Credex Home Credex Solutions Credex Features Credex Pricing Learning Credex About us
Become the Super Originator!

signup now

ACCESS SECURITY REQUIREMENTS
FOR CREDEX USERS

We must all work together to protect the privacy of consumers’ non-public financial and confidential information (“Information”). The following measures are designed to reduce unauthorized access of consumer credit reports. By executing the CREDEX User Agreement, User agrees to follow these measures:

  • User must protect its account number and password so that only key personnel know this sensitive Information. Unauthorized persons should never have knowledge of User's password. Account number and password information should not be posted in any manner within User's facility.
  • System access software, whether developed by your company or purchased from a third party vendor, must have User's account number and password "hidden" or embedded and be known only by supervisory personnel. Each user of User's system access software must then be assigned unique log-on passwords.
  • User is not to discuss its account number and passwords by telephone with any unknown caller, even if the caller claims to be an employee of Next.
  • Restrict the ability to obtain credit information to a few key personnel.
  • Place all terminal devices used to obtain credit information in a secure location within User’s facility.
  • User should secure these devices so that unauthorized persons cannot easily access them.
  • After normal business hours, be sure to turn off and lock all devices or systems used to obtain credit Information.
  • Secure hard copies and electronic files of consumer reports within User's facility so that unauthorized persons cannot easily access them.
  • Shred or destroy all hard copy consumer reports when no longer needed.
  • Erase or scramble electronic files containing consumer information when no longer needed and when applicable regulation(s) permit destruction.
  • Make all employees aware that User can access credit information only for a permissible purpose as listed in the Permissible Purpose section of the Next User Agreement. User's employees may not access their own report or the report of a family member or friend if User does not have a permissible purpose.
  • Record Retention: It is important that you keep retain applications for credit reports for a reasonable period of time. This will help to facilitate the investigative process if a consumer claims that your company inappropriately accessed their credit report. (Note: The Federal Equal Credit Opportunity Act states that a creditor must preserve all written or recorded information connected with an application for 25 months.) Under Section 611 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation."