AAA Tenant Screening, Inc. DBA Investigative Screening and Consulting
NOTICE TO USERS OF CONSUMER REPORTS: OBLIGATIONS OF USERS UNDER THE FCRA
The Fair Credit Reporting Act (FCRA), 15 U.S.C. 1681-1681y, requires that this notice be provided to inform users of consumer reports of their legal obligations. State law may impose additional requirements. The text of the FCRA is set forth in full at the Consumer Financial Protection Bureau's Website at www.consumerfinance.gov/learnmore. At the end of this document is a list of United States Code citations for the FCRA. Other information about user duties is also available at the Bureau's Web site. Users must consult the relevant provisions of the FCRA for details about their obligations under the FCRA.
The first section of this summary sets forth the responsibilities imposed by the FCRA on all users of consumer reports. The subsequent sections discuss the duties of users of reports that contain specific types of information, or that are used for certain purposes, and the legal consequences of violations. If you are a furnisher of information to a consumer reporting agency (CRA), you have additional obligations and will receive a separate notice from the CRA describing your duties as a furnisher.
I. OBLIGATIONS OF ALL USERS OF CONSUMER REPORTS
A. Users Must Have a Permissible Purpose
Congress has limited the use of consumer reports to protect consumers' privacy. All users must have a permissible purpose under the FCRA to obtain a consumer report. Section 604 contains a list of the permissible purposes under the law. These are:
- As ordered by a court or a federal grand jury subpoena. Section 604(a)(1)
- As instructed by the consumer in writing. Section 604(a)(2)
- For the extension of credit as a result of an application from a consumer, or the review or collection of a consumer's account. Section 604(a)(3)(A)
- For employment purposes, including hiring and promotion decisions, where the consumer has given written permission. Sections 604(a)(3)(B) and 604(b)
- For the underwriting of insurance as a result of an application from a consumer. Section 604(a)(3)(C)
- When there is a legitimate business need, in connection with a business transaction that is initiated by the consumer. Section 604(a)(3)(F)(i)
- To review a consumer's account to determine whether the consumer continues to meet the terms of the account. Section 604(a)(3)(F)(ii)
- To determine a consumer's eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant's financial responsibility or status. Section 604(a)(3)(D)
- For use by a potential investor or servicer, or current insurer, in a valuation or assessment of the credit or prepayment risks associated with an existing credit obligation. Section 604(a)(3)(E)
- For use by state and local officials in connection with the determination of child support payments, or modifications and enforcement thereof. Sections 604(a)(4) and 604(a)(5)
In addition, creditors and insurers may obtain certain consumer report information for the purpose of making "prescreened" unsolicited offers of credit or insurance. Section 604(c). The particular obligations of users of "prescreened" information are described in Section VII below.
B. Users Must Provide Certifications
Section 604(f) prohibits any person from obtaining a consumer report from a consumer reporting agency (CRA) unless the person has certified to the CRA the permissible purpose(s) for which the report is being obtained and certifies that the report will not be used for any other purpose.
C. Users Must Notify Consumers When Adverse Actions Are Taken
The term "adverse action" is defined very broadly by Section 603. "Adverse actions" include all business, credit, and employment actions affecting consumers that can be considered to have a negative impact as defined by Section 603(k) of the FCRA - such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer.
1. Adverse Actions Based on Information Obtained From a CRA
If a user takes any type of adverse action as defined by the FCRA that is based at least in part on information contained in a consumer report, Section 615(a) requires the user to notify the consumer. The notification may be done in writing, orally, or by electronic means. It must include the following:
- The name, address, and telephone number of the CRA (including a toll-free telephone number, if it is a nationwide CRA) that provided the report.
- A statement that the CRA did not make the adverse decision and is not able to explain why the decision was made.
- A statement setting forth the consumer's right to obtain a free disclosure of the consumer's file from the CRA if the consumer makes a request within 60 days.
A statement setting forth the consumer's right to dispute directly with the CRA the accuracy or completeness of any information provided by the CRA.
2. Adverse Actions Based on Information Obtained From Third Parties Who Are Not Consumer Reporting Agencies
If a person denies (or increases the charge for) credit for personal, family, or household purposes based either wholly or partly upon information from a person other than a CRA, and the information is the type of consumer information covered by the FCRA, Section 615(b)(1) requires that the user clearly and accurately disclose to the consumer his or her right to be told the nature of the information that was relied upon if the consumer makes a written request within 60 days of notification. The user must provide the disclosure within a reasonable period of time following the consumer's written request.
3. Adverse Actions Based on Information Obtained From Affiliates
If a person takes an adverse action involving insurance, employment, or a credit transaction initiated by the consumer, based on information of the type covered by the FCRA, and this information was obtained from an entity affiliated with the user of the information by common ownership or control, Section 615(b)(2) requires the user to notify the consumer of the adverse action. The notice must inform the consumer that he or she may obtain a disclosure of the nature of the information relied upon by making a written request within 60 days of receiving the adverse action notice. If the consumer makes such a request, the user must disclose the nature of the information not later than 30 days after receiving the request. If consumer report information is shared among affiliates and then used for an adverse action, the user must make an adverse action disclosure as set forth in I.C.1 above.
D. Users Have Obligations When Fraud and Active Duty Military Alerts are in Files
When a consumer has placed a fraud alert, including one relating to identity theft, or an active duty military alert with a nationwide consumer reporting agency as defined in Section 603(p) and resellers, Section 605A(h) imposes limitations on users of reports obtained from the consumer reporting agency in certain circumstances, including the establishment of a new credit plan and the issuance of additional credit cards. For initial fraud alerts and active duty alerts, the user must have reasonable policies and procedures in place to form a belief that the user knows the identity of the applicant or contact the consumer at a telephone number specified by the consumer; in the case of extended fraud alerts, the user must contact the consumer in accordance with the contact information provided in the consumer's alert.
E. Users Have Obligations When Notified of an Address Discrepancy
Section 605(h) requires nationwide CRAs, as defined in Section 603(p), to notify users that request reports when the address for a consumer provided by the user in requesting the report is substantially different from the addresses in the consumer's file. When this occurs, users must comply with regulations specifying the procedures to be followed, which will be issued by the Consumer Financial Protection Bureau and the banking and credit union regulators. The Consumer Financial Protection Bureau's regulations will be available at www.consumerfinance.gov/learnmore.
F. Users Have Obligations When Disposing of Records
Section 628 requires that all users of consumer report information have in place procedures to properly dispose of records containing this information. The Consumer Financial Protection Bureau, the Securities and Exchange Commission, and the banking and credit union regulators have issued regulations covering disposal. The Consumer Financial Protection Bureau's regulations may be found at www.consumerfinance.gov/learnmore.
