Back to Home Page

= Required Fields

Credit Bureau Services, Inc.

 MEMBERSHIP AGREEMENT

1.  The undersigned Customer hereby petitions Credit Bureau Services, Inc. (“CRA”) to render service in accordance with its customary practices, for which Customer agrees to pay promptly on billing by CRA the fees provided on “Basic Pricing Schedule.” 

2.  CRA may from time to time diminish or increase the charges to Customer upon fifteen days’ email or written notice mailed or delivered to Customer at its business address and in such event Customer agrees to pay to revised charges unless Customer shall terminate this agreement as hereinafter provided.

3.  Customer hereby agrees, represents and warrants that it in using the services of CRA, Customer will in all respects comply with the provisions of 15 U.S.C.§1681 et seq. (“FCRA”) and that services will be requested only for the Customer’s exclusive use and that customer will not further sell the information.  Customer further certifies that consumer reports will be ordered and used only in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or to review or collect an account of the consumer, even though otherwise permitted by law.

4.  Customer certifies that it will request consumer reports pursuant to procedures prescribed by CRA from time to time and only for the permissible purpose certified above, and will use the reports obtained for no other purpose. Customer shall use each consumer report only for a one-time use and shall hold the report in strict confidence, and not to disclose it to any third parties; provided, however that Customer may, but is not required to, disclose the report to the subject of the report only in connection with an adverse action based on the report. Moreover, for scores obtained from Trans Union, Equifax Information Services, or Experian Information Solutions, Customer shall not disclose to consumers or any third party, any or all such scores provided under this Agreement, except as required by law. Customer agrees that consumer reports on employees will not be requested. Customer will maintain copies of all written authorizations for a minimum of five (5) years from the date of inquiry and provide CRA copies of such upon request. Customer further agrees, as requested, promptly to furnish by telephone or in writing to CRA all required information covering transactions by the Customer and its consumers, and to indemnify CRA, Trans Union, Equifax Information Services, Experian Information Solutions, and each of the other Customers and the officers and employees of each, jointly and severally, from any loss, damage, attorney's fees and costs arising from any claim or suit based on alleged violation of any provision of this agreement.

5.  This Agreement shall continue in force without any fixed date of termination, subject to cancellation by either party upon thirty (30) days prior written notice mailed or delivered to the office of the other party; further subject to the right of CRA at any time and without prior notice, to terminate this agreement in event of any federal or state law or decision which affects the economic operation of CRA or any violation by Customer of any provision of this Agreement or the FCRA, and further subject to the right of Customer at any time and without prior written notice, to terminate this agreement in event of increase in charges to the Customer, as provided herein.

6.  No information furnished to Customer is guaranteed nor is CRA in any way responsible for such information. CRA shall not be responsible or liable for any loss caused by neglect or act of any of its servants, agents, attorneys, clerks or employees in procuring, collecting and communicating any information furnished by or to Customer. No promise, statement, representation or agreement made by any employee or other representative of CRA and not expressed in this Agreement shall bind it contractually or otherwise to Customer. 

7.  Customer agrees to fully support and implement policies that protect the confidential nature of information furnished by and through CRA and insure respect for consumers’ rights to privacy. Customer will take precautions to restrict the ability to obtain credit information to key personnel; safeguard access to credit software; safeguard access to websites where credit information can be obtained; protect Customer identification and passwords; and will properly destroy hard copies and electronic files of consumer credit information when no longer needed.

8. Customer hereby agrees to comply with all policies and procedures instituted by CRA and required by CRA’s consumer reporting vendors. CRA will give Customer as much notice as possible prior to the effective date of any such new policies required in the future, but does not guarantee that reasonable notice will be possible. Customer may terminate this agreement at any time after notification of a change in policy in the event Customer deems such compliance as not within its best interest.

9. Customer agrees that CRA and CRA’s consumer reporting vendors shall have the right to audit records of Customer that are relevant to the provision of services set forth in this Agreement. Customer further agrees that it will respond within a requested time frame for information requested by CRA’s consumer reporting vendors regarding information provided by such vendor. Customer understands that such vendor may suspend or terminate access to the vendor’s information in the event Customer does not cooperate with any such an investigation.

10.(a). During the term of this Agreement, Customer agrees to comply with all federal, state and local statutes, regulations and rules applicable to it, including, without limitation the FCRA, with any changes enacted to FCRA during the term of this Agreement, the Gramm Leach Bliley Act and its implementing regulations, any state or local laws governing the disclosure of consumer credit information, and any regulations or limitations promulgated by CRA’s consumer reporting vendors. Customer further agrees to comply with CRA’s “Access Security Requirements” Agreement attached hereto and made a part hereof. Without limiting the foregoing, CRA may from time to time notify Customer of new additional, updated or new requirements relating to such laws, compliance with which will be a condition of CRA’s continued provision of the credit information to Customer, and Customer shall utilize training materials to train and educate its employees in proper security procedures consistent with industry standards. In addition, such new requirements might require price increases. Customer agrees to comply with any such new requirements no later than thirty (30) days after it actually receives notice from CRA and such requirements shall be incorporated into this Agreement by this reference. Customer understands and agrees that CRA may require evidence, including a certification that Customer understands and will comply with applicable laws.

(b). Customer will implement strict security procedures designed to ensure that Customer’s employees use the services and information in accordance with this Agreement and for no purposes other than as permitted by this Agreement. Customer will treat and hold the services and the credit information in strict confidence and will restrict access to the services and the credit information to Customer’s employees and customers who agree to act in accordance with the terms of this Agreement and applicable law. Customer will not forward or share information from CRA’s consumer reporting vendors with any third party. Customer will inform Customer’s employees and customers to whom any credit information is disclosed of the provisions of this Agreement. Customer agrees to indemnify CRA and its consumer reporting vendors for any claims or losses incurred by CRA or its consumer reporting vendors as a result of the misuse of the services or the credit information by Customer or Customer’s affiliates, employees, agents, subcontractors or customers in violation of this Agreement.

11. Customer shall notify CRA of any breach of the security of consumer reporting data if the personal information of consumers was, or is reasonably believed to have been, acquired by an unauthorized person within 24 hours following discovery thereof.

12.  If approved by CRA and CRA’s consumer reporting vendors, Customer may deliver the consumer credit information to a third party, secondary Customer with which Customer has an ongoing business relationship (and with which CRA has a Customer relationship) for the permissible use of such information.  CRA’s consumer reporting vendors may charge a fee for the subsequent delivery to secondary Customers.

13. Customer agrees that CRA may verify, through audit or otherwise, that Customer is in fact the end Customer of the credit information with no intention to resell or otherwise provide or transfer the credit information in whole or in part to any other person or entity. CRA may utilize a third party vendor to perform an on-site inspection of Customer’s business, and Customer agrees to allow access to such third party.

14. Customer agrees to notify CRA of any change of ownership or control fifteen days prior to any such change. CRA may require the new ownership to re-apply for the services provided for herein and may require a new physical inspection in the event the office location is changed.

15. Customer hereby authorizes CRA to provide copies of any information regarding Customer to CRA’s consumer reporting vendors. 

16. Customer agrees that CRA may monitor Customer on an ongoing basis to determine Customer’s compliance with applicable law and the provisions of this Agreement. In the event CRA determines that Customer is not in compliance with applicable law or this Agreement, Customer may immediately discontinue services under this Agreement. Customer shall remain responsible for the payment for any services provided to Customer by CRA prior to any such discontinuance. 

17. CRA will provide, and Customer will utilize, training and training materials to Customer in order for Customer to comply with the federal Fair Credit Reporting Act and with the policies and procedures required by CRA’s consumer reporting vendors. 

18. 15 U.S.C. '1681 et seq. also requires certain other responsibilities of Customers of consumer reports from consumer reporting agencies. Those responsibilities are attached (and made a part hereof) as Exhibit A to this Agreement. Customer acknowledges that it is not one of the businesses listed in Exhibit B attached hereto. 

19. Customer understands and agrees that basic consumer credit information delivered to Customer by CRA is obtained from Trans Union, Equifax Information Services, or Experian Information Solutions, each of which impose different conditions on the acquisition, use and disposal of such information. Customer agrees to abide by the terms and conditions of the attached Appendices A, B and C containing such conditions, which are explicitly made a part hereof. 

20. Customer agrees that it will properly dispose of all consumer information. “Consumer Information”, as used herein, shall mean any record (or compilation thereof) about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report. Customer shall comply with all applicable state laws regarding consumer credit or consumer identity protection. 

21.  By my signature and/or electronic submission of this document, I personally guarantee payment of all fees and charges owed Credit Bureau Services, Inc. and you have my authorization to pull a personal credit report on myself in connection with approval of this application.

Access Security Requirements

 We must work together to protect the privacy and information of consumers. The following information security measures are designed to reduce unauthorized access to consumer information. It is your responsibility to implement these controls. If you do not understand these requirements or need assistance, it is your responsibility to employ an outside service provider to assist you.

Capitalized terms used herein have the meaning given in the Glossary attached hereto. The credit reporting agency reserves the right to make changes to Access Security Requirements without notification. The information provided herewith provides minimum baselines for information security.

In accessing the credit reporting agency’s services, you agree to follow these security requirements:

1. Implement Strong Access Control Measures

1.1 Do not provide your credit reporting agency Subscriber Codes or passwords to anyone. No one from the credit reporting agency will ever contact you and request your Subscriber Code number or password.

1.2 Proprietary or third party system access software must have credit reporting agency Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel.

1.3 You must request your Subscriber Code password be changed immediately when:

    • any system access software is replaced by another system access software or is no longer used

    • the hardware on which the software resides is upgraded, changed or disposed of

1.4 Protect credit reporting agency Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s).

1.5 Create a separate, unique user ID for each user to enable individual authentication and accountability for access to the credit reporting agency’s infrastructure. Each user of the system access software must also have a unique logon password.

1.6 Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users’ profiles.

1.7 Keep user passwords Confidential.

1.8 Develop strong passwords that are:

    • Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters)

    • Contain a minimum of seven (7) alpha/numeric characters for standard useraccounts

1.9 Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations.

1.10 Active logins to credit information systems must be configured with a 30 minute inactive session, timeout.

1.11 Restrict the number of key personnel who have access to credit information.

1.12 Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application.

1.13 Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose.

1.14 Implement a process to terminate access rights immediately for users who access credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information.

1.15 After normal business hours, turn off and lock all devices or systems used to obtain credit information.

1.16 Implement physical security controls to prevent unauthorized entry to your facility and access to systems used to obtain credit information.  

2. Maintain a Vulnerability Management Program  

2.1 Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and desktop) and all other systems current with appropriate system patches and updates.

2.2 Configure infrastructure such as Firewalls, Routers, personal computers, and similar components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks.

2.3 Implement and follow current best security practices for Computer Virus detection scanning services and procedures:

    • Use, implement and maintain a current, commercially available Computer Virusdetection/scanning product on all computers, systems and networks.

    • If you suspect an actual or potential virus, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated.

    • On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus

definition files.

2.4 Implement and follow current best security practices for computer anti-Spyware scanning services and procedures:

    • Use, implement and maintain a current, commercially available computer anti-Spyware scanning product on all computers, systems and networks.

