Equifax Ltd

Bank Account Verification

Equifax Bank Account Verifier (BAV) is a comprehensive and versatile web or API service that quickly verifies a customer’s identity and validates whether the bank account details provided are correct, valid and associated to the applicant. Equifax utilises data directly from the banks to input data to maximise accuracy.

Features

• Extensive coverage of all types of UK bank accounts
• Ability to match against current, basic and non-consented accounts
• Checks are made against all previous and linked addresses
• Provides a clear link between A/C, sort code and person
• A further verification of the identity
• Logical and user friendly navigation options
• Fully compliant with all relevant legislation
• Simple and intuitive to use
• No need to re-architect any existing systems
• Full helpdesk support, online and by phone

Benefits

• Helps ensure that fraudulent individuals are identified
• Ensures that only genuine direct debits are accepted for payment
• Wider range of accounts improves match rates substantially
• Can uncover linked addresses associated to fraud
• Can match where individual has not informed bank of move
• Reduces risk of fraudulent use of stolen bank details
• Mitigate risk of impersonation fraud
• Ensures genuine bank details for repayments due
• Improves customer experience

£0.75 a unit

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at oliver.abbott@equifax.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

523763824828343

Contact

Oliver Abbott
+44 7825 313734
oliver.abbott@equifax.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: No
• System requirements:
  • Users require Citrix Receiver on their local machine
  • Users require a web browser to access the service
  • User requires email address or a mobile phone for 2fa

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email responses are the same at weekends. User support is 24/7.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The service will be accessed via a standard browser so minimal impact on current infrastructure. We would not anticipate requiring technical support however we would work with any organisation to overcome any potential issues.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Once users have been set up we will engage with the buyer to assess what the training needs are and how best they can be fulfilled. Training options include on site / webinar / train the trainer. Full user documentation can be provided and the system has an online help facility which users can refer to at any time.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: This is an online service which utilises the data provided only when requested by the user. There will not be any data held on Equifax's beyond what is legally mandated for audit and compliance purposes.
• End-of-contract process: Once the contract period has ended the account will be deleted so no users can log on in the future. All costs would be clearly marked on the contract which would be agreed at the outset of the arrangement and no further costs will be incurred outside of that.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Reader View is available
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: Equifax Gateway, our XML link, is the interface that allows clients to integrate Equifax into their systems in order to access and retrieve consumer data, characteristics, scores and other products they require from Equifax to make decisions about their customers. Equifax Gateway uses SOAP (Simple Object Access Protocol) and WSDL (Web Services Description Language) to provide a flexible, modern interface that can be easily integrated with clients’ tooling and systems. SOAP is a standard mechanism for data interchange between computer systems. There are many commercial and open source tools and libraries that can be leveraged to create SOAP requests and interpret SOAP responses. Clients can use the WSDL to assist in the generation of their own service to integrate into their technology.
• API documentation: Yes
• API documentation formats: PDF
• API sandbox or test environment: Yes
• Customisation available: No

Scaling

• Independence of resources: Equifax websites are widely used by a wide variety of organisations within the UK and as such have a scalability built in so there is always capacity to cope with additional demand.

Analytics

• Service usage metrics: Yes
• Metrics types: Equifax can provide usage information based on the actual volume of requests. These can show the volume of and type of reports requested and also details of the request such as the user who performed the request, time and date and details of what was input.
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Results from the enquiry will be shown on screen and users can then print or create a .pdf of the results for reference. Should batch requests be submitted these will be provided in .csv format.
• Data export formats: CSV
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: Services typically run at around 99.5% availability. Buyers can liaise with Equifax at the outset of a contract to agree on SLA's and what refunds the buyer would be eligible for should the service run below the agreed SLA.
• Approach to resilience: This information can be made available on request.
• Outage reporting: A public dashboard (on the log on page) will provide information on any known upcoming changes to the products and services. In the case of outages we will communicate the issue and the progress (along with expected resolution times where available) to buyers via email.

Identity and authentication

• User authentication needed: Yes
• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: Confidential. We are happy to discuss in further detail with the Equifax Security team
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users receive audit information on a regular basis
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 29/05/2020
• What the ISO/IEC 27001 doesn’t cover: N/a
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Coalfire Systems, Inc.
• PCI DSS accreditation date: 10/07/2020
• What the PCI DSS doesn’t cover: N/a
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow ISO 27001 best practice, which ensures we comply with various regulations regarding data protection, privacy and IT governance. All employees have to read, acknowledge and sign the information security policy when they join the company. All employees are vetted using previous employment references and internal credit checks as part of the application process. We operate a mandatory induction training programme for all new starters, which includes a detailed study of the company’s information security policy, standards, practices, and the employee’s obligations under that policy framework. All employees have to sign non-disclosure / confidentiality agreements and have clearly defined terms and conditions of employment. There is also a clearly defined and communicated disciplinary process in place. Any specific security requirements over and above the general company ones are included within job descriptions.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Confidential. We are happy to discuss in further detail with the Equifax Security team
• Vulnerability management type: Undisclosed
• Vulnerability management approach: Confidential. We are happy to discuss in further detail with the Equifax Security team
• Protective monitoring type: Undisclosed
• Protective monitoring approach: Confidential. We are happy to discuss in further detail with the Equifax Security team
• Incident management type: Undisclosed
• Incident management approach: Confidential. We are happy to discuss in further detail with the Equifax Security team

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Tackling economic inequality:

  Tackling economic inequality

  ACTION: We will partner with leading charities such as Young Enterprise (YE)/Career Ready to deliver support in money management and careers skills to young people in more deprived areas. ; ; ACTION: Experts from across the Equifax family of companies will produce an annual financial health report for the UK using data only we hold on people’s income, spending, credit and debt resolution in the private and public sectors. We will launch it every year at a new workshop for debt policy stakeholders.
• Wellbeing:

  Wellbeing

  ACTION 1: WE WILL DELIVER A LASTING MEASURED IMPROVEMENT IN THE MENTAL AND PHYSICAL HEALTH OF OUR WORKFORCE BY GIVING ALL STAFF ACCESS TO LIVESMART, A DIGITAL TOOL TO BUILD A HAPPIER, HEALTHIER WORKFORCE; ; ACTION 2: WE WILL OFFER VULNERABILITY AWARENESS TRAINING TO ALL STAFF TO IMPROVE THEIR RESILIENCE AND OUTCOMES FOR VULNERABLE PEOPLE; ; ACTION 3: WE WILL IMPROVE WELLBEING BY DRIVING UP VOLUNTEERING THROUGH PARTNERSHIPS WITH HIGH IMPACT CHARITIES SUCH AS YOUNG ENTERPRISE (YE)/CAREER READY THAT EDUCATE YOUNG PEOPLE IN MORE DEPRIVED AREAS ON MONEY MANAGEMENT AND CAREERS SKILLS

Pricing

• Price: £0.75 a unit
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: For a limited time or an agreed volume of reports Equifax would be willing to provide a trial of the full service in order for an assessment to be made by the supplier of its suitability.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at oliver.abbott@equifax.com. Tell them what format you need. It will help if you say what assistive technology you use.