All About Our Customer FAQ

No. All your  personal data like messages & contacts are not accessed. The only information that some jurisdictions may define as personal would include: Android ID number and Geographic location based on file. This information is only used to deter fraudulent behaviour.

‍

Aside from that, the bulk of the data that we collect is considered metadata, which translates to the data about the data. Furthermore, we access only anonymous data which we code them binarily and only after you have agreed to the required Operating System's permissions and granted data privacy consent. In doing so, CredoLab protects your anonymity whilst retaining the ability to detect fraud deriving from particular devices.

‍

CredoApp is a data collection and processing tool offered by CredoLab. The white-label app converts the your smartphone metadata into credit scores, after getting explicit consent to access the device data. The score is then sent to your bank for further assessment your application.

CredoApply is a comprehensive digital onboarding platform that facilitates all aspects of the customer application process. Built on CredoLab’s powerful AI credit scoring technology, CredoApply is packed with mobile intelligence to help manage all steps of the onboarding process, such as guiding customers through the application, KYC requirement completion, anti-fraud checks and digital credit scoring. With CredoApply, lenders can offer their customers a fully digitised and engaging onboarding experience. CredoLab’s advanced backend infrastructure ensures that customers enjoy a speedy time-to-yes while companies can profit from higher credit scoring accuracy.

‍

A data collection toolkit that helps lenders score the applicants on desktop. The CredoWeb is a simple JavaScript that sits on the lender’s application web page to collect device fingerprint and behavioural data about the way an application form is filled in. The scoring algorithm uses a two-fold intelligence to assesses the creditworthiness of an applicant. It combines the device data insights with that of browser behaviour to get you a more predictable credit score for each applicant.

ScoreMe is a light mobile app aimed at helping applicants identify the loans and credit cards of a particular financial institution available to them. By simply downloading the app and completing the secure scoring process, you will be able to check your eligibility for each financial product available. You may or may not choose to proceed with the application once the scoring is complete.

CredoLab has partnered with TransUnion, formerly iovation, to bring lenders the best in business anti-fraud solution. CredoLab and TransUnion, formerly iovation, have joined forces bringing a single mobile solution that uses smartphone device metadata to generate bank-grade digital scorecards and perform anti-fraud checks, in real-time.

We collect data permissions from 8 main, broad categories-- Apps, messages, contacts, image and audio files, emails, calendars and downloads. We give you control of which permissions you want to allow, and which you'd like to decline access to.

Examples of metadata would include: the number of events you schedule during work hours, the number of contacts saved per month, total number of apps upgraded in the last month, or the number of music files. We do not collect the personal contents, we just crunch the numbers.

‍

The credit scoring app collects millions of data points on average from the smartphone device. The number of data points collected depends on the permissions granted, the operating system (Android, iOS) and its version, and the actual usage of the mobile device. In any case, the more permissions granted, the more accurate the score, the higher your chances of getting a better score.

The CredoApp 3.0 version is approximately 2MB in size.

CredoApply collects two types of data: personal data and anonymous mobile digital footprint. The personal data is transferred right away to the financial institution via a secure API. No personal data is stored on CredoLab's servers nor is it shared with other 3rd parties.

The mobile digital footprint is collected anonymously in the form of metadata. This metadata is only used only to calculate credit score and to determine the outcome of your application. We then determine the correlation between you as an applicant and the predicted default rate.

‍

You can get more information on how we handle the data under our privacy policies.

Yes. While our scoring algorithm crunches the consented device metadata to generate a reliable credit score, TransUnion’s FraudForce uses device recognition and intelligence technology to track over 45 types of fraud and abuse. All this happens in a matter of seconds giving the fraud score and the credit score in real-time.

CredoLab only reads permissioned information and transforms them into anonymous data about other data (metadata). If you could take a look at the data CredoLab’s scoring algorithm processes, it would be as below:

‍

‍

We have had independent annual auditors (Ernst & Young, (2018) and eShard (2019) verify that our product do not have any exploitable vulnerabilities. 

The file containing the metadata used to calculate the credit score is no bigger than 50kb.

CredoWeb focuses on two levels of analysis: Behavioural Application Analysis of the user and Anti-Fraud Checks of the device.

The ScoreMe application is approximately 2MB in size.

Our fraud check algorithm protects you from 45 types of fraud and abuse:

• Payment fraud
• New Account Fraud
• Application Fraud
• Policy Violation
• Account Takeover
• Claims Fraud
• Loan Default
• Identity Theft

Yes, CredoLab's end-to-end communication protocols are encrypted.

‍

‍

‍

The App is approximately 7Mb in size.

