FAQ

We all have questions and here are a few we thought you may be asking yourself about who we are and what we do. And, more importantly, what we can do for you.

On average, how long does it take to process a credit application?

Credit decisioning is processed in real-time and takes less than 30 seconds. Loan application processing varies on the speed of user input. However, our solution reduces application approval times from days to minutes.

How does the loan application process work?

After business information has been entered, a credit check is performed. Next, our robust algorithm reviews in real-time bank data alongside other first-party sources to calculate the probability of default. A decision on whether to extend a invitation to apply is based on our company’s risk tolerance and credit policies.

What happens if an application is denied?

If an application is denied or in review, the applicant has the ability to appeal the decision.

Our partner company is a registered consumer reporting agency. What does this mean for to borrowers?

The federal Fair Credit Reporting Act (FCRA) promotes the accuracy, fairness, and privacy of information in the files of consumer reporting agencies. There are many types of consumer reporting agencies, including credit bureaus and specialty agencies (such as agencies that sell information about check writing histories, medical records, and rental history records). Here is a summary of your major rights under FCRA. For more information, including information about additional rights, go to www.consumerfinance.gov/learnmore or write to: Consumer Financial Protection Bureau, 1700 G Street N.W., Washington, DC 20552.

You must be told if information in your file has been used against you. Anyone who uses a credit report or another type of consumer report to deny your application for credit, insurance, or employment – or to take another adverse action against you – must tell you, and must give you the name, address, and phone number of the agency that provided the information.
You have the right to know what is in your file. You may request and obtain all the information about you in the files of a consumer reporting agency (your “file disclosure”). You will be required to provide proper identification, which may include your Social Security number. In many cases, the disclosure will be free. You are entitled to a free file disclosure if:
- a person has taken adverse action against you because of information in your credit report;
- you are the victim of identity theft and place a fraud alert in your file;
- your file contains inaccurate information as a result of fraud;
- you are on public assistance;
- you are unemployed but expect to apply for employment within 60 days.

In addition, all consumers are entitled to one free disclosure every 12 months upon request from each nationwide credit bureau and from nationwide specialty consumer reporting agencies. See www.consumerfinance.gov/learnmore for additional information.

You have the right to ask for a credit score. Credit scores are numerical summaries of your credit-worthiness based on information from credit bureaus. You may request a credit score from consumer reporting agencies that create scores or distribute scores used in residential real property loans, but you will have to pay for it. In some mortgage transactions, you will receive credit score information for free from the mortgage lender.
You have the right to dispute incomplete or inaccurate information. If you identify information in your file that is incomplete or inaccurate, and report it to the consumer reporting agency, the agency must investigate unless your dispute is frivolous. See www.consumerfinance.gov/learnmore for an explanation of dispute procedures.
Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information. Inaccurate, incomplete, or unverifiable information must be removed or corrected, usually within 30 days. However, a consumer reporting agency may continue to report information it has verified as accurate.
Consumer reporting agencies may not report outdated negative information. In most cases, a consumer reporting agency may not report negative information that is more than seven years old, or bankruptcies that are more than 10 years old.
Access to your file is limited. A consumer reporting agency may provide information about you only to people with a valid need – usually to consider an application with a creditor, insurer, employer, landlord, or other business. The FCRA specifies those with a valid need for access.
You must give your consent for reports to be provided to employers. A consumer reporting agency may not give out information about you to your employer, or a potential employer, without your written consent given to the employer. Written consent generally is not required in the trucking industry. For more information, go to www.consumerfinance.gov/learnmore.
You may limit “prescreened” offers of credit and insurance you get based on information in your credit report. Unsolicited “prescreened” offers for credit and insurance must include a toll-free phone number you can call if you choose to remove your name and address form the lists these offers are based on. You may opt out with the nationwide credit bureaus at 1-888-5-OPTOUT (1-888-567-8688).
The following FCRA right applies with respect to nationwide consumer reporting agencies:

CONSUMERS HAVE THE RIGHT TO OBTAIN A SECURITY FREEZE

You have a right to place a “security freeze” on your credit report, which will prohibit a consumer reporting agency from releasing information in your credit report without your express authorization. The security freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a security freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.

As an alternative to a security freeze, you have the right to place an initial or extended fraud alert on your credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting 7 years.

A security freeze does not apply to a person or entity, or its affiliates, or collection agencies acting on behalf of the person or entity, with which you have an existing account that requests information in your credit report for the purposes of reviewing or collecting the account. Reviewing the account includes activities related to account maintenance, monitoring, credit line increases, and account upgrades and enhancements.

You may seek damages from violators. If a consumer reporting agency, or, in some cases, a user of consumer reports or a furnisher of information to a consumer reporting agency violates the FCRA, you may be able to sue in state or federal court.
Identity theft victims and active-duty military personnel have additional rights. For more information, visit www.consumerfinance.gov/learnmore.

States may enforce the FCRA, and many states have their own consumer reporting laws. In some cases, you may have more rights under state law. For more information, contact your state or local consumer protection agency or your state Attorney General.

Can you describe the data science behind the solution?

The algorithm is formulated to improve credit assessment process based on the volume of data; thus with more applications process the credit engine gets increasingly more robust.

How is the borrower data kept safe?

The Company prioritizes data security and protection. We implement best-in-class physical, technological, and procedural security safeguards similar to those used by major financial institutions (banks, credit card companies, trading firms). Our API is built on the Finicity (a Mastercard company) open banking platform, ensuring data security and protection. Mastercard is a registered consumer reporting agency. The Fair Credit Reporting Act ensures transparency and consumer control of the data-sharing process. As a CRA partner, Common Area Credit Inc. gives consumers a voice. Their portal makes it easy for consumers to view their reports and file disputes. See “A Summary of Your Rights Under the Fair Credit Reporting Act” at https://www.finicity.com/a-summary-of-your-rights-under-the-fair-credit-reporting-act/.

How your privacy and security is protected

Encryption
Encryption scrambles sensitive transmissions made via the Internet. We employ strict encryption processes—the same ones used by financial institutions. Whenever data is transmitted, we require SSL /TLS (TLS1.2, soon to be TLS1.3) encryption. We also store data in an encrypted format (via AES256bit encryption), with additional layers of encryption added to our backup systems.

Firewall
Firewalls restrict connections between publicly accessible servers, including connections from wireless networks and system components storing user data. Separate firewall layers protect all Finicity systems. We use a defense-in-depth approach with a web application firewall, defending against OWASP Top10, DDoS attacks, and any known exploits against websites and applications. Additionally, we employ cutting-edge machine-learning technology that autonomously identifies and blocks any network or system activity suspected of being nefarious.

Password and Account Protection
A username and hidden (hashed) password are required to access any Finicity online service. After a username or password is entered incorrectly a specified number of times, access to an account is blocked. You are responsible for protecting the secrecy of your password by the terms of the Finicity end-user service agreement. All other services employed by Finicity require either multi-factor authentication or are tied to a single sign-on function (SSO).

Physical Security
Finicity uses secure facilities monitored and manned 24 hours a day, seven days a week. Access to servers requires multiple levels of identification and authentication, including biometrics and other security procedures.

Regular Internal and Third-party Security Audits
Our systems, policies, and procedures undergo regular security audits by third-party security experts. All systems are regularly updated. Finicity is SOC2, Type 2 certified, and maintains a PCI Level 1 RoC/AoC. We implement industry best practices for internal and external vulnerability testing, patching, anti-malware/virus, and data loss prevention.

How does AI impact the evolution of automated underwriting solutions intelligence?

With every application processes our propriety algorithm becomes more intelligent. If fact, when applications are not auto-approved and go into review, the software becomes more robust and assessing overall credit risk.

FAQ

FAQ