ePrivacy and GPDR Cookie Consent by Cookie Consent

All About Our Customer FAQ

View FAQ Overview
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form
Does CredoLab collect personal data from my smartphone device?

No. All your  personal data like messages & contacts are not accessed. The only information that some jurisdictions may define as personal would include: Android ID number and Geographic location based on file. This information is only used to deter fraudulent behaviour.

Aside from that, the bulk of the data that we collect is considered metadata, which translates to the data about the data. Furthermore, we access only anonymous data which we code them binarily and only after you have agreed to the required Operating System's permissions and granted data privacy consent. In doing so, CredoLab protects your anonymity whilst retaining the ability to detect fraud deriving from particular devices.

What is CredoApp?

CredoApp is a data collection and processing tool offered by CredoLab. The white-label app converts the your smartphone metadata into credit scores, after getting explicit consent to access the device data. The score is then sent to your bank for further assessment your application.

CredoApply
What is CredoApply?

CredoApply is a comprehensive digital onboarding platform that facilitates all aspects of the customer application process. Built on CredoLab’s powerful AI credit scoring technology, CredoApply is packed with mobile intelligence to help manage all steps of the onboarding process, such as guiding customers through the application, KYC requirement completion, anti-fraud checks and digital credit scoring. With CredoApply, lenders can offer their customers a fully digitised and engaging onboarding experience. CredoLab’s advanced backend infrastructure ensures that customers enjoy a speedy time-to-yes while companies can profit from higher credit scoring accuracy.

CredoWeb
What is CredoWeb?

A data collection toolkit that helps lenders score the applicants on desktop. The CredoWeb is a simple JavaScript that sits on the lender’s application web page to collect device fingerprint and behavioural data about the way an application form is filled in. The scoring algorithm uses a two-fold intelligence to assesses the creditworthiness of an applicant. It combines the device data insights with that of browser behaviour to get you a more predictable credit score for each applicant.

What is ScoreMe?

ScoreMe is a light mobile app aimed at helping applicants identify the loans and credit cards of a particular financial institution available to them. By simply downloading the app and completing the secure scoring process, you will be able to check your eligibility for each financial product available. You may or may not choose to proceed with the application once the scoring is complete.

How does CredoLab generate the fraud score?

CredoLab has partnered with TransUnion, formerly iovation, to bring lenders the best in business anti-fraud solution. CredoLab and TransUnion, formerly iovation, have joined forces bringing a single mobile solution that uses smartphone device metadata to generate bank-grade digital scorecards and perform anti-fraud checks, in real-time.

What permissions need to be granted in order for the scoring App to be able to collect data?

We collect data permissions from 8 main, broad categories-- Apps, messages, contacts, image and audio files, emails, calendars and downloads. We give you control of which permissions you want to allow, and which you'd like to decline access to.

Data Privacy
Can you provide examples of metadata?

Examples of metadata would include: the number of events you schedule during work hours, the number of contacts saved per month, total number of apps upgraded in the last month, or the number of music files. We do not collect the personal contents, we just crunch the numbers.

How many data points does are collected from my smartphone device?

The credit scoring app collects millions of data points on average from the smartphone device. The number of data points collected depends on the permissions granted, the operating system (Android, iOS) and its version, and the actual usage of the mobile device. In any case, the more permissions granted, the more accurate the score, the higher your chances of getting a better score.

How big is the CredoApp?

The CredoApp 3.0 version is approximately 2MB in size.

What kind of data does CredoApply collect?

CredoApply collects two types of data: personal data and anonymous mobile digital footprint. The personal data is transferred right away to the financial institution via a secure API. No personal data is stored on CredoLab's servers nor is it shared with other 3rd parties.

The mobile digital footprint is collected anonymously in the form of metadata. This metadata is only used only to calculate credit score and to determine the outcome of your application. We then determine the correlation between you as an applicant and the predicted default rate.

You can get more information on how we handle the data under our privacy policies.

Is the credit score and fraud check done at the same time?

Yes. While our scoring algorithm crunches the consented device metadata to generate a reliable credit score, TransUnion’s FraudForce uses device recognition and intelligence technology to track over 45 types of fraud and abuse. All this happens in a matter of seconds giving the fraud score and the credit score in real-time.

Data Privacy
How do I know CredoLab only collects metadata and not any personal information?

CredoLab only reads permissioned information and transforms them into anonymous data about other data (metadata). If you could take a look at the data CredoLab’s scoring algorithm processes, it would be as below:

A screenshot of a cell phoneDescription automatically generated

We have had independent annual auditors (Ernst & Young, (2018) and eShard (2019) verify that our product do not have any exploitable vulnerabilities. 


What is the size of the average datasets?

The file containing the metadata used to calculate the credit score is no bigger than 50kb.

CredoWeb
What is the two-fold intelligence that CredoWeb provides?

CredoWeb focuses on two levels of analysis: Behavioural Application Analysis of the user and Anti-Fraud Checks of the device.

ScoreMe
How big is the ScoreMe application?

The ScoreMe application is approximately 2MB in size.

Fraud Score
What are the different kinds of fraud checks conducted by the fraud check algorithm?

Our fraud check algorithm protects you from 45 types of fraud and abuse:

  • Payment fraud
  • New Account Fraud
  • Application Fraud
  • Policy Violation
  • Account Takeover
  • Claims Fraud
  • Loan Default
  • Identity Theft
Data Privacy
Is the interface between your clients and the service platform encrypted?

Yes, CredoLab's end-to-end communication protocols are encrypted.

How does CredoApp function?

How big is the CredoApply App?

The App is approximately 7Mb in size.

CredoWeb
What does Behavioural Application Analysis entail?

CredoLab’s Behavioural Application Analysis is a new solution that assesses users while they apply for a loan or credit card on a lender’s or aggregator’s website. CredoLab’s Behavioural Application Analysis uses behavioural metrics to build profiles of users’ behaviours that include:

  • How they type, the keys that they press and how they press them?
  • How they move the mouse on the screen?
  • How quickly they answer questions that they should know?
  • How slowly they answer questions that they may not know immediately?
  • How they swipe left to right on a mobile platform or utilize other gestures?
  • How uniform is the typing rhythm?

Through the behavioural monitoring of a user’s loan or credit card application, we provide lenders with a new credit assessment tool based on users’ actions. We crunch these metrics with an algorithm that also accounts for behavioural variances across platforms and can detect if automated activity might be involved (for instance, a bot for application form completion or past e o r autocompletion tool).

CredoLab’s Behavioural Application Analysis seamlessly integrate in any mobile app and website. It collects behavioural metrics via a simple JavaScript that enriches the credit assessment without introducing any friction in the user experience.

How does Credo ScoreMe function?

Once downloaded, the Credo ScoreMe requests for permissions to be granted to access the metadata of the smartphone and process the data into a credit score. On approving the access, you can immediately see your score. You are then presented with possible products that you are eligible to apply for. If you choose to pick a product of your preference, the request for application and the score is sent to the financial institution. This provides them a pre-assessed application that will fasten the processing of the application and guarantee you a higher chance of approval.

Does the fraud score check any additional data access?

No. The fraud check is done with the same meta data accessed after explicit consent is taken from the customer. The customer is given full information on how and for what purposes the metadata collected will be used while requesting for access. We believe in complete transparency and do our best to ensure you are in full control of your data – even though its non-identifiable metadata.

Can the App collect data in the background?

No. The only time the app is active is when you initiate the scoring process. Once the score is sent to the backend, the app is defunct. It does not access any data or remain active in the background. You are free to delete the app right after the scoring is done.

You can get more information on how we handle the data under our privacy policies.

Data Privacy
What kinds of data do you collect?

CredoLab collects privacy consented, non Personally Identifiable Information (PII) anonymous metadata, such as:

  • SMS, Log, Email, Network: We analyse SMS, Email and Network communication activity, not actual content, including frequencies, ratios, intervals between actions, distribution, and entropies.
  • Contacts: We analyse the address book and correlate it with the communication activity including existing contacts or unknown ones or short numbers without moving any contact outside the mobile.
  • Device: We analyse all characteristics of the device including the model, display size, RAM size, storage size and utilization, age of the device.
  • Browsing History: We analyse the browsing history including browsing patterns, preferences or simply intent to apply for a lending product.
  • Applications: We analyse the type of apps including competitive lending apps, office applications, e-wallets, and suspicious ones such as TOR or VPN.
  • CredoLab can also collect Non-anonymous data: In this mode, the CredoApp and CredoSDK collect the content of text messages, the actual phone numbers, the names and details of contacts in the address book, the geolocation and other personal data. This approach allows your institution to dramatically increase the accuracy of KYC while opening up new use cases including skip tracing and collections management.