    • If you suspect actual or potential Spyware, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated.

    • Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers.

    • Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If your company’s computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), then it is recommended that anti-Spyware scans be completed more frequently than weekly.  

3. Protect Data  

3.1 Develop and follow procedures to ensure that data is protected throughout its entire information lifecycle (from creation, transformation, use, storage and secure destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc.)

3.2 All credit reporting agency data is classified as Confidential and must be secured to this requirement at a minimum.

3.3 Procedures for transmission, disclosure, storage, destruction and any other information modalities or media should address all aspects of the lifecycle of the information.

3.4 Encrypt all credit reporting agency data and information when stored on any laptop computer and in the database using AES or 3DES with 128-bit key encryption at a minimum.

3.5 Only open email attachments and links from trusted sources and after verifying legitimacy.  

4. Maintain an Information Security Policy 

4.1 Develop and follow a security plan to protect the Confidentiality and integrity of personal consumer information as required under the GLB Safeguard Rule.

4.2 Establish processes and procedures for responding to security violations, unusual or suspicious events and similar incidents to limit damage or unauthorized access to information assets and to permit identification and prosecution of violators.

4.3 The FACTA Disposal Rules requires that you implement appropriate measures to dispose of any sensitive information related to consumer credit reports and records that will protect against unauthorized access or use of that nformation.

4.4 Implement and maintain ongoing mandatory security training and awareness sessions for all staff to underscore the importance of security within your organization.  

5. Build and Maintain a Secure Network 

5.1 Protect Internet connections with dedicated, industry-recognized Firewalls that are configured and managed using industry best security practices.

5.2 Internal private Internet Protocol (IP) addresses must not be publicly accessible or natively routed to the Internet. Network address translation (NAT) technology should be used.

5.3 Administrative access to Firewalls and servers must be performed through a secure internal wired connection only.

5.4 Any stand alone computers that directly access the Internet must have a desktop Firewall deployed that is installed and configured to block unnecessary/unused ports, services, and network traffic.

5.5 Encrypt Wireless access points with a minimum of WEP 128 bit encryption, WPA encryption where available.

5.6 Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points and restrict authentication on the configuration of the access point.  

6. Regularly Monitor and Test Networks 

6.1 Perform regular tests on information systems (port scanning, virus scanning, vulnerability scanning).

6.2 Use current best practices to protect your telecommunications systems and any computer system or network device(s) you use to provide Services hereunder to access credit reporting agency systems and networks. These controls should be selected and implemented to reduce the risk of infiltration, hacking, access penetration or exposure to an unauthorized third party by:

    • protecting against intrusions;

    • securing the computer systems and network devices;

    • and protecting against intrusions of operating systems or software.

Record Retention: The Federal Equal Opportunities Act states that a creditor must preserve all written or recorded information connected with an application for 25 months. In keeping with the ECOA, the credit reporting agency requires that you retain the credit application and, if applicable, a purchase agreement for a period of not less than 25 months. When conducting an investigation, particularly following a breach or a consumer complaint that your company impermissibly accessed their credit report, the credit reporting agency will contact you and will request a copy of the original application signed by the consumer or, if applicable, a copy of the sales contract.  

“Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation.”  

REISSUANCE OF CONSUMER REPORTS 

1.  The undersigned Customer hereby petitions “CRA” to render service regarding the reissuance or secondary use of consumer reports in accordance with its customary practices, for which Customer agrees to pay promptly on billing by CRA the fees provided on “Basic Pricing Schedule.”

2. Customer hereby agrees, represents and warrants that it is a mortgage lender/broker and in using the services of CRA, Customer will in all respects comply with the provisions of 15 U.S.C. § 1681 et seq. (“FCRA”) and that services will be requested only for the Customer’s exclusive use. Customer further certifies that consumer reports will be ordered and used only in connection with a credit transaction involving the consumer on whom the information is to be furnished and involving the extension of credit to, or to review or collect an account of the consumer, even though otherwise permitted by law. Provided, however, notwithstanding the provisions of the Customer Service Agreement between the parties, Customer may reissue or share such report with one or more credit grantors which (1) have a permissible purpose under the FCRA to receive such reports and (2) are “Qualified Subscribers” of CRA. A “Qualified Subscriber” is a Customer of CRA that has a signed Customer Service Agreement with CRA.

3. The reissuance or sharing of a consumer report with a Qualified Subscriber as set forth in paragraph 2 hereof, may be accomplished by the physical sharing of a copy of the report or the obtaining of another copy from CRA. In either event, Customer agrees to inform CRA of any such reissue and to pay the fees set forth in the “Basic Pricing Schedule” attached hereto and made a part hereof. OBLIGATIONS OF USERS UNDER THE FCRA

The Fair Credit Reporting Act (FCRA),15 U.S.C. 1681-1681y, requires that this notice be provided to inform users of consumer reports of their legal obligations. State law may impose additional requirements. The text of the FCRA is set forth in full at the Federal Trade Commission's Website at www.ftc.gov/credit. 

At the end of this document is a list of United States Code citations for the FCRA. Other information about user duties is also available at the Commission’s Web site. Users must consult the relevant provisions of the FCRA for details about their obligations under the FCRA.

The first section of this summary sets forth the responsibilities imposed by the FCRA on all users of consumer reports. The subsequent sections discuss the duties of users of reports that contain specific types of information, or that are used for certain purposes, and the legal consequences of violations. If you are a furnisher of information to a consumer reporting agency (CRA), you have additional obligations and will receive a separate notice from the CRA describing your duties as a furnisher.

OBLIGATIONS OF ALL USERS OF CONSUMER REPORTS

A.  Users Must Have a Permissible Purpose

Congress has limited the use of consumer reports to protect consumers' privacy. All users must have a permissible purpose under the FCRA to obtain a consumer report. Section 604 contains a list of the permissible purposes under the law. These are: 

• As ordered by a court or a federal grand jury subpoena. Section 604(a)(1)

• As instructed by the consumer in writing. Section 604(a)(2)  

• For the extension of credit as a result of an application from a consumer, or the review or collection of a consumer's account. Section 604(a)(3)(A)

• For employment purposes, including hiring and promotion decisions, where the consumer has given written permission. Sections 604(a)(3)(B) and 604(b)2  

• For the underwriting of insurance as a result of an application from a consumer. Section 604(a)(3)(C) • When there is a legitimate business need, in connection with a business transaction that is initiated by the consumer. Section 604(a)(3)(F)(i)  

• To review a consumer's account to determine whether the consumer continues to meet the terms of the account. Section 604(a)(3)(F)(ii) 

• To determine a consumer's eligibility for a license or other benefit granted by a governmental instrumentality required by law to consider an applicant's financial responsibility or status. Section 604(a)(3)(D)

• For use by a potential investor or servicer, or current insurer, in a valuation or assessment of the credit or prepayment risks associated with an existing credit obligation. Section 604(a)(3)(E) 

• For use by state and local officials in connection with the determination of child support payments, or modifications and enforcement thereof. Sections 604(a)(4) and 604(a)(5)

In addition, creditors and insurers may obtain certain consumer report information for the purpose of making “prescreened” unsolicited offers of credit or insurance. Section 604(c). The particular obligations of users of "prescreened" information are described in Section VII below.

B.  Users Must Provide Certifications

Section 604(f) prohibits any person from obtaining a consumer report from a consumer reporting agency (CRA) unless the person has certified to the CRA the permissible purpose(s) for which the report is being obtained and certifies that the report will not be used for any other purpose.  

C.  Users Must Notify Consumers When Adverse Actions Are Taken  

The term "adverse action" is defined very broadly by Section 603. "Adverse actions" include all business, credit, and employment actions affecting consumers that can be considered to have a negative impact as defined by Section 603(k) of the FCRA – such as denying or canceling credit or insurance, or denying employment or promotion.  No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer.

1. Adverse Actions Based on Information Obtained From a CRA

If a user takes any type of adverse action as defined by the FCRA that is based at least in part on information contained in a consumer report, Section 615(a) requires the user to notify the consumer. The notification may be done in writing, orally, or by electronic means. It must include the following:  

• The name, address, and telephone number of the CRA (including a toll-free telephone number, if it is a nationwide CRA) that provided the report.

 • A statement that the CRA did not make the adverse decision and is not able to explain why the decision was made.  

• A statement setting forth the consumer's right to obtain a free disclosure of the consumer's file from the CRA if the consumer makes a request within 60 days.

• A statement setting forth the consumer's right to dispute directly with the CRA the accuracy or completeness of any information provided by the CRA.

2. Adverse Actions Based on Information Obtained From Third Parties Who Are Not Consumer Reporting Agencies If a person denies (or increases the charge for) credit for personal, family, or household purposes based either wholly or partly upon information from a person other than a CRA, and the information is the type of consumer information covered by the FCRA, Section 615(b)(1) requires that the user clearly and accurately disclose to the consumer his or her right to be told the nature of the information that was relied upon if the consumer makes a written request within 60 days of notification. The user must provide the disclosure within a reasonable period of time following the consumer's written request.  

3. Adverse Actions Based on Information Obtained From Affiliates

If a person takes an adverse action involving insurance, employment, or a credit transaction initiated by the consumer, based on information of the type covered by the FCRA, and this information was obtained from an entity affiliated with the user of the information by common ownership or control, Section 615(b)(2) requires the user to notify the consumer of the adverse action. The notice must inform the consumer that he or she may obtain a disclosure of the nature of the information relied upon by making a written request within 60 days of receiving the adverse action notice. If the consumer makes such a request, the user must disclose the nature of the information not later than 30 days after receiving the request. If consumer report information is shared among affiliates and then used for an adverse action, the user must make an adverse action disclosure as set forth in I.C.1 above.   

D. Users Have Obligations When Fraud and Active Duty Military Alerts are in Files

When a consumer has placed a fraud alert, including one relating to identity theft, or an active duty military alert with a nationwide consumer reporting agency as defined in Section 603(p) and resellers, Section 605A(h) imposes limitations on users of reports obtained from the consumer reporting agency in certain circumstances, including the establishment of a new credit plan and the issuance of additional credit cards. For initial fraud alerts and active duty alerts, the user must have reasonable policies and procedures in place to form a belief that the user knows the identity of the applicant or contact the consumer at a telephone number specified by the consumer; in the case of extended fraud alerts, the user must contact the consumer in accordance with the contact information provided in the consumer’s alert. 

E. Users Have Obligations When Notified of an Address Discrepancy

Section 605(h) requires nationwide CRAs, as defined in Section 603(p), to notify users that request reports when the address for a consumer provided by the user in requesting the report is substantially different from the addresses in the consumer’s file. When this occurs, users must comply with regulations specifying the procedures to be followed, which will be issued by the Federal Trade Commission and the banking and credit union regulators. The Federal Trade Commission’s regulations will be available at www.ftc.gov/credit.

F. Users Have Obligations When Disposing of Records

Section 628 requires that all users of consumer report information have in place procedures to properly dispose of records containing this information. The Federal Trade Commission, the Securities and Exchange Commission, and the banking and credit union regulators have issued regulations covering disposal. The Federal Trade Commission’s regulations may be found at www.ftc.gov/credit. 

