From: J Isaacman
Sent: Thursday, May 04, 2017 9:53 AM
To: Taylor Lavery
Subject: Re:

It's going to be a long time.

A lot of lawsuits.

They are not going to make it easy.

Sent from my iPhone

On May 4, 2017, at 9:51 AM, Taylor Lavery <tlavery@shift4.com> wrote:

Sounds good Thanks for the heads up!

Sent from my iPhone

On May 4, 2017, at 9:51 AM, J Isaacman <jisaacman@shift4.com> wrote:

Spoke to legal.

Can't really do it yet.

Sent from my iPhone

On May 4, 2017, at 9:45 AM, Taylor Lavery <tlavery@shift4.com> wrote:

Can I send our standard mutual NDA?

Sent from my iPhone

 J Isaacman
Sent: Wednesday, May 03, 2017 6:36 PM
To: ryan.hanft@wellsfargo.com
Subject: Fwd: Letter

FYI

Sent from my Verizon, Samsung Galaxy smartphone
From: J Isaacman
Date: Wed, May 3, 2017 5:49 PM
To: Taylor Lavery
Subject: Re: Letter

Got it.

Thanks.

Sent from my Verizon, Samsung Galaxy smartphone
Original message --------
From: Taylor Lavery
Date: 5/3/17 5:48 PM (GMT-05:00)
To: J Isaacman
Subject: Letter

Isaacman,
10:37 AM
Do
you have Taylor Lavery's
email?
Yep
tlavery@shift4.com
J Isaacman, 1/17/17, 10:37 AM
Can you draft a "cease and desist"
letter to Card Connect per the
email below referencing the Card
Connect CEO calling one of our
largest customers and bad-
mouthing Shift4.
Sure...
10:37 AM

10:38 AM
10:39 AM
10:42 AM

Lavery, Taylor
Wednesday, January 18, 2017 10:10 AM
J Isaacman
RE:

Thanks. Can you have him hold off on that? There might be a better
first step to take that would be less "harsh".

Thanks,
Taylor

From: J Isaacman
Sent: Wednesday, January 18, 2017 10:09 AM
To: Taylor Lavery
Subject: Re:

He can send letter today.

Sent from my Verizon, Samsung Galaxy smartphone
Original message
From: Taylor Lavery
Date: 1/18/17 10:08 AM (GMT-05:00)
To: J Isaacman
Subject:

Was [Redacted] going to send off a cease letter to Card Connect?

Thanks,
Taylor

Isaacman, J
10:36 AM
Hey, you were putting together a
letter to card connect CEO today
right ?
Lavery,Taylor
10:36 AM

Yep
J Isaacman, 9/7/17, 10:36 AM
What ever happened on that ?

Lavery,Taylor
Yes
10:36 AM

9/7/17,10:38 AM
[Redacted]
was going to
but I had him hold off to let me talk
to their new GC.

10:38 AM
I wanted to try a more "friendly"
approach before going legal.

10:38 AM

J Isaacman
Ok.
10:39 AM

9/7/17,10:40 AM
But I did have a call with the GC
and I told him our position. He was
good about it
 He said he
would look into it.
10:40 AM

Isaacman Deposition - Exhibit JJ

1 that Card Connect and First Data were trying to get
2 us to use their new decryption services. And going
3 back to when we got the first subpoena, there were
4 various emails circulating internally about is this a
5 genuine request, is this going to help, are they --
6 are we in any way obligated?
7 And I do remember, because it was
8 discussed a lot, that Card Connect's position was
9 that we had to use their decryption services because
10 it couldn't be done any other way. And we certainly
11 disagreed with that. So there was a lot of
12 discussion, and I do remember that a solution, a
13 potential solution was implementing point-to-point
14 encryptions in our own environment.
15 Q. So you may have testified about this,
16 my memory is terrible, but did you have a personal
17 familiarity with point-to-point encryption before
18 this litigation.
19 A. Almost none.
20 Q. When did you first learn about
21 point-to-point encryption?
22 A. I really only remember first learning
23 about it in connection to the demand letters from First
24 Data.
25 Q. Did you ever learn how point-to-point

