Security Acknowledgment
To continue to the next screen, review the security requirements below then click the `I Acknowledge` button.

Equifax ePort provides customers with convenient web-based access to various Equifax products and services while ensuring the highest levels of data security and privacy. To protect this information, we have implemented extensive online security practices. These include, but are not limited to, the following:

Active User ID Recertification - At regular intervals, based on a company's number of user IDs, Company Administrators will have to recertify their active user IDs or they will be inactivated based on their recertification date.

Mandatory Password Expirations - All ePort user passwords will expire based on a predetermined maximum timeframe. If desired, administrators can configure their company's password expiration policy to occur earlier than the maximum timeframe.

Inactive User ID Notification - Administrators will be notified when any of their company's User IDs, along with the User Names, have not been used for a period of time, causing them to become inactive. Administrators will be able to re-activate the User IDs or allow them to become permanently inactive.

Password Expiration Warnings - Reminder messages will be sent to all ePort users before their passwords are set to expire.

Equifax ePort Security Awareness Program - Periodically, administrators will be directed to the Security Information page to ensure that they are made aware of and agree to any changes, modifications or additions to the Security features of Equifax ePort.

User Login Information - All Equifax ePort users will be able to review their last login date, time, IP address and IP location each time they log into ePort.

IP Restrictions - Company administrators can control and limit access to all ePort services by specifying a user's IP address information. By specifying a publicly available static IP address or range of IP addresses, company administrators can reduce the risks associated with someone accessing ePort from outside defined locations (such as from a user's home PC, internationally or simply outside of their corporate network).

Timeout - All ePort users are automatically timed out after 30 minutes of inactivity, preventing an unauthorized user from accessing information from another person's computer. To prevent unauthorized access, users should always logout of ePort when they are not at their computer.

User Access Controls - System administrators can control access privileges by:

Assigning different access and/or privileges to a User Group. User groups is a feature that allows you to set and manage like permissions at a group rather than user level.
Limiting product availability (only providing users with access to the products they need to fulfill their specific job responsibilities).

To reduce the amount of sensitive information that may be distributed to users, Equifax ePort does not require individuals with User or Supervisor roles to enter sensitive or confidential account information. The account set-up process is limited to your company administrators.

Usage Reports Available in eCredit - ePort provides management, internal audit, and security teams with valuable tools that help govern issues related to the use of credit information. Company administrators have access to the following tools:

Consumer File Logs - View users' credit report activity including the original inquiry information and report output. Logs can be viewed for at least six months and provide an effective audit trail.
Report Profile Logs - Examine changes made to Equifax product selections, including product additions, deletions, and changes.
User Profile Logs - Analyze changes related to users' profiles by determining who added a new user or made changes to an existing users' profile as well as the date and time the changes were made.
Secure Token Logs - Assess each time a user downloads a new token. When a user downloads a new token, company administrators can view the IP address of the machine that was used to download the token along with the transaction date and time. If a user logs into another person's computer that already has a secure token installed, token logs are not recorded.

Company administrators also can establish normal hours of operation and review applications accessed outside of those hours. To set up operation hours, go to the Company Administration link and click Security.

Standard Security Practices and Assessments

SSL Encryption - ePort uses 128-bit Secure Socket Layer (SSL), a web standard, to protect, secure, and encrypt confidential information that is transmitted over the Internet from your computer's web browser to Equifax's secure servers. The information is decrypted only upon receipt by Equifax.

Security Certifications - The Equifax network is reviewed on a continual basis by external security experts who conduct intrusion testing, vulnerability assessments, on-site inspections, and policy/incident management reviews. Equifax annually completes a SAS 70 Type II audit and receives TruSecure's accredited security certification. Additionally, Equifax conducts its own reviews on a weekly basis.