II. CREDITORS MUST MAKE ADDITIONAL DISCLOSURES  

If a person uses a consumer report in connection with an application for, or a grant, extension, or provision of, credit to a consumer on material terms that are materially less favorable than the most favorable terms available to a substantial proportion of consumers from or through that person, based in whole or in part on a consumer report, the person must provide a risk-based pricing notice to the consumer in accordance with regulations to be jointly prescribed by the Federal Trade Commission and the Federal Reserve Board Section 609(g) requires a disclosure by all persons that make or arrange loans secured by residential real property (one to four units) and that use credit scores. These persons must provide credit scores and other information about credit scores to applicants, including the disclosure set forth in Section 609(g)(1)(D) (“Notice to the Home Loan Applicant”). 

III. OBLIGATIONS OF USERS WHEN CONSUMER REPORTS ARE OBTAINED FOR EMPLOYMENT PURPOSES

A. Employment Other Than in the Trucking Industry

If information from a CRA is used for employment purposes, the user has specific duties, which are set forth in Section 604(b) of the FCRA. The user must:  

• Make a clear and conspicuous written disclosure to the consumer before the report is obtained, in a document that consists solely of the disclosure, that a consumer report may be obtained.

• Obtain from the consumer prior written authorization. Authorization to access reports during the term of employment may be obtained at the time of employment.  

• Certify to the CRA that the above steps have been followed, that the information being obtained will not be used in violation of any federal or state equal opportunity law or regulation, and that, if any adverse action is to be taken based on the consumer report, a copy of the report and a summary of the consumer's rights will be provided to the consumer.

• Before taking an adverse action, the user must provide a copy of the report to the consumer as well as the summary of consumer’s rights. (The user should receive this summary from the CRA.) A Section 615(a) adverse action notice should be sent after the adverse action is taken. An adverse action notice also is required in employment situations if credit information (other than transactions and experience data) obtained from an affiliate is used to deny employment. Section 615(b)(2) The procedures for investigative consumer reports and employee misconduct investigations are set forth below.

B. Employment in the Trucking Industry

Special rules apply for truck drivers where the only interaction between the consumer and the potential employer is by mail, telephone, or computer. In this case, the consumer may provide consent orally or electronically, and an adverse action may be made orally, in writing, or electronically. The consumer may obtain a copy of any report relied upon by the trucking company by contacting the company. 

IV. OBLIGATIONS WHEN INVESTIGATIVE CONSUMER REPORTS ARE USED

Investigative consumer reports are a special type of consumer report in which information about a consumer's character, general reputation, personal characteristics, and mode of living is obtained through personal interviews by an entity or person that is a consumer reporting agency.  Consumers who are the subjects of such reports are given special rights under the FCRA.  If a user intends to obtain an investigative consumer report, Section 606 requires the following:

• The user must disclose to the consumer that an investigative consumer report may be obtained. This must be done in a written disclosure that is mailed, or otherwise delivered, to the consumer at some time before or not later than three days after the date on which the report was first requested. The disclosure must include a statement informing the consumer of his or her right to request additional disclosures of the nature and scope of the investigation as described below, and the summary of consumer rights required by Section 609 of the FCRA. (The summary of consumer rights will be provided by the CRA that conducts the investigation.)

• The user must certify to the CRA that the disclosures set forth above have been made and that the user will make the disclosure described below.

• Upon the written request of a consumer made within a reasonable period of time after the disclosures required above, the user must make a complete disclosure of the nature and scope of the investigation. This must be made in a written statement that is mailed, or otherwise delivered, to the consumer no later than five days after the date on which the request was received from the consumer or the report was first requested, whichever is later in time.

V. SPECIAL PROCEDURES FOR EMPLOYEE INVESTIGATIONS

Section 603(x) provides special procedures for investigations of suspected misconduct by an employee or for compliance with Federal, state or local laws and regulations or the rules of a self-regulatory organization, and compliance with written policies of the employer. These investigations are not treated as consumer reports so long as the employer or its agent complies with the procedures set forth in Section 603(x), and a summary describing the nature and scope of the inquiry is made to the employee if an adverse action is taken based on the investigation.   

VI. OBLIGATIONS OF USERS OF MEDICAL INFORMATION

Section 604(g) limits the use of medical information obtained from consumer reporting agencies (other than payment information that appears in a coded form that does not identify the medical provider). If the information is to be used for an insurance transaction, the consumer must give consent to the user of the report or the information must be coded. If the report is to be used for employment purposes – or in connection with a credit transaction (except as provided in regulations issued by the banking and credit union regulators) – the consumer must provide specific written consent and the medical information must be relevant. Any user who receives medical information shall not disclose the information to any other person (except where necessary to carry out the purpose for which the information was disclosed, or as permitted by statute, regulation, or order). 

VII. OBLIGATIONS OF USERS OF "PRESCREENED" LIST

The FCRA permits creditors and insurers to obtain limited consumer report information for use in connection with unsolicited offers of credit or insurance under certain circumstances.  Sections 603(l), 604(c), 604(e), and 615(d). This practice is known as "prescreening" and typically involves obtaining from a CRA a list of consumers who meet certain pre-established criteria. If any person intends to use prescreened lists, that person must (1) before the offer is made, establish the criteria that will be relied upon to make the offer and to grant credit or insurance, and (2) maintain such criteria on file for a three-year period beginning on the date on which the offer is made to each consumer. In addition, any user must provide with each written solicitation a clear and conspicuous statement that:

• Information contained in a consumer's CRA file was used in connection with the transaction.  

• The consumer received the offer because he or she satisfied the criteria for credit worthiness or insurability used to screen for the offer.  

• Credit or insurance may not be extended if, after the consumer responds, it is determined that the consumer does not meet the criteria used for screening or any applicable criteria bearing on credit worthiness or insurability, or the consumer does not furnish required collateral.  

• The consumer may prohibit the use of information in his or her file in connection with future prescreened offers of credit or insurance by contacting the notification system established by the CRA that provided the report. The statement must include the address and toll-free telephone number of the appropriate notification system. In addition, once the Federal Trade Commission by rule has established the format, type size, and manner of the disclosure required by Section 615(d), users must be in compliance with the rule. The FTC’s regulations will be at www.ftc.gov/credit.

A. Disclosure and Certification Requirements

Section 607(e) requires any person who obtains a consumer report for resale to take the following steps:  

• Disclose the identity of the end-user to the source CRA.  

• Identify to the source CRA each permissible purpose for which the report will be furnished to the end-user.  

• Establish and follow reasonable procedures to ensure that reports are resold only for permissible purposes, including procedures to obtain:  

(1) the identity of all end-users;

(2) certifications from all users of each purpose for which reports will be used; and (3) certifications that reports will not be used for any purpose other than the purpose(s) specified to the reseller. Resellers must make reasonable efforts to verify this information before selling the report. 

B.  Reinvestigations by Resellers

Under Section 611(f), if a consumer disputes the accuracy or completeness of information in a report prepared by a reseller, the reseller must determine whether this is a result of an action or omission on its part and, if so, correct or delete the information. If not, the reseller must send the dispute to the source CRA for reinvestigation. When any CRA notifies the reseller of the results of an investigation, the reseller must immediately convey the information to the consumer. 

C.  Fraud Alerts and Resellers

 Section 605A(f) requires resellers who receive fraud alerts or active duty alerts from another consumer reporting agency to include these in their reports. 

X. LIABILITY FOR VIOLATIONS OF THE FCRA 

Failure to comply with the FCRA can result in state government or federal government enforcement actions, as well as private lawsuits. Sections 616, 617, and 621. In addition, any person who knowingly and willfully obtains a consumer report under false pretenses may face criminal prosecution. Section 619. 

The FTC’s Web site, www.ftc.gov/credit, has more information about the FCRA, including publications for businesses and the full text of the FCRA.  Citations for FCRA sections in the U.S. Code, 15 U.S.C. § 1681 et seq.:

Section 602 15 U.S.C. 1681  

Section 603 15 U.S.C. 1681a  

Section 604 15 U.S.C. 1681b  

Section 605 15 U.S.C. 1681c  

Section 605A 15 U.S.C. 1681cA  

Section 605B 15 U.S.C. 1681cB  

Section 606 15 U.S.C. 1681d  

Section 607 15 U.S.C. 1681e  

Section 608 15 U.S.C. 1681f  

Section 609 15 U.S.C. 1681g  

Section 610 15 U.S.C. 1681h  

Section 611 15 U.S.C. 1681i  

Section 612 15 U.S.C. 1681j  

Section 613 15 U.S.C. 1681k  

Section 614 15 U.S.C. 1681l

Section 615 15 U.S.C. 1681m  

Section 616 15 U.S.C. 1681n

Section 617 15 U.S.C. 1681o  

Section 618 15 U.S.C. 1681p  

Section 619 15 U.S.C. 1681q  

Section 620 15 U.S.C. 1681r  

Section 621 15 U.S.C. 1681s  

Section 622 15 U.S.C. 1681s-1  

Section 623 15 U.S.C. 1681s-2  

Section 624 15 U.S.C. 1681t  

Section 625 15 U.S.C. 1681u  

Section 626 15 U.S.C. 1681v  

Section 627 15 U.S.C. 1681w  

Section 628 15 U.S.C. 1681x  

Section 629 15 U.S.C. 1681y

EXHIBIT B  

Businesses That Cannot Be Provided Information:

Adult entertainment service of any kind

Business that operates out of an apartment or unrestricted location within a residence (unless approved by repository)  

Attorneys or Law Offices of any type  

Bail bondsman

Check cashing  

Credit counseling  

Credit repair clinic  

Dating service  

Financial counseling  

Genealogical or heir research firm  

Massage services  

Company that locates missing children  

Pawn shop  

Private detectives, detective agencies or investigative companies  

Individual seeking information for their private use  

Company that handles third party repossession  

Company or individual involved in spiritual counseling  

Subscriptions (magazines, book clubs, record clubs, etc.)  

Tattoo service  

Insurance Claims  

Internet Locator Services  

Asset Location Services  

Future Services (i.e., health clubs, timeshare, continuity clubs, etc.)  

News Agencies or journalists  

Law Enforcement (except for employment screening)  

Any company or individual who is known to have been involved in credit fraud or other unethical business practices  

Companies listed on repository alert report notifications

APPENDIX A-1  

Equifax Requirements

Customer, in order to receive consumer credit information from Equifax Information Services, LLC, through CRA agrees to comply with the following conditions required by Equifax, which may be in addition to those outlined in the Customer Service Agreement (“Agreement”). Customer understands and agrees that Equifax’s delivery of information to Customer via CRA is specifically conditioned upon Customer’s agreement with the provisions set forth in this Agreement. Customer understands and agrees that these requirements pertain to all of its employees, managers and owners and that all persons having access to Equifax consumer credit information, whether existing or future employees, will be trained to understand and comply with these obligations.

1. Customer hereby agrees to comply with all current and future policies and procedures instituted by CRA and required by Equifax. CRA will give Customer as much notice as possible prior to the effective date of any such new policies required in the future, but does not guarantee that reasonable notice will be possible. Customer may terminate this agreement at any time after notification of a change in policy in the event Customer deems such compliance as not within its best interest.  

