Common use of Credit Bureau Identity and Fraud Services Clause in Contracts

Credit Bureau Identity and Fraud Services. Client certifies that it will use Credit Bureau identity and fraud services (“IFS Services”) exclusively within Clients own organization for the purpose of verifying the identity of individual persons (ID Subjects) who initiates a business transaction with the Client and not for any other purpose; and that it will use and ensure that its employees access to the IFS Services is in accordance with the terms of the Client Agreement. Client acknowledges and agrees that the IFS Services do not guarantee the identity of the ID Subject, but merely provide a risk assessment regarding the ID Subject’s identity that is derived, in part, from information provided by the ID Subject or otherwise collected from an ID Subjects use of the IFS Services and relayed by Client to Credit Bureau (“ID Subject Content”); and that in connection with certain IFS Services; (i) Client will establish a risk decision threshold above which the ID Subject is verified or authenticated, depending on the applicable Service, and below which the ID Subject is not verified or authenticated (“Risk Decision Threshold”) and Credit Bureau may act as a consultant to review Client’s risk strategies, but Client, in its sole discretion, will set its Risk Decision Threshold(s); and (ii) that depending upon Client’s Risk Decision Threshold an ID Subject may be able to successfully pass verification and authentication even though the individual submitting the ID Subject Content is not the actual individual to whom the ID Subject Content pertains. Client shall not maintain, copy, capture, reproduce, re-use or otherwise retain in any manner the interactive questions or multiple choice answers provided as part of the IFS Services (“Queries”), the ID Subject responses to the Queries (“Answers”) or the scores, flags and reason codes generated or other information relating to such Queries and Answers provided by the IFS Services (Scores); provided, however, that Client may capture and retain the unique transaction number generated by the IFS Services with each transaction (each a “Transaction ID” solely for the purpose of (i) audit trail; (ii) calculation of the amount of usage of IFS Services; and (iii) billing. Without limiting the generality of the foregoing, Client shall not retain or make copies of, and must purge from its system, the Queries and Answers prior to Client’s receipt of any Score relating to such Queries and Answers; and in the event Client receives the IFS Services at its call center (or call center maintained by a Service Provider), Client shall ensure that the call center operators are unable to retrieve the Queries and Answers after the delivery of tie Score by, for example, disabling the use the back button key after the delivery of the Score- In the event that the IFS Services do not provide a response, tie Queries must be purged as expeditiously as possible but in no event longer than thirty (30) minutes after receipt of such Queries. Client has the right to transmit and authorize the use of ID Subject Content and hereby authorizes the use of ID Subject Content as required to perform the IFS Services; analyze, enhance or improve the performance of the IFS Services; and disclose ID Subject Content as required by law or the operation of the IFS Services. Client will timely, reliably and accurately relay the Queries, Answers and other ‘D Subject Content to and from the IFS Services and the applicable ID Subject. When providing ID Subjects with access to the IFS Services via the Internet, Client will adopt, publish, maintain and adhere to a privacy policy and upon request, provide a copy of Clients privacy policy. Client’s privacy policies clearly disclose to ID Subject that the ID Subject Content may be shared with third party service providers for the purpose of completing the relevant transaction. Client acknowledges and agrees that prior to receiving the IFS Services, Client may need to complete an approval process for receipt of the IFS Services by the applicable wireless carriers. Such process shall include, without limitation, review of the proposed consumer consent language or any other consumer terms and conditions, review of any process flows, a description of Client’s intended use, and a copy or summary of Client’s applicable privacy policy. The IFS Service will be provided only with respect to those wireless carriers that have authorized the use of such data in connection with the provision of IFS Services, and then only to the extent and for the period that such data is available or provided by such wireless carriers. Client will establish and maintain a manual verification process in the event that Client determines that an ID Subject does not pass the Risk Decision Threshold or Client receives a nag from tie IFS Services indicating a possible match from a fraud database. Client will not (i) use or access the IFS Services outside the territorial boundaries of the United States, Canada, and the United States territories of Puerto Rico, Guam, and the Virgin Islands (collectively, the “Permitted Territory”); regardless of whether such use or access is by off-shore Authorized Agents or authorized Service Providers or an off- shore department or division of Client, or (it) export or permit the export of the IFS Services outside of the Permitted Territory. Client will not share or permit the use of the IFS Services, in