Between: Your Name is deemed to go here (Herein after called "The Member") And TVS Tenant Verification Service Inc. (Herein after called "The Company")

1. The Company agrees to:

1. maintain a database of information obtained from its members and other sources
2. furnish such information (“Consumer Report”) and services as requested by The Member for stated fees and as permitted by law.
3. provide such other services from time to time as may be deemed by The Company to be beneficial to The Member.

2. The Member agrees to use Consumer Reports only in connection with its legitimate business and for a purpose authorized by the Federal Fair Credit Reporting Act, 15 U.S.C. 1681 et seq. (FCRA) such as for entering or renewal of tenancy agreements, for employment screening purposes, for extension of credit.

3. If The Member has chosen Option 2 during the Sign Up process, The Member agrees to a physical site inspection as explained. The Member further agrees to allow access by a qualified person to inspect the business premises, whether home office or commercial office, to ensure that it meets the criteria as outlined in Option 2 under criteria.

4. The Member agrees to request Consumer Reports only for The Member’s exclusive and one time use, and to hold the contents of a Consumer Report in strict confidence and to not disclose the contents of a Consumer Report to any other person. The Member further agrees that he/she will not access consumer credit data on themselves, family, relatives or friends and will not obtain consumer credit data for any other individual or company. Member hereby acknowledges that hard copies of Consumer Reports are to be shredded or destroyed, rendered unreadable when no longer required.

5. To refer any consumer seeking to question or challenge the content of a Consumer Report relating to him or her to The Company.

6. The Member certifies that he/she is not a bail bond company, credit repair company (including credit counseling and credit clinics), investigative company (including private investigators and detective agencies), attorney or paralegal firm, news agency or journalist, law enforcement personnel, dating service, asset location service, has never been involved in credit fraud or other unethical business practices, is not listed on any credit reporting agency notification, and that the business operation for which this application is being made is one of renting real property (houses, apartments or commercial buildings) which The Member does not occupy, is a retail business which extends credit or is a business evaluