Business FAQ

About CredoLab

Getting Started

CredoApp

CredoSDK

Scorecard Development

Service Level Commitment

Data Privacy

Partners

Why do loan or credit card applicants need to give permissions?

CredoLab values the privacy of borrowers and is committed to keeping their data private and secure. As such, CredoLab will access users' data only after they have agreed to all relevant operating system permissions, given their privacy consent, and after they have clicked on the button that says “proceed with credit analysis”.

Who can I approach if I’m interested to know more about purchasing your product?

You can get in touch with one of our sales representatives to take the conversation forward. We will get back to you as soon as possible to show you a demo of our products and know more about your business objectives.

‍

How long would it take for us to go live after I reach out?

The typical journey we take with our clients involves:

‍

Understanding your objectives and challenges
Signing of NDA
Presenting proposed solution
Finalizing terms and conditions
Signing commercial contract
Launching data collection
Developing digital scorecard
Redesigning underwriting process (after assessing outcomes)
Rolling out digital scorecard

‍

How do you price your offering?

CredoLab follows a pay-per-use business model. You will pay a one-time setup fee and then a fee per score request, just like you would with a credit bureau.

‍

Platform Set-up Fee: The platform setup fee is a one-time fee that covers the integration of the SDK or the customization of the White Labelled mobile app/web tool-kit, support during the data collection phase, the development of the very first scorecard and its fine tuning for up to 12 months.
Fee Per Score: We charge a fee calculated based on the number of requests received every month. The fee amount depends on volumes generated. The higher the volumes, the lower the fee per score. You pay this fee only when you start using our solution.

‍

Once we have signed the contract, how long does it take to go-live with your digital scores?

There are 4 stages to getting started with CredoLab.

‍

Stage 1: Data Collection

‍
The first stage involves collecting data on your customers. This can be done through CredoWeb, CredoSDK, CredoApp or CredoApply. The objective of this stage is to feed a good sample of data sets to the scoring algorithm in order to build final, custom scorecard for your business. This includes both good and defaulting customers. Ideally, we suggest having at least 300 defaulting customers in the data mix to ensure the algorithm is trained how to identify these customers and flag them. The duration of this stage varies from two to three months depending on the availability of data.

‍

Note: no scores are generated at this stage. Merely collection of data is done to train the scoring machine/algorithm.

‍

Stage 2: Outcome Window

‍
This refers to examining the outcome of the credit disbursed during the start of the data collection stage. The scoring algorithm used this to match the features of applicant to their outcomes. Thus, the more data and their outcomes are fed into the machine, the more comprehensive the learning, and the more accurate the scoring algorithm gets. This stage starts form the first month and can last up to three months depending on the availability or satisfying mix of data to feed into the algorithm.

‍

Stage 3: Model Development

‍
Once we have the data and their outcomes, our standard scoring model is tweaked to customize it for your business, market and objective. The machine/algorithm is trained to identify a defaulting and fraudulent customer from day 1. This stage takes up to one week to complete, depending on the complexity of the features considered for scoring.

‍

Stage 4: Production

‍
After testing the customized scoring algorithm and ensuring it works perfectly, we then roll it out and make it live to be used by you. You can start generating scores now.

Once we reach production, how can my underwriting team start generating scores on the applicants?

For each applicant you receive, you can generate a unique ID from the backend and send an SMS/Email to the applicant giving them instructions on how to proceed with the digital score generation. You can view the entire process in the video below.

‍

What is the unique ID for?

In order to maintain the anonymity of the applicant, CredoLab connects every end-user's application to a unique identifier generated from the backend by you. This identifier could be the card/loan application number, or any alphanumeric combination. Only you will be able to see who this ID belongs to.

‍

How long does it take to deploy CredoApp?

We can be up and running in pilot phase in less than two weeks. With it being a plug and play solution there is no need for long, cumbersome, integration.

How does CredoApp work to produce a score?

The CredoApp analyses the smartphone footprint only after the user has granted the required operating system's permissions and given her data privacy consent. Only at this point, the CredoApp proceeds with the credit analysis. The score is provided directly to the lender either via our web-based dashboard or the API. Our plug-and-play solution requires minimal IT integration and is light and fast for the borrower.

What is CredoApp?

CredoApp is a data collection and processing tool offered by CredoLab. The white-label app converts the customer’s smartphone metadata into credit scores, after getting explicit consent to access the device data. The score is then sent to your underwriting team for further assessment of the application.

Why should CredoApp excite me?

The very first white labelled app to be introduced from the CredoLab assembly line, CredoApp's AI-based scoring processes converts metadata from mobile devices into predictable digital scorecards. With CredoApp, you can now judge the creditworthiness and willingness-to-pay of customers with little or no traditional financial history like new-to-credit (NTC), millennials, self-employed and small business owners. Find out more here.

How big is the CredoApp?

The CredoApp 3.0 version is approximately 2MB in size.

What is the size of the average datasets?

The file containing the metadata used to calculate the credit score is no bigger than 50kb.

How does CredoApp function?

‍

What permissions need to be granted in order for CredoApp to be able to collect data before scoring?

We collect data permissions from 8 main, broad categories-- Apps, messages, contacts, image and audio files, emails, calendars and downloads. We allow the customer to control which permissions they want to allow, and which they’d like to decline access to.

How long does it take for CredoApp to collect and process the data, and generate the credit score?

The process is completed faster than you can say "CredoLab". The app begins accessing data only after the customer has granted the required permissions. Within seconds the score is generated and sent to the underwriter. Do note that all CredoApp does is take a 'snapshot' of the device usage and does not track information over time. Once the score has been successfully sent to the backend, the app is defunct and can be deleted.

‍

You can get more information on how we handle the data under our privacy policies.

Can the CredoApp collect data in the background?

No. The only time the app is active is when the customer initiates the scoring process. Once the score is sent to the backend, the app is defunct. It does not access any data or remain active in the background. The customer is free to delete the app right after the scoring is done.

You can get more information on how we handle the data under our privacy policies.

What if the customer refuses to grant permissions to access the device data?

Then CredoLab will not be able to generate a score for that applicant. The score is generated based on the information allowed to access. The more permissions granted, the more accurate the score will be reflected and thus, higher the chances of getting a better approval score.

How many languages can CredoApp support?

Currently CredoApp supports 7 main Asian languages; Simplified Chinese, English, Indonesian / Malay, Thai, Burmese, Vietnamese and Tagalog. To change the language, simply tap on the relative icon in the menu.

What is CredoSDK?

A simple plug and play data collection and credit scoring tool offered by CredoLab that can be easily integrated into your existing mobile application. Flexible APIs ensure that our scoring technology easily integrates with your existing IT infrastructure. CredoSDK enables companies to get started with AI credit scoring quickly with little hassle.

‍

Why should CredoSDK excite me?

This is a no-fuss, simple plug-and-play digital scoring tool. This product is highly recommended for businesses who already have an existing app with a substantial active client base. Our flexible APIs ensure that our scoring technology easily integrates with your existing infrastructure. CredoSDK enables companies like yours to get started with AI credit scoring quickly with increasing approval rates, while keeping your risk under control and start accepting more customers with CredoSDK. Find out more here.

‍

How big is the CredoApp application?

The actual size would depend on the number of permissions your app is allowed to collect. On average, the SDK is about 250kb big and can be operated on both operating systems (iOS and Android).

‍

What is the size of the average datasets?

The file containing the metadata used to calculate the credit score is no bigger than 120kb.

‍

Once I have integrated the SDK into my app, how can I start scoring my customers?

Refer to Scoring to know more on how to kick off scoring your customers. Watch the video below to get a quick understanding how the customer would use the app once ready.

‍

What permissions need to be granted in order for the App using your SDK to be able to collect data before scoring?

‍

How long does it take for the App with your SDK to collect and process the data, and generate the credit score?

The process is completed faster than you can say "CredoLab". The app begins accessing data only after the customer has granted the required permissions. Within seconds the score is generated and sent to the underwriter. Do note that all the app needs to do is take a 'snapshot' of the device usage and does not track information over time. Once the score has been successfully sent to the backend, the app needn’t access any more information for scoring.

‍

You can get more information on how we handle the data under our privacy policies.

‍

What if the customer refuses to grant permissions to access the device data?

‍

Can CredoSDK be integrated into my app via the Ionic framework?

Yes. Please get in touch with us at info@credolab.com for more information on this.

‍

Does CredoSDK support integration via Flutter?

Yes. Please get in touch with us at info@credolab.com for more information on this.

‍

Does CredoLab provide SDK in React Native?

No. Our SDK is available in Android native library only (CredoApp SDK). However, SDK module can be integrated into an application written on React Native.

‍

What is the Xcode version compatible with CredoSDK?

Xcode 11.3.

‍

What is the Swift version CredoSDK supports?

Swift version 5.2 and higher.

‍

What is CredoApply?

CredoApply is a comprehensive digital onboarding platform that facilitates all aspects of the customer application process. Built on CredoLab’s powerful AI credit scoring technology, CredoApply is packed with mobile intelligence to help manage all steps of the onboarding process, such as guiding customers through the application, KYC requirement completion, anti-fraud checks and digital credit scoring. With CredoApply, lenders can offer their customers a fully digitised and engaging onboarding experience. CredoLab’s advanced backend infrastructure ensures that customers enjoy a speedy time-to-yes while companies can profit from higher credit scoring accuracy.

‍

Why should CredoApply excite me?

Find out more here.

‍

What kind of data does CredoApply collect?

CredoApply collects two types of data: personal data and anonymous mobile digital footprint. The personal data is transferred right away to the financial institution via a secure API. No personal data is stored on CredoLab`s servers nor shared with other 3rd parties.

The mobile digital footprint is collected anonymously in the form of metadata. This metadata is only used only to calculate credit score and to determine the outcome of your application. We then determine the correlation between your applicant and the predicted default rate.

‍

You can get more information on how we handle the data under our privacy policies.

‍

How big is the CredoApply App?

The App is approximately 7Mb in size.

What permissions need to be granted in order for CredoApply to be able to collect data before scoring?

What if the customer refuses to grant permissions to access the device data?

What is the difference between the light and full versions of CredoApply?

The CredoApply comes in two versions- full and light. The former offers a longer application which requires the customer to fill in more data, whilst the latter is quicker to fill in and requests lesser data.

What is CredoWeb?

A data collection toolkit that helps lenders score the applicants on desktop. The CredoWeb is a simple JavaScript that sits on the lender’s application web page to collect device fingerprint and behavioural data about the way an application form is filled in. The scoring algorithm uses a two-fold intelligence to assesses the creditworthiness of an applicant. It combines the device data insights with that of browser behaviour to get you a more predictable credit score for each applicant.

Why should CredoWeb excite me?

Forward to our flagship offering, CredoApp, CredoLab brings you a two-fold intelligence tool that assesses the creditworthiness of your customers based on browser data, in addition to smartphone data. The new web toolkit combines the device data insights with that of browser behaviour to get you a more predictable credit score for each applicant with just a simple strip of JavaScript. Find out more here.

What is the two-fold intelligence that CredoWeb provides?

CredoWeb focuses on two levels of analysis: Behavioural Application Analysis of the user and Anti-Fraud Checks of the device.

What does Behavioural Application Analysis entail?

CredoLab’s Behavioural Application Analysis is a new solution that assesses users while they apply for a loan or credit card on a lender’s or aggregator’s website. CredoLab’s Behavioural Application Analysis uses behavioural metrics to build profiles of users’ behaviours that include:

‍

How they type, the keys that they press and how they press them?
How they move the mouse on the screen?
How quickly they answer questions that they should know?
How slowly they answer questions that they may not know immediately?
How they swipe left to right on a mobile platform or utilize other gestures?
How uniform is the typing rhythm?

‍

Through the behavioural monitoring of a user’s loan or credit card application, we provide lenders with a new credit assessment tool based on users’ actions. We crunch these metrics with an algorithm that also accounts for behavioural variances across platforms and can detect if automated activity might be involved (for instance, a bot for application form completion or past e o r autocompletion tool).

‍

CredoLab’s Behavioural Application Analysis seamlessly integrate in any mobile app and website. It collects behavioural metrics via a simple JavaScript that enriches the credit assessment without introducing any friction in the user experience.

‍

What does the Anti-fraud Checks of CredoWeb entail?

CredoLab’s Anti -Fraud Checks help you assess the devices used to apply for a loan or a credit card. In collaboration with TransUnion, previously iovation, CredoLab’s new anti-fraud solution analyses the context of an application on mobiles, computers, and tablets and helps answer the following questions:

Is this a new device or have we seen it before?
Is device being evasive?
Are there geolocation risks?
Are there device risks present?
Does device have history of fraud?
Is device associated with other devices that have fraud history?

Through mobile device intelligence, we offer a new anti-fraud tool that helps you accurately separate the fraudsters from your good customers by identifying:

Evasion techniques: Transactions originating from TOR networks, use of a proxy server, or use of mobile
Device anomalies: Location mismatches, time zone and IP address changes, and transactions that originate from known high risk locations, IPs, or ISPs.
Risky device behaviours: High transaction volumes, too many accounts and/or geolocations per device, and past history of fraud or abuse.

CredoLab’s Anti-Fraud Checks seamlessly integrate in any device. It collects metrics via a simple JavaScript that enriches the credit assessment without introducing any friction in the user experience.

‍

How big is the CredoWeb JavaScript?

Sizing is minimal as we simply implement a few lines of coding to embed the data collection and scoring algorithm into the application web page.

What permissions need to be granted in order for CredoWeb to be able to collect data before scoring?

No permissions are needed because our web solution only monitors the customer's behavioural pattern within the process of application. It is essentially a single-session data capture process.

From what instance does the JavaScript start capturing the data?

Data collections begins from the moment the customer begins the filling in application form and ends once the form is submitted.

Does the JavaScript monitor the browser activity before or after this?

No. The JavaScript is activated when the customer starts filling application form and stops the moment the form is submitted.

What is ScoreMe?

ScoreMe is a light mobile app aimed at helping financial institutions generate demand for their loans and credit cards while improving the quality of the leads. Credo ScoreMe enables your applicants to see their digital credit score by simply downloading a mobile app on their smartphones. Our AI-algorithm identifies the best deserving customers and presents them with a link to the product of yours that they best qualify for.

Why should I use ScoreMe?