whole or in part, with any third party. Credit Bureau may review Client’s practices and procedures including, without limitation, any relevant documentation, to determine Clients compliance with this Integrator Schedule- Client shall promptly provide Credit Bureau with copies of all requested documents and records- If Credit Bureau reasonably believes a compliance issue exists, Credit Bureau or its designated representative may enter Client’s facilities, upon at least five (5) business days prior written notice and at a mutually agreed upon time„ to an on-site assessment of Clients practices and procedures relating to Client’s request for, and use of, the IFS Services and Client’s security practices with respect thereto. Client shall employ decision-making processes appropriate to the nature of the transaction and in accordance with industry standards, and Client will use the IFS Services only for the purposes set forth in this Integrator Schedule. Client is solely responsible for all results of its use of the IFS Services. TO THE MAXIMUM EXTENT ALLOWABLE BY LAW, ALL IFS SERVICES ARE PROVIDED BY Credit Bureau ON AN “AS-IS,” AS-AVAILABLE BASIS, AND Credit Bureau (AND ITS DATA PROVIDERS AND SUPPLIERS HEREBY DISCLAIM ANY AND ALL PROMISES, REPRESENTATIONS, GUARANTEES, AND WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITH RESPECT TO THE ACCURACY, COMPLETENESS, CURRENTNESS, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE, OF THE IFS SERVICES. IN NO EVENT WILL Credit Bureau OR ITS DATA PROVIDERS AND SUPPLIERS BE LIABLE TO CLIENT FOR ANY LOSS OR INJURY RELATING TO, ARISING OUT OF, OR CAUSED IN WHOLE OR IN PART BY, ITS ACTS OR OMISSIONS, EVEN IF NEGLIGENT, RELATING TO THE IFS SERVICES. If Client receives the one-time passcode (“OTP”), Client must comply with the following acceptable use policy (“AUP”):

Credit Bureau Identity and Fraud Services. Client certifies that it will use Credit Bureau identity and fraud services (“IFS Services”) exclusively within Clients own organization for the purpose of verifying the identity of individual persons (ID Subjects) who initiates a business transaction with the Client and not for any other purpose; and that it will use and ensure that its employees access to the IFS Services is in accordance with the terms of the Client Agreement. Client acknowledges and agrees that the IFS Services do not guarantee the identity of the ID Subject, but merely provide a risk assessment regarding the ID Subject’s identity that is derived, in part, from information provided by the ID Subject or otherwise collected from an ID Subjects use of the IFS Services and relayed by Client to Credit Bureau (“ID Subject Content”); and that in connection with certain IFS Services; (i) Client will establish a risk decision threshold above which the ID Subject is verified or authenticated, depending on the applicable Service, and below which the ID Subject is not verified or authenticated (“Risk Decision Threshold”) and Credit Bureau may act as a consultant to review Client’s risk strategies, but Client, in its sole discretion, will set its Risk Decision Threshold(s); and (ii) that depending upon Client’s Risk Decision Threshold an ID Subject may be able to successfully pass verification and authentication even though the individual submitting the ID Subject Content is not the actual individual to whom the ID Subject Content pertains. Client shall not maintain, copy, capture, reproduce, re-use or otherwise retain in any manner the interactive questions or multiple choice answers provided as part of the IFS Services (“Queries”), the ID Subject responses to the Queries (“Answers”) or the scores, flags and reason codes generated or other information relating to such Queries and Answers provided by the IFS Services (Scores); provided, however, provided however that Client may capture and retain the unique transaction number generated by the IFS Services with each transaction (each a “Transaction ID” solely for the purpose of (i) audit trail; (ii) calculation of the amount of usage of IFS Services; and (iii) billing. Without limiting the generality of the foregoing, Client shall not retain or make copies of, and must purge from its system, the Queries and Answers prior to Client’s receipt of any Score relating to such Queries and Answers; and in the event Client receives the IFS Services at its call center (or call center maintained by a Service Provider), Client shall ensure that the call center operators are unable to retrieve the Queries and Answers after the delivery of tie Score by, for example, disabling the use the back button key after the delivery of the Score- Score. In the event that the IFS Services do not provide a response, tie Queries must be purged as expeditiously as possible but in no event longer than thirty (30) minutes 30)minutes after receipt of such Queries. Client has the right to transmit and authorize the use of ID Subject Content and hereby authorizes the use of ID Subject Content as required to perform the IFS Services; analyze, enhance or improve the performance of the IFS Services; and disclose ID Subject Content as required by law or the operation of the IFS Services. Client will timely, reliably and accurately relay the Queries, Answers and other ‘D Subject Content to and from the IFS Services and the applicable ID Subject. When providing ID Subjects with access to the IFS Services via the Internet, Client will adopt, publish, maintain and adhere to a privacy policy and upon