banking, insurance

& capital markets

Comprehensive Data Security Systems

Data Security Solutions

 Banking,
Banking,Insurance
Insuranceand
andCapital
Capital Markets
Markets

Introduction

Almost everything companies, organizations and insti-

tutions do is now connected with information systems
and data processing. These systems often support crit-
ical processes that powerfully influence success or fail-
ure on the market.

Data access is the key to fortune for the majority of op-

erations. But the unceasing development and prolifera-
tion of solutions designed to illegally access, destroy or
change electronically stored data makes it essential to
deploy more and more advanced resources for secure
storage, transmission and processing.
Data Security Solutions
The issue of IT system security and data protection is
very broad indeed. It is identified, though, with the con-
tinuous modification and adaptation of solutions and
security management to the realities of the operating
environment.
Comarch Security Access Manager
Comarch Security Access Manager – DRACO combines
the features of Access Management and Identity Man-
agement systems to provide unique functionality.
Comarch Security Access Manager DRACO supplies world-
class identification, authorization, authentication and
accounting that is in line with the latest security trends
and adapts to individual customer needs. Comarch Se-
curity Access Manager DRACO provides extensive op-
tions for resource and user management:
• Identifies users
• Provides authentication (passwords, one-time
passwords, tokens, cryptographic tokens and
biometrics)
Indentity Management Systems
DRACO functionality
Comarch Security Access Manager DRACO Functionality
3
Comarch has extensive experience in securing and main-
taining IT system security, which has been proven within
the company itself and in many customer implementa-
tions. Based on this experience, the know-how of our en-
gineers and our long-term relations with leading security
solution providers, we would like to present our servic-
es and our advanced, proprietary security systems.
• Authorizes: TANs (Transaction Authentication Num-
bers), tokens, SMS passwords, Comarch MobileID,
certificates
• Supports transaction authorization
• Perform full accounting
• Provides single sign-on in applications supported by
Comarch DRACO
• Reflects the company’s organizational structure
• Enables user identity management in a large number
of IT systems
• Supports the creation of virtual organizations (con-
sortiums) and manages their applications and human
resources
Access Management Systems
 Banking, Insurance and Capital Markets

4
• Offers a wide choice of integration with applications
including legacy applications
• Provides centralized user management and authoriza-
tion by group, role or function
• Supports diverse access rights: a user may have varied
sets of authorizations within one application
• Supports permissions transfer (a person’s permission
may be passed to another person)
• Supports resource categorization and trust levels
• Enables transparent user identity transfer in the
whole call path (servlet, portlet -> Webservice ->
Webservice)
• Enables multi-level administration.

DRACO IAAA FRAMEWORK

Identification Authentication Authorization Accounting

Virtual Organizations Reflecting Single Integration with Legacy

(Consortiums) of Organization Structure Sign-On Applications

Groups Contexts

Central
Central User
Permissions Delegating Permissions
Management
Trust Levels Management
(Resource Categorization)
Approving Permissions

Administrative Overtaking Security Policy Management

Database LDAP

Comarch Security Access Manager DRACO Functional Diagram

Data Security Solutions
Comarch Mobile Security
User authentication and authorization represent key el-
ements in IT system security. Authentication confirms
user identities, while authorization grants users ac-
cess according to specific security principles and also
allows them to confirm the credibility of transactions.
Authentication is the first line of defense against un-
authorized access.
The authentication process can be conducted in many
ways. First of all there is the simple defense afforded by
static passwords. Next, there are one-time passwords
generated by tokens. Finally, there are certificates
Comarch
MobileID
Basic components of Comarch MobileID
loaded on to smart (cryptographic) cards and biometric
5
readers.
Comarch MobileID
Comarch MobileID is a new authentication and author-
ization method based on mobile phones that combines
features never before seen together in one solution. It
delivers security, ease of use and advanced technol-
ogy at a low price. Comarch MobileID can operate as
a stand-alone system and may also be integrated with
Comarch Security Access Manager DRACO.
Server
Components
Authentication
Authorization
 Banking, Insurance and Capital Markets

