Security

As a trusted steward of consumer and business information, Equifax  employs strong data security and confidentiality standards on the data we provide and on the access to that data. We maintain a highly sophisticated data information network that includes advanced security, protections and redundancies.

The Equifax network is reviewed on a continual basis by external security experts who conduct intrusion testing, vulnerability assessments, on-site inspections, and policy/incident management reviews. Equifax annually completes a SAS 70 Type II audit and receives TruSecure's accredited security certification. Additionally, Equifax conducts internal security reviews on a weekly basis.

ePort uses 128-bit Secure Socket Layer (SSL), a web standard, to protect, secure, and encrypt confidential information that is transmitted over the Internet from your computer's web browser to Equifax's secure servers. The information is decrypted only upon receipt by Equifax.

 

User Security:

To help monitor usage, ePort requires that administrators regularly reassess their users and confirm credentials.    Also, ePort provides administrators with valuable tools that help govern issues related to the use of credit information, including:

 

User Access Controls:

  • Assign different user roles and limit the number of users with supervisory or administrative access
  • Limit product availability -- only providing users with access to the products they need to fulfill their specific job responsibilities)
  • Establish normal hours of operation and review activity outside of those hours

 

Usage Reports:

  • Consumer File - View users' credit report activity including the original inquiry information and report output. Logs can be viewed for at least six months and provide an effective audit trail.
  • Report Profile - Examine changes made to Equifax product selections, including product additions, deletions, and changes.
  • User Profile - Analyze changes related to users' profiles by determining who added a new user or made changes to an existing users' profile as well as the date and time the changes were made.
  • Secure Token - Assess each time a user downloads a new token. When a user downloads a new token, company administrators can view the IP address of the machine that was used to download the token along with the transaction date and time.