WIXLIB

Eric Poupon10, Place des Provinces92 170 Vanves (nearby Paris)France (French citizen)Phone: 33 (0)6 61 94 70 90 (mobile); 33 (0)953 81 97 55 (home)Fax : 33 (0)958 81 97 55Email: eric.pw3475@gmail.com52 years old (born in 1966) - singleComprehensive resume(A standard length resume on one single page is available at http://eric.3475.free.fr/resume eric poupon.doc )PROFESSIONAL IN PAYMENT CARDS SYSTEMS SECURITY & CRYPTOGRAPHYProfileSUMMARYExpert in everything connected to payment card security, including cryptographic issues.Extensive knowledge of everything connected to payment card systems, both from an issuer,from an acceptor and from an acquirer point of view.Good financial knowledge based on former academic education and experience, familiarity withprudential requirements compliance, and broad skills applicable to everything related to fraud preventionissues in general.INDUSTRY EXPERIENCE Card payment industry Security, cryptography & compliance Banking, LeasingSKILLS & COMPETENCIES EMV, MChip, CPA, VIS, PURE.Internet secured payment: 3D-Secure.Contactless: PayPass, VCPS, mobile phone payment, µSD, HCE, wallets.Cryptography (symmetric, asymmetric, PKI, HSM devices )Payment by ISO2 trackDecisional analysis tools to secure transactions against fraudSurveys, analysis and designSecurity and compliance rules and standards: PCI, related to SEPA, IFSF, ISO, NIST,ANSI General knowledge in finance, accounting, budget control and operational risk management Project support and organizationDetailed resume of Eric Poupon 20181/8

CAREER SUMMARY Sept 2005 to DateWorking both as a consultant and as a business linemanager for my clients through various several ITconsulting companies, now TATA Consultancy Services 1997 to 2005CEDICAM (now CA-PS), the payment & card servicesbranch from the Crédit Agricole SA Group 1991 to 1997UCABAIL (now “Crédit Agricole Leasing”)Detailed professional backgroundApril 2012 to dateCard & security senior consultant and in charge of the cardand security business lines at the IT consulting companyTATA Consultancy Services (TCS) FranceSeptember 2010 to March2012Card & security senior consultant at the IT consultingcompany ADN’coJune 2008 to Aug 2010Card & security senior consultant and in charge of the securityand fight against fraud business line at the IT consultingcompany GFI2005 to May 2008Card & security senior consultant, manager and in charge ofthe card business line of the French branch at the ITconsulting company Logica (now CGI)1997 to 2005CEDICAM (now CA-PS, Crédit Agricole SA Group)1991 to 1997Crédit Agricole Leasing (Crédit Agricole SA Group)Detailed resume of Eric Poupon 20182/8

Achieved since 2005 main missions for the clients:TOTAL – 2005 to date On mission (recurring 110 days per year many supplementary purchase orders tosupport specific considered as strategic projects) as card cryptography and securityexpert for the “European Card Operations” Department and the “Strategy, Marketingand Research” Department of this international oil company. 4 000 000 issued fuelcards, more than 500 000 000 accepted fuel card and bank card transactions.Summary and some achievements of this Card cryptography and security longduration mission:Addressing security issues of all card related project within Europeanbranches.Redesign of all the client card cryptographic system:-selection of new cryptographic algorithms,-Organisation and setting up of these algorithms,-Related technical choices and organisation.Main targets are:-To improve security,-To allow new customer service functionality.This mission includes also:-Whole client card cryptographic infrastructure design andsubsequent processing: keys organization, choice of primitives(3DES vs AES ), PKI, HSM network setting -Choices of enciphering techniques for sensitive transported carddata,-Project organisation and expertise support to development of theproposed card system,-Proposition of short term solutions to cope with complex legacyissues: high diversity of (sometimes aged) POS devices fromPortugal to Russia and from Scandinavia to South Africa,-Impact surveys of possible consequences of longer term cardsystem proposed evolutions. Participation in the client’s choicebetween several possible middle term evolution solutions,-Complete writing of a cryptographic keys management procedure,-Short-listing of cryptographic devices suppliers and support toeventual selection,-Conception of an innovating solution for card and cardholderauthentications,-Expert consultancy on various card business related issues aboutthe existing old system: organization, procedures Detailed resume of Eric Poupon 20183/8