CredoLab’s Behavioural Application Analysis is a new solution that assesses users while they apply for a loan or credit card on a lender’s or aggregator’s website. CredoLab’s Behavioural Application Analysis uses behavioural metrics to build profiles of users’ behaviours that include:

‍

• How they type, the keys that they press and how they press them?
• How they move the mouse on the screen?
• How quickly they answer questions that they should know?
• How slowly they answer questions that they may not know immediately?
• How they swipe left to right on a mobile platform or utilize other gestures?
• How uniform is the typing rhythm?

‍

Through the behavioural monitoring of a user’s loan or credit card application, we provide lenders with a new credit assessment tool based on users’ actions. We crunch these metrics with an algorithm that also accounts for behavioural variances across platforms and can detect if automated activity might be involved (for instance, a bot for application form completion or past e o r autocompletion tool).

‍

CredoLab’s Behavioural Application Analysis seamlessly integrate in any mobile app and website. It collects behavioural metrics via a simple JavaScript that enriches the credit assessment without introducing any friction in the user experience.

‍

Once downloaded, the Credo ScoreMe requests for permissions to be granted to access the metadata of the smartphone and process the data into a credit score. On approving the access, you can immediately see your score. You are then presented with possible products that you are eligible to apply for. If you choose to pick a product of your preference, the request for application and the score is sent to the financial institution. This provides them a pre-assessed application that will fasten the processing of the application and guarantee you a higher chance of approval.

No. The fraud check is done with the same meta data accessed after explicit consent is taken from the customer. The customer is given full information on how and for what purposes the metadata collected will be used while requesting for access. We believe in complete transparency and do our best to ensure you are in full control of your data – even though its non-identifiable metadata.

No. The only time the app is active is when you initiate the scoring process. Once the score is sent to the backend, the app is defunct. It does not access any data or remain active in the background. You are free to delete the app right after the scoring is done.

‍

You can get more information on how we handle the data under our privacy policies.

CredoLab collects privacy consented, non Personally Identifiable Information (PII) anonymous metadata, such as:

‍

• SMS, Log, Email, Network: We analyse SMS, Email and Network communication activity, not actual content, including frequencies, ratios, intervals between actions, distribution, and entropies.
• Contacts: We analyse the address book and correlate it with the communication activity including existing contacts or unknown ones or short numbers without moving any contact outside the mobile.
• Device: We analyse all characteristics of the device including the model, display size, RAM size, storage size and utilization, age of the device.
• Browsing History: We analyse the browsing history including browsing patterns, preferences or simply intent to apply for a lending product.
• Applications: We analyse the type of apps including competitive lending apps, office applications, e-wallets, and suspicious ones such as TOR or VPN.
• CredoLab can also collect Non-anonymous data: In this mode, the CredoApp and CredoSDK collect the content of text messages, the actual phone numbers, the names and details of contacts in the address book, the geolocation and other personal data. This approach allows your institution to dramatically increase the accuracy of KYC while opening up new use cases including skip tracing and collections management.

‍

We collect data permissions from 8 main, broad categories - Apps, messages, contacts, image and audio files, emails, calendars and downloads. We give you control of which permissions you want to allow, and which you'd like to decline access to.

We collect data permissions from 8 main, broad categories- Apps, messages, contacts, image and audio files, emails, calendars and downloads. We give you control of which permissions you want to allow, and which you'd like to decline access to.

We collect data permissions from 8 main, broad categories - Apps, messages, contacts, image and audio files, emails, calendars and downloads. We give you control of which permissions you want to allow, and which you'd like to decline access to.

CredoLab’s Anti -Fraud Checks help your lender assess the devices used to apply for a loan or a credit card. In collaboration with TransUnion, formerly iovation, CredoLab’s new anti-fraud solution analyses the context of an application on mobiles, computers, and tablets and helps answer the following questions:

‍

• Is this a new device or have we seen it before?
• Is device being evasive?
• Are there geolocation risks?
• Are there device risks present?
• Does device have history of fraud?
• Is device associated with other devices that have fraud history?

‍

Through mobile device intelligence, we offer a new anti-fraud tool that accurately separate the fraudsters from good customers by identifying:

‍

• Evasion techniques: Transactions originating from TOR networks, use of a proxy server, or use of mobile
• Device anomalies: Location mismatches, time zone and IP address changes, and transactions that originate from known high risk locations, IPs, or ISPs.
• Risky device behaviours: High transaction volumes, too many accounts and/or geolocations per device, and past history of fraud or abuse.

With the anonymous approach, CredoLab focuses on protecting the users’ data privacy. Even if users’ data are stolen, it would be impossible to identify neither a user, or any of her contacts, or fetch any other information from a data set. CredoLab does not collect the content of messages or emails, phone numbers, contact names, geolocation or any other personal data.