ScoreMe is a light mobile app aimed at helping you generate demand for your loans and credit cards while improving the quality of the leads. ScoreMe enables each applicant to see their digital credit score by simply downloading a mobile app on their smartphones. Our AI-algorithm identifies the best deserving customers and presents them with a link to the product that they best qualify for. Find out more here.

How big is the ScoreMe application?

The ScoreMe application is approximately 2MB in size.

How does ScoreMe function?

Once downloaded, the ScoreMe requests for permissions to be granted to access the metadata of the smartphone and process the data into a credit score. On approving the access, the customer can immediately see his/her score. The customer is then presented with possible products that they are eligible to apply for. On picking their preferred product, the request for application and the score is sent to your team. This provides a pre-approved list of quality leads for your sales and underwriting team to process further.

What permissions need to be granted in order for Credo ScoreMe to be able to collect data before scoring?

We collect data permissions from 8 main, broad categories - Apps, messages, contacts, image and audio files, emails, calendars and downloads. We allow the customer to control which permissions they want to allow, and which they’d like to decline access to.

How long does it take for ScoreMe to collect and process the data, and generate the credit score?

The process is completed faster than you can say "CredoLab". The app begins accessing data only after the customer has granted the required permissions. Within seconds the score is generated and presented to the customer. Do note that all ScoreMe does is take a 'snapshot' of the device usage and does not track information over time. Once the score has been successfully generated, the app is defunct and does not scrape any data in the backend.

‍

You can get more information on how we handle the data under our privacy policies.

Can the ScoreMe collect data in the background?

You can get more information on how we handle the data under our privacy policies.

What if the customer refuses to grant permissions to access the device data?

How many languages can ScoreMe support?

Currently the app supports 7 main Asian languages; Simplified Chinese, English, Indonesian / Malay, Thai, Burmese, Vietnamese and Tagalog. To change the language, simply tap on the relative icon in the menu.

How does CredoLab generate the fraud score?

CredoLab has partnered with TransUnion, formerly iovation, to bring you the best in business anti-fraud solution. CredoLab and TransUnion, formerly iovation, have joined forces bringing a single mobile solution that uses smartphone device metadata to generate bank-grade digital scorecards and perform anti-fraud checks, in real-time.

Is the credit score and fraud check done at the same time?

Yes. While our scoring algorithm crunches the consented device metadata to provide you with a reliable credit score, TransUnion’s FraudForce uses device recognition and intelligence technology to track over 45 types of fraud and abuse. All this happens in a matter of seconds giving you the fraud score and the credit score on the applicant in real-time.

What are the different kinds of fraud checks conducted by the fraud check algorithm?

Our fraud check algorithm protects you from 45 types of fraud and abuse:

Payment fraud
New Account Fraud
Application Fraud
Policy Violation
Account Takeover
Claims Fraud
Loan Default
Identity Theft

Does the fraud score check any additional data access?

No. The fraud check is done with the same meta data accessed after explicit consent is taken from the customer. The customer is given full information on how and for what purposes the metadata collected will be used while requesting for access. We believe in complete transparency and do our best to ensure your customers know they are in full control of their data – even though its non-identifiable metadata.

What types of scorecards can we develop?

We can develop scorecards for all unsecured lending products including credit cards, personal loans, POS loan, payday loans, two-wheeler loans and auto loans. Our scorecards are effective with all user segments including new-to-bank and new-to-credit customers, and also to cross-sell to existing customers in developed and developing countries.

‍

How do you integrate your digital scorecard with our existing one?

We offer three scorecard integration options: merge, dual, and input.

‍

Merge: you can merge your existing scorecard with a CredoLab digital scorecard to create a more powerful, enhanced score.
Dual: you can run the CredoLab digital scorecard in parallel with your existing scorecard to assist in your decision making.
Input: you can use the CredoLab digital score as one additional characteristic in your existing scorecard.

‍

What is the Gini coefficient of an average CredoLab scorecard?

The Gini coefficient of CredoLab's scorecards varies from client to client. As of today, CredoLab has consistently delivered scorecards with an average of 30% higher Gini coefficient than the traditional scorecards used by the client.

‍

How does CredoLab develop its digital scorecards?

We have arrived at this 7 step process of developing a scorecard after years of analysis of what goes into designing the perfect engine that can assess the creditworthiness of each applicant efficiently. Each step is executed closely with your team to ensure its customized to your objectives, business, and markets amongst other relevant factors. Here's a snapshot of what the process looks like:

‍

What info can I see during the scorecard development phase?

During the scorecard development phase you will be able to monitor the progress of datasets uploaded but will not receive a score. The very purpose of the data collection phase is to collect enough dataset required to tailor-make the scorecard model. After you approve the scorecard, we then put it into production and starts charging a fee per requested score. At the end of the pilot you will receive the scorecard and the underlying features.

‍

What happens during Data Collection?

Data collection is the process consisting of two steps: Gathering information from customers and Gathering information using the performance data.

