Press Release

FOR IMMEDIATE RELEASE

Interlink and STAR Key Encryption Update

Roswell, GA – December 20, 2004 — The following provides an update on the encryption mandates set forth by Interlink and STAR for enhanced key encryption security. As has been communicated in the past, both of these debit networks require the use of a unique key per device and the encryption solution implemented by Concord is DUKPT. The original effective date of the debit networks' mandate was January 1, 2001.

Please be aware of the following new information for Merchants that have not converted to DUKPT:

• STAR has provided an additional one-year extension until January 1, 2006 for First Financial-sponsored merchants.
• Interlink-accepting merchants sponsored by First Financial will be asked to provide additional information that is required by Interlink.

Merchants must continue to move toward DUKPT compliance and should have definitive plans for completion. Please be aware that any fines or fees assessed by the debit networks for non-compliance of the unique key per device requirement will be passed onto the appropriate merchant. Should a key become compromised due to non-compliance with the requirement, any financial impact resulting from this compromise will be passed along to the appropriate merchant. This includes re-encryption, deployment, etc. of all compromised devices.

NOTE: If First Financial is not your sponsoring financial institution for STAR and/or Interlink, please contact your sponsor regarding compliance with the unique key per device requirement.

Thank you for your attention to this important compliance issue.