‍

The process is completed faster than you can say "CredoLab". The app begins accessing data only after the you have granted the required permissions. Within seconds the score is generated and sent to the financial institution. Do note that all CredoApp does is take a 'snapshot' of the device usage and does not track information over time. Once the score has been successfully sent to the backend, the app is defunct and can be deleted.

‍

You can get more information on how we handle the data under our privacy policies.

Then CredoLab will not be able to generate a score. The score is generated based on the information allowed to access.  The more permissions granted, the more accurate the score will be reflected and thus, higher the chances of getting a better approval score.

Sizing is minimal as we simply implement a few lines of coding to embed the data collection and scoring algorithm into the application web page.

The process is completed faster than you can say "CredoLab". The app begins accessing data only after the customer has granted the required permissions. Within seconds the score is generated and presented to the customer. Do note that all ScoreMe does is take a 'snapshot' of the device usage and does not track information over time. Once the score has been successfully generated, the app is defunct and does not scrape any data in the backend.

‍

You can get more information on how we handle the data under our privacy policies.

No. CredoLab doesn't collect and share user's personal info

‍

No. The only time the app is active is when you initiate the scoring process. Once the score is sent to the financial institution, the app is defunct. It does not access any data or remain active in the background. You are free to delete the app right after the scoring is done.

‍

You can get more information on how we handle the data under our privacy policies.

No. The only time the app is active is when the customer initiates the scoring process. Once the score is sent to the backend, the app is defunct. It does not access any data or remain active in the background. The customer is free to delete the app right after the scoring is done.

You can get more information on how we handle the data under our privacy policies.

No permissions are needed because our web solution only monitors the your behavioural pattern within the process of application. It is essentially a single-session data capture process that starts when you start the application form and ends the moment you submit your form.

The metadata assessed and the score generated on you are stored by CredoLab for your financial institution’s use as long as we are their technology partners. On termination of the contract, this data is deleted from all servers.

Then CredoLab will not be able to generate a score. The score is generated based on the information allowed to access.  The more permissions granted, the more accurate the score will be reflected and thus, higher the chances of getting a better approval score.

Data collections begins from the moment the customer begins the filling in application form and ends once the form is submitted.

Then CredoLab will not be able to generate a score. The score is generated based on the information allowed to access.  The more permissions granted, the more accurate the score will be reflected and thus, higher the chances of getting a better approval score.

The data extracted is stored in the form of a Json (or JavaScript) file on secure clouds provided by Amazon, Microsoft or a secure local server depending on our client's and country's policy and regulation. We are generally compliant with respective governmental regulations and local data is kept within the country, but CredoLab remains the sole proprietor of the data collected.

Currently CredoApp supports 7 main Asian languages; Simplified Chinese, English, Indonesian / Malay, Thai, Burmese, Vietnamese and Tagalog. To change the language, simply tap on the relative icon in the menu.

No. The JavaScript is activated when the customer starts filling application form and stops the moment the form is submitted.

Currently the app supports 7 main Asian languages; Simplified Chinese, English, Indonesian / Malay, Thai, Burmese, Vietnamese and Tagalog. To change the language, simply tap on the relative icon in the menu.

CredoLab has been working with Microsoft Azure for our cloud storage solutions. If a particular financial institution or local regulators compel us to use another platform, we do so after thorough checks.

‍

Only authorized and trained employees of Research and Development department have read only access to the data. In addition to this, the customer success team working with the financial institution will also have access to the data for better serving them. 

All data collected are encrypted at all times - when at rest as well as in transit. Production data, the data used to generate the scorecards once you go live, are restricted from being used in test and development systems unless the data is appropriately masked or sanitised to protect sensitive information (if any). Data leakage protection (DLP) mechanisms are put in place to monitor and prevent the data form leaving the organisation via removable media or via a network. We maintain separate and appropriately segregated development, test and production environments for all Client`s relevant systems.

‍

We have a formal security incident monitoring, reporting and response process to identify, report, and appropriately respond to known or suspected security incidents. Theft or loss of user systems (such as workstations or laptops) considered security incidents and follow our incident reporting process.

‍

The process is completed faster than you can say "CredoLab"! The app begins accessing data only after you have granted the required permissions. Within seconds the score is generated and sent to your lender. Do note that all CredoApp does is take a 'snapshot' of the device usage and does not track information over time. Once the score has been successfully sent to the backend, the app is defunct and can be deleted.

No. The only time the app is active is when you initiate the scoring process. Once the score is sent to the financial institution, the app is defunct. It does not access any data or remain active in the background. You are free to delete the app right after the scoring is done.