2. Customer certifies that it will order and use Limited-ID or Limited DTEC reports in connection with only one of the following purposes involving the subject of the report and for no other purpose: (a) to protect against or prevent actual or potential fraud, unauthorized transactions, claims or other liability; (b) for required institutional risk control or for resolving consumer disputes or inquiries; (c) due to holding a legal or beneficial interest relating to the consumer; (d) as necessary to effect, administer, or enforce a transaction to underwrite insurance at the consumer's request, for reinsurance purposes or for the following purposes related to the consumer's insurance: account administration, reporting, investigation fraud prevention, premium payment processing, claim processing, benefit administration or research projects; (e) to persons acting in a fiduciary or representative capacity on behalf of, and with the consent of, the consumer or (f) as necessary to effect, administer, or enforce a transaction requested or authorized by the consumer, including location for collection of a delinquent account. Customer, if a government agency, certifies it will order and use Limited-ID or Limited DTEC in connection with the following purposes involving the subject and for no other purpose: (y) pursuant to FCRA Section 608 or (z) for an investigation on a matter related to public safety. Customer further certifies that it will, with each Limited ID or Limited DTEC inquiry, include the Exception Code required by Equifax that identifies the use for which Customer is ordering the information, and that because Limited ID and Limited DTEC reports are not consumer reports Customer will riot order or use Limited ID or Limited DTEC reports, in whole or in part, to determine eligibility for credit, insurance, or for any other permissible purpose, as defined by the FCRA, for which a consumer reporting agency is permitted to furnish a consumer report.  Equifax may periodically conduct audits of Customer regarding its compliance with the FCRA and other certifications in this Agreement. Audits will be conducted by mail whenever possible and will require Customers to provide documentation as to permissible use of particular consumer, Limited ID, or Limited DTEC reports. Customer gives its consent to Equifax to conduct such audits and agrees that any failure to cooperate fully and promptly in the conduct of any audit, or Customer's material breach of this Agreement, constitute grounds for immediate suspension of service or, termination of this Agreement notwithstanding Paragraph 6 above. If Equifax terminates this Agreement due to the conditions in the preceding sentence, Customer (i) unconditionally releases and agrees to hold EQUIFAX harmless and indemnify it from and against any and all liabilities of whatever kind or nature that may arise from or relate to such termination, and (ii) covenants it will not assert any claim or cause of action of any kind or nature against Equifax in connection with such termination.

3. Customer certifies that it is not a reseller of the information, a private detective, bail bondsman, attorney, credit counseling firm, financial counseling firm, credit repair clinic, pawn shop (except companies that do only Title pawn), check cashing company, genealogical or heir research firm, dating service, massage or tattoo service, business that operates out of an apartment, an individual seeking information for his private use, an adult entertainment service of any kind, a company that locates missing children, a company that handles third party repossession, a company seeking information in connection with time shares or subscriptions, a company or individual involved in spiritual counseling or a person or entity that is not an end-user or decision maker, unless approved in writing by Equifax.

4. Customer agrees that Equifax shall have the right to audit records of Customer that are relevant to the provision of services set forth in this agreement. Customer authorizes CRA to provide to Equifax, upon Equifax’s request, all materials and information relating to its investigations of Customer and agrees that it will respond within the requested time frame indicated for information requested by Equifax regarding Equifax information. Customer understands that Equifax may require CRA to suspend or terminate access to Equifax’s information in the event Customer does not cooperate with any such an investigation. Customer shall remain responsible for the payment for any services provided to Customer prior to any such discontinuance.

5. Equifax information will be requested only for Customer’s exclusive use and held in strict confidence except to the extent that disclosure to others is required or permitted by law. Customer agrees that Equifax information will not be forwarded or shared with any third party unless required by law or approved by Equifax. If approved by Equifax and authorized by the consumer, Customer may deliver the consumer credit information to a third party, secondary, or joint user with which Customer has an ongoing business relationship for the permissible use of such information. Customer understands that Equifax may charge a fee for the subsequent delivery to secondary users. Only designated representatives of Customer will request Equifax information on Customer’s employees, and employees will be forbidden to obtain reports on themselves, associates or any other persons except in the exercise of their official duties. Customer will not disclose Equifax information to the subject of the report except as permitted or required by law, but will refer the subject to Equifax. Customer will hold Equifax and all its agents harmless on account of any expense or damage arising or resulting from the publishing or other disclosure of Equifax information by Customer, its employees or agents contrary to the conditions of this paragraph or applicable law.

6. Customer understands that it must meet the following criteria: (a) the Customer company name, including any DBA’s, and the address on the Customer Application (“Application”) and Agreement must match; (b) the telephone listing must be verified in the same company name and address that was provided on the Application and Agreement; (c) a copy of the current lease of the business must be reviewed by CRA to confirm the Customer is at the same address that is shown on the Application and Agreement, and the following pages of the lease must be reviewed for verification: the signature page; the address page; the terms of the lease page; landlord name and landlord contact information; (d) a copy of the principal’s driver’s license is required to verify the principal’s identity; (e) a current business license must be supplied, and reflect the same name and at the same address provided on the Application and Agreement. (Contact CRA for valid substitutions when a license is not required by the state), and (f) an on-site inspection of the office is to be conducted by an Equifax certified company. *Note (c) and (d) are not required if the Customer is publicly traded on a nationally recognized stock exchange.

7. Customer will be charged for Equifax consumer credit information by CRA, which is responsible for paying Equifax for such information; however, should the underlying relationship between CRA and the Customer terminate at any time during this agreement, charges for Equifax consumer credit information will be invoiced to Customer, and Customer will be solely responsible to pay Equifax directly.

8. Customer agrees that it will properly dispose of all consumer information in accordance with the following. As used herein, “consumer information” means any record about an individual, whether in paper, electronic, or other form, that is a consumer report or is derived from a consumer report. Consumer information also means a compilation of such records. Consumer information does not include information that does not identify individuals, such as aggregate information or blind data. “Dispose,” “disposing,” or “disposal” means: (1) the discarding or abandonment of consumer information, or (2) the sale, donation, or transfer of any medium, including computer equipment, upon which consumer information is stored.  A Customer who maintains consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. Reasonable measures include (1) implementing and monitoring compliance with policies and procedures that require the burning, pulverizing, or shredding of papers containing consumer information so that the information cannot practicably be read or reconstructed; (2) implementing and monitoring compliance with policies and procedures that require the destruction or erasure of electronic media containing consumer information so that the information cannot practicably be read or reconstructed; and (3) after due diligence, entering into and monitoring compliance with a contract with another party engaged in the business of record destruction to dispose of material, specifically identified as consumer information, in a manner consistent with the above.

9. Customer agrees to hold harmless Equifax and its directors, officers, employees, agents, successors and assigns, from and against any and all liabilities, claims, losses, demands, actions, causes of action, damages, expenses (including, without limitation, attorney’s fees and costs of litigation), or liability, arising from or in any manner related to any allegation, claim, demand or suit, whether or not meritorious, brought or asserted by any third party arising out of or resulting from any actual or alleged negligence or intentional act of Customer, whether or not any negligence of Equifax is alleged to have been contributory thereto, the failure of Customer to misuse or improper access to Equifax consumer credit information by Customer or the failure of Customer to comply with applicable laws or regulations.  Customer further understands and agrees that the accuracy of any consumer credit information is not guaranteed by Equifax and releases Equifax from liability for any loss, cost, expense or damage, including attorney’s fees, suffered by Customer resulting directly or indirectly from its use of consumer credit information from Equifax.

10. EQUIFAX MAKES NO REPRESENTATIONS, WARRANTIES, OR GUARANTEES, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, RESPECTING ACROPAC OR ANY OTHER MACHINERY, EQUIPMENT, MATERIALS, PROGRAMMING AIDS OR OTHER ITEMS UTILIZED BY CUSTOMER IN CONNECTION WITH OR RELATED TO, OR RESPECTING THE ACCURACY OF, ANY EQUIFAX CREDIT INFORMATION FURNISHED BY EQUIFAX TO ANY CUSTOMER.

11. Fair Credit Reporting Act Certification. Customer certifies that it will order Equifax Information Services that are consumer reports, as defined by the federal Fair Credit Reporting Act, 15 U.S.C. 1681 et seq. ("FCRA"), only when Customer intends to use that consumer report information: (a) in accordance with the FCRA and all state law counterparts; and (b) for one of the following permissible purposes: (i) in connection with a credit transaction involving the consumer on whom the consumer report is to be furnished and involving the extension of credit to, or review or collection of an account of, the consumer; (ii) in connection with the underwriting of insurance involving the consumer; (iii) as a potential investor or services, or current insurer, in connection with a valuation of, or an assessment of the credit or prepayment risks associated with, an existing credit obligation; (iv) when Customer otherwise has a legitimate business need for the information either in connection with a business transaction that is initiated by the consumer, or to review an account to determine whether the consumer continues to meet the terms of the accounts; or (v) for employment purposes; provided, however, that CUSTOMER IS NOT AUTHORIZED TO REQUEST OR RECEIVE CONSUMER REPORTS FOR EMPLOYMENT PURPOSES UNLESS CUSTOMER HAS A SUBSCRIPTION TO THE EQUIFAX PERSONA SERVICE. Customer will use each consumer report ordered under this Agreement for one of the foregoing purposes and for no other purpose.  It is recognized and understood that the FCRA provides that anyone "who knowingly and willfully obtains information on a consumer from a consumer reporting agency (such as Equifax) under false pretenses shall be fined under Title 18, United States Code, imprisoned for not more than two (2) years, or both." Equifax may periodically conduct audits of Customer regarding its compliance with the FCRA and other certifications in this Agreement. Audits will be conducted by mail whenever possible and will require Customers to provide documentation as to permissible use of particular consumer, Limited ID, or Limited DTEC reports. Customer gives its consent to Equifax to conduct such audits and agrees that any failure to cooperate fully and promptly in the conduct of any audit, or Customer's material breach of this Agreement, constitute grounds for immediate suspension of service or, termination of this Agreement notwithstanding Paragraph 6 above. If Equifax terminates this Agreement due to the conditions in the preceding sentence, Customer (i) unconditionally releases and agrees to hold EQUIFAX harmless and indemnify it from and against any and all liabilities of whatever kind or nature that may arise from or relate to such termination, and (ii) covenants it will not assert any claim or cause of action of any kind or nature against Equifax in connection with such termination.  

California Law Certification

  Customer will refer to Appendix A-4 in making the following certification, and Customer agrees to comply with all applicable provisions of the California Credit Reporting Agencies Act.  

Vermont Certification

Customer certifies that it will comply with applicable provisions under Vermont law.  In particular, Customer certifies that it will order information services relating to Vermont residents that are credit reports as defined by the Vermont Fair Credit Reporting Act ("VFCRA"), only after Customer has received prior consumer consent in accordance with VFCRA Section 2480e and applicable Vermont Rules. Customer further certifies that the attached copy of Section 2480e (Exhibit 1-B) of the Vermont Fair Credit Reporting Statute was received from EQUIFAX.  Customer will comply with the applicable provisions of the FCRA, Federal Equal Credit Opportunity Act, Gramm-Leach-Bliley Act and any amendments to them, all state law counterparts of them, and all applicable regulations promulgated under any of them including, without limitation, any provisions requiring adverse action notification to the consumer.