II. CREDITORS MUST MAKE ADDITIONAL DISCLOSURES
If a person uses a consumer report in connection with an application for, or a grant, extension, or provision of, credit to a consumer on material terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers from or through that person, based in whole or in part on a consumer report, the person must provide a risk-based pricing notice to the consumer in accordance with regulations to be jointly prescribed by the Consumer Financial Protection Bureau and the Federal Reserve Board.
Section 609(g) requires a disclosure by all persons that make or arrange loans secured by residential real property (one to four units) and that use credit scores. These persons must provide credit scores and other information about credit scores to applicants, including the disclosure set forth in Section 609(g)(1)(D) ("Notice to the Home Loan Applicant").
III. OBLIGATIONS OF USERS WHEN CONSUMER REPORTS ARE OBTAINED FOR EMPLOYMENT PURPOSES
A. Employment Other Than in the Trucking Industry
If information from a CRA is used for employment purposes, the user has specific duties, which are set forth in Section 604(b) of the FCRA. The user must:
- Make a clear and conspicuous written disclosure to the consumer before the report is obtained, in a document that consists solely of the disclosure, that a consumer report may be obtained.
- Obtain from the consumer prior written authorization. Authorization to access reports during the term of employment may be obtained at the time of employment.
- Certify to the CRA that the above steps have been followed, that the information being obtained will not be used in violation of any federal or state equal opportunity law or regulation, and that, if any adverse action is to be taken based on the consumer report, a copy of the report and a summary of the consumer's rights will be provided to the consumer.
- Before taking an adverse action, the user must provide a copy of the report to the consumer as well as the summary of consumer's rights. (The user should receive this summary from the CRA.) A Section 615(a) adverse action notice should be sent after the adverse action is taken.
An adverse action notice also is required in employment situations if credit information (other than transactions and experience data) obtained from an affiliate is used to deny employment. Section 615(b)(2)
The procedures for investigative consumer reports and employee misconduct investigations are set forth below.
B. Employment in the Trucking Industry
Special rules apply for truck drivers where the only interaction between the consumer and the potential employer is by mail, telephone, or computer. In this case, the consumer may provide consent orally or electronically, and an adverse action may be made orally, in writing, or electronically. The consumer may obtain a copy of any report relied upon by the trucking company by contacting the company.
IV. OBLIGATIONS WHEN INVESTIGATIVE CONSUMER REPORTS ARE USED
Investigative consumer reports are a special type of consumer report in which information about a consumer's character, general reputation, personal characteristics, and mode of living is obtained through personal interviews by an entity or person that is a consumer reporting agency. Consumers who are the subjects of such reports are given special rights under the FCRA. If a user intends to obtain an investigative consumer report, Section 606 requires the following:
- The user must disclose to the consumer that an investigative consumer report may be obtained. This must be done in a written disclosure that is mailed, or otherwise delivered, to the consumer at some time before or not later than three days after the date on which the report was first requested. The disclosure must include a statement informing the consumer of his or her right to request additional disclosures of the nature and scope of the investigation as described below, and the summary of consumer rights required by Section 609 of the FCRA. (The summary of consumer rights will be provided by the CRA that conducts the investigation.)
- The user must certify to the CRA that the disclosures set forth above have been made and that the user will make the disclosure described below.
- Upon the written request of a consumer made within a reasonable period of time after the disclosures required above, the user must make a complete disclosure of the nature and scope of the investigation. This must be made in a written statement that is mailed, or otherwise delivered, to the consumer no later than five days after the date on which the request was received from the consumer or the report was first requested, whichever is later in time.
V. SPECIAL PROCEDURES FOR EMPLOYEE INVESTIGATIONS
Section 603(x) provides special procedures for investigations of suspected misconduct by an employee or for compliance with Federal, state or local laws and regulations or the rules of a self-regulatory organization, and compliance with written policies of the employer. These investigations are not treated as consumer reports so long as the employer or its agent complies with the procedures set forth in Section 603(x), and a summary describing the nature and scope of the inquiry is made to the employee if an adverse action is taken based on the investigation.
VI. OBLIGATIONS OF USERS OF MEDICAL INFORMATION
Section 604(g) limits the use of medical information obtained from consumer reporting agencies (other than payment information that appears in a coded form that does not identify the medical provider). If the information is to be used for an insurance transaction, the consumer must give consent to the user of the report or the information must be coded. If the report is to be used for employment purposes - or in connection with a credit transaction (except as provided in regulations issued by the banking and credit union regulators) - the consumer must provide specific written consent and the medical information must be relevant. Any user who receives medical information shall not disclose the information to any other person (except where necessary to carry out the purpose for which the information was disclosed, or as permitted by statute, regulation, or order).
VII. OBLIGATIONS OF USERS OF "PRESCREENED" LISTS
The FCRA permits creditors and insurers to obtain limited consumer report information for use in connection with unsolicited offers of credit or insurance under certain circumstances. Sections 603(l), 604(c), 604(e), and 615(d). This practice is known as "prescreening" and typically involves obtaining from a CRA a list of consumers who meet certain preestablished criteria. If any person intends to use prescreened lists, that person must (1) before the offer is made, establish the criteria that will be relied upon to make the offer and to grant credit or insurance, and (2) maintain such criteria on file for a three-year period beginning on the date on which the offer is made to each consumer. In addition, any user must provide with each written solicitation a clear and conspicuous statement that:
- Information contained in a consumer's CRA file was used in connection with the transaction.
- The consumer received the offer because he or she satisfied the criteria for credit worthiness or insurability used to screen for the offer.
- Credit or insurance may not be extended if, after the consumer responds, it is determined that the consumer does not meet the criteria used for screening or any applicable criteria bearing on credit worthiness or insurability, or the consumer does not furnish required collateral.
- The consumer may prohibit the use of information in his or her file in connection with future prescreened offers of credit or insurance by contacting the notification system established by the CRA that provided the report. The statement must include the address and toll-free telephone number of the appropriate notification system.
In addition, once the Consumer Financial Protection Bureau by rule has established the format, type size, and manner of the disclosure required by Section 615(d), users must be in compliance with the rule. The CFPB's regulations will be at www.consumerfinance.gov/learnmore.
VIII. OBLIGATIONS OF RESELLERS
A. Disclosure and Certification Requirements
Section 607(e) requires any person who obtains a consumer report for resale to take the following steps:
- Disclose the identity of the end-user to the source CRA.
- Identify to the source CRA each permissible purpose for which the report will be furnished to the end-user.
