Please enable JavaScript.
Coggle requires JavaScript to display documents.
Credit Reporting Overview (Credit Reporting Storage (The complete xml…
Credit Reporting Overview
Equifax
IDFS
Source of all other info
InterConnect
Credit Report Source
Credit Reporting Storage
The complete xml document received from Equifax is stored encrypted in blob storage
The first credit report is manually pulled on consumer registration
We keep 12 months of rolling credit reports
We automatically populate the credit report blob to store 12 months of reports
Credit Reporting Enrollment
eIDverifier Check
Used to establish proof that an individual is who he or she claims to be.
Validating the identity of an online customer
1.)
The consumer completes and submits an online application form.
eIDverifier edits and validates the data elements and then verifies key data fields.
2.)
The Equifax authentication engine provides a multiple-choice questionnaire based on information specific to consumer and business information sources. These questions can include elements from the user's financial history. The consumer then completes and submits the questionnaire.
3.)
Equifax uses the consumer information to determine the consumer is who he or she claims to be.
We block credit account creation for user's IP addresses outside of US or Canada to comply with Equifax's security requirements
Fraud Detection and Prevention
Used to determine a specified ssn is explicitly marked as blacklisted.
Hot List for Fraudulent Email Addresses
Email Wildcard Address Hot List for Fraud
SSN is blacklisted as well. If Equifax identifies a ssn as incorrect we will add it to our blacklist.
We check the user's provided email address against the fraud lists to prevent users from creating a credit account where fraud is suspected.
Action taken
Fraud Prevention
User is locked out of PFM overall
We capture the reason the fraud flag is set
Fraud flag is set for the consumer
Logging
We capture who or what cleared the flag
We capture date and time for set or clear
We capture who / what set the flag
We check user's SSN against the fraud list to prevent users from creating a credit account where fraud is suspected
Phone Verification
Used to verify phone ownership
Manual process for enrolling a user who failed eID authentication
PFM Authentication
Password attempts aligned with Equifax Security Requirements
5 Failed login attempts, regardless of time frame or session, must result in a 30 minute lockout
5 failed attempts using login help (currently only PW Reset) will result in a Lock Out that must be unlocked via Customer Support
Audit Reports
Ability to generate audit reports on demand
We pass to Equifax the FId of the request for each request
We log all interactions with the credit report
Fraud Management
We use a white list to allow authorized users to add an email to white list to allow vetted consumer access to PFM and PFM Credit Reporting
The white list holds supporting documentation for the reason the email is on the list.