‍

In the first step, information is collected from the customers using White-label CredoApp, White-label CredoApply or CredoApp SDK. During this phase you can monitor the datasets uploaded onto CredoLab' servers to check it's quality (no duplicates etc). The data collected is used to train the AI algorithms used to select the most predictive delinquent behavioural patterns.

‍

In order to build a tailor-made scorecard, you also need to provide us with performance data for the disbursed credit alongside the collected metadata from the customers. This performance data file should contain a binary target indicating if a borrower is “good” or “bad” (from credit risk perspective).

‍

Given the behavioural nature of the score, we will tailor-make each scorecard based on the particular population and product that you want to assess.

‍

Is there any specific requirements for the data being used to train the AI algorithm?

In order to build a robust scorecard, we recommend to collect metadata of about 5,000 users of which at least 300 to 500 are defaulters. The total number of uploaded datasets will depend on default rate, approval rate, and penetration of the mobile apps.

‍

What happens in Data Preparation phase?

Data Preparation involves processing the raw data so that machine learning algorithms can uncover insights and make predictions. CredoLab uses proprietary software and algorithms to transform the raw data collected during the data collection phase into millions of features which are a foundation of all further steps of a modelling process.

‍

What happens in the Segmentation phase?

Segmenting, or clustering, is an unsupervised machine learning algorithm where the target is not known. CredoLab always tests different types of segmentation to make sure the data is homogeneous from a digital footprint point of view. Typically, we use Android version, data availability, device brand and other features to build homogeneous segments in order to increase the overall predictive power of an ensemble of scorecards. This step ensures that demographic information about the individual phone user is NOT included. Variables such as age, sex, income level, etc. are NOT considered for modelling nor extracted from the mobile device for any other purpose.

‍

What happens in the Feature Selection Phase?

Feature selection eliminates irrelevant or redundant features with the aim of increasing accuracy of the scoring model. We typically reduces the number of features from 1,300,000 to about 5,000 via fast and greedy algorithms. We then apply sophisticated proprietary algorithms to accurately select a few dozens of the most predictive and stable features. We always use a few different feature selection algorithms to ensure that we focus on features that are relevant to the problem we are trying to solve (predict risk).

‍

What happens during Model Building?

Credit risk models are built to provide a quantitative estimate of the probability that a customer will display a defined behaviour as provided by the bank with their performance data. In our modelling stage, we always divide the available data into a training set, a validation set, and a test set. Consistent with industry practices, the training set is used for fitting the model, the validation set is optionally used to optimize parameters, and the test set is used for reporting the accuracy of the final model with its chosen parameters. Dividing up the dataset in this way for different purposes serves to provide better estimates of actual model performance on individuals who are either new-to-credit or new-to-bank.

‍

What happens during Model Deployment?

This step is carried out by you along with our assistance.

‍

Model deployment in data science refers to the application of a model for prediction using new data. Depending on your requirements, the model deployment phase can be as simple as generating a report or as complex as implementing a repeatable data science process.

‍

We will provide you with a manual for this step. The manual contains the details of the datasets being used for model building, the subset of features being selected as the most predictive to be included in the final model. The manual also includes the model performance (train vs. test) and the charts summarizing the distribution of the users per risk score.

‍

What happens during Model Calibration?

Model calibration is done after a model is deployed in production. Model calibration is the process of fine-tuning and improving the model with new data coming from the same bank. Tuning a model involves changing parameters such as learning rate or optimizer. Or model-specific architecture factors such as number of trees for random forests and number of and type of layers for neural networks.

‍

During the first 12 months, we recommend you share the performance data on a monthly basis. With this data, we can fine tune the model and improve it. As the portfolio matures, we recommend to perform a quarterly or semi-annual calibration.

‍

Part of the calibration process is again out-of-sample and out-of-time validations. These are important steps to avoid overfitting, the practice in which the model fits the empirical data too well which results in less accurate predictive results for the new set of input data.

‍

SLA on score generation

Our standard SLA with most clients is no more than 1 minute but 97% of our transaction records show is less than a second for our clients to see the results.

‍

Quality Support

Credolab agrees, represents, and warrants to provide the Client with quality support and access to knowledgeable personnel at all times. CredoLab provides a multi-level support to the Client executed by the both Customer Success Manager and the Technical Support team. Incoming requests are prioritized according to its scale and duration of impact on production:

‍

Level 1, Customer support (General requests, minor issues. This is a transitional level for incoming requests).
Level 2, Technical Support (Minor issues with high priority).
Level 3, Technical Support (Major Issues).

Response times

Incidents are prioritized based on severity level below to ensure that those with the highest business impact are resolved first. Technical support resources are available during local business hours.