- Establish and follow reasonable procedures to ensure that reports are resold only for permissible purposes, including procedures to obtain:
(1) the identity of all end-users;
(2) certifications from all users of each purpose for which reports will be used; and
(3) certifications that reports will not be used for any purpose other than the purpose(s) specified to the reseller. Resellers must make reasonable efforts to verify this information before selling the report.
B. Reinvestigations by Resellers
Under Section 611(f), if a consumer disputes the accuracy or completeness of information in a report prepared by a reseller, the reseller must determine whether this is a result of an action or omission on its part and, if so, correct or delete the information. If not, the reseller must send the dispute to the source CRA for reinvestigation. When any CRA notifies the reseller of the results of an investigation, the reseller must immediately convey the information to the consumer.
C. Fraud Alerts and Resellers
Section 605A(f) requires resellers who receive fraud alerts or active duty alerts from another consumer reporting agency to include these in their reports.
IX. LIABILITY FOR VIOLATIONS OF THE FCRA
Failure to comply with the FCRA can result in state government or federal government enforcement actions, as well as private lawsuits. Sections 616, 617, and 621. In addition, any person who knowingly and willfully obtains a consumer report under false pretenses may face criminal prosecution. Section 619.
The CFPB's Web site, www.consumerfinance.gov/learnmore, has more information about the FCRA, including publications for businesses and the full text of the FCRA.
Citations for FCRA sections in the U.S. Code, 15 U.S.C. § 1681 et seq.:
||15 U.S.C. 1681
||15 U.S.C. 1681a
||15 U.S.C. 1681b
||15 U.S.C. 1681c
||15 U.S.C. 1681cA
||15 U.S.C. 1681cB
||15 U.S.C. 1681d
||15 U.S.C. 1681e
||15 U.S.C. 1681f
||15 U.S.C. 1681g
||15 U.S.C. 1681h
||15 U.S.C. 1681i
||15 U.S.C. 1681j
||15 U.S.C. 1681k
||15 U.S.C. 1681l
||15 U.S.C. 1681m
||15 U.S.C. 1681n
||15 U.S.C. 1681o
||15 U.S.C. 1681p
||15 U.S.C. 1681q
||15 U.S.C. 1681r
||15 U.S.C. 1681s
||15 U.S.C. 1681s-1
||15 U.S.C. 1681s-2
||15 U.S.C. 1681t
||15 U.S.C. 1681u
||15 U.S.C. 1681v
||15 U.S.C. 1681w
||15 U.S.C. 1681x
||15 U.S.C. 1681y
IMPORTANT NOTICE AFFECTING END USERS DOING BUSINESS WITH VERMONT RESIDENTS
VERMONT - Notice of Requirement for Consumer Consent
Under Vermont law, no one may access a Vermont consumer's credit report without obtaining the consumer's permission except under the following limited circumstances:
(A) in response to the order of a court having jurisdiction to issue such an order;
(B) for direct mail offers of credit (prescreening), as permitted by the FCRA;
(C) for the purpose of reviewing an account, increasing the credit line on the account, taking collection action on the account, or for other legitimate purposes associated with the account, if the consumer has given ongoing permission to obtain reports in connection with an existing credit relationship;
(D) where the request for a credit report is related to an education loan made, guaranteed, or serviced by the Vermont Student Assistance Corporation;
(E) where the request for a credit report is by the Office of Child Support Services when investigating a child support case;
(F) where the request for a credit report is related to a credit transaction entered into prior to January 1, 1993; or
(G) where the request for a credit report is by the Vermont State Tax Department and is used for the purpose of collecting or investigating delinquent taxes.
If you have obtained consent from the consumer to receive their credit report, the report may only be used for the purpose consented to by the consumer.
Please note that by signing Experian Connect's Terms and Conditions, you have agreed to comply with all applicable federal, state and local laws, rules, and regulations relating to the use of information received from Experian or regarding the provision of information to Experian. Your company has also certified that it will not use the information received from Experian for purposes prohibited by law.
Based on the provisions in Experian Connect's Terms and Conditions between Experian and your company, Experian will rely on your company's certification that credit reports will not be requested unless done so in compliance with Vermont and all other applicable law.
The Vermont statute above is provided to you with the intention of increasing awareness of your responsibilities under VT2480e(b) only. The notice is not meant to be an exhaustive representation of all Vermont laws affecting credit report users nor of your obligations under such laws. In short, it is not intended to provide you with, nor shall it be construed as, legal advice regarding Vermont law.
Should you have any questions about your or your institution's specific obligations under the FCRA or any related state law, we ask that you consult with your own legal counsel.
California law requires that consumer credit reporting agencies, such as Experian, communicate to all its users and data furnishers their obligations under Title 1.6 California Consumer Credit Reporting Agencies Act.
Provided below is an extract of the Act. Please note that federal law may pre-empt state regulations. We strongly encourage you to review the entire statute closely with your legal counsel. A copy of the statute may be found at www.sen.ca.gov.
This communication is not intended to provide legal advice or counsel you in regards to your obligations under the law. If you have any questions pertaining to your obligations under California law, or any other state or federal regulation, we ask that you consult with your own legal counsel.
California Consumer Credit Reporting Legislation Data User / Furnisher Obligations
1785.11.1 (g) Any person who uses a consumer credit report in connection with the approval of credit based on an application for an extension of credit, or with the purchase, lease, or rental of goods or non-credit-related services and who receives notification of a security alert pursuant to subdivision (a) may not lend money, extend credit, or complete the purchase, lease, or rental of goods or non-credit-related services without taking reasonable steps to verify the consumer's identity, in order to ensure that the application for an extension of credit or for the purchase, lease, or rental of goods or non-credit-related services is not the result of identity theft. If the consumer has placed a statement with the security alert in his or her file requesting that identity be verified by calling a specified telephone number, any person who receives that statement with the security alert in a consumer's file pursuant to subdivision (a) shall take reasonable steps to verify the identity of the consumer by contacting the consumer using the specified telephone number prior to lending money, extending credit, or completing the purchase, lease, or rental of goods or non-credit-related services. If a person uses a consumer credit report to facilitate the extension of credit or for another permissible purpose on behalf of a subsidiary, affiliate, agent, assignee, or prospective assignee, that person may verify a consumer's identity under this section in lieu of the subsidiary, affiliate, agent, assignee, or prospective assignee.
(i) If reasonable steps are taken to verify the identity of the consumer pursuant to subdivision (b) of Section 1785.20.3, those steps constitute compliance with the requirements of this section, except that if a consumer has placed a statement including a telephone number with the security alert in his or her file, his or her identity shall be verified by contacting the consumer using that telephone number as specified pursuant to subdivision (g).
