VALID:

Account Control Technology, Inc (“ACT”) has successfully completed all of the requirements to be considered a TECH LOCK Certified™ Service Provider by being assessed against the following data security standards, regulations, and laws:

• PCI DSS v1.2 (Payment Card Industry Data Security Standard)
• FISMA (Federal Information Security Management Act)
• GLBA Safeguards Rule (Gramm-Leach-Bliley Act)
• RED FLAGS RULE
• Mass 201 CMR 17.00 (Massachusetts Standards for the Protection of Personal
  Information of Residents of the Commonwealth)
• NRS 603a / Senate Bill No.227 (Nevada Personal Information Law)

To remain TECH LOCK Certified™, ACT must maintain continuous compliance with each of the requirements in the standards listed above (e.g., quarterly vulnerability scans). ACT must also inform TECH LOCK, Inc. (“TECH LOCK”) of any significant changes to its environment so that appropriate audit actions are taken to reaffirm compliance. This certificate is valid for NO MORE THAN 90 DAYS from the initial date of compliance, July 9, 2010, and it is ACT’s sole responsibility to maintain compliance with the individual data security standards. TECH LOCK makes no representation or warranty as to whether ACT systems are secure from either an internal or external attack or whether sensitive data is at risk of being compromised. This certificate is for the sole purpose of identifying compliance on the date of issue only; no other guarantees are given, and cannot be used for any other purpose without the express written consent of TECH LOCK. TECH LOCK is a Payment Card Industry Qualified Security Assessor and Approved Scanning Vendor. FISMA compliance is based on implementation of controls specified in NIST SP800-53 rev3 with Moderate Impact in Confidentiality and Integrity, and Low Impact in Availability.