‍

Level 1: Critical Service Impact (A service failure or severe degradation. Case critically affects the primary business service). 4 business hrs first response time, 24 business hours resolution time.
Level 2: Significant Service or Implementation Impact (A service failure or severe degradation. Case critically affects the primary business service). 6 business hrs first response time, 72 business hours resolution time.
Level 3: Moderate Service Impact (Product features are unavailable but a workaround exists). 8 business hrs first response time, 10 business days resolution time.
Level 4: No Service Impact (Non-critical cases, general questions, enhancement requests, documentation cases, issues that have very little to no impact on functionality). 12 business hrs first response time, 15 business days resolution time.

Error handling

CredoLab agrees, represents, and warrants to use commercially reasonable efforts to resolve errors in a manner consistent with the requirements of the Client, the Agreement, the Services, and our SLA. CredoLab shall use the standard HTTP response codes to indicate specific failure modes. The high-level breakdown of the standard HTTP error conditions and how Client's system will interpret these are as follows:

‍

2xx: Supplier API has received, understood, and accepted a request.
3xx: Further action is required in order to complete the request.
3xx: An error occurred in handling the request. The most common cause of this error is an - invalid parameter.
5xx: Supplier API received and accepted the request, but an error occurred while handling it.

Data protection

CredoLab agrees, represents, and warrants not to post, transmit, retransmit, or store material on or through the CredoLab Infrastructure that:

‍

is in violation of any applicable local, state, federal, international law, regulation, treaty or tariff; or
violates the rights of any person, including rights protected by copyright, trade secret, patent or other intellectual property or similar laws or regulations, including, but not limited to, the installation or distribution of pirated or other software products that are not appropriately licensed for use by CredoLab.

‍

CredoLab agrees, represents, and warrants to comply with data protection laws and regulations that apply to the performance of its obligations under this SLA and to process any personal data (including any which forms part of the Client's Data) as a result of, or in connection with, the provision of the Services to the Client strictly in accordance with Clients’s instructions and/or all applicable data protection laws and regulations and not otherwise. CredoLab agrees to take reasonable, appropriate technical, business, and organizational measures against accidental, deliberate, or unauthorized destruction, loss, alteration or disclosure of any data and implement adequate security programs and procedures to ensure that unauthorized persons do not have access to any equipment used to process personal data as part of the Services.

‍

CredoLab agrees, represents, and warrants not to use or disclose Client’s Data or any end-user data, except to perform the Services and conduct activities authorized in this SLA.

‍

System monitoring

CredoLab agrees, represents, and warrants that it uses data leakage protection (DLP) mechanisms, network security via TLS, access control policy, system development lifecycle (SDLC), encryption protocols, software baseline configuration system, network security and firewall management, intrusion detection and/or prevention systems (IDS/IPS), environment segregation for relevant systems, and security logging and monitoring policy, among others. These help with the daily monitoring and performance of servers.

‍

System availability

CredoLab agrees, represents, and warrants to undertake commercially reasonable measures to ensure that System Availability equals or exceeds the SLC of 95% during each calendar month, excluding Maintenance Windows, provided that any Unscheduled Downtime occurring as a result of the following exclusions: (i) incompatibility of Client’s equipment or software with the CredoLab Infrastructure; (ii) performance of Client's systems or website; or (iii) Force Majeure or (iv) any other circumstances that are not within CredoLab’s control which for purposes of this SLA is limited to scheduled or unscheduled interruptions caused by third party service providers (e.g., third party networks, domain name registrars) and outages on the part of internet service providers, shall not be considered toward any reduction in System Availability measurements or the application of Service Credits provisions. CredoLab shall comply with the following API requirements:

‍

API Performance: Ability to handle a minimum request rate of 1 request per second (Supplier’s API should be able to serve at least this rate of requests). Ability to handle a maximum request rate of 20 requests per second (Supplier’s API should be able to “burst” to this maximum rate of serving requests). Each API Response should have an average response time < 4000ms (less than 4000 milliseconds).
API Availability: Supplier APIs shall achieve an uptime of 95% per month.
Should an emergency dictate a need for any period of non-Availability of CredoLab Infrastructure outside the Maintenance Window, or for a period of non-Availability exceeding 2,160 minutes, CredoLab agrees to schedule such non-Availability at least fourteen (14) calendar days in advance of its commencement with prior concurrence of the Client's representative. Any period of non-Availability outside of the Maintenance Windows shall be treated as “critical” Issue.

‍

Bandwidth availability

CredoLab agrees, represents, and warrants to use commercially reasonable efforts to determine the source of any excess packet loss or latency and to correct such problem to the extent that the source of the issue is on CredoLab Infrastructure or network.

‍

Disaster recovery

CredoLab agrees, represents, and warrantsto use standard industry practices to regularly back up all data stored on behalf of the Client in accordance with the Schedule below, and implement a disaster recovery plan in the event of a site catastrophe or other Force Majeure Event that prevents CredoLab from delivering the Services or the client from accessing the Services or CredoLab’s Infrastructure, and agrees to use commercially reasonable efforts to have the Services restored to operation as soon as practicable

‍

Data backup and retention

CredoLab agrees, represents, and warrants to back up all Client Data (including but not limited to File Data, Database Data, and Archive Data), on a daily basis using a combination of full and incremental backup procedures. In addition, CredoLab shall archive database logs to permit recovery to a specific point in time if necessary. Backups will be executed automatically using a predefined schedule. Backup records will be rotated offsite on a periodic basis to ensure availability in the event of a site catastrophe. CredoLab agrees to archive and retain such records using predefined schedules and policies.