1785.11.4 The provisions of Sections 1785.11.1, 1785.11.2, and 1785.11.3 do not apply to a consumer credit reporting agency that acts only as a reseller of credit information pursuant to Section 1785.22 by assembling and merging information contained in the data base of another consumer credit reporting agency or multiple consumer credit reporting agencies, and does not maintain a permanent data base of credit information from which new consumer credit reports are produced. However, a consumer credit reporting agency acting pursuant to Section 1785.22 shall honor any security freeze placed on a consumer credit report by another consumer credit reporting agency.
1785.14 (2) If the prospective user is a retail seller, as defined in Section 1802.3, and intends to issue credit to a consumer who appears in person on the basis of an application for credit submitted in person, the retail seller certifies, in writing, to the consumer credit reporting agency that it instructs its employees and agents to inspect a photo identification of the consumer at the time the application was submitted in person. This paragraph does not apply to an application for credit submitted by mail.
(3) If the prospective user intends to extend credit by mail pursuant to a solicitation by mail, the extension of credit shall be mailed to the same address as on the solicitation unless the prospective user verifies any address change by, among other methods, contacting the person to whom the extension of credit will be mailed.
1802.3. "Retail seller" or "seller" means a person engaged in the business of selling goods or furnishing services to retail buyers.
1785.20.2. Any person who makes or arranges loans and who uses a consumer credit score as defined in Section 1785.15.1 in connection with an application initiated or sought by a consumer for a closed end loan or establishment of an open end loan for a consumer purpose that is secured by one to four units of residential real property shall provide the following to the consumer as soon as reasonably practicable:
(a) A copy of the information identified in subdivision (a) of Section 1785.15.1 that was obtained from a credit reporting agency or was developed and used by the user of the information. In addition to the information provided to it by a third party that provided the credit score or scores, a lender is only required to provide the notice contained in subdivision (d).
(b) If a person who is subject to this section uses an automated underwriting system to underwrite a loan, that person may satisfy the obligation to provide a credit score by disclosing a credit score and associated key factors supplied by a consumer credit reporting agency. However, if a numerical credit score is generated by an automated underwriting system used by an enterprise, and that score is disclosed to the person, it shall be disclosed to the consumer consistent with subdivision (c). For purposes of this subdivision, the term "enterprise" shall have the meaning provided in paragraph (6) of Section 4502 of Title 12 of the United States Code.
(c) A person subject to the provisions of this section who uses a credit score other than a credit score provided by a consumer reporting agency may satisfy the obligation to provide a credit score by disclosing a credit score and associated key factors supplied by a consumer credit reporting agency.
(d) A copy of the following notice, which shall include the name, address, and telephone number of each credit bureau providing a credit score that was used:
NOTICE TO THE HOME LOAN APPLICANT
In connection with your application for a home loan, the lender must disclose to you the score that a credit bureau distributed to users and the lender used in connection with your home loan, and the key factors affecting your credit scores. The credit score is a computer generated summary calculated at the time of the request and based on information a credit bureau or lender has on file. The scores are based on data about your credit history and payment patterns. Credit scores are important because they are used to assist the lender in determining whether you will obtain a loan. They may also be used to determine what interest rate you may be offered on the mortgage. Credit scores can change over time, depending on your conduct, how your credit history and payment patterns change, and how credit scoring technologies change. Because the score is based on information in your credit history, it is very important that you review the credit-related information that is being furnished to make sure it is accurate. Credit records may vary from one company to another. If you have questions about your credit score or the credit information that is furnished to you, contact the credit bureau at the address and telephone number provided with this notice, or contact the lender, if the lender developed or generated the credit score. The credit bureau plays no part in the decision to take any action on the loan application and is unable to provide you with specific reasons for the decision on a loan application. If you have questions concerning the terms of the loan, contact the lender.
NOTE: Customers needing to direct consumers to Experian in order for them to receive a copy of their credit report may provide the consumer with the following contact information:
Experian, P.O. Box 2002, Allen, TX 75013
1 888 EXPERIAN (1 888 397 3742)
(e) This section shall not require any person to do the following: (1) Explain the information provided pursuant to Section 1785.15.1. (2) Disclose any information other than a credit score or key factor, as defined in Section 1785.15.1. (3) Disclose any credit score or related information obtained by the user after a loan has closed. (4) Provide more than one disclosure per loan transaction. (5) Provide the disclosure required by this section when another person has made the disclosure to the consumer for that loan transaction. (f) Any person's obligation pursuant to this section shall be limited solely to providing a copy of the information that was received from the consumer credit reporting agency. No person has liability under this section for the content of that information or for the omission of any information within the report provided by the consumer credit reporting agency.
1785.20.3. (a) Any person who uses a consumer credit report in connection with the approval of credit based on an application for an extension of credit, and who discovers that the consumer's first and last name, address, or social security number, on the credit application does not match, within a reasonable degree of certainty, the consumer's first and last name, address or addresses, or social security number listed, if any, on the consumer credit report, shall take reasonable steps to verify the accuracy of the consumer's first and last name, address, or social security number provided on the application to confirm that the extension of credit is not the result of identity theft, as defined in Section 1798.92.
(b) Any person who uses a consumer credit report in connection with the approval of credit based on an application for an extension of credit, and who has received notification pursuant to subdivision (k) of Section 1785.16 that the applicant has been a victim of identity theft, as defined in Section 1798.92, may not lend money or extend credit without taking reasonable steps to verify the consumer's identity and confirm that the application for an extension of credit is not the result of identity theft.
(f) If a consumer provides initial written notice to a creditor that he or she is a victim of identity theft, as defined in subdivision (d) of Section 1798.92, the creditor shall provide written notice to the consumer of his or her rights under subdivision (k) of Section 1785.16. (g) The provisions of subdivisions (k) and (l) of Section 1785.16 do not apply to a consumer credit reporting agency that acts only as a reseller of credit information by assembling and merging information contained in the database of another consumer credit reporting agency or the databases of multiple consumer credit reporting agencies, and does not maintain a permanent database of credit information from which new credit reports are produced.
(h) This section does not apply if one of the addresses at issue is a US Army or Air Force post office address or a US Fleet post office address.
1785.20.5. (a) Prior to requesting a consumer credit report for employment purposes, the user of the report shall provide written notice to the person involved. The notice shall inform the person that a report will be used and the source of the report, and shall contain a box that the person may check off to receive a copy of the credit report. If the consumer indicates that he or she wishes to receive a copy of the report, the user shall request that a copy be provided to the person when the user requests its copy from the credit reporting agency. The report to the user and to the subject person shall be provided contemporaneously and at no charge to the subject person. (b) Whenever employment involving a consumer is denied either wholly or partly because of information contained in a consumer credit report from a consumer credit reporting agency, the user of the consumer credit report shall so advise the consumer against whom the adverse action has been taken and supply the name and address or addresses of the consumer credit reporting agency making the report. No person shall be held liable for any violation of this section if he or she shows by a preponderance of the evidence that, at the time of the alleged violation, he or she maintained reasonable procedures to assure compliance with this section.
