User Guides
Home
Start typing to search…

Consumer Reports Data

Consumer Reports Data

Although Socure is not a consumer reporting agency, we support our partners' compliance with relevant consumer protection laws and rules. See below for details on how we interact with the U.S. FCRA and UK CRAIN requirements.

FCRA is an important financial services law that helps to ensure the accuracy, fairness, and privacy of the information in consumer credit bureau files (also known as "consumer reports"). One of the important protections of FCRA is to restrict how consumer reports are used to make decisions about people, with or without their knowledge. Because it’s so important, Socure is often asked if FCRA is relevant to our fraud scores and other products. FCRA does not apply to Socure’s identity verification (IDV) products or services because making IDV decisions is not the same as making FCRA eligibility decisions.

What risks does FCRA really address?

FCRA governs the practices of consumer reporting agencies (CRAs) that provide consumer report(s) to third parties. Section 603 of the FCRA defines "consumer report" as a communication of information by a CRA bearing on a consumer’s creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living that is used or expected to be used in whole or in part as a factor in establishing the consumer’s eligibility for credit, insurance, or other permissible uses.

What does Socure do that’s different?

Our fraud prevention products are based upon identity information, which is not considered as "bearing on" any of the consumer report characteristics. They are not designed for consumer report purposes. Socure is not a CRA. Ultimately we also expect that our customers act in accordance with the restrictions in our contract that prohibit the use of our products for FCRA purposes.

Could you explain further?

Although Socure does not give legal advice to customers, here are some FAQs that can aid you in your non-FCRA use of Socure products.

Frequently asked questions

Can Socure’s identity verification scores be used to establish an auto-decline threshold?

If Socure believes an identity is false, can I auto-decline that identity?

You can choose to use our solution up front in your decision engine as long as we are properly labeled as an identity verification process (IDV). Socure’s scores cannot be used for credit decisioning, but you can strategically place the IDV at the beginning of your onboarding process in order to weed out bad identities that do not merit a credit check. This would allow you to auto-decline at a threshold tailored to your consumer base while still generating fraud insights across your entire population of applicants.

Identity is a different consideration from creditworthiness. A consumer could be creditworthy but the entity submitting an online application could be fraudulently using that consumer’s identity, so we consider it a best practice to verify identity prior to an assessment of creditworthiness. Finally, the IDV and credit decision process must be clearly distinguished from each other so that Socure does not appear to be part of a credit check.


Can we decline an application based upon Socure’s deceased reason codes?

Similar to the previous question, you can use the deceased reason codes up front in your process as part of IDV to cull out applications that do not appear to be from a legitimate consumer and therefore do not merit being processed for credit eligibility. The deceased reason codes are not useful factors in determining a consumer’s creditworthiness. When used for IDV purposes, this is not FCRA-covered consumer credit information.


Is the SSN match verification service (eCBSV) subject to FCRA?

No. The SSA is not a consumer reporting agency: it has no purpose or operations related to assembling or evaluating consumer credit information. Moreover, the eCBSV data is not information bearing on a consumer’s creditworthiness: it is merely a binary verification that a submitted SSN matches the SSA’s records, occasionally with a death indicator. It offers no insight into credit eligibility and Socure customers should only be using it in the IDV process.


Does Socure’s feedback process become a consumer report since you ask us for labels with transaction details?

No. Socure only uses feedback labels for identity verification fraud prevention purposes and not for any FCRA purposes. They are informative as to fraud outcomes and patterns and will be used to train our Sigma Identity Fraud and Sigma Synthetic models. Socure combines identity information, payment signals, and customer labels to learn which identities turned out to be fraudulent and hence improve our identity fraud detection capabilities. Our purpose is to root out fraudulent identities – which is not related to identities (persons) who have committed fraud. Further, users of products that incorporate this information may not use those products for FCRA purposes.

The same goes for all of our feedback labels for all products. Socure only uses the information contained in feedback labels for identity verification and fraud prevention purposes and does not produce any result to enable customers to make a future credit decision about any particular consumer. As said up top, FCRA addresses the use of consumer credit information *"that is used or expected to be used in whole or in part as a factor in establishing the consumer’s eligibility for credit, insurance, or other permissible uses."

Updated 5 months ago