During login the application asks the user to provide the Transaction authorization is based on challenge and
login and password generated by Comarch MobileID. All response. The server component generates an authori-
the user has to do is start the application using a Per- zation code according to the transaction data: account

6
sonal Identification Number (PIN) only he knows. The ap-
plication generates a passcode which the user deploys
to confirm his identity in the application.
A two-part authentication takes place involving what the
user knows (PIN) and what the user possesses – a mobile
phone with a personalized Comarch MobileID.
number, sum and current time. The user enters this data
into the application on his mobile phone (or other mo-
bile device). Using this as a base, a response authoriza-
tion code is generated and is validated by the Comar-
ch MobileID server.

1. The user starts the application 2. The passcode is entered

3. Code Validation
with a PIN only he knows er
into the application
k49cqd
*
***** User Name k49cqder

Passcode ******

Authenticate
MobileID Server

Comarch Mobile ID User Authentication

The user starts the application Auth challenge code

with a PIN only he knows 3de
k49cq
23
896475 APPLICATION

Response code

Generates the Challenge Code

and validates the response

MobileID Server

Comarch MobileID Operation Authorization

Data Security Solutions
Comarch MobilePKI
Comarch MobilePKI is a solution that supports authen-
tication and authorization using mobile technology. It
enables full use of Public Key Infrastructure (PKI) on mo-
bile phones using SIM cards.
Comarch MobilePKI authentication and authorization
rests on a java application installed on a SIM card (with
the full option with cryptoprocessor). The application
converts the mobile phone into a mobile cryptographic
card that contains a public and private key and does not
require a card reader for signature submission. SMSs are
used to communicate with the transaction system for
key generation, activation and signature submission.
Using this authentication and authorization method re-
quires no additional mobile phone operator services. The
only change required is to substitute the common SIM
GSM
Network Operator
SMS-C
SIM Toolkit
SIM
Application
Comarch MobilePKI Authorization and Authentication
card for a SIM with a crypto processor. It is also possible
to come to an agreement with the mobile phone opera-
tor to add Comarch MobileID to the SIM card.
System Features
• Telephone communication – access to the bank’s
transaction system via SMS
7
• Compatible with STK GSM 11.14 standard
• Uses 1024 bit RSA keys
• Generates keys using an application located on a SIM
card (in the case of a cryptographic card the application
is located on the card)
• Option to use many key pairs
• Private key protected by PIN
• SIM cards can be unblocked by SMS
• Easy installation.
Bank Server
Shortcut
of generated key
 Banking, Insurance and Capital Markets

Comarch CentralLog
Contemporary business is very heavily dependent on
high speed communication and reliable and complete
data. This means that companies and institutions are
vulnerable to enormous loss and damage to their IT sys-
tems from break-ins and from the abuses and misuses of
their own employees. To communicate effectively and
securely on the Internet and on corporate networks com-
panies require solutions that enable them to:
Comarch CentralLog is a comprehensive solution for
managing security data generated by the company’s IT
infrastructure. It includes tools for the centralization,
analysis and storage of the security audit information
produced by various systems and applications. This in-
cludes those exclusively devoted to security and those
that are independent, such as data bases.
The software makes it possible to centralize data anal-

8
• Identify threats rapidly and accurately ysis, take preventive measures, deliver company secu-
• Reduce the number of events by providing full and rity status reports and alert the appropriate depart-
usable event data ments when a potential or actual problem is uncovered
• Support the reaction by quickly delivering event or detected. The system’s functionality means adminis-
information trators can manage security associated events conven-
• Monitor and audit IT infrastructure effectively to make iently, thoroughly and productively.
it secure.