1785.22. (a) A person may not procure a consumer credit report for the purpose of reselling the report or any information therein unless the person discloses to the consumer credit reporting agency which issues the report the identity of the ultimate end user and each permissible purpose for which the report is furnished to the end user of the consumer credit report or information therein. (b) A person that procures a consumer credit report for the purpose of reselling the report or any information therein shall do all of the following: (1) Establish and comply with reasonable procedures designed to ensure that the consumer credit report or information is resold by the person only for a purpose for which the report may be furnished under this title. These procedures shall include all of the following: (A) Identification of each prospective user of the resold consumer credit report or information. (B) Certification of each purpose for which the consumer credit report or information will be used. (C) Certification that the consumer credit report or information will be used for no other purpose. (2) Before reselling the consumer credit report or information, the person shall make reasonable efforts to verify the identities and certifications made under paragraph (1).
1785.25. (a) A person shall not furnish information on a specific transaction or experience to any consumer credit reporting agency if the person knows or should know the information is incomplete or inaccurate.
1785.30. Upon notification of the results of a consumer credit reporting agency's reinvestigation pursuant to Section 1785.16, a consumer may make a written demand on any person furnishing information to the consumer credit reporting agency to correct any information that the consumer believes to be inaccurate. The person upon whom the written demand is made shall acknowledge the demand within 30 days.
Should you have any questions regarding your institutions specific obligations under California law or any other state or federal statute, we ask that you consult with your own legal counsel.
Consumer Report User/Subscriber Agreement
This agreement by and between AAA Tenant Screening, Inc., hereinafter referred to as "AAA" and
___________________________________________ and/or its designated agent(s), hereinafter referred to as "SUBSCRIBER" upon mutual consideration enter into this agreement upon the conditions:
SUBSCRIBER herby certifies that the use of information provided to it, hereinafter referred to as "Consumer Report" shall be in accordance with the Fair Credit Reporting Act, Public Law 91-508.
SUBSCRIBER agrees to abide by the provisions of the Fair Credit Reporting Act (FCRA) and understands that the information received from AAA shall be received as a "consumer report from a consumer reporting agency" within the meaning of the Act. SUBSCRIBER acknowledges their responsibilities under the FCRA.
SUBSCRIBER further agrees that the information will be requested and used for the exclusive use only for tenant screening purposes or in connection with legitimate business needs as outlined in section 604 of the Fair Credit
Reporting Act. Reports will be requested only by the SUBSCRIBER'S designated and authorized representatives.
SUBSCRIBER shall prohibit its employees from obtaining any reports on themselves, associates or any other person except in the exercise of their official duties related to actual tenant screening.
AAA agrees to use its best efforts to hold all requests of the SUBSCRIBER confidential and not to divulge the name of subscriber's employee or the content of the report(s) obtained for the SUBSCRIBER to anyone other that (a) AAA subscribers (b) persons to whom AAA is permitted by law to disclose such information, and (c) employees or agents of AAA who have a need to know for the performance of their AAA's obligations under this agreement.
AAA agrees not to discriminate against any applicant because of race, creed, color, age, sex, disability, religion or national origin. AAA shall at all times promptly execute and comply with all statutes, ordinances, rules, regulations, and requirements of the federal, state and local governments which are applicable to the performance of this contract.
SUBSCRIBER is not a retail seller as defined in the Federal Act or in and State Act and therefore agrees not to resell any information obtained from AAA. Furthermore, SUBSCRIBER warrants that its employee and agents shall inspect a US Federal and/or State government issued photo identification of the consumer at the time an application is taken before submission to AAA.
If the application process is suspended or terminated because of information provided in the Consumer Report,
SUBSCRIBER shall comply with the provisions of the Fair Credit Reporting Act as to disclosure.
AAA agrees to provide timely dissemination of the available information in a manner consistent with standard business practices.
AAA will maintain consumer report information for a minimum of two (2) years as required by the Fair Credit Reporting Act.
AAA will provide the following services:
A. Maintain a database of applicants in the local market, based on data provided by SUBSCRIBER.
B. Provide SUBSCRIBER with applicant information which may be contained in the database.
C. Conduct local public record searches for criminal conviction information on applicants.
D. Provide written documentation to SUBSCRIBER of information discovered.
SUBSCRIBER agrees that it will not request a Consumer Report for tenant screening unless:
A. The consumer has authorized in writing the procurement of the report; and
B. Information from the Consumer Report for Tenant Screening Purposes will not be used in violation of any applicable federal or state equal employment opportunity law or regulation.
SUBSCRIBER agrees to:
A. Maintain a valid statement executed by the applicant on file for a minimum of three (3) years, authorizing
AAA to conduct the inquiries indicated herein, and releasing AAA and all parties and entities providing information from any and all liabilities resulting from such inquiries.
B. Follow the prescribed disclosure procedures. If applicant is denied as a result of information contained in an
AAA report, the applicant will be provided a copy of the report and "A Summary of Your Rights under the Fair Credit Reporting Act." AAA will provide all necessary documentation to SUBSCRIBER to provide to the applicant.
AAA shall use good faith in attempting to obtain information from sources deemed reliable, but does not guarantee the accuracy of information reported. In no event shall AAA be held liable in any manner whatsoever for any loss or injury to SUBSCRIBER resulting from obtaining or furnishing such information. Further SUBSRIBER agrees to hold AAA harmless and indemnify it from any and all claims, losses and damages arising out of the alleged liability or failure of the SUBSCRIBER to keep and perform any of its obligations described herein.
The parties hereto agree that this instrument is the full and complete Agreement between them regarding the furnishing of the credit report, and additional public record information, and it is not to be altered, varied, or enlarged upon by any verbal or written promises, statements, or representations not expressed herein. This Agreement shall not be binding on either party until accepted by AAA. It is further agreed that with just cause, such as delinquency or violations of the terms of the contact or legal requirement, AAA may for good cause, in AAA's sole discretion discontinue serving the SUBSCRIBER and cancel this agreement immediately. Jurisdiction and venue for the agreement shall be Maricopa County, Mesa, Arizona.
