TransUnion Direct gives you fast, easy access to credit reports and other important information via the Web. But with new technologies come new ways to perpetrate fraud.
We protect client and consumer information by eliminating shared IDs and passwords and encouraging individual users to share in the responsibility of maintaining a secured environment.
The numerous security measures we have in place help safeguard you and your company. For instance, individual IDs allow you to add and remove users easily, without affecting other employees using the system. And, with our activity reports, you can monitor how TransUnion Direct is being used within your company.
While our security features are some of the best in the industry, we need your help in maintaining a secure environment. These guidelines will help you take full advantage of TransUnion Direct's security features:
- Your User ID leaves an "electronic signature" on every product that you request, so be sure no one else uses your User ID. In addition, every credit report you request has your name on it as the requestor.
- Select a unique password - one that you can remember, but others cannot easily guess.
- Do not use "remember password" or password scripting options. Enter your User ID and password each time you log in to TransUnion Direct.
- Change your password regularly. TransUnion Direct requires you to change your password every 90 days; however, you can change your password at any time. If you think that another person may have learned your password, change it immediately.
- Avoid using patterns when creating passwords. TransUnion Direct remembers previous passwords and will not allow you to select recently used passwords. Keep in mind that if you simply modify one character, you are establishing a pattern that could defeat the purpose of regular password changes.
- Do not use the same password for all of your systems and Web sites.
- Do not share your password with others. If you must write it down, keep the note in a secure place.
- Do not share your challenge response. Your challenge response should be protected like a password.
- Always log out of TransUnion Direct when you have finished a session or when you walk away from your workstation. Even though TransUnion Direct will time out in 30 minutes, someone could come up to your workstation while you are still logged in and request consumer information.
- Register every new user with TransUnion.
- Educate employees about good security practices.
- Immediately terminate User IDs when employees leave or no longer need access to our services.
- Use activity reports to ensure that TransUnion Direct is being used as intended.
TransUnion Direct Security Features:
- TransUnion issues a unique User ID and password to each individual who requests access.
- TransUnion Direct offers an activity report feature. This easy-to-use monitoring tool allows your company to trace all product requests to the specific user.
- Passwords for TransUnion Direct expire every 90 days. If you prefer, you can change your password more frequently.
- TransUnion Direct has a built-in timeout feature, which causes your session to end after 30 minutes of inactivity. We advise you to log out when you no longer need to use the system.
- When you access TransUnion Direct, a secure session is established and information traveling over the public Internet is encrypted with at least 128-bit key encryption algorithms.
- A firewall prevents unauthorized access to credit information and related databases on our servers.
- All confidential information is kept in databases inside TransUnion's network and is not accessible directly from the Internet other than through TransUnion Direct.
- TransUnion offers digital certificates as an extra layer of security. Digital certificates are electronic credentials that are installed on workstations authorized to use TransUnion Direct. For companies who opt to use digital certificates, only workstations with certificates installed can order and receive TransUnion products. This prevents employees from trying to access information from other computers.