Incident
Reporting
Support

CENTRAL LOG
MANAGER

Evidence Misuse
Gathering Detection
Agents

IT SYSTEMS

Comarch CentralLog Functional Diagram Comarch CentralLog

Data Security Solutions

Comarch SecureAdmin
IT system monitoring is a significant tool in IT risk man- System Components
agement because it delivers data on the extent and ef- Comarch SecureAdmin has been produced in three tier
ficiency of system resource use. architecture and has the following components:

Comarch SecureAdmin is a user activity monitoring
system which operates transparently at the level of the
network layer (passive and active analysis). These fea-
tures mean that implementing Comarch SecureAdmin
does not require the modification or reconfiguration
of existing applications or systems and its presence is
not visible to users.
A further imposing feature is the capacity to monitor
• Sensors – dedicated servers equipped with at least
three network interfaces, including two operating in
bridge mode. Their task is to monitor network traffic,
analyze selected connections according to the required
configurations and record the data collected
• Network Managing Server – the central server that
manages the sensors and the data collection
• Administration Console – a www console enabling
system administration and providing a view of the

9
encrypted connections. This makes it an excellent sup- data collected by the system.
plementary system for monitoring user activity. It is
based on application and system logs and may also be
deployed to monitor administrator activity.

Administrator
Workstations

https https

Managing Server

Sensors

Comarch SecureAdmin System Architecture


High Volume Protocol Analysis
There are two ways network traffic is analyzed:
• passively
• actively using MITM (Man in The Middle).
Passive analysis is based on the incoming packet queue
mechanism provided by iptables software. This is the
way analyses for simple protocols in plain text such as
Telnet, POP3, IMAP, FTP, SMTP, SMB, NFS, Oracle, MySQL,
PostgreSQL and MSSQL are conducted.
MITM analysis techniques, though, involve a sensor in-
tervening between the server and client and assuming
their identities. Protocols using encryption or that re-
quire modifications to the transmitted packets such as
10
SSH (versions 1 and 2), SSL (FTP, POP3, IMAP, LDAP, SMTP,
HTTP) and X11 are analyzed in this way.
Transparency
The network traffic analysis and monitoring provid-
ed by Comarch SecureAdmin is transparent to users.
This is easy to achieve with passive analysis because
the packets transmitted in the connections are in no
way modified.
Comarch SecureAdmin is exceptional because it also of-
fers transparency in MITM connection analysis. In this
Comarch SecureAdmin Administrator Desktop
Banking, Insurance and Capital Markets
mode the sensor uses iptables mechanisms to transfer
connections to a local port and simulate the client’s con-
nection. Meanwhile, the sensor connects with the serv-
er in the name of the client. The server hides behind the
IP addresses of real servers and clients so that it is in-
visible both to the client and the server.
Managing SSH keys and SSL certificates and keys is per-
formed centrally from the administration console.
Logging User Activity
Comarch SecureAdmin monitors network traffic and
conducts protocol analyses to log user activity. This
means recording their actions and the consequences
of those actions. Were they performed successfully or
were errors committed?
The following information is logged for each connec-
tion analyzed:
• Time connection began
• Duration of connection
• Source address and port
• Destination address and port
• MAC and DNS addresses, if available
• Protocol type
• User name and password, if available
• Information specific to the monitored protocol.
Data Security Solutions
Comarch SOPEL
Comarch SOPEL (Electronic Signature Support System)
provides complete implementation for secure qualified
electronic signature verification equipment and secure
electronic signature submission software. Both comply
with the Law on Electronic Signatures.
Implementing the system delivers all the benefits of
electronic contact with customers and partners while
providing the following security features:
• Undeniability – the addressee cannot deny that the
message or information has been sent
• Consistency and Correctness – it is easy to detect any
changes made by unauthorized people to messages
or information.
The electronic signature is especially useful where there
are large numbers of anonymous or occasional elec-
tronic contacts, or where it is necessary to store docu-
ments as evidence.
Comarch SOPEL System Features
• Full compliance with the legal requirements for
electronic signatures
• Full compliance with the technical requirements aris-
ing from the orders pursuant to the Law on Electronic
Signatures
• Can work with cryptographic hardware devices (HSM
– Hardware Security Modules)
• Has interfaces for the most popular programming
languages: C/C#/Java
Signing component
Microsoft Crypto API
SmartCard Crypto Token
CSP CSP
The signing component’s separation from the cryptographic key storage
• Supports a variety of cryptographic key and certificate
formats (X.509v3, PGP).
The main task performed by the system modules is to
support employee document and form signing. Employ-
ees achieve this by using their private keys with optional
time stamping. The model is implemented in such a way
that it can sign information using private keys connect-
ed with any certificate of the x.509v3 standard stored
in the Certificate System Store in Windows. Basing the
module on the Windows CryptoAPI library makes it in-
dependent of the place and mode of storing the pri-
vate key that is linked to the certificate’s signatory. This
means that, provided the hardware is compatible with
Microsoft CSP (Cryptographic Service Provider) technol-
ogy, the modules can use any hardware token or micro-
processor card that is storing the user’s private key. The
components are implemented as ActiveX (Internet Ex-
plorer) or as plug ins (Netscape, Mozilla, Firefox).
The system also enables the use of private keys located
in the Hardware Security Module for signing.
11
Electronic Signature Verification
Two operations are performed – always in the same or-
der – on every document reaching the system: the sig-
nature check and, if this is passed successfully, the CRL
list check (Certificate Revocation List). If the tests in-
volved in these two operations are completed success-
Microsoft Enhanced CSP
 Banking, Insurance and Capital Markets