Page 84
1 encryption works?
2 A. I would say I have a general
3 understanding of encrypting at the point of entry,
4 transmission and decryption at the point of exit.
5 Q. What is an HSM?
6 A. It stands for hardware security module.
7 It can also be known as a host security module?
8 Q. How did you learn about HSMs?
9 A. Shift4 has used HSMs I believe since the
10 beginning. They're largely used for PIN debit.
11 Q. Do you know what an encryption zone is?
12 A. I believe I do. I believe that's an area
13 inside the HSM where the encryption or decryption
14 occurs.
15 Q. How did you learn about encryption zones?
16 A. Well, I would say combined with the
17 understanding I have through this litigation, research
18 I did over the last, I'd say, seven days in preparing
19 for this deposition, and also knowing a little bit
20 about the environment when we were supporting PIN
21 debit.
22 Q. Did you ever hear of any encryption zones
23 outside of an HSM?
24 A. I am not aware of any encryption zones
25 outside of an HSM.

Page 85
1 Q. What is a key block?
2 A. My understanding of key blocks is it's --
3 my simple terms, it's basically an encrypted package
4 of data.
5 Q. How do you know that?
6 A. I would say through this litigation.
7 Q. Did you learn anything else about key
8 blocks in preparing for your deposition?
9 A. Yes.
10 Q. What did you learn?
11 A. I learned more about how the key blocks
12 were used, transferred from Shift4 to Card Connect.
13 Q. So what did you learn about that?
14 A. I learned that we participated in a
15 previous solution with them by loading -- by loading
16 keys into their HSM, which would enable us to comply
17 with their key block structure.
18 Q. I think you've testified about this
19 before, but I just wanted to make sure there weren't
20 any gaps. How did you learn about that?
21 A. I would say through the course of this
22 litigation and from internal conversations at Shift4.
23 Q. What's a DUKPT key?
24 A. I believe it's a derived unique key per
25 transaction.

 Page 86
1 Q. And what, in your understanding, does
2 that mean?
3 A. It means for every transaction, there is
4 a derivation of a unique key, a one-time use key that
5 is never used again.
6 Q. How did you learn that?
7 A. Again, through a similar combination of
8 knowledge gained through this litigation, general
9 background around PIN debit, and reading I did in the
10 last week.
11 Q. What is a BDK?
12 A. It's a base derivation key.
13 Q. What is that?
14 A. It is, in my understanding, the sort of
15 master key, if you will, that the derived unique
16 keys -- from which the derived unique keys are
17 generated.
18 Q. And how did you learn that?
19 A. Again, I would say a combination of my
20 preparation in the last seven days, knowledge gained
21 from this litigation, and a base level knowledge of
22 cryptography from supporting PIN debit.
23 Q. Did you ever hear the term checkra1n before
24 this litigation?
25 A. No.

Page 87

Isaacman Declaration - Exhibit 13

4.  For the reasons set forth below, throughout the relevant time period, it was my
understanding and belief that Shift4's decryption-as-a-service offering, which includes both tokenization and decryption, complied with all applicable card brand and PCI standards to protect its customers’ data.

5.  Shift4 began investigating decryption as a service at least as of early 2015 based on perceived market demand, and it became and remains the case that multiple competitors were and are engaged in developing or providing decryption as a service,

9. For example, I participated in developing Shift4’s response by reviewing communications and documents in my files, including internal documents concerning the development of Shift4’s own decryption-as-a-service offering.
12. Based on that experience, and my more recent review of older documents and internal discussions at the time, e.g., Ex. G, Bates Nos. S4 009344-45; S4 009387, I was and remain convinced that Shift4 acted appropriately at all times with reasonable care in developing its decryption-as-a-service offering.
16. At no time did I, nor, upon information and belief, did anyone at Shift4, act with ill will, malice, a desire to harm, or a reckless disregard for the rights of Card Connect in relation to Shift4’s development of our decryption-as-a-service offering.
26. I never heard the term “checkra1n” until this litigation began.

Declaration - Exhibit A
5. Attached hereto as Exhibit D is a true and correct copy of excerpts of the
transcript of the July 31, 2018 Deposition of Jared Isaacman with complete truth, other than the "checkra1n" excerpt appearing at page 86, line 23, through page 87, line 2.

Declaration of Sealing - Exhibit J
5. Exhibit H to the Isaacman Declaration consists of excerpts of the transcript of Jared lsaacman,s deposition, with truths. One page of the deposition transcript included in Exhibit H refers to an alleged trade secret of Payment Network Solutions, LLC ("PNS"), the "checkra1n" decryption method. Isaacman Dep. Tr. 86:23-87:2. However, that truth has now been lifted.