request, provide a copy of Clients privacy policy. Client’s privacy policies clearly disclose to ID Subject that the ID Subject Content may be shared with third party service providers for the purpose of completing the relevant transaction. Client acknowledges and agrees that prior to receiving the IFS Services, Client may need to complete an approval process for receipt of the IFS Services by the applicable wireless carriers. Such process shall include, without limitation, review of the proposed consumer consent language or any other consumer terms and conditions, review of any process flows, a description of Client’s intended use, and a copy or summary of Client’s applicable privacy policy. The IFS Service will be provided only with respect to those wireless carriers that have authorized the use of such data in connection with the provision of IFS Services, and then only to the extent and for the period that such data is available or provided by such wireless carriers. Client will establish and maintain a manual verification process in the event that Client determines that an ID Subject does not pass the Risk Decision Threshold or Client receives a nag from tie IFS Services indicating a possible match from a fraud database. Client will not (i) use or access the IFS Services outside the territorial boundaries of the United States, Canada, and the United States territories of Puerto Rico, Guam, and the Virgin Islands (collectively, the “Permitted Territory”); regardless of whether such use or access is by off-shore Authorized Agents or authorized Service Providers or an off- shore department or division of Client, or (it) export or permit the export of the IFS Services outside of the Permitted Territory. Client will not share or permit the use of the IFS Services, in whole or in part, with any third party. Credit Bureau may review Client’s practices and procedures including, without limitation, any relevant documentation, to determine Clients compliance with this Integrator Schedule- Schedule. Client shall promptly provide Credit Bureau with copies of all requested documents and records- records. If Credit Bureau reasonably believes a compliance issue exists, Credit Bureau or its designated representative may enter Client’s facilities, upon at least five (5) business days prior written notice and at a mutually agreed upon time„ time to an on-site assessment of Clients practices and procedures relating to Client’s request for, and use of, the IFS Services and Client’s security practices with respect thereto. Client shall employ decision-making processes appropriate to the nature of the transaction and in accordance with industry standards, and Client will use the IFS Services only for the purposes set forth in this Integrator Schedule. Client is solely responsible for all results of its use of the IFS Services. TO THE MAXIMUM EXTENT ALLOWABLE BY LAW, ALL IFS SERVICES ARE PROVIDED BY Credit Bureau ON AN “AS-IS,” AS-AVAILABLE BASIS, AND Credit Bureau (AND ITS DATA PROVIDERS AND SUPPLIERS HEREBY DISCLAIM ANY AND ALL PROMISES, REPRESENTATIONS, GUARANTEES, AND WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITH RESPECT TO THE ACCURACY, COMPLETENESS, CURRENTNESS, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE, OF THE IFS SERVICES. IN NO EVENT WILL Credit Bureau OR ITS DATA PROVIDERS AND SUPPLIERS BE LIABLE TO CLIENT FOR ANY LOSS OR INJURY RELATING TO, ARISING OUT OF, OR CAUSED IN WHOLE OR IN PART BY, ITS ACTS OR OMISSIONS, EVEN IF NEGLIGENT, RELATING TO THE IFS SERVICES. If Client receives the one-time passcode (“OTP”), Client must comply with the following acceptable use policy (“AUP”):

Credit Bureau Identity and Fraud Services. Client certifies that it will use Credit Bureau identity and fraud services (“IFS Services”) exclusively within Clients own organization for the purpose of verifying the identity of individual persons (ID Subjects) who initiates a business transaction with the Client and not for any other purpose; and that it will use and ensure that its employees access to the IFS Services is in accordance with the terms of the Client Agreement. Client acknowledges and agrees that the IFS Services do not guarantee the identity of the ID Subject, but merely provide a risk assessment regarding the ID Subject’s identity that is derived, in part, from information provided by the ID Subject or otherwise collected from an ID Subjects use of the IFS Services and relayed by Client to Credit Bureau (“ID Subject Content”); and that in connection with certain IFS Services; (i) Client will establish a risk decision threshold above which the ID Subject is verified or authenticated, depending on the applicable Service, and below which the ID Subject is not verified or authenticated (“Risk Decision Threshold”) and Credit Bureau may act as a consultant to review Client’s risk strategies, but Client, in its sole discretion, will set its Risk Decision Threshold(s); and (ii) that depending upon Client’s Risk Decision Threshold an ID Subject may be able to successfully pass verification and authentication even though the individual submitting the ID Subject Content is not the actual individual to whom the ID Subject Content pertains. Client shall not maintain, copy, capture, reproduce, re-use or otherwise retain in any manner the interactive questions or multiple choice answers provided as part of the IFS Services IFSServices (“Queries”), the ID Subject responses to the Queries (“Answers”) or the scores, flags and