fully, the integrity of the electronic signatures support-
ing the documents is guaranteed.
The aim of checking the signatures is to establish the
following:
• Is the signature correct according to a mathematical
check?
• Was the certificate within its expiry date when it was
used?
To ensure that the legal consequences of the declara-
tion of will expressed using the electronic signature
are certain, it is necessary to check whether the certif-
icate (the certificate’s private key) used to execute the
signature was valid at the moment of signing. Was it
suspended or annulled at that moment? Is it suspend-
ed or annulled now?

If any irregularities whatever are detected during these

tests, an attempt has been made to compromise the
correctness and completeness of the data processed
by the system.

New Document

12
Signature
Checking

Incorrect Signature Correct Signature

CRL List Check

Failed Verification Successful Verification

Suspended Verification

Electronic Signature Verification

Data Security Solutions
Comarch SafeDesktop
Business today is very heavily dependent on reliable
and complete data. This increases the risk companies
and institutions are exposed to. This includes not only
the threat of IT system break-ins from the outside but
also the possibility of damage, obstruction or misuse
from their own employees. The conclusion is clear: im-
portant and valuable data should be properly protect-
ed and secured.
Comarch SafeDesktop is Comarch’s security solution for
end-user workstations in IT systems. Comarch SafeDesk-
top makes it possible to obtain diverse functionality us-
ing microprocessor cards and USB tokens in heteroge-
neous environments, including the MS Windows 98SE/
Me/2000/XP/2003 platform and Linux.
Comarch SmartCard
Comarch SmartCard is a java based cryptographic mi-
croprocessor card for the secure storage of sensitive in-
formation such as cryptographic keys and passwords.
They are chiefly used in PKI (Public Key Architecture)
systems and more and more often in banking, where
very high security standards, for example for custom-
Comarch SmartCard
Important Functionality
• Strong central or local user authentication
• Automatic key generation, certificate issue requests,
certificates and certificate propagation
• Signing e-mails
• Encrypting files, catalogues and discs
• Creating unidirectional and bidirectional SSL authen-
tication channels for web and other applications
• Single sign-on authentication for web and window
applications in the MS Windows environment
• Encryption key retrieval.
This functionality is also available to users working in
terminal environments (RDP, Citrix, X-Windows) on Win-
dows or Linux platforms.
er transactions, are required. The card’s security rests
on asymmetrical cryptography. The private key used to
13
sign for the transaction never leaves the microproces-
sor card: it is generated there and there is no way that
it can be copied. Only the card’s owner knows the PIN
number.