What permissions need to be granted in order for CredoApp to be able to collect data before scoring?

We collect data permissions from 8 main, broad categories - Apps, messages, contacts, image and audio files, emails, calendars and downloads. We give you control of which permissions you want to allow, and which you'd like to decline access to.

What permissions need to be granted in order for CredoApply to be able to collect data before scoring?

We collect data permissions from 8 main, broad categories- Apps, messages, contacts, image and audio files, emails, calendars and downloads. We give you control of which permissions you want to allow, and which you'd like to decline access to.

What permissions need to be granted in order for ScoreMe to be able to collect data before scoring?

We collect data permissions from 8 main, broad categories - Apps, messages, contacts, image and audio files, emails, calendars and downloads. We give you control of which permissions you want to allow, and which you'd like to decline access to.

What does the Anti-fraud Checks of CredoWeb entail?

CredoLab’s Anti -Fraud Checks help your lender assess the devices used to apply for a loan or a credit card. In collaboration with TransUnion, formerly iovation, CredoLab’s new anti-fraud solution analyses the context of an application on mobiles, computers, and tablets and helps answer the following questions:

  • Is this a new device or have we seen it before?
  • Is device being evasive?
  • Are there geolocation risks?
  • Are there device risks present?
  • Does device have history of fraud?
  • Is device associated with other devices that have fraud history?

Through mobile device intelligence, we offer a new anti-fraud tool that accurately separate the fraudsters from good customers by identifying:

  • Evasion techniques: Transactions originating from TOR networks, use of a proxy server, or use of mobile
  • Device anomalies: Location mismatches, time zone and IP address changes, and transactions that originate from known high risk locations, IPs, or ISPs.
  • Risky device behaviours: High transaction volumes, too many accounts and/or geolocations per device, and past history of fraud or abuse.
Data Privacy
You collect so much of people's data. What if it leaks out?

With the anonymous approach, CredoLab focuses on protecting the users’ data privacy. Even if users’ data are stolen, it would be impossible to identify neither a user, or any of her contacts, or fetch any other information from a data set. CredoLab does not collect the content of messages or emails, phone numbers, contact names, geolocation or any other personal data.

How long does it take for CredoApp to collect and process the data, and generate the credit score?

The process is completed faster than you can say "CredoLab". The app begins accessing data only after the you have granted the required permissions. Within seconds the score is generated and sent to the financial institution. Do note that all CredoApp does is take a 'snapshot' of the device usage and does not track information over time. Once the score has been successfully sent to the backend, the app is defunct and can be deleted.

You can get more information on how we handle the data under our privacy policies.

What if I refuses to grant permissions to access the device data?

Then CredoLab will not be able to generate a score. The score is generated based on the information allowed to access.  The more permissions granted, the more accurate the score will be reflected and thus, higher the chances of getting a better approval score.

CredoWeb
How big is the CredoWeb JavaScript?

Sizing is minimal as we simply implement a few lines of coding to embed the data collection and scoring algorithm into the application web page.

ScoreMe
How long does it take for ScoreMe to collect and process the data, and generate the credit score?

The process is completed faster than you can say "CredoLab". The app begins accessing data only after the customer has granted the required permissions. Within seconds the score is generated and presented to the customer. Do note that all ScoreMe does is take a 'snapshot' of the device usage and does not track information over time. Once the score has been successfully generated, the app is defunct and does not scrape any data in the backend.

You can get more information on how we handle the data under our privacy policies.

Data Privacy
Are any users' personal data shared with the vendor? If so, provide the list of data areas.

No. CredoLab doesn't collect and share user's personal info

Can the CredoApp collect data in the background?

No. The only time the app is active is when you initiate the scoring process. Once the score is sent to the financial institution, the app is defunct. It does not access any data or remain active in the background. You are free to delete the app right after the scoring is done.

