Identity Fraud Agreement | Soft Pull Solutions

IFS Services Agreement

 

1. Permitted Use and Purpose

Client certifies that it will utilize Credit Bureau identity and fraud services ("IFS Services") solely within its own organization to verify the identity of individual persons ("ID Subjects") initiating business transactions. The IFS Services must not be used for any other purpose. Client must ensure all internal users comply with the terms of the Client Agreement.

Client acknowledges that IFS Services do not confirm an ID Subject’s identity, but instead offer a risk-based assessment based on ID Subject-provided or collected data ("ID Subject Content"). Client agrees:

- To set its own Risk Decision Threshold for verification/authentication.

- That Credit Bureau may consult on risk strategy, but the final threshold setting is Client’s responsibility.

- That even if an ID Subject meets the threshold, identity cannot be absolutely confirmed.

2. Data Handling and Restrictions

Client shall not retain, reproduce, or reuse the interactive questions ("Queries"), multiple choice answers ("Answers"), or any resulting scores, flags, or reason codes (collectively, "Scores"). The only permissible retention is the unique transaction ID ("Transaction ID") for:

- Audit trail purposes

- Usage tracking

- Billing reconciliation

Client must purge Queries and Answers prior to receiving a Score. In call center environments, the system must prevent post-Score access (e.g., disable browser back button). If no Score is provided, Queries must be deleted within 30 minutes.

3. Consent and Use of ID Subject Content

Client represents that it has the right to transmit and authorize the use of ID Subject Content for the following purposes:

- To deliver IFS Services

- To enhance or improve the IFS Services

- To fulfill legal requirements

Client agrees to accurately and promptly transmit Queries, Answers, and related content between the IFS Services and the ID Subject.

4. Privacy and Consumer Disclosures

If offering IFS Services online, Client must:

- Maintain and display a privacy policy

- Disclose that ID Subject Content may be shared with third parties to complete the transaction

5. Carrier Approval Process

Client understands that use of certain IFS Services may require prior approval from wireless carriers. This may include submission of:

- Consent language

- Process flows

- Intended use summaries

- Privacy policy documents

IFS Services will be available only from carriers that authorize such usage and only to the extent such data is provided.

6. Manual Verification

Client will maintain a manual verification process for:

- Failed Risk Decision Thresholds

- Fraud database flags

7. Geographic and Sharing Limitations

Client agrees not to:

- Use or access IFS Services outside the United States, Canada, Puerto Rico, Guam, or the U.S. Virgin Islands ("Permitted Territory")

- Export the IFS Services

- Share IFS Services with third parties

8. Audit and Compliance

Credit Bureau may audit Client’s compliance with this Agreement. Client must:

- Provide requested documentation

- Allow on-site assessments with five (5) business days’ notice

9. Responsibility and Limitations

Client is solely responsible for its use of the IFS Services and agrees to follow industry best practices. All services are provided "AS IS" without any warranties, including but not limited to fitness for a particular purpose or accuracy. Credit Bureau and its suppliers will not be liable for any related damages, even if negligent.

10. One-Time Passcode (OTP) Acceptable Use Policy

10.1 Scope

Client agrees to use OTP functionality solely in compliance with this Acceptable Use Policy (AUP). Soft Pull Solutions LLC or applicable service providers may amend this policy upon notice.

10.2 Prohibited Uses

Client must not use OTP:

- For spam, unsolicited materials, or messages to unauthorized recipients

- To transmit infringing, abusive, illegal, or misleading content

- To disseminate viruses, malware, or other harmful code

- In ways that violate telecommunications or data protection laws

- For materials involving drugs, adult content, weapons, hate speech, or gambling

10.3 Technical & Security Practices

Client shall:

- Access only subscribed carrier services

- Not misuse or tamper with service provider systems

- Cooperate with investigations of potential AUP violations

10.4 Customer Rights

Client must allow all message recipients to opt in and out of OTP communications.

Contact Us

Back to top