Incredo Analytics?IntegrationHigh SecurityRegularly Compliance

Incredo Analytics (IA) automates the time consuming processes for assessing a credit applicant’s financial position. IA obtains bank account data that covers the preceding 365 days for all of the credit applicant’s accounts, but allows a client representative to filter between the accounts.

The data retrieved is generated into a customised report that breaks down critical information relevant to the credit product. This breakdown identifies, categorises, and makes calculations on the following transactions – Income (Salary & Benefits), Loan Deposits, Financial Repayments, Reversals, Expenses, High Risk Merchants, Banking Transactions, ATM Fees and Spending. Customised risk indexes flag information for further enquiries.

IA enables Credit Providers to enter their high-level lending criteria into its analytical engine which allows for customised and tailored reporting. Graphical and colourised reporting gives loan assessors an instant representation of whether a consumer meets lending criteria and also provides a basic level of auto-decisioning.

Whether you have an IT team of one or many, Incredo Analytics can be API integrated into your current or future aggregation lending platform, CRM, or hardship system. The Incredo platform is built to be API flexible. This allows us to cater for your needs so you can grow your business by introducing enhanced efficiency processes.

Example integration methods are:

Kiosk: is a web-based application that best fits clients who have an in-store computer or tablet. The kiosk can be extended to allow consumers to complete the statement retrieval on an electronic device such as a PC or tablet. This method is automatic and completed in-store, which allows consumers to reach out to a client representative if needed.

Embedded Web Application: The Incredo statement retrieval process can be integrated into your online application. This way consumers can complete both the application and the statement retrieval on one page without navigating elsewhere. This option allows for a fully customised experience with all of the processing being completed in the background.

Direct Link: A direct link allows clients to send their customers to Incredo’s hosted URL to start the bank retrieval process. This link is associated directly to your company’s account. This allows for an ad-hoc, non-integrated method of retrieving bank statements.

Unique Link: Similar to the direct link, the unique link allows users to send a URL to start the bank retrieval process. The difference between a direct link and a unique link is that the unique link requires the user to pre-fill consumer information (including name, date of birth and application ID) on Incredo’s client dashboard. A unique link ensures that the consumer information is entered correctly and links to the correct application.

Raw Data: Documented JSON RESTful API and Webhooks to create integrations into your current and future platform.

Additional features such as credit reporting and Veda ID Matrix can be integrated into the application by Incredo IT.

Incredo has implemented strict procedures to manage the security and privacy of the customer’s information throughout the retrieval process. This provides a benefit to our clients with the assurance that the information has been treated with highest standards and is compliant with all relevant Australian laws and regulatory requirements.

The customer’s personal information is encrypted with 256 bit SSL encryption, the same advanced system used by most banks world over.

Despite not being obligated to comply with PCI DSS under law, Incredo Analytics performs a voluntary self-assessment each year using PCI DSS v3.1.

As part of PCI we have an ASV approved vendor perform regular penetration tests (“pen-tests“) of our product, and we have a strong internal focus on both security and compliance policies, procedures, and practices. These policies and reports can be shared as part of an official request for information (“RFI”) process.

Are there any legal ramifications of a lender asking a customer to input their internet banking credentials into a third party system? Does this breach internet banking rules?

The e-Payments Code regulates electronic payments, including ATM, EFTPOS and credit card transactions, online payments, internet and mobile banking, and BPAY. The Code is a voluntary code of practice, and over 120 Australian banks, credit unions and building societies, and other providers of electronic payment facilities to consumers, subscribe to the Code.

The Code provides safe harbour for subscribers where the account holder does not adequately protect their pass codes and an unauthorised transaction occurs as a result.

An account holder that provides their internet banking logon credentials to a third party software provider, such as Incredo, will not be in breach of their obligations under the Code where a bank “expressly or implicitly promotes, endorses or authorises the use of a service for accessing a facility (for example, by hosting an access service of the subscriber’s electronic address) a user who discloses, records or stores a pass code that is required or recommended for the purpose of using the service does not breach the pass code security requirements.”

The Code gives an example to illustrate where the customer won’t be in breach, relevant to Incredo Analytics: “For example, if a subscriber permits users to give their pass code(s) to an account aggregator service offered by the subscriber or an associated company, a user who discloses their pass code(s) to the service does not breach the pass code security requirements.”

Incredo Analytics uses the Yodlee Financial Platform to perform this operation.