Security Acknowledgment
To continue to the next screen, review the security requirements below then click the `I Acknowledge` button.
|
|
Equifax ePort provides customers with convenient web-based access to various Equifax products
and services while ensuring the highest levels of data security and privacy.
To protect this information, we have implemented extensive online security practices.
These include, but are not limited to, the following:
|
Active User ID Recertification -
At regular intervals, based on a
company's number of user IDs, Company Administrators will
have to recertify their active user IDs or they will be
inactivated based on their recertification date.
|
Mandatory Password
Expirations - All ePort user passwords will expire based on
a predetermined maximum timeframe. If desired,
administrators can configure their company's password
expiration policy to occur earlier than the maximum timeframe.
|
|
Inactive User ID
Notification - Administrators will be notified when
any of their company's User IDs, along with the User
Names, have not been used for a period of time, causing them
to become inactive. Administrators will be able to
re-activate the User IDs or allow them to become permanently
inactive.
|
|
Password Expiration
Warnings - Reminder messages will be sent to all ePort users
before their passwords are set to expire.
|
|
Equifax ePort Security
Awareness Program - Periodically, administrators
will be directed to the Security Information page to ensure
that they are made aware of and agree to any changes,
modifications or additions to the Security features of Equifax ePort.
|
|
User Login
Information - All Equifax ePort users will be able to review their
last login date, time, IP address and IP location each time
they log into ePort.
|
|
IP Restrictions -
Company administrators can control and limit access to all
ePort services by specifying a user's IP address
information. By specifying a publicly available static IP
address or range of IP addresses, company administrators can
reduce the risks associated with someone accessing ePort from
outside defined locations (such as from a user's home PC,
internationally or simply outside of their corporate network).
|
|
Timeout - All ePort
users are automatically timed out after 30 minutes of
inactivity, preventing an unauthorized user from accessing
information from another person's computer. To prevent
unauthorized access, users should always logout of ePort when
they are not at their computer.
|
|
User Access Controls
- System administrators can control access privileges by:
-
Assigning different access and/or privileges to a User Group.
User groups is a feature that allows you to set and manage like
permissions at a group rather than user level.
-
Limiting product availability
(only providing users with access to the products they need to
fulfill their specific job responsibilities).
To reduce the amount of sensitive information that may be distributed to users,
Equifax ePort does not require individuals with User or Supervisor roles to enter
sensitive or confidential account information. The account set-up process is limited
to your company administrators.
|
|
Usage Reports
Available in eCredit - ePort provides management,
internal audit, and security teams with valuable tools that
help govern issues related to the use of credit information.
Company administrators have access to the following tools:
-
Consumer File Logs - View users' credit report
activity including the original inquiry information and
report output. Logs can be viewed for at least six months
and provide an effective audit trail.
-
Report Profile Logs - Examine changes made to Equifax
product selections, including product additions, deletions,
and changes.
-
User Profile Logs - Analyze changes related to
users' profiles by determining who added a new user or
made changes to an existing users' profile as well as
the date and time the changes were made.
-
Secure Token Logs - Assess each time a user downloads
a new token. When a user downloads a new token, company
administrators can view the IP address of the machine that
was used to download the token along with the transaction
date and time. If a user logs into another person's
computer that already has a secure token installed, token
logs are not recorded.
Company administrators also can establish normal
hours of operation and review applications accessed outside of
those hours. To set up operation hours, go to the Company
Administration link and click Security.
|
Standard
Security Practices and Assessments
|
|
SSL Encryption - ePort
uses 128-bit Secure Socket Layer (SSL), a web standard, to
protect, secure, and encrypt confidential information that is
transmitted over the Internet from your computer's web
browser to Equifax's secure servers. The information is
decrypted only upon receipt by Equifax.
|
|
Security
Certifications - The Equifax network is reviewed on a
continual basis by external security experts who conduct
intrusion testing, vulnerability assessments, on-site
inspections, and policy/incident management reviews. Equifax
annually completes a SAS 70 Type II audit and receives
TruSecure's accredited security certification.
Additionally, Equifax conducts its own reviews on a weekly
basis.
|
|