12. This Section 12 applies to any means through which Customer orders or accesses the Information Services including, without limitation, system-to-system, direct access terminal, personal computer or the Internet; provided, however, Customer will not order or access the Information Services via the Internet without first obtaining Equifax's written permission. For the purposes of this Section 9, the term "Authorized User" means a Customer employee that Customer has authorized to order or access the Information Services and who is trained on Customer's obligations under this Agreement with respect to the ordering and use of the Information Services, and the information provided through same, including Customer's FCRA and other obligations with respect to the access and use of consumer reports. Customer will: (a) ensure that only Authorized Users can order or have access to the Information Services and the information provided through same, (b) ensure that Authorized Users do not order credit reports for personal reasons or provide them to any third party, (c) ensure that all devices used by Customer to order or access the Information Services are placed in a secure location and accessible only by Authorized Users and that these devices are secured when not in use through such means as screen locks, shutting power controls off, or other commercially reasonable security procedures, and (d) take all necessary measures to prevent unauthorized ordering or access to the Information Services by any persons other than Authorized Users for permissible purposes. Those measures will include, without limitation, limiting the knowledge of the Customer security codes, telephone access number(s) Equifax provides, and any passwords Customer may use, to Authorized Users and other employees with a need to know, changing Customer's user passwords at least every ninety (90) days, or sooner if it is obtained by any third party or an Authorized User is no longer responsible for accessing the Information Services, or if Customer suspects an unauthorized person has learned the password, and using all security features in the software and hardware Customer uses to order or access the Information  Services. Customer will monitor compliance with the obligations of this Section 12, and will immediately notify Equifax if Customer suspects or knows of any unauthorized access or attempt to access the Information Services. Such monitoring will include, without limitation, a review of each Equifax invoice for the purpose of detecting any unauthorized activity. Customer will not ship hardware or software between Customer's locations or to third parties without deleting all Equifax Customer number(s), security codes, telephone access number(s) and Customer user passwords. If Customer uses a third party vendor to establish access to the Information Services, Customer is responsible for the third party vendor's use of Customer's member numbers, security access codes, or passwords. Customer will ensure the third party vendor safeguards Customer's security access code(s) and passwords through the use of security requirements that are no less stringent than those applicable to Customer under this Section 9. Customer will inform Authorized Users and other employees with a need to know that unauthorized access to consumer reports may subject them to civil and criminal liability under the FCRA punishable by fines and imprisonment. If Equifax reasonably believes that Customer has violated this Section 12, Equifax may, in addition to any other remedy authorized by this Agreement, with reasonable advance written notice to Customer and at Equifax's sole expense, conduct, or have a third party conduct on its behalf, an audit of Customer's network security systems, facilities, practices and procedures to the extent Equifax reasonably deems necessary in order to evaluate Customer's compliance with the data security requirements of this Section 12. 

APPENDIX A-2

Additional Equifax Information Services

This Appendix A-2 supplements the service agreement ("Agreement") under which Customer receives, as part of its service from CRA, consumer credit report information available from Equifax Information Services LLC ("Equifax"). This Appendix contains additional information services available from Equifax, described below, that may be provided to Customer subject to the terms and conditions of the Agreement, and additional terms and conditions that apply to such additional information services. Customer desires to receive the services listed below excepting those where Customer's authorized representative places his or her initials. Customer agrees to abide by the additional terms and conditions that apply to the service(s) so selected.

________BEACON

________Pinnacle K

________SafeScan

________PERSONA

________North American Link

1- BEACONSM - is a consumer report credit scoring service based on a model developed by Fair, Isaac and Equifax that ranks consumers in the Equifax consumer credit database relative to other consumers in the database with respect to the likelihood of those consumers paying their accounts as agreed ("Score").

2. Pinnacle SM- is a credit scoring algorithm developed by Fair, Isaac and Equifax that evaluates the likelihood that consumers will pay their existing and future credit obligations, as agreed, based on the computerized consumer credit information in the Equifax consumer reporting database.

(a) Disclosure of Scores. Customer will hold all information received from Equifax in connection with any Score received from Equifax under this Agreement in strict confidence and will not disclose that information to the consumer or to others except in accord with the following sentence or as required or permitted by law. Customer may provide the principal factors contributing to the Score to the subject of the report when those principal factors are the basis of Customer's adverse action against the subject consumer. Customer must describe the principal factors in a manner which complies with Regulation B of the ECOA.

(b) ECOA Statements. Equifax reasonably believes that, subject to validation by Customer on its own records, (1) the scoring algorithms used in the computation of the Score are empirically derived from consumer credit information from Equifax's consumer credit reporting database, and are demonstrably and statistically sound methods of rank ordering candidate records from the Equifax consumer credit database for the purposes for which the Score was designed particularly, and it is intended to be an "empirically derived, demonstrably and statistically sound credit scoring system" as defined in Regulation B, with the understanding that the term "empirically derived, demonstrably and statistically sound," is defined only in a general manner by Regulation B, and has not been the subject of any significant interpretation; and (2) the scoring algorithms comprising the Score, except as permitted, do not use a "prohibited basis," as such phrase is defined in Regulation B. Customer must validate the Score on its own records. Customer will be responsible for meeting its requirements under the ECOA and Regulation B.

(c) Release. Equifax does not guarantee the predictive value of the Score with respect to any individual, and does not intend to characterize any individual as to credit capability. Neither Equifax nor its directors, officers, employees, agents, subsidiary and affiliated companies, or any third-party contractors, licensors or suppliers of Equifax will be liable to Customer for any damages, losses, costs or expenses incurred by Customer resulting from any failure of a Score to accurately predict the credit worthiness of Customer's applicants or customers. In the event the Score is not correctly applied by Equifax to any credit file, Equifax's sole responsibility will be to reprocess the credit file through the Score at no additional charge.

(d) Audit of Models. Customer may audit a sample of the Scores and principal factors and compare them to the anonymous underlying credit reports in accordance with Equifax's audit procedures. If the Scores and principal reasons are not substantiated by the credit files provided for the audit, Equifax will review programming of the model and make corrections as necessary until the Scores and principal reasons are substantiated by the audit sample credit reports. After that review and approval, Customer will be deemed to have accepted the resulting Score and principal factors delivered. It is Customer's sole responsibility to validate all scoring models on its own records and performance

(e) Confidentiality. Customer will hold all Scores received from Equifax under this Agreement in strict confidence and will not disclose any Score to the consumer or to others except as required or permitted by law. Customer may provide the principal factors contributing to the Score to the subject of the report when those principal factors are the basis of Customer's adverse action against the subject consumer. Customer must describe the principal factors in a manner which complies with Regulation B of the ECOA.  Further, Customer acknowledges that the Score and factors are proprietary and that, except for (a) disclosure to the subject consumer if Customer has taken adverse action against such consumer based in whole or in part on the consumer report with which the Score was delivered or (b) as required by law, Customer will not provide the Score to any other party without Equifax's and Fair, Isaac's prior written consent.

(f) Limited Liability. The combined liability of Equifax and Fair, Isaac arising from any particular Score provided by Equifax and Fair, Isaac shall be limited to the aggregate amount of money received by Equifax from Customer with respect to that particular Score during the preceding twelve (12) months prior to the date of the event that gave rise to the cause of action.

(g) Adverse Action. Customer shall not use a Score as the basis for an "Adverse Action" as defined by the Equal Credit Opportunity Action or Regulation B, unless score factor codes have been delivered to Customer along with the Score.

3. SAFESCAN®

SAFESCAN is an on-line warning system containing information that can be used to detect possible fraudulent applications for credit. Some of the information in the SAFESCAN database is provided by credit grantors. SAFESCAN is a registered trademark of Equifax.  Permitted Use. SAFESCAN is not based on information in Equifax's consumer reporting database and is not intended to be used as a consumer report. Customer will not use a SAFESCAN alert or warning message in its decision-making process for denying credit or any other FCRA permissible purpose, but will use the message as an indication that the consumer's application information should be independently verified prior to a credit or other decision. Customer understands that the information supplied by SAFESCAN may or may not apply to the consumer about whom Customer has inquired.

4. PERSONA® and PERSONA PLUS® - are consumer reports, from the Equifax consumer credit database, consisting of limited identification information, credit file inquiries, public record information, credit account trade lines, and employment information. FCRA Certification. Customer will notify Equifax whenever a consumer report will be used for employment purposes. Customer certifies that, before ordering each consumer report to be used in connection with employment purposes, it will clearly and conspicuously disclose to the subject consumer, in a written document consisting solely of the disclosure, that Customer may obtain a consumer report for employment purposes, and will also obtain the consumer's written authorization to obtain or procure a consumer report relating to that consumer. Customer further certifies that it will not take adverse action against the consumer based in whole or in part upon the consumer report without first providing to the consumer to whom the consumer report relates a copy of the consumer report and a written description of the consumer's rights as prescribed by the Federal Trade Commission ("FTC") under Section 609(c)(3) of the FCRA, and will also not use any information from the consumer report in violation of any applicable federal or state equal employment opportunity law or regulation. Customer acknowledges that it has received from Equifax a copy of the written disclosure form prescribed by the FTC. 

5. North American Link

(a) Desiring to obtain credit reporting services on residents of the United States and Canada through Equifax's North American Link access mechanism, Customer understands that credit reporting services on residents of Canada will be provided from the credit reporting database of Equifax Canada Inc. Customer further understands that Equifax is merely facilitating access and receipt of credit reporting services from Equifax Canada Inc. and that Equifax has not prepared and is not responsible for the credit reporting services received from Equifax Canada Inc.

(b) Further, Customer acknowledges having received and having read the attached Provincial Legislative Overview for International Customers of Equifax's "North American Link" generally describing some additional requirements of various Canadian provinces regarding the request and use of credit reporting information on residents of those provinces. Customer will comply with applicable provincial laws on consumer credit reporting or on protection of personal information (privacy), including obtaining consent if required, in connection with credit reporting services received from Equifax Canada.

APPENDIX A-3 

EQUIFAX REQUIREMENT

VERMONT FAIR CREDIT REPORTING CONTRACT  CERTIFICATION 

The undersigned acknowledges that it subscribes to receive various information serviced from Equifax Credit  Information Services, Inc. ("Equifax") in accordance with the Vermont Fair Credit Reporting Statute, 9 V.S.A. § 2480e (1999), as amended (the "VFCRA") and the Federal Fair Credit Reporting Act, 15, U.S.C. 1681 et. Seq., as amended (the "FCRA") and its other state law counterparts. In connection with Customer's continued use of Equifax information services in relation to Vermont consumers, Customer hereby certifies as follows:

Vermont Certification. Customer certifies that it will comply with applicable provisions under Vermont law. In particular, Customer certifies that it will order information services relating to Vermont residents, that are credit reports as defined by the VFCRA, only after Customer has received prior consumer consent in accordance with VFCRA § 2480e and applicable Vermont Rules.