SUBSCRIBER is responsible for its employees, officers, associates, partners, agents, and anyone else who gains access to the Screening Consumer Report section with the password provided by AAA. SUBSCRIBER also understands that being responsible for access to AAA Consumer Reports means that SUBSCRIBER shall be responsible to pay for any amount which becomes due through the use of the password provided to SUBSCRIBER by AAA. SUBSCRIBER is also responsible for any employees or others who leave the employee of SUBSCRIBER who may take the password with them, and for anyone who may use it without authority. SUBSCRIBER is the only source of protection of the AAA password. Therefore, SUBSCRIBER shall take all precautions to secure and protect the password. If at any time SUBSCRIBER learns there is any security concern or breach regarding the password, SUBSCRIBER agrees to immediately contact AAA Tenant Screening, Inc. to cancel the password and obtain a new password.
CREDIT SCORING SERVICES AGREEMENT:
This Credit Scoring Services Agreement, ("Agreement"),between ("End User") and AAA Tenant Screening,
WHEREAS, Provider is an authorized reseller of Experian Information Solutions, Inc. ("Experian");
And WHEREAS, Experian and Fair, Isaac Corporation ("Fair, Isaac") offer the "Experian/Fair, Isaac
Model", consisting of the application of a risk model developed by Experian and Fair, Isaac which employs a proprietary algorithm and which, when applied to credit information relating to individuals with whom the End User contemplates entering into a credit relationship will result in a numerical score (the "Score" and collectively, "Scores"); the purpose of the models being to rank said individuals in order of the risk of unsatisfactory payment.
NOW, THEREFORE, for good and valuable consideration and intending to be legally bound, End
User and Provider hereby agree as follows:
1. General Provisions
A. Subject of Agreement. The subject of this Agreement is End User's purchase of Scores produced from the Experian/Fair, Isaac Model from Provider.
B. Application. This Agreement applies to all uses of the Experian/Fair, Isaac Model by End User during the term of this agreement.
2. Experian/Fair, Isaac Scores
A. Generally. Upon request by End User during the Term, Provider will provide End User with the Scores.
B. Warranty. Provider warrants that the Scores are empirically derived and statistically sound predictors
of consumer credit risk on the data from which they were developed when applied to the population for which they were developed. Provider further warrants that so long as it provides the Scores, the Scores will not contain or use any prohibited basis as defined by the federal Equal Credit Opportunity Act, 15 USC Section 1691 et seq. or Regulation B promulgated thereunder. THE FOREGOING WARRANTIES ARE THE ONLY WARRANTIES PROVIDER HAS GIVEN END USER WITH RESPECT TO THE SCORES, AND SUCH WARRANTIES ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, PROVIDER MIGHT HAVE GIVEN END USER WITH RESPECT THERETO, INCLUDING, FOR EXAMPLE, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. End User's rights under the foregoing warranties are expressly conditioned upon End User's periodic revalidation of the Experian/Fair, Isaac Model in compliance with the requirements of Regulation B as it may be amended from time to time (12 CFR Section 202 et seq.).
C. Release. End User hereby releases and holds harmless Provider, Fair Isaac and/or Experian and their respective officers, directors, employees, agents, sister or affiliated companies, and any third-party contractors or suppliers of Provider, Fair, Isaac or Experian from liability for any damages, losses, costs or expenses, whether direct or indirect, suffered or incurred by End User resulting from any failure of the Scores to accurately predict that a United States consumer will repay their existing or future credit obligations satisfactorily.
3. Intellectual Property
A. No License. Nothing contained in this Agreement shall be deemed to grant End User any license, sublicense, copyright interest, proprietary rights, or other claim against or interest in any computer programs utilized by Provider, Experian and/or Fair, Isaac or any third party involved in the delivery of the scoring services hereunder. End User acknowledges that the Experian/Fair, Isaac Model and its associated intellectual property rights in its output are the property of Fair, Isaac.
B. End User Use Limitations. By providing the Scores to End User pursuant to this Agreement, Provider grants to End User a limited license to use information contained in reports generated by the Experian/Fair, Isaac Model solely in its own business with no right to sublicense or otherwise sell or distribute said information to third parties. Before directing Provider to deliver Scores to any third party (as may be permitted by this Agreement), End User agrees to enter into a contract with such third party that (1) limits use of the Scores by the third party only to the use permitted to the End User, and (2) identifies Experian and Fair, Isaac as express third party beneficiaries of such contract.
C. Proprietary Designations. End User shall not use, or permit its employees, agents and subcontractors to use, the trademarks, service marks, logos, names, or any other proprietary designations of Provider, Experian or Fair, Isaac or their respective affiliates, whether registered or unregistered, without such party's prior written consent.
4. Compliance and Confidentiality
A. Compliance with Law. In performing this Agreement and in using information provided hereunder,
End User will comply with all Federal, state, and local statutes, regulations, and rules applicable to consumer credit information and nondiscrimination in the extension of credit from time to time in effect during the Term. End User certifies that (1) it has a permissible purpose for obtaining the Scores in accordance with the federal Fair Credit Reporting Act, and any similar applicable state statute, (2) any use of the Scores for purposes of evaluating the credit risk associated with applicants, prospects or existing customers will be in a manner consistent with the provisions described in the Equal Credit Opportunity Act ("ECOA"), Regulation B, and/or the Fair Credit Reporting Act, and (3) the Scores will not be used for Adverse Action as defined by the Equal Credit Opportunity Act ("ECOA") or Regulation B, unless adverse action reason codes have been delivered to the End User along with the Scores.
B. Confidentiality. End User will maintain internal procedures to minimize the risk of unauthorized disclosure of information delivered hereunder. End User will take reasonable precautions to assure that such information will be held in strict confidence and disclosed only to those of its employees whose duties reasonably relate to the legitimate business purposes for which the information is requested or used and to no other person. Without limiting the generality of the foregoing, End User will take suitable precautions to prevent loss, compromise, or misuse of any tapes or other media containing consumer credit information while in the possession of End User and while in transport between the parties. End User certifies that it will not publicly disseminate any results of the validations or other reports derived from the Scores without each of Experian's and Fair, Isaac's express written permission.
C. Proprietary Criteria. Under no circumstances will End User attempt in any manner, directly or indirectly, to discover or reverse engineer any confidential and proprietary criteria developed or used by Experian and/or Fair, Isaac in performing the scoring services hereunder.
D. Consumer Disclosure. Notwithstanding any contrary provision of this Agreement, End User may disclose the Scores provided to End User under this Agreement (1) to credit applicants, when accompanied by the corresponding reason codes, in the context of bona fide lending transactions and decisions only and (2) as clearly required by law.