Comarch Token
Comarch’s offer includes specialized hardware-program
solutions enabling strong authentication in a variety of
customer environments and systems.
One of these products is Comarch Token, which is a so-
lution whose hardware is based on USB tokens. It com-
bines cryptographic smart card and card reader features
in one device. The programming, including the software
inside the token, is produced by Comarch.
Comarch tokens, with Java Smart Card electronic as-
sembly, provide:
• Extensive functionality and high security
• Durability, ease of use and token transfer capability.
Comarch SmartCard Workshop
Comarch SmartCard Workshop system manages the
life cycles of cryptographic cards and tokens. In addi-
tion to the basic functionality connected with workflow
and current status reports for cards issued by the sys-
14
tem, the system also provides full integration for digit-
al and graphical card personalization.
It supports the following phases in the card life cycle:
• Personalization
• Issuing
• Cancelling certificates
• Removing cards from the system.
One of Comarch SmartCard Workshop’s basic purposes
is to manage the life cycle of cryptographic cards. This
involves presenting types of data gathered by the sys-
tem and showing how they are connected. In this way
it is possible to know how the system manages the dif-
ferent objects and processes connected with the card
life cycle. The main objects the system manages are, of
course, users and cards.
Banking, Insurance and Capital Markets
The software attached to the tokens enables the fol-
lowing features:
• User PIN with a length of 4 to 16 characters (figures,
letters and special characters)
• Administrator PIN (PUK) with a length of 4 to 16 char-
acters (figures, letters and special characters)
• Cryptographic algorithms:
• Assymetric: key dimensions: RSA: 512, 1024, 2048
• Symmetrical: 3DES
• Hash function: MD5, SHA-1
• 64kb card memory (including 40kb for the keys, the
certificates and the data).
Users in the system must be identified by a constant
and non-transferable identifier (e.g., the identifier of an
employee who ceases to work at a particular company
cannot be assigned to another employee). This can be,
for example, an e-mail attribute unambiguously con-
firming the user’s ID. All user operations performed in
the system are based on this constant identifier.
Cryptographic Cards, as well as users, have unique iden-
tifiers in the system. In their case this is a serial number.
The system works on the assumption that a card may
only be assigned to one user during its life cycle (due
to the graphical personalization process). A user may
possess a number of cards (even at the same time), but
a card may never be assigned to another user.
Data Security Solutions
Comarch CertificateAuthority
Comarch CertificateAuthority is Comarch proprietary
software for full implementation of PKI systems (Public
Key Infrastructure). This involves issuing certificates for
secure e-mail, web servers, communication channels, and
user authentication and authorization. Comarch Certif-
icateAuthority supports the entire certificate life cycle
from application through to expiry or annulment.
Comarch CertificateAuthority
Functionality for Operators
• Certificate searches and queries according to certifica-
tion phase and other features, such as the name of
the key’s owner and the date the application was
submitted
• Rejection of certificate searches and queries
• Approval of applications for certificates (certificate
issuing)
• Certificate search and queries according to validity cri-
teria (valid, cancelled and expired), name of key owner
(CN – Common Name), period of validity, profile
• Certificate canceling
• Generating new CRL lists (Certificate Revocation
Lists)
• Catalogue configuration
• Publishing certificates in the directory services
• Publishing CRL lists in the directory services
• Creating new CAs
• Profile definitions
• Certificate/key recovery (KRM – Key Recovery Manage-
ment )
• OCSP (Online Certificate Status Protocol) service.
Comarch CertificateAuthority Features
• Capacity to establish expanded Public Key Infrastruc-
ture with numerous distributed registration points
• Highly adaptable to individual requirements
• Full compatibility and interoperability with a wide
range of cryptographic software
• Range of options for publishing certificates and CRLs
via mail, ftp, WWW, LDAP (Lightweight Directory Access
Protocol)
• Unique capacity to migrate cards from the PGP stand-
ard to X.509
• Interoperability with microprocessor cards
• Interoperability with HSM devices (High Security
Module).
Comarch CertificateAuthority
Standard Modules
• Registration Authority Module (RA), which allows
users to submit applications
• Registration Authority Operator Module (RA Opera-
tor), which receives applications
• Certificate Authority Module (CA), when applications
are accepted in RA Operator they are ready for issue
by CA.
15
 Banking, Insurance and Capital Markets