‍

Recovery of data

CredoLab agrees to exercise commercially reasonable efforts to restore data files from archived copies as quickly as reasonably practicable, as necessary as a result of system failure or data corruption or losses. Client acknowledges that the amount of time required to restore data files is dependent upon numerous factors, including, but not limited to, severity or the relevant data corruption or loss. Any expense relative to data restoration is for the account of CredoLab.

‍

Does CredoLab collect personal data from the smartphone device?

No. All your customers’ personal data like messages and contacts are not accessed. The only information that some jurisdictions may define as personal would include: Android ID number and Geographic location based on file. This information is only used to deter fraudulent behaviour.

‍

Aside from that, the bulk of the data that we collect is considered metadata, which translates to the data about the data. Furthermore, we access only anonymous data which we code them binarily, and only after the user has agreed to the required Operating System's permissions and granted data privacy consent. In doing so, CredoLab protects the end-users' anonymity whilst retaining the ability to detect fraud deriving from particular devices.

‍

Can you provide examples of metadata?

Examples of metadata would include: the number of events you schedule during work hours, the number of contacts saved per month, total number of apps upgraded in the last month, or the number of music files. We do not collect the personal contents, we just crunch the numbers.

‍

How do I know CredoLab only collects metadata and not any personal information?

CredoLab only reads permissioned information and transforms them into anonymous data about other data (metadata). If you could take a look at the data CredoLab’s scoring algorithm processes, it would be as below:

‍

We have had independent annual auditors (Ernst & Young, (2018) and eShard (2019) verify that our product do not have any exploitable vulnerabilities.

Is the interface between your clients and the service platform encrypted?

Yes, CredoLab's end-to-end communication protocols are encrypted.

‍

What kinds of data do you collect?

CredoLab collects privacy consented, non Personally Identifiable Information (PII) anonymous metadata, such as:

‍

SMS, Log, Email, Network: We analyse SMS, Email and Network communication activity, not actual content, including frequencies, ratios, intervals between actions, distribution, and entropies.
Contacts: We analyse the address book and correlate it with the communication activity including existing contacts or unknown ones or short numbers without moving any contact outside the mobile.
Device: We analyse all characteristics of the device including the model, display size, RAM size, storage size and utilization, age of the device.
Browsing History: We analyse the browsing history including browsing patterns, preferences or simply intent to apply for a lending product.
Applications: We analyse the type of apps including competitive lending apps, office applications, e-wallets, and suspicious ones such as TOR or VPN.
CredoLab can also collect Non-anonymous data: In this mode, the CredoApp and CredoSDK collect the content of text messages, the actual phone numbers, the names and details of contacts in the address book, the geolocation and other personal data. This approach allows your institution to dramatically increase the accuracy of KYC while opening up new use cases including skip tracing and collections management.

‍

You collect so much of people's data. What if it leaks out?

With the anonymous approach, CredoLab focuses on protecting the users’ data privacy. Even if users’ data are stolen, it would be impossible to identify neither a user, or any of her contacts, or fetch any other information from a data set. CredoLab does not collect the content of messages or emails, phone numbers, contact names, geolocation or any other personal data.

‍

Are any users' personal data shared with the vendor? If so, provide the list of data areas.

No. CredoLab doesn't collect and share user's personal info

‍

How long will the data be kept by the CredoLab?

The metadata assessed and the score generated on your customers are stored by CredoLab for your use as long as the contract is valid. On termination of the contract, this data is deleted from all servers.

‍

Where will this data be stored?

The data extracted is stored in the form of a Json (or JavaScript) file on secure clouds provided by Amazon, Microsoft or a secure local server depending on our client's and country's policy and regulation. We are generally compliant with respective governmental regulations and local data is kept within the country, but CredoLab remains the sole proprietor of the data collected.

Which cloud storage provider do you use?

CredoLab has been working with Microsoft Azure for our cloud storage solutions. If your country or company has any other service provider you’d like to use instead, we could confirm on this after checking the security levels and the integration requirements from our side.

‍

Who will have access to the data within CredoLab?

Only authorized and trained employees of Research and Development department have read only access to the data. In addition to this, the customer success team working with you will also have access to the data, after your explicit authorization.

‍

Is there any other steps you take ensure data security?

All data collected are encrypted at all times - when at rest as well as in transit. Production data, the data used to generate the scorecards once you go live, are restricted from being used in test and development systems unless the data is appropriately masked or sanitised to protect sensitive information (if any). Data leakage protection (DLP) mechanisms are put in place to monitor and prevent the data form leaving the organisation via removable media or via a network. We maintain separate and appropriately segregated development, test and production environments for all Client`s relevant systems.