5. Indemnification and Limitations
A. Indemnification of Provider, Experian and Fair, Isaac. End User will indemnify, defend, and hold each of Provider, Experian and Fair, Isaac harmless from and against any and all liabilities, damages, losses, claims, costs, and expenses (including attorneys' fees) arising out of or resulting from any nonperformance by End User of any obligations to be performed by End User under this Agreement, provided that Experian/Fair, Isaac have given End User prompt notice of, and the opportunity and the authority (but not the duty) to defend or settle any such claim.
B. Limitation of Liability. NOTWITHSTANDING ANY OTHER PROVISION OF THIS AGREEMENT, UNDER NO CIRCUMSTANCES WILL PROVIDER, EXPERIAN OR FAIR, ISAAC HAVE ANY OBLIGATION OR LIABILITY TO END USER FOR ANY INCIDENTAL, INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES INCURRED BY END USER, REGARDLESS OF HOW SUCH DAMAGES ARISE AND OF WHETHER OR NOT END USER WAS ADVISED SUCH DAMAGES MIGHT ARISE. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF PROVIDER, EXPERIAN OR FAIR, ISAAC TO END USER
EXCEED THE FEES PAID BY END USER PURSUANT TO THIS AGREEMENT DURING THE SIX MONTH PERIOD IMMEDIATELY PRECEDING THE DATE OF END USER'S CLAIM
A. Third Parties. End User acknowledges that the Scores results from the joint efforts of Experian and Fair, Isaac. End User further acknowledges that each Experian and Fair, Isaac have a proprietary interest in said Scores and agrees that either Experian or the Fair, Isaac may enforce those rights as required.
B. Complete Agreement. This Agreement sets forth the entire understanding of End User and Provider with respect to the subject matter hereof and supersedes all prior letters of intent, agreements, covenants, arrangements, communications, representations, or warranties, whether oral or written, by any officer, employee, or representative of either party relating thereto.
IN WITNESS WHEREOF, End User and Provider have signed and delivered this Agreement.
Federal Fair Credit Reporting Act (as amended by the
Consumer Credit Reporting Reform Act of 1996)
Although the FCRA primarily regulates the operations of consumer credit reporting agencies, it also affects you as a user of information. We have included a copy of the FCRA with your membership kit. We suggest that you and your employees become familiar with the following sections in particular:
604. Permissible Purposes of Reports
607. Compliance Procedures
615. Requirement on users of consumer reports
616. Civil liability for willful noncompliance
617. Civil liability for negligent noncompliance
619. Obtaining information under false pretenses
621. Administrative Enforcement
623. Responsibilities of Furnishers of Information to Consumer Reporting Agencies
Each of these sections is of direct consequence to users who obtain reports on consumers. As directed by the law, credit reports may be issued only if they are to be used for extending credit, review or collection of an account, employment purposes, underwriting insurance or in connection with some other legitimate business transaction such as in investment, partnership, etc. It is imperative that you identify each request for a report to be used for employment purposes when such report is ordered. Additional state laws may also impact your usage of reports for employment purposes.
We strongly endorse the letter and spirit of the Federal Fair Credit Reporting Act. We believe that this law and similar state laws recognize and preserve the delicate balance between the rights of the consumer and the legitimate needs of commerce.
In addition to the Federal Fair Credit Reporting Act, other federal and state laws addressing such topics as computer crime and unauthorized access to protected databases have also been enacted. As a prospective user of consumer reports, we expect that you and your staff will comply with all relevant federal statutes and the statutes and regulations of the states in which you operate.
We support consumer reporting legislation that will assure fair and equitable treatment for all consumers and users of credit information.
Access Security Requirements of FCRA and GLB 5A Data
We must work together to protect the privacy and information of consumers. The following information security measures are designed to reduce unauthorized access to consumer information. It is your responsibility to implement these controls. If you do not understand these requirements or need assistance, it is your responsibility to employ an outside service provider to assist you. Capitalized terms used herein have the meaning given in the Glossary attached hereto. Experian and AAA reserve the right to make changes to Access Security Requirements without notification. The information provided herewith provides minimum baselines for information security. In accessing AAA or Experian services, you agree to follow these security requirements:
1. Implement Strong Access Control Measures
1.1 Do not provide your Subscriber Codes or passwords to anyone. No one from AAA will ever contact you and
request your Subscriber Code number or password.
1.2 Proprietary or third party system access software must have Experian Subscriber Codes and password(s)
hidden or embedded. Account numbers and passwords should be known only by supervisory personnel.
1.3 You must request your Subscriber Code password be changed immediately when:
- any system access software is replaced by another system access software or is no longer used;
- the hardware on which the software resides is upgraded, changed or disposed of
1.4 Protect Subscriber Code(s) and password(s) so that only key personnel know this sensitive information.
Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s).
1.5 Create a separate, unique user ID for each user to enable individual authentication and accountability for
access to our infrastructure. Each user of the system access software must also have a unique logon
1.6 Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users' profiles.
1.7 Keep user passwords Confidential.
1.8 Develop strong passwords that are:
- Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters)
- Contain a minimum of seven (7) alpha/numeric characters for standard user accounts
1.9 Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect
1.10 Active logins to credit information systems must be configured with a 30 minute inactive session, timeout.
1.11 Restrict the number of key personnel who have access to credit information.
1.12 Ensure that personnel who are authorized access to credit information have a business need to access
such information and understand these requirements to access such information are only for the
permissible purposes listed in the Permissible Purpose Information section of your membership
1.13 Ensure that you and your employees do not access your own credit reports or those reports of any family
member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose.
1.14 Implement a process to terminate access rights immediately for users who access credit information when
those users are terminated or when they have a change in their job tasks and no longer require access
to that credit information.
1.15 After normal business hours, turn off and lock all devices or systems used to obtain credit information.
1.16 Implement physical security controls to prevent unauthorized entry to your facility and access to systems
used to obtain credit information.
2. Maintain a Vulnerability Management Program
2.1 Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other
systems current with appropriate system patches and updates.
2.2 Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks.
2.3 Implement and follow current best security practices for Computer Virus detection scanning services and
- Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks.
- If you suspect an actual or potential virus, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated.
- On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files.
2.4 Implement and follow current best security practices for computer anti-Spyware scanning services and
- Use, implement and maintain a current, commercially available computer anti-Spyware scanning product on all computers, systems and networks.
- If you suspect actual or potential Spyware, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated.
- Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers.
- Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If your company's computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), then it is recommended that anti-Spyware scans be completed more frequently than weekly.
3. Protect Data
3.1 Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle
(from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc.)
3.2 All Experian data is classified as Confidential and must be secured to this requirement at a minimum.
3.3 Procedures for transmission, disclosure, storage, destruction and any other information modalities or media
should address all aspects of the lifecycle of the information.
3.4 Encrypt all Experian data and information when stored on any laptop computer and in the database using
AES or 3DES with 128-bit key encryption at a minimum.