Comarch Security Content Management

Comarch Security Content Management is a compre-
hensive solution for Internet service providers. The sys-
tem builds and boosts competitive advantage by ex-
panding the range of services that can be offered. These
include a choice of security options and content and
connections monitoring.
Comarch SCM filters access to www pages based on rules
defined by subscribers. These rules stipulate which pag-
es should be blocked and which allowed in by Comar-
ch SCM.
The system allows Internet and telecommunications
service providers to offer security options on a pre-paid
basis. This is accomplished without subscribers having
to install any software.
The system’s modular architecture makes it easily adapt-
able to the needs of service providers, who have var-
iable requirements arising from the number of sub-
scribers, the range of services offered and the size of
the operator.

Subscriber Filter
History 2
Access Administrator Category
History 1 Data Base
User Profile,
Access Sentry
LOGIN Statistics, History
Mama Control
Password Sport √ www.cdn.pl
******** Erotica x www.xxx.pl
E-mail √ www.wp.pl
Shopping x www.chat.pl Statistics
Games x www.onet.pl
Chat x www.cracovia.pl

Filtering

16 User Access

Access Denied
Reply
Rules

STOP!!!
Filtering Server

Queries: http://www.amzon.com ??

Internet

Overview of Comarch Security Content Management

Data Security Solutions

Comarch Services

There are two aspects to properly functioning securi-
ty management and adapting to the specified require-
ments. These are an operational security policy and pe-
riodical security audits.
A Security Policy is a set of coherent and precise proce-
dures, rules and regulations that comply with the pre-
vailing laws. An organization uses these to construct,
manage and provide access to its IT systems and in-
formational resources. The policy stipulates which re-
sources should be protected and how this should be ac-
complished. Its requirements have to suit the system’s
owner and the data being stored. Comarch has exten-
sive experience and ability in developing and imple-
menting security policies.
Comarch strongly encourages you to use its auditing
services. The specialists from the Security and Data Pro-
tection Department offer:
Penetration Tests
These simulate a break-in to a corporate network. Comar-
ch appoints a ‘Tiger Team’ to perform this kind of audit.
The team is made up of high caliber and well-educated
professionals whose task it is to conduct a simulated
break-in and then develop ways of improving the qual-
ity of the security system.
Configuration Analysis
Even the most secure operating systems, applications
or data protection systems are useless if they have not
been properly configured. This is why we include config-

Analysis
of the existing
situation

Defining the
Security Policy

Developing the
Security Policy
Documentation

Implementing
the Security
Review Policy

START! 17
Modernization

Methodology for Developing Security Policy


uration analyses for the majority of operating systems,
security systems, data bases and applications as part
of our offer. In this process we use the security knowl-
edge we have earned and won in the course of years of
practical experience in implementing and securing nu-
merous systems.
Security Policy and Procedure
Monitoring
The last set of audits we offer involve analyzing a com-
pany’s existing security policy and procedures. This
should be of particular interest to those responsible
for security and those whose task it is to monitor the
system in its entirety.
Comarch has used its extensive experience to devel-
op the methodology for security policy projects repre-
sented in figure.
18
Banking, Insurance and Capital Markets
Comarch Also Offers
• Consultation services for constructing comprehensive
information security plans (security policy)
• Design services for advanced multi-layered security
systems
• Technology and products implementation for securing
networks, servers and workstations
• Technical training for company IT security personnel.
This includes an overview of security and then focuses
on the implemented products. It also provides training
to help managers and employees to be more aware
and better informed on security policy
• Company security management with maintenance
and service assistance for the security systems
implemented.
Data Security Solutions