reason codes generated or other information relating to such Queries and Answers provided by the IFS Services (Scores); provided, however, provided however that Client may capture and retain the unique transaction number generated by the IFS Services with each transaction (each a “Transaction ID” solely for the purpose of (i) audit trail; (ii) calculation of the amount of usage of IFS Services; and (iii) billing. Without limiting the generality of the foregoing, Client shall not retain or make copies of, and must purge from its system, the Queries and Answers prior to Client’s receipt of any Score relating to such Queries and Answers; and in the event Client receives the IFS Services at its call center (or call center maintained by a Service Provider), Client shall ensure that the call thecall center operators are unable to retrieve the Queries and Answers after the delivery of tie Score by, for example, disabling the use the back button key after the delivery of the Score- Score. In the event that the IFS Services do not provide a response, tie Queries must be purged as expeditiously as possible but in no event longer than thirty (30) minutes 30)minutes after receipt of such Queries. Client has the right to transmit and authorize the use of ID Subject Content and hereby authorizes the use of ID Subject Content as required to perform the IFS Services; analyze, enhance or improve the performance of the IFS Services; and disclose ID Subject Content as required by law or the operation of the IFS Services. Client will timely, reliably and accurately relay the Queries, Answers and other ‘D Subject Content to and from the IFS Services and the applicable ID Subject. When providing ID Subjects with access to the IFS Services via the Internet, Client will adopt, publish, maintain and adhere to a privacy policy and upon request, provide a copy of Clients privacy policy. Client’s privacy policies clearly disclose to ID Subject that the ID Subject Content may be shared with third party service providers for the purpose of completing the relevant transaction. Client acknowledges and agrees that prior to receiving the IFS Services, Client may need to complete an approval process for receipt of the IFS Services by the applicable wireless carriers. Such process shall include, without limitation, review of the proposed consumer consent language or any other consumer terms and conditions, review of any process flows, a description of Client’s intended use, and a copy or summary of Client’s applicable privacy policy. The IFS Service will be provided only with respect to those wireless carriers that have authorized the use of such data in connection with the provision of IFS Services, and then only to the extent and for the period that such data is available or provided by such wireless carriers. Client will establish and maintain a manual verification process in the event that Client determines that an ID Subject does not pass the Risk Decision Threshold or Client receives a nag from tie IFS Services indicating a possible match from a fraud database. Client will not (i) use or access the IFS Services outside the territorial boundaries of the United States, Canada, and the United States territories of Puerto Rico, Guam, and the Virgin Islands (collectively, the “Permitted Territory”); regardless of whether such use or access is by off-shore Authorized Agents or authorized Service Providers or an off- shore department or division of Client, or (it) export or permit the export of the IFS Services outside of the Permitted Territory. Client will not share or permit the use of the IFS Services, in whole or in part, with any third party. Credit Bureau may review Client’s practices and procedures including, without limitation, any relevant documentation, to determine Clients compliance with this Integrator Schedule- Schedule. Client shall promptly provide Credit Bureau with copies of all requested documents and records- records. If Credit Bureau reasonably believes a compliance issue exists, Credit Bureau or its designated representative may enter Client’s facilities, upon at least five (5) business days prior written notice and at a mutually agreed upon time„ time to an on-site assessment of Clients practices and procedures relating to Client’s request for, and use of, the IFS Services and Client’s security practices with respect thereto. Client shall employ decision-making processes appropriate to the nature of the transaction and in accordance with industry standards, and Client will use the IFS Services only for the purposes set forth in this Integrator Schedule. Client is solely responsible for all results of its use of the IFS Services. TO THE MAXIMUM EXTENT ALLOWABLE BY LAW, ALL IFS SERVICES ARE PROVIDED BY Credit Bureau ON AN “AS-IS,” AS-AVAILABLE BASIS, AND Credit Bureau (AND ITS DATA PROVIDERS AND SUPPLIERS HEREBY DISCLAIM ANY AND ALL PROMISES, REPRESENTATIONS, GUARANTEES, AND WARRANTIES, WHETHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WITH RESPECT TO THE ACCURACY, COMPLETENESS, CURRENTNESS, MERCHANTABILITY, OR FITNESS FOR A PARTICULAR PURPOSE, OF THE IFS SERVICES. IN NO EVENT WILL Credit Bureau OR ITS DATA PROVIDERS AND SUPPLIERS BE LIABLE TO CLIENT FOR ANY LOSS OR INJURY RELATING TO, ARISING OUT OF, OR CAUSED IN WHOLE OR IN PART BY, ITS ACTS OR OMISSIONS, EVEN IF NEGLIGENT, RELATING TO THE IFS SERVICES. If Client receives the one-time passcode (“OTP”), Client must comply with the following acceptable use policy (“AUP”):