‍

What are your data security incident management efforts?

We have a formal security incident monitoring, reporting and response process to identify, report, and appropriately respond to known or suspected security incidents. Theft or loss of user systems (such as workstations or laptops) considered security incidents and follow our incident reporting process.

‍

What are the benefits of partnering with CredoLab?

CredoLab has a wide ranging network that includes banks, consumer finance companies, auto lenders, online and mobile lenders, insurance companies and retailers. As a CredoLab partner, you will be in contact with an audience highly receptive to your offerings and business model. Read more on how the partnership will benefit your business here.

‍

What are the partnership options available with CredoLab?

Currently we have three kinds of partnership options available to you.

‍

Data partnership

Co-innovation partnership

Technology partnership

‍

Visit our partner page to know more on each of these options.

‍

Who are CredoLab's current partners?

Within a short span of time, CredoLab has grabbed the attention of the right kind of businesses who have partnered with us to offer a wholesome solution to our clients.
‍

‍GoBear ‍
Visa ‍
TransUnion ‍
Mambu ‍
Global Infotech Solutions ‍
Sapio Asia ‍
Ombu Tech Services

Couldn’t find an answer to your query? Get in touch with us directly at faqs@credolab.com.

Business FAQ

TV Interview: Our Growth Plans in 2021

Discovering Modern Credit Risk Scoring in Buy Now, Pay Later

Before you go...stay up to date

Business FAQ

Why do loan or credit card applicants need to give permissions?

Who can I approach if I’m interested to know more about purchasing your product?

How long would it take for us to go live after I reach out?

How do you price your offering?

Once we have signed the contract, how long does it take to go-live with your digital scores?

Once we reach production, how can my underwriting team start generating scores on the applicants?

What is the unique ID for?

How long does it take to deploy CredoApp?

How does CredoApp work to produce a score?

What is CredoApp?

Why should CredoApp excite me?

How big is the CredoApp?

What is the size of the average datasets?

How does CredoApp function?

What permissions need to be granted in order for CredoApp to be able to collect data before scoring?

How long does it take for CredoApp to collect and process the data, and generate the credit score?

Can the CredoApp collect data in the background?

What if the customer refuses to grant permissions to access the device data?

How many languages can CredoApp support?

What is CredoSDK?

Why should CredoSDK excite me?

How big is the CredoApp application?

What is the size of the average datasets?

Once I have integrated the SDK into my app, how can I start scoring my customers?

What permissions need to be granted in order for the App using your SDK to be able to collect data before scoring?

How long does it take for the App with your SDK to collect and process the data, and generate the credit score?

What if the customer refuses to grant permissions to access the device data?

Can CredoSDK be integrated into my app via the Ionic framework?

Does CredoSDK support integration via Flutter?

Does CredoLab provide SDK in React Native?

What is the Xcode version compatible with CredoSDK?

What is the Swift version CredoSDK supports?

What is CredoApply?

Why should CredoApply excite me?

What kind of data does CredoApply collect?

How big is the CredoApply App?

What permissions need to be granted in order for CredoApply to be able to collect data before scoring?

What if the customer refuses to grant permissions to access the device data?

What is the difference between the light and full versions of CredoApply?

What is CredoWeb?

Why should CredoWeb excite me?

What is the two-fold intelligence that CredoWeb provides?

What does Behavioural Application Analysis entail?

What does the Anti-fraud Checks of CredoWeb entail?

How big is the CredoWeb JavaScript?

What permissions need to be granted in order for CredoWeb to be able to collect data before scoring?

From what instance does the JavaScript start capturing the data?

Does the JavaScript monitor the browser activity before or after this?

What is ScoreMe?

Why should I use ScoreMe?

How big is the ScoreMe application?

How does ScoreMe function?

What permissions need to be granted in order for Credo ScoreMe to be able to collect data before scoring?

How long does it take for ScoreMe to collect and process the data, and generate the credit score?

Can the ScoreMe collect data in the background?

What if the customer refuses to grant permissions to access the device data?

How many languages can ScoreMe support?

How does CredoLab generate the fraud score?

Is the credit score and fraud check done at the same time?

What are the different kinds of fraud checks conducted by the fraud check algorithm?

Does the fraud score check any additional data access?

What types of scorecards can we develop?

How do you integrate your digital scorecard with our existing one?

What is the Gini coefficient of an average CredoLab scorecard?

How does CredoLab develop its digital scorecards?

What info can I see during the scorecard development phase?

What happens during Data Collection?

Is there any specific requirements for the data being used to train the AI algorithm?

What happens in Data Preparation phase?

What happens in the Segmentation phase?

What happens in the Feature Selection Phase?

What happens during Model Building?

What happens during Model Deployment?

What happens during Model Calibration?

SLA on score generation

Quality Support

Response times

Error handling