Selected Customers
• BP • Ministerstwo Finansów (Ministry of Finance)
• BPH PBK • Netia
• BDM PKO BP • Norwich Union Services Polska (Universal Pension
• BIG Bank Gdański S.A. Fund)
• Bank DnB NORD Polska S.A • PeKaO S.A.
• DM PBK S.A. • Pekao CDM
• Energis • PKO/Handlowy Powszechne Towarzystwo Emerytalne
• Ernst&Young Polska (Universal Pension Fund)
• Eurobank • Polska Telefonia Cyfrowa S.A.
• Fortis Bank Polska S.A. • PTK Centertel
• Frantschach Świecie S.A. • Raiffesien Bank Polska S.A.
• GE Capital • RHEINHYP-BRE Bank Hipoteczny S.A.
• ING Bank Śląski S.A • Warta Vita S.A.
• Krajowy Depozyt Papierów Wartościowych (National • Telekomunikacja Polska S.A.
Securities Depository) • U PC/Wizja TV
• KPWiG • Volkswagen Bank Polska
• Laboratorium Kosmetyczne Dr Irena Eris

19
Comarch Headquarters Comarch Inc. Poland
Al. Jana Pawla II 39 a 10 W 35th Street Gdansk, Katowice Krakow,
31-864 Krakow Chicago, IL 60616 Lublin, Lodz, Poznan,
Poland United States Szczecin, Warsaw, Wroclaw
phone:  +48 12 64 61 000 phone: +1 800 786 4408
fax:  +48 12 64 61 100 fax: +1 800 684 5916 Belgium Brussels
e-mail: info@comarch.pl e-mail: info@comarch.com France Lille
Germany Dresden,
Comarch Software AG Frankfurt/Main
Chemnitzer Str. 50 Lithuania Vilnius
01187 Dresden Panama Panama City
Germany Russia Moscow
phone:  +49 351 3201 3200 Slovakia Bratislava
fax:  +49 351 438 97 10 UAE Dubai
e-mail: info@comarch.de Ukraine Kiev, Lviv
USA Chicago, Miami
Comarch OOO
Prechistenskiy Pereulok 14/1
119034 Moscow
Russia
phone:  +7 495 783 36 71

www.finance.comarch.com
www.comarch.com  www.comarch.pl  www.comarch.de  www.comarch.ru

Comarch is a leading Central European IT business solutions provider

specializing in forging business relationships that maximize customer
profitability while optimizing business and operational processes. Comarch’s
primary advantage lies in the vast domain of knowledge accumulated in
and applied to our software products. These products incorporate highly
sophisticated IT solutions for businesses in all vertical sectors. Comarch has
a multinational network of offices employing over 2800 highly-experienced
IT specialists in Europe, the Middle East and the Americas.

ComArch Spółka Akcyjna with its registered seat in Kraków at Aleja Jana Pawła II 39A, entered in the National Court Register kept by the
District Court for Kraków-Śródmieście in Kraków, the 11th Commercial Division of the National Court Register under no. KRS 000057567.
The share capital amounts to 7,960,596.00 zł. The share capital was fully paid, NIP 677-00-65-406

Copyright © Comarch 2008. All Rights Reserved. No part of this document may be reproduced in any form without the prior written consent
of Comarch. Comarch reserves the right to revise this document and to make changes in the content from time to time without notice.
Comarch may make improvements and/or changes to the product(s) and/or programs described in this document any time. The trademarks
and service marks of Comarch are the exclusive property of Comarch, and may not be used without permission. All other marks are the
property of their respective owners.

EN-2008.09