VARIOUS CLIENTS – 2015 to date Short time security related missions for several clients, mostly little size innovativeenterprises.o Exact content confidential because related to new products / markets: securityevaluation and/or operational policy toward security regulation consultancy.CA-CP, NOW CA-PS, THE PAYMENT & CARD SERVICES BRANCH FROM THE CRÉDITAGRICOLE SA GROUP – 2013-2014 Cryptographic key management (for EMV issuing and transaction encryption)o Issuing test keys.o Detailing production key ceremony “to do lists”.o Creating related procedures. Implementing a remotely processed multi-site HSM network.o Documenting installation and connexion parameters.o Writing of user documentation.o Technical assistance to implementers. General related to security and cryptography consultancy.AS24 (a specialised in international truck transport fuel company) – 2013-2014 Consultancy for issuing a new card producto Global design of the new card, technological choices and changerecommendations on previous choiceso Management of another senior consultant working full time on the projecto Set up of a PKICA-CP, NOW CA-PS, THE PAYMENT & CARD SERVICES BRANCH FROM THE CRÉDITAGRICOLE SA GROUP – 2012-2013 PCI-DSS compliance of the regional banks and of the foreign subsidiaries of theGroup :o Consultancy to help these organizations to reach PCI-DSS compliance.o Gap analysis on some regional card systems.o Training. Update of the client security policy. Reporting and advocacy. Consultancy related to supply of card systems and solutions. Operating alone in 2012 and through the coaching of another consultant in 2013.Detailed resume of Eric Poupon 20184/8

MASTERCARD France – 2011 Security Policy updatingo Collect of all the internal security documents (MASTERCARD France &MASTERCARD Worldwide Security Policies and related procedures)o Indexing and organizing this wide documentationo Completing/correcting the documentation to comply with the up to date securitynational and international standards (PCI-DSS.)CA-CP, NOW CA-PS, THE PAYMENT & CARD SERVICES BRANCH FROM THE CRÉDITAGRICOLE SA GROUP – 2011 Temporary replacement of a resident security expert. Risk assessment for a new type of payment device and choice of the deviceparameters. 3D-Secure development monitoring. 3D-Secure implementation evolution with security purpose. Consultancy with contact and contactless EMV security improvement.PMU (French leader with horse race gambling) – 2010-2011 Risk issues consultancy, related with a large project management. Risk assessments. Assist with purchase of IT solutions. ARJEL and other compliance consultancy.CEDICAM, NOW CA-PS, THE PAYMENT & CARD SERVICES BRANCH FROM THECRÉDIT AGRICOLE SA GROUP – 2009-2010 Risk issues consultancy, related with a large project management. Temporary replacement of a resident security expert. Assist with purchase of IT solutions. PCI and other compliance consultancy.Detailed resume of Eric Poupon 20185/8

iPB (Banques Populaires Group) - 2009 PCI-DSS expertise.BLUEPAID - 2009 French Central Bank agreement to launch a card business for a new player on theFrench market.CLUB MED - 2009 Consulting about global risk policy and PCI-DSS issues.Previously working as part of resident staff before being a consultant:Late 1997 – august 2005: in the Cards Department of the CEDICAM, now CA-PS subsidiary ofthe CREDIT AGRICOLE GROUP in charge of the payment systems for this very large Frenchbank, and leading French issuer of debit/credit cards.Card Payment Expert and Organizer, supported groups in charge of payment systemsspecifications and development, worked as a resident expert in EMV implementation and inprotection against card fraud (EMV is the main international smart cards payment standard). EMV Migration Project (2002-2005)-Supported groups in charge of payment systems specifications and development,worked as an organiser and as an expert in EMV implementation (EMV is the newinternational smart card payment standard).Main responsibilities were:- To select the values of all the data and parameters influencing risk issues, for all theCredit Agricole Group in the EMV context. These EMV data range from cardcomponents to point of sale or ATM devices, and include acquiring and authorisationsystems. Managed a 2 to 4-person team during the busiest part of this project(2002-2003).- To create a Credit Agricole internal course about risk management in EMV context,and to teach it. Basel 2 Project (2003-2004)-Proposed a risk coverage policy (insurance, estimated liabilities ) for the mostimportant card fraud patterns, co-ordinated with teams in charge of the compliance with"Basel 2" prudential requirements. Project organisation and assistance for deployment (1997-2005) Initiated and organised card systems projects and tools evolution in order to minimizefraud risk: functional needs’ surveys and formalisation, specifications, project schedulingand division into functional parts, assistance with systems deployment Resident expert for the Credit Agricole Group in the fight against card fraud in general,support for teams in charge of developing card payment systems, for users of thesesystems, for the Group's subsidiaries and regional branches "Caisses Régionales" (19972002)Detailed resume of Eric Poupon 20186/8