APPENDIX A-4

State Compliance Matters-California Retail Seller

Section 1785.14(a) of the California ?Civil Code imposes special requirements with respect to transactions in which a "retail seller" (as defined in Section 18-2.3 of the California Civil Code) intends to issue credit to a California resident who appears in person on the basis of an application for credit submitted in person ("point of sale transactions").  Client certifies that these requirements do apply to it because (a) Client is NOT a "retail seller" as defined in Section 1802.3 of the California Civil Code), and/or (b) Client does NOT issue credit to California residents who appear in person on the basis of applications for credit submitted in person.  Client further certifies that it will notify CRA in writing 30 days PRIOR to becoming a retail seller or engaging in point of sale transactions with respect to California residents.

Under the foregoing circumstances, Equifax, before delivering a consumer report to Customer, must match at least three (3) items of a consumer's identification within the file maintained by Equifax with the information provided to Equifax by Customer in connection with the in-person credit transaction. Compliance with this law further includes Customer's inspection of the photo identification of each consumer who applies for in person credit, mailing extensions of credit to consumers responding to a mail solicitation at specified addresses, taking special actions regarding a consumer's presentment of a police report regarding fraud, and acknowledging consumer demands for reinvestigations within certain time frames.  If Customer designated in Section 8 of the Agreement that it is a "retail seller," Customer certifies that it will instruct its employees and agents to inspect a photo identification of the consumer at the time an application is submitted in person. If Customer is not currently, but subsequently becomes a "retail seller," Customer agrees to provide written notice to Equifax prior to ordering credit reports in connection with an in-person credit transaction, and agrees to comply with the requirements of the California law as outlined in this Section, and with the specific certifications set forth herein. Customer certifies that, as a "retail seller," it will either (a) acquire a new Customer number for use in processing consumer report inquiries that result from in-person credit applications covered by California law, with the understanding that all inquiries using this new Customer number will require that Customer supply at least three items of identifying information from the applicant; or (b) contact Customer's Equifax sales representative to ensure that Customer's existing number is properly coded for these transactions.

  Vermont Fair Credit Reporting Statute, 9 V.S.A. § 2480e (1999) § 2480e. Consumer Consent

(a) A person shall not obtain the credit report of a consumer unless:

    (1) the report is obtained in response to the order of a court having jurisdiction to issue such an order; or

    (2) the person has secured the consent of the consumer, and the report is used for the purpose consented to by the consumer.

(b) Credit reporting agencies shall adopt reasonable procedures to assure maximum possible compliance with subsection (a) of this section.

(c) Nothing in this section shall be construed to affect:

   (1) the ability of a person who has secured the consent of the consumer pursuant to subdivision

   (2) of this section to include in his or her request to the consumer permission to also obtain credit reports, in connection with the same transaction or extension of credit, for the purpose of reviewing the account, increasing the credit line on the account, for the purpose of taking collection action on the account, or for other legitimate purposes associated with the account; and (2) the use of credit information for the purpose of prescreening, as defined and permitted from time to time by the Federal Trade Commission. 

VERMONT RULES *** CURRENT THROUGH JUNE 1999 ***

AGENCY 06. OFFICE OF THE ATTORNEY GENERAL

SUB-AGENCY 031. CONSUMER PROTECTION DIVISION

CHAPTER 012. Consumer Fraud-Fair Credit Reporting

RULE CF 112 FAIR CREDIT REPORTING

CVR 06-031-012, CF 112.03 (1999)

CF 112.03 CONSUMER CONSENT

(a) A person required to obtain consumer consent pursuant to 9 V.S.A. §§ 2480e and

2480g shall obtain said consent in writing if the consumer has made a written application or written request for credit, insurance, employment, housing or governmental benefit. If the consumer has applied for or requested credit, insurance, employment, housing or governmental benefit in a manner other than in writing, then the person required to obtain consumer consent pursuant to 9 V.S.A. §§ 2480e and 2480g shall obtain said consent in writing or in the same manner in which the consumer made the application or request. The terms of this rule apply whether the consumer or the person required to obtain consumer consent initiates the transaction.

(b) Consumer consent required pursuant to 9 V.S.A. §§ 2480e and 2480g shall be deemed to have been obtained in writing if, after a clear and adequate written disclosure of the circumstances under which a credit report or credit reports may be obtained and the purposes for which the credit report or credit reports may be obtained, the consumer indicates his or her consent by providing his or her signature.

(c) The fact that a clear and adequate written consent form is signed by the consumer after the consumer's credit report has been obtained pursuant to some other form of consent shall not affect the validity of the earlier consent. 

APPENDIX B

  Experian Requirements 

  Customer, in order to receive consumer credit information from Experian Information Solutions, Inc, agrees to comply with the following conditions required by Experian, which may be in addition to those outlined in the Customer Service Agreement (“Agreement”), of which these conditions are made a part.  Customer understands and agrees that Experian’s delivery of information to Customer via CRA is specifically conditioned upon Customer’s agreement with the provisions set forth in this Agreement.  Customer understands and agrees that these requirements pertain to all of its employees, managers and owners and that all persons having access to Experian credit information, whether existing or future employees, will be trained to understand and comply with these obligations.  

1.    Customer hereby agrees to comply with all current and future policies and procedures instituted by CRA and required by Experian.  CRA will give Customer as much notice as possible prior to the effective date of any such new policies required in the future, but does not guarantee that reasonable notice will be possible.  Customer may terminate this agreement at any time after notification of a change in policy in the event Customer deems such compliance as not within its best interest.

  2.    Customer agrees that Experian shall have the right to audit records of Customer that are relevant to the provision of services set forth in this Agreement and to verify, through audit or otherwise, that Customer is in compliance with applicable law and the provisions of this Agreement and is fact the end user of the credit information with no intention to resell or otherwise provide or transfer the credit information in whole or in part to any other person or entity.  Customer authorizes CRA to provide to Experian, upon Experian’s request, all materials and information relating to its investigations of Customer. Customer further agrees that it will respond within the requested time frame indicated for information requested by Experian regarding Experian consumer credit information.  Customer understands that Experian may require CRA to suspend or terminate access to Experian information in the event Customer does not cooperate with any such an investigation or in the event Customer is not in compliance with applicable law or this Agreement.  Customer shall remain responsible for the payment for any services provided to Customer by CDS prior to any such discontinuance.

  3.    Customer certifies that it is not a reseller of the information, a private detective agency, bail bondsman, attorney, credit counseling firm, financial counseling firm, credit repair clinic, pawn shop (except companies that do only Title pawn), check cashing company, genealogical or heir research firm, dating service, massage or tattoo service, asset location service, a company engaged in selling future services (health clubs, etc.), news agency, business that operates out of an apartment or a residence, an individual seeking information for his private use, an adult entertainment service of any kind, a company that locates missing children, a company that handles third party repossession, a company seeking information in connection with time shares or subscriptions, a company or individual involved in spiritual counseling or a person or entity that is not an end-user or decision-maker, unless approved in writing by Experian.

4.    Customer agrees that it will maintain proper access security procedures consistent with industry standards and that if a data breach occurs or is suspected to have occurred in which Experian information is compromised or is potentially compromised, Customer will take the following action:

                a. Customer will notify CRA within 24 hours of a discovery of a breach of the security of consumer reporting data if the personal information of consumers was, or is reasonably believed to have been, acquired by an unauthorized person.  Further, Customer will actively cooperate with and participate in any investigation conducted by CRA or Experian that results from Customer’s breach of Experian consumer credit information. 

                b. In the event that Experian determines that the breach was within the control of Customer, Customer will provide notification to affected consumers that their personally sensitive information has been or may have been compromised.  Experian will have control over the nature and timing of the consumer correspondence related to the breach when Experian information is involved. 

                c. In such event, Customer will provide to each affected or potentially affected consumer, credit history monitoring services for a minimum of one (1) year, in which the consumer’s credit history is monitored and the consumer receives daily notification of changes that may indicate fraud or ID theft, from at least one (1) national consumer credit reporting bureau.

                d. Customer understands and agrees that if the root cause of the breach is determined by Experian to be under the control of the Customer (i.e., employee fraud, misconduct or abuse; access by an unqualified or improperly qualified user; improperly secured website, etc.), Customer may be assessed an expense recovery fee.

5.    Customer understands that if a change of control or ownership should occur, the new owner of the Customer business must be re-credentialed as a permissible and authorized Customer of Experian products and services.  A third party physical inspection at the new address will be required if Customer changes location.

6.     If Customer is an authorized residential customer the following additional requirements and documentation must be supplied:  (a) Experian must be notified for tracking and monitoring purposes; (b) Customer must maintain a separate business phone line listed in the name of the business; (c) a separate subscriber code for Customer must be maintained for compliance monitoring; and (d) an annual physical inspection of the office is required by  Experian, for which a reasonable fee may be required.

7.    Customer agrees to hold harmless Experian and its agents from and against any and all liabilities, damages, losses, claims, costs and expenses, including reasonable attorney’s fees, which may be asserted against or incurred by Experian, arising out of or resulting from the use, disclosure, sale or transfer of the consumer credit information by Customer, or Customer’s breach of this Agreement.  Customer further understands and agrees that the accuracy of any consumer credit information is not guaranteed by Experian and releases Experian and its agents from liability for any loss, cost, expense or damage, including attorney’s fees, suffered by Customer resulting directly or indirectly from its use of consumer credit information from Experian.

8.    Experian will not, for the fee charged for credit information, be an insurer or guarantor of the accuracy or reliability of the information.   EXPERIAN DOES NOT GUARANTEE OR WARRANT THE ACCURACY, TIMELINESS, COMPLETENESS, CURRENTNESS, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OF THE INFORMATION AND SHALL NOT BE LIABLE TO CUSTOMER FOR ANY LOSS OR INJURY ARISING OUT OF OR CAUSED IN WHOLE OR IN PART BY EXPERIAN’S ACTS OR OMISSIONS, WHETHER NEGLIGENT OR OTHERWISE, IN PROCURING, COMPILING, COLLECTING, INTERPRETING, REPORTING, COMMUNICATING OR DELIVERING THE INFORMATION.

1.       General Provisions

A.      Subject of Agreement.  The subject of this Agreement is End User’s purchase of Scores produced from the Experian/Fair, Isaac Model from CBS.  

B.      Application.  This Agreement applies to all uses of the Experian/Fair, Isaac Model by End User during the term of this agreement.  

C.   Term.  This Agreement shall continue in force without any fixed date of termination, subject to cancellation by either party upon thirty (30) days prior written notice mailed or delivered to the office of the other party; further subject to the right of CRA at any time and without prior notice, to terminate this agreement in event of any federal or state law or decision which affects the economic operation of CRA or any violation by Customer of any provision of this Agreement or the FCRA, and further subject to the right of Customer at any time and without prior written notice, to terminate this agreement in event of increase in charges to the Customer, as provided herein.

2.       Experian/Fair, Isaac Scores  

A.      Generally.  Upon request by End User during the Term, CBS will provide End User with the Scores.  

B.    Time of Performance.  CBS/Fair, Isaaac will use reasonable efforts to provide the Fair Isaac Model as expeditiously as possible and in a timely manner; provided, however, CBS/Fair,Isaac will have no liability to End User hereunder for delays in providing such CBS/Fair,Isaac Model.