3.5 Only open email attachments and links from trusted sources and after verifying legitimacy.
4. Maintain an Information Security Policy
4.1 Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer
information as required under the GLB Safeguard Rule.
4.2 Establish processes and procedures for responding to security violations, unusual or suspicious events and
similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators.
4.3 The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive
information related to consumer credit reports and records that will protect against unauthorized access or use of that information.
4.4 Implement and maintain ongoing mandatory security training and awareness sessions for all staff to
underscore the importance of security within your organization.
5. Build and Maintain a Secure Network
5.1 Protect Internet connections with dedicated, industry-recognized Firewalls that are configured and managed
using industry best security practices.
5.2 Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the
Internet. Network address translation (NAT) technology should be used.
5.3 Administrative access to Firewalls and servers must be performed through a secure internal wired connection only.
5.4 Any stand alone computers that directly access the Internet must have a desktop Firewall deployed that is
installed and configured to block unnecessary/unused ports, services, and network traffic.
5.5 Encrypt Wireless access points with a minimum of WEP 128 bit encryption, WPA encryption where available.
5.6 Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point.
6. Regularly Monitor and Test Networks
6.1 Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning).
6.2 Use current best practices to protect your telecommunications systems and any computer system or network device(s) you use to provide Services hereunder to access Experian systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by:
- protecting against intrusions;
- securing the computer systems and network devices;
- and protecting against intrusions of operating systems or software.
Record Retention: The Federal Equal Opportunities Act states that a creditor must preserve all written or recorded information connected with an application for 25 months. In keeping with the ECOA, Experian requires that you retain the credit application and, if applicable, a purchase agreement for a period of not less than 25 months. When conducting an investigation, particularly following a consumer complaint that your company impermissibly accessed their credit report, Experian will contact you and will request a copy of the original application signed by the consumer or, if applicable, a copy of the sales contract.
"Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the
FCRA may beliable for a civil penalty of not more than $2,500 per violation."
Computer Virus: A Computer Virus is a self-replicating computer program that alters the way a computer operates, without the knowledge of the user. A true virus replicates and executes itself. While viruses can be destructive by destroying data, for example, some viruses are benign or merely annoying.
Confidential: Very sensitive information. Disclosure could adversely impact your company.
Encryption: Encryption is the process of obscuring information to make it unreadable without special knowledge.
Firewall: In computer science, a Firewall is a piece of hardware and/or software which functions in a networked environment to prevent unauthorized external access and some communications forbidden by the security policy, analogous to the function of Firewalls in building construction. The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle.
Information Lifecycle (Or Data Lifecycle) : A management program that considers the value of the information being stored over a period of time, the cost of its storage, its need for availability for use by authorized users, and the period of time for which it must be retained.
IP Address: A unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP). Any All participating network devices - including routers, computers, time-servers, printers, Internet fax machines, and some telephones - must have its'own unique IP address. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. It is important to keep your IP address secure as hackers can gain control of your devices and possibly launch an attack on other devices.
Peer-to-Peer: A type of communication found in a system that uses layered protocols. Peer-to-Peer networking is the protocol often used for reproducing and distributing music without permission.
Router: A Router is a computer networking device that forwards data packets across a network via routing. A Router acts as a junction between two or more networks transferring data packets.
Spyware: Spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the consent of that machine's owner or user. In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet.
SSID: Part of the Wi-Fi Wireless LAN, a service set identifier (SSID) is a code that identifies each packet as part of that network. Wireless devices that communicate with each other share the same SSID.
Subscriber Code: Your seven digit Experian account number.
WEP Encryption (Wired Equivalent Privacy): A part of the wireless networking standard intended to provide secure communication. The longer the key used, the stronger the encryption will be. Older technology reaching its end of life.
WPA (Wi-Fi Protected Access): A part of the wireless networking standard that provides stronger authentication and more secure communications. Replaces WEP. Uses dynamic key encryption verses static as in WEP (key is constantly changing and thus more difficult to break than WEP)
END USER CERTIFICATION OF COMPLIANCE
California Civil Code - Section 1785.14(a)
Section 1785.14(a), as amended, states that a consumer credit reporting agency does not have reasonable grounds for believing that a consumer credit report will only be used for a permissible purpose unless all of the following requirements are met:
Section 1785.14(a)(1) states: "If a prospective user is a retail seller, as defined in Section 1802.3, and intends to issue credit to a consumer who appears in person on the basis of an application for credit submitted in person, the consumer credit reporting agency shall, with a reasonable degree of certainty, match at least three categories of identifying information within the file maintained by the consumer credit reporting agency on the consumer with the information provided to the consumer credit reporting agency by the retail seller. The categories of identifying information may include, but are not limited to, first and last name, month and date of birth, driver's license number, place of employment, current residence address, previous residence address, or social security number. The categories of information shall not include mother's maiden name."
Section 1785.14(a)(2) states: "If the prospective user is a retail seller, as defined in Section 1802.3, and intends to issue credit to a consumer who appears in person on the basis of an application for credit submitted in person, the retail seller must certify, in writing, to the consumer credit reporting agency that it instructs its employees and agents to inspect a photo identification of the consumer at the time the application was submitted in person. This paragraph does not apply to an application for credit submitted by mail."
Section 1785.14(a)(3) states: "If the prospective user intends to extend credit by mail pursuant to a solicitation by mail, the extension of credit shall be mailed to the same address as on the solicitation unless the prospective user verifies any address change by, among other methods, contacting the person to whom the extension of credit will be mailed."
In compliance with Section 1785.14(a) of the California Civil Code
("End User") hereby certifies to Consumer Reporting Agency as follows:
End User (IS)(IS NOT) a retail seller, as defined in Section 1802.3 of the California Civil Code ("Retail
Seller") and issues credit to consumers who appear in person on the basis of applications for credit submitted in person ("Point of Sale").
End User also certifies that if End User is a Retail Seller who conducts Point of Sale transactions, End User will, beginning on or before July 1, 1998, instruct its employees and agents to inspect a photo identification of the consumer at the time an application is submitted in person.
End User also certifies that it will only use the appropriate End User code number designated by Consumer
Reporting Agency for accessing consumer reports for California Point of Sale transactions conducted by Retail Seller.
If End User is not a Retail Seller who issues credit in Point of Sale transactions, End User agrees that if it, at any time hereafter, becomes a Retail Seller who extends credit in Point of Sale transactions, End User shall provide written notice of such to Consumer Reporting Agency prior to using credit reports with Point of Sale transactions as a Retail Seller, and shall comply with the requirements of a Retail Seller conducting Point of Sale transactions, as provided in this certification.