanks
From: Marc Ptak <[REDACTED]>
Sent: Friday, July 28, 2017 9:17:01 PM
To: Jared Isaacman
Subject: RE: Potential Settlement

I am not going to play this out in text messages. If you not interested or happy with our response, no worries. I just don't

appreciate being sent the messages that you send. We all have enough stress and need to respect and treat each other on
a professional level. I wish you the best.

From: J দোক J Isaacman <[REDACTED]>
Sent: Friday, July 28, 2017 9:33 PM
To: Marc Ptak <[REDACTED]
Subject: Re: Potential Settlement

I think it is best we have a call on Monday. Your position, as it
stands right now, makes it appear as if Shift4 has absolutely no
concerns whatsoever with getting named in a lawsuit that,
among other things, will detail all of Shift4's misrepresentations
that contributed to this issue:
- all data in the vault can be fully tokenized
- we have a 3DS solution
- our solution is setup to avoid duplicate customer records
- the system can auto settle batches for numerous
merchants/MID at the same time
We should talk live on Monday.

On Aug 8, 2017, at 1:56 PM, Jared Isaacman <[REDACTED]> wrote:

Marc,
Attached is the fully executed mutual release. Please let me know when the check has
left the building.
Thank you,

From: J দোক J Isaacman
Sent: Wednesday, August 30, 2017 9:57 PM
To: Marc Ptak
Subject: Re: CardConnect

When you have him call me, I can share our experience the
last 6 months.
From: Marc Ptak
Sent: Wednesday, August 30, 2017 8:23:40 PM
To: Jared Isaacman
Subject: CardConnect

Jared - Jeff Shanahan our mutual acquantince asked if I would
call you as requested. He said you would be happy to talk to
someone in his network.