You can get more information on how we handle the data under our privacy policies.

ScoreMe
Can the ScoreMe collect data in the background?

No. The only time the app is active is when the customer initiates the scoring process. Once the score is sent to the backend, the app is defunct. It does not access any data or remain active in the background. The customer is free to delete the app right after the scoring is done.

You can get more information on how we handle the data under our privacy policies.

What permissions need to be granted before scoring can start on CredoWeb?

No permissions are needed because our web solution only monitors the your behavioural pattern within the process of application. It is essentially a single-session data capture process that starts when you start the application form and ends the moment you submit your form.

How long will the data be kept by the CredoLab?

The metadata assessed and the score generated on you are stored by CredoLab for your financial institution’s use as long as we are their technology partners. On termination of the contract, this data is deleted from all servers.

What if I refuses to grant permissions to access the device data?

Then CredoLab will not be able to generate a score. The score is generated based on the information allowed to access.  The more permissions granted, the more accurate the score will be reflected and thus, higher the chances of getting a better approval score.

CredoWeb
From what instance does the JavaScript start capturing the data?

Data collections begins from the moment the customer begins the filling in application form and ends once the form is submitted.

What if I refuse to grant permissions to access the device data?

Then CredoLab will not be able to generate a score. The score is generated based on the information allowed to access.  The more permissions granted, the more accurate the score will be reflected and thus, higher the chances of getting a better approval score.

Data Privacy
Where will this data be stored?

The data extracted is stored in the form of a Json (or JavaScript) file on secure clouds provided by Amazon, Microsoft or a secure local server depending on our client's and country's policy and regulation. We are generally compliant with respective governmental regulations and local data is kept within the country, but CredoLab remains the sole proprietor of the data collected.

How many languages can CredoApp support?

Currently CredoApp supports 7 main Asian languages; Simplified Chinese, English, Indonesian / Malay, Thai, Burmese, Vietnamese and Tagalog. To change the language, simply tap on the relative icon in the menu.

CredoWeb
Does the JavaScript monitor the browser activity before or after this?

No. The JavaScript is activated when the customer starts filling application form and stops the moment the form is submitted.

ScoreMe
How many languages can ScoreMe support?

Currently the app supports 7 main Asian languages; Simplified Chinese, English, Indonesian / Malay, Thai, Burmese, Vietnamese and Tagalog. To change the language, simply tap on the relative icon in the menu.

Which cloud storage provider do you use?

CredoLab has been working with Microsoft Azure for our cloud storage solutions. If a particular financial institution or local regulators compel us to use another platform, we do so after thorough checks.

Who will have access to the data within CredoLab?

Only authorized and trained employees of Research and Development department have read only access to the data. In addition to this, the customer success team working with the financial institution will also have access to the data for better serving them. 


Data Privacy
Is there any other steps you take ensure data security?

All data collected are encrypted at all times - when at rest as well as in transit. Production data, the data used to generate the scorecards once you go live, are restricted from being used in test and development systems unless the data is appropriately masked or sanitised to protect sensitive information (if any). Data leakage protection (DLP) mechanisms are put in place to monitor and prevent the data form leaving the organisation via removable media or via a network. We maintain separate and appropriately segregated development, test and production environments for all Client`s relevant systems.

Data Privacy
What are your data security incident management efforts?

We have a formal security incident monitoring, reporting and response process to identify, report, and appropriately respond to known or suspected security incidents. Theft or loss of user systems (such as workstations or laptops) considered security incidents and follow our incident reporting process.

How long does it take to generate the credit score?

The process is completed faster than you can say "CredoLab"! The app begins accessing data only after you have granted the required permissions. Within seconds the score is generated and sent to your lender. Do note that all CredoApp does is take a 'snapshot' of the device usage and does not track information over time. Once the score has been successfully sent to the backend, the app is defunct and can be deleted.

Can the CredoApply collect data in the background?

No. The only time the app is active is when you initiate the scoring process. Once the score is sent to the financial institution, the app is defunct. It does not access any data or remain active in the background. You are free to delete the app right after the scoring is done.

Couldn’t find an answer to your query? Get in touch with us directly at faqs@credolab.com.