C.      Warranty.  CBS warrants that the Scores are empirically derived and statistically sound predictors of consumer credit risk on the data from which they were developed when applied to the population for which they were developed.  CBS further warrants that so long as it provides the Scores, the Scores will not contain or use any prohibited basis as defined by the federal Equal Credit Opportunity Act, 15 USC Section 1691 et seq. or Regulation B promulgated thereunder. THE FOREGOING WARRANTIES ARE THE ONLY WARRANTIES CBS HAS GIVEN END USER WITH RESPECT TO THE SCORES, AND SUCH WARRANTIES ARE IN LIEU OF ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, CBS MIGHT HAVE GIVEN END USER WITH RESPECT THERETO, INCLUDING, FOR EXAMPLE, WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  End User’s rights under the foregoing warranties are expressly conditioned upon End User’s periodic revalidation of the Experian/Fair, Isaac Model in compliance with the requirements of Regulation B as it may be amended from time to time (12 CFR Section 202 et seq.).  

D.   Release.  End User hereby releases and holds harmless CBS, Fair Isaac and/or Experian and their respective officers, directors, employees, agents, sister or affiliated companies, and any third-party contractors or suppliers of CBS, Fair, Isaac or Experian from liability for any damages, losses, costs or expenses, whether direct or indirect, suffered or incurred by End User resulting from any failure of the Scores to accurately predict that a United States consumer will repay their existing or future credit obligations satisfactorily.  

3.       Fees.  As per the pricing currently in effect.  

4.       Intellectual Property

IN WITNESS WHEREOF, by clicking on the submit button, End User and CBS have signed and delivered this Agreement.

APPENDIX C-1

Trans Union Requirements 

                Customer, in order to receive consumer credit information from Trans Union, LLC, through CRA, agrees to comply with the following conditions required by Trans Union, which may be in addition to those outlined in the Customer Service Agreement (“Agreement”).  Customer understands and agrees that Trans Union’s delivery of information to Customer via CRA is specifically conditioned upon Customer’s agreement with the provisions set forth in this Agreement.  Customer understands and agrees that these requirements pertain to all of its employees, managers and owners and that all persons having access to Trans Union consumer credit information, whether existing or future employees, will be trained to understand and comply with these obligations.

1.    Customer certifies that Customer shall use the consumer reports: (a) solely for the Subscriber’s certified use(s); and (b) solely for Customer’s exclusive one-time use. Customer shall not request, obtain or use consumer reports for any other purpose including, but not limited to, for the purpose of selling, leasing, renting or otherwise providing information obtained under this Agreement to any other party, whether alone, in conjunction with Customer’s own data, or otherwise in any service which is derived from the consumer reports. The consumer reports shall be requested by, and disclosed by Customer only to Customer’s designated and authorized employees having a need to know and only to the extent necessary to enable Customer to use the Consumer Reports in accordance with this Agreement. Customer shall ensure that such designated and authorized employees shall not attempt to obtain any Consumer Reports on themselves, associates, or any other person except in the exercise of their official duties.

2.    Customer will maintain copies of all written authorizations for a minimum of five (5) years from the date of inquiry.

3.     Customer shall use each Consumer Report only for a one-time use and shall hold the report in strict confidence, and not disclose it to any third parties; provided, however, that Customer may, but is not required to, disclose the report to the subject of the report only in connection with an adverse action based on the report. Moreover, unless otherwise explicitly authorized in an agreement between Reseller and its Customer for scores obtained from Trans Union, or as explicitly otherwise authorized in advance and in writing by Trans Union through Reseller, Customer shall not disclose to consumers or any third party, any or all such scores provided under such agreement, unless clearly required by law.

4.    With just cause, such as violation of the terms of the Customer’s contract or a legal requirement, or a material change in existing legal requirements that adversely affects the Customer’s agreement, Reseller may, upon its election, discontinue serving the Customer and cancel the agreement immediately.

5.    Customer will request Scores only for Customer’s exclusive use. Customer may store Scores solely for Customer's own use in furtherance of Customer's original purpose for obtaining the Scores. Customer shall not use the Scores for model development or model calibration and shall not reverse engineer the Score. All Scores provided hereunder will be held in strict confidence and may never be sold, licensed, copied, reused, disclosed, reproduced, revealed or made accessible, in whole or in part, to any Person except (i) to those employees of Customer with a need to know and in the course of their employment; (ii) to those third party processing agents of Customer who have executed an agreement that limits the use of the Scores by the third party to the use permitted to Customer and contains the prohibitions set forth herein regarding model development, model calibration and reverse engineering; (iii) when accompanied by the corresponding reason codes, to the consumer who is the subject of the Score; or (iv) as required by law. 

6.    Customer hereby agrees to comply with all current and future policies and procedures instituted by CRA and required by Trans Union.  CRA will give Customer as much notice as possible prior to the effective date of any such new policies required in the future, but does not guarantee that reasonable notice will be possible.  Customer may terminate this agreement at any time after notification of a change in policy in the event Customer deems such compliance as not within its best interest.

7.             Customer certifies that it is not a reseller of the information, a private detective, bail bondsman, attorney, credit counseling firm, financial counseling firm, credit repair clinic, pawn shop (except companies that do only Title pawn), check cashing company, genealogical or heir research firm, dating service, massage or tattoo service, business that operates out of an apartment, an individual seeking information for his private use, an adult entertainment service of any kind, a company that locates missing children, a company that handles third party repossession, a company seeking information in connection with time shares or subscriptions, a company or individual involved in spiritual counseling or a person or entity that is not an end-user or decision-maker, unless approved in writing by Trans Union.

  8.                Customer agrees that Trans Union shall have the right to audit records of Customer that are relevant to the provision of services set forth in this agreement.  Customer authorizes CRA to provide to Trans Union, upon Trans Union’s request, all materials and information relating to its investigations of Customer and agrees that it will respond within the requested time frame indicated for information requested by Trans Union regarding Trans Union information.  Customer understands that Trans Union may require CRA to suspend or terminate access to Trans Union’s information in the event Customer does not cooperate with any such an investigation.  Customer shall remain responsible for the payment for any services provided to Customer prior to any such discontinuance.

  9.                Customer agrees that Trans Union information will not be forwarded or shared with any third party unless required by law or approved by Trans Union.  If approved by Trans Union and authorized by the consumer, Customer may deliver the consumer credit information to a third party, secondary, or joint user with which Customer has an ongoing business relationship for the permissible use of such information.  Customer understands that Trans Union may charge a fee for the subsequent delivery to secondary users.

  10.           Trans Union shall use reasonable commercial efforts to obtain, assemble and maintain credit information on individuals as furnished by its subscribers or obtained from other available sources.  THE WARRANTY SET FORTH IN THE PREVIOUS SENTENCE IS THE SOLE WARRANTY MADE BY TRANS UNION CONCERNING THE CONSUMER REPORTS, INCLUDING, BUT NOT LIMITED TO THE TU SCORES.  TRANS UNION MAKES NO OTHER REPRESENTATIONS OR WARRANTIES INCLUDING, BUT NOT LIMITED TO, ANY REPRESENTATIONS OR WARRANTIES REGARDING THE ACCURACY, COMPLETENESS, OR BOTH, OF ANY AND ALL OF THE AFOREMENTIONED PRODUCTS AND SERVICES THAT MAY BE PROVIDED TO CRA.  THE WARRANTY SET FORTH IN THE FIRST SENTENCE OF THIS PARAGRAPH IS IN LIEU OF ALL OTHER WARRANTIES, WHETHER WRITTEN OR ORAL, EXPRESS OR IMPLIED (INCLUDING, BUT NOT LIMITED TO, WARRANTIES THAT MIGHT BE IMPLIED FROM A COURSE OF PERFORMANCE OR DEALING OR TRADE USAGE).  THERE ARE NO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.  

APPENDIX C-2

TRANS UNION REQUIREMENTS

REGARDING CREDIT SCORING SERVICES

CLASSIC CREDIT RISK SCORE SERVICES

(Required Terms for Agreement to Subscriber Agreement for Consumer Reports between Reseller and its Customer)

1.                     Based on an agreement with Trans Union LLC (“Trans Union”) and Fair Isaac Corporation (“Fair Isaac”) (“Reseller Agreement”), CRA has access to a unique and proprietary statistical credit scoring service jointly offered by Trans Union and Fair Isaac which evaluates certain information in the credit reports of
individual consumers from Trans Union's data base ("Classic") and provides a score which rank orders consumers with respect to the relative likelihood that United States consumers will repay their existing or future credit obligations satisfactorily over the twenty four (24) month period following scoring (the "Classic Score").

2.                      Customer, from time to time, may desire to obtain Classic Scores from Trans Union via an on-line mode in connection with consumer credit reports.

3.                      Customer has previously represented and now, again represents that it is a  mortgage/lender broker and has a permissible purpose for obtaining consumer reports, as defined by Section 604 of the Federal Fair Credit Reporting Act (15 USC 1681b) including, without limitation, all amendments thereto ("FCRA").

4.                      Customer certifies that it will request Classic Scores pursuant to procedures prescribed by CRA from time to time only for the permissible purpose certified above, and will use the Classic Scores obtained for no other purpose.

5.                     Customer will maintain copies of all written authorizations for a minimum of three (3) years from the date of  inquiry.

6.                     Customer agrees that it shall use each Classic Score only for a one-time use and only in accordance with its permissible purpose under the FCRA.

7.                     With just cause, such as delinquency or violation of the terms of this contract or a legal requirement, CRA may, upon its election, discontinue serving the Customer and cancel this Agreement, in whole or in part (e.g., the services provided under this Agreement only) immediately.

8.                      Customer recognizes that factors other than the Classic Score may be considered in making a credit decision. Such other factors include, but are not limited to, the credit report, the individual account history, and economic factors.

9.                    Trans Union and Fair Isaac shall be deemed third party beneficiaries under this Agreement.

10.         Up to five score reason codes, or if applicable, exclusion reasons, are provided to Customer with Classic Scores. These score reason codes are designed to indicate the reasons why the individual did not have a higher Classic Score, and may be disclosed to consumers as the reasons for taking adverse action, as required by the Equal Credit Opportunity Act ("ECOA") and its implementing Regulation ("Reg. B"). However, the Classic Score itself is proprietary to Fair Isaac, may not be used as the reason for adverse action under Reg. B and, accordingly, shall not be disclosed to credit applicants or any other third party, except: (1) to credit applicants in connection with approval/disapproval decisions in the context of bona fide credit extension transactions when accompanied with its corresponding score reason codes; or (2) as clearly required by law. Customer will not publicly disseminate any results of the validations or other reports derived from the Classic Scores without Fair Isaac and Trans Union's prior written consent

11.        In the event Customer intends to provide Classic Scores to any agent, Customer may do so provided, however, that Customer first enters into a written agreement with such agent that is consistent with Customer's obligations under this Agreement. Moreover, such agreement between Customer and such agent shall contain the following obligations and acknowledgments of the agent: (1) Such agent shall utilize the Classic Scores for the sole benefit of Customer and shall not utilize the Classic Scores for any other purpose including for such agent's own purposes or benefit; (2) That the Classic Score is proprietary to Fair Isaac and, accordingly, shall not be disclosed to the credit applicant or any third party without Trans Union and Fair Isaac's prior written consent except (a) to credit applicants in connection with approval/disapproval decisions in the context of bona fide credit extension transactions when accompanied with its corresponding score reason codes; or (b) as clearly required by law; (3) Such Agent shall not use the Classic Scores for model development, model validation, model benchmarking, reverse engineering, or model calibration; (4) Such agent shall not resell the Classic Scores; and (5) Such agent shall not use the Classic Scores to create or maintain a database for itself or otherwise.  

12.     Customer acknowledges that the Classic Scores provided under this Agreement which utilize an individual's consumer credit information will result in an inquiry being added to the consumer's credit file.

 13.     Customer shall be responsible for compliance with all applicable federal or state legislation, regulations and judicial actions, as now or as may become effective including, but not limited to, the FCRA, the ECOA, and Reg. B, to which it is subject.

14.    The information including, without limitation, the consumer credit data, used in providing Classic Scores under this Agreement were obtained from sources considered to be reliable. However, due to the possibilities of errors inherent in the procurement and compilation of data involving a large number of individuals, neither the accuracy nor completeness of such information is guaranteed. Moreover, in no event shall Trans Union, Fair Isaac, nor their officers, employees, affiliated companies or bureaus, independent contractors or agents be liable to Customer for any claim, injury or damage suffered directly or indirectly by Customer as a result of the inaccuracy or incompleteness of such information used in providing Classic Scores under this Agreement and/or as a result of Customer's use of Classic Scores and/or any other information or serviced provided under this Agreement.

15.1    Fair Isaac, the developer of Classic, warrants that the scoring algorithms as delivered to Trans Union and used in the computation of the Classic Score ("Models") are empirically derived from Trans Union's credit data and are a demonstrably and statistically sound method of rank-ordering candidate records with respect to the relative likelihood that United States consumers will repay their existing or future credit obligations satisfactorily over the twenty four (24) month period following scoring when applied to the population for which they were developed, and that no scoring algorithm used by Classic uses a "prohibited basis" as that term is defined in the Equal Credit Opportunity Act (ECOA) and Regulation B promulgated thereunder. Classic provides a statistical evaluation of certain information in Trans Union's files on a particular individual, and the Classic Score indicates the relative likelihood that the consumer will repay their existing or future credit obligations satisfactorily over the twenty four (24) month period following scoring relative to other individuals in Trans Union's database. The score may appear on a credit report for convenience only, but is not a part of the credit report nor does it add to the information in the report on which it is based.

15.2    THE WARRANTIES SET FORTH IN SECTION 15.1 ARE THE SOLE WARRANTIES MADE UNDER THIS AGREEMENT CONCERNING THE CLASSIC SCORES AND ANY OTHER DOCUMENTATION OR OTHER DELIVERABLES AND SERVICES PROVIDED UNDER THIS AGREEMENT; AND NEITHER FAIR ISAAC NOR TRANS UNION MAKE ANY OTHER REPRESENTATIONS OR WARRANTIES CONCERNING THE PRODUCTS AND SERVICES TO BE PROVIDED UNDER THIS AGREEMENT OTHER THAN AS SET FORTH IN THIS AGREEMENT. THE WARRANTIES AND REMEDIES SET FORTH IN SECTION 15.1 ARE IN LIEU OF ALL OTHERS, WHETHER WRITTEN OR ORAL, EXPRESS OR IMPLIED (INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT MIGHT BE IMPLIED FROM A COURSE OF PERFORMANCE OR DEALING OR TRADE USAGE). THERE ARE NO IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

16.     IN NO EVENT SHALL ANY PARTY BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL, INDIRECT, SPECIAL, OR PUNITIVE DAMAGES INCURRED BY THE OTHER PARTIES AND ARISING OUT OF THE PERFORMANCE OF THIS AGREEMENT, INCLUDING BUT NOT LIMITED TO LOSS OF GOOD WILL AND LOST PROFITS OR REVENUE, WHETHER OR NOT SUCH LOSS OR DAMAGE IS BASED IN CONTRACT, WARRANTY, TORT, NEGLIGENCE, STRICT LIABILITY, INDEMNITY, OR OTHERWISE, EVEN IF A PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THESE LIMITATIONS SHALL APPLY NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY LIMITED REMEDY.

17.     THE FOREGOING NOTWITHSTANDING, WITH RESPECT TO CUSTOMER, IN NO EVENT SHALL THE AFORESTATED LIMITATIONS OF LIABILITY, SET FORTH ABOVE IN SECTION 16, APPLY TO DAMAGES INCURRED BY TRANS UNION AND/OR FAIR ISAAC AS A RESULT OF: (A) GOVERNMENTAL, REGULATORY OR JUDICIAL ACTION(S) PERTAINING TO VIOLATIONS OF THE FCRA AND/OR OTHER LAWS, REGULATIONS AND/OR JUDICIAL ACTIONS TO THE EXTENT SUCH DAMAGES RESULT FROM CUSTOMER'S BREACH, DIRECTLY OR THROUGH CUSTOMER'S AGENT(S), OF ITS OBLIGATIONS UNDER THIS AGREEMENT.

18.       ADDITIONALLY, NEITHER TRANS UNION NOR FAIR ISAAC SHALL BE LIABLE FOR ANY AND ALL CLAIMS ARISING OUT OF OR IN CONNECTION WITH THIS AGREEMENT BROUGHT MORE THAN ONE (1) YEAR AFTER THE CAUSE OF ACTION HAS ACCRUED. IN NO EVENT SHALL TRANS UNION'S AND FAIR ISAAC'S AGGREGATE TOTAL LIABILITY, IF ANY, UNDER THIS AGREEMENT, EXCEED THE AGGREGATE AMOUNT PAID, UNDER THIS AGREEMENT, BY CUSTOMER DURING THE TWELVE (12) MONTH PERIOD IMMEDIATELY PRECEDING ANY SUCH CLAIM, OR TEN THOUSAND DOLLARS ($10,000.00), WHICHEVER AMOUNT IS LESS.

  19.        This Agreement may be terminated automatically and without notice: (1) in the event of a breach of the provisions of this Agreement by Customer; (2) in the event the agreement(s) related to Classic between Trans Union, Fair Isaac and CRA are terminated or expire; (3) in the event the requirements of any law, regulation or judicial action are not met, (4) as a result of changes in laws, regulations or regulatory or judicial action, that the requirements of any law, regulation or judicial action will not be met; and/or (5) the use of the Classic Service is the subject of litigation or threatened litigation.

            Each party to this Agreement is an independent contractor, and nothing contained in this Agreement may be construed as creating a joint venture, partnership, licensor-licensee, principal-agent or mutual agency relationship between or among the parties. No party, by virtue of this Agreement, has any right or power to create any obligation, express or implied, on behalf of any other party. No party, or employee of any party, will be deemed to be an employee of another party by virtue of this Agreement. 

                Customer and CRA acknowledge and intend that this Agreement was entered into for the respective benefit of each of them and their respective successors and assigns, and, in consideration of their reporting information to CRA, the third party benefit to Trans Union LLC, Equifax Information Services LLC and Experian Information Solutions Inc.  Nothing in this Agreement will be construed as giving any other person, firm, corporation or other entity, other than the parties to this Agreement and their respective successors and permitted assigns and Trans Union LLC, Equifax Information Services LLC and Experian Information Solutions Inc., any right, remedy or claim under or in respect of this Agreement or any of its provisions. 

            Due to the special and unique purposes of this Agreement, neither this Agreement nor any rights or obligations in it are assignable by Customer without the prior written consent of CRA. Consent will not be unreasonably withheld. Any dissolution, merger, consolidation or other reorganization of Customer, the sale or other transfer of all or substantially all of the assets or properties of Customer, or the sale or other transfer of a controlling percentage of the corporate stock of Customer, constitutes an assignment of this Agreement for all purposes of this paragraph. The term "controlling percentage," for the purpose of this paragraph, means the ownership of stock possessing, and of the right to exercise, at least fifty percent (50%) of the total combined voting power of any class or all classes of stock of such a party, issued, outstanding and entitled to vote for the election of directors, whether that ownership is direct or indirect. 

            Notwithstanding any provision to the contrary, no party to this Agreement will be liable to the other party for any delay or interruption in performance of any obligation resulting from governmental emergency orders, judicial or governmental action, emergency regulations, sabotage, riots, vandalism, labor strikes, or disputes, acts of God, fires, electrical failure, major computer hardware or software failures, equipment delivery delays, acts of third parties, or any other cause, if the delay or interruption in performance is beyond its reasonable control. 

            In the event any provision of this Agreement is held invalid or unenforceable by any court of competent jurisdiction, that holding will not invalidate or render unenforceable any other provision of this Agreement. 

            Failure of any party to enforce any of its respective rights or remedies hereunder with respect to any specific act or failure to act of any party will not constitute a waiver of the rights of that party to enforce those rights and remedies with respect to any other or subsequent act or failure to act.

Customer agrees  to pay in full according to CRA's fee schedule as in effect from time to time.  Fees may be changed, effective upon written notice.  An account is delinquent if the Customer has not paid CRA's invoice to Customer in full within 20 days after the date of the invoice.  CRA will impose a late charge of 1.5 percent per month on any delinquent account until paid in full and/or suspend providing information services herein until all delinquent amounts owed have been paid in full.  Customer agrees to pay all attorney fees and collection costs incurred by CRA in collecting any delinquent account, whether or not litigation is instituted.  In the event of any litigation or other action involving this Agreement, the prevailing party shall be entitled to reasonable attorney fees and court costs including at trial, on any appeal, and/or bankruptcy or similar proceeding, in addition to any other recovery to which it is entitled.

This Agreement, including the Appendices and Exhibits hereto, which are expressly incorporated into it, is hereby made a part of the original agreement executed by the parties and prior agreement(s) between the parties relating to the subject matter. No changes in this Agreement may be made except in writing signed by both parties.                       

15 U.S.C. '1681 et seq. PROVIDES THAT ANY PERSON WHO KNOWINGLY AND WILLFULLY OBTAINS INFORMATION ON A CONSUMER FROM A CONSUMER REPORTING AGENCY UNDER FALSE PRETENSES SHALL BE FINED UNDER TITLE 18, UNITED STATES CODE, IMPRISONED NOT MORE THAN TWO YEARS, OR BOTH.   

This Agreement shall be governed by and construed under the laws of the State of Florida. 

The person signing/submitting on behalf of Customer certifies that he/she has direct knowledge of the facts and conditions of this Agreement.  Further, by choosing to electronically submit this document to CRA, I consent to the use of this electronic method of contract acceptance under the U. S. Electronic Signatures in Global and National Commerce Act (E-Sign).

To apply by mail, click on the printer icon or click on File, Click on Print.  Fill out the form and mail  to:  Credit Bureau Services, Inc.  3503 N. Dixie Hwy, Oakland Park, FL  33334 OR FAX to:  954-567-1441.   Telephone: 954-561-1400. Email: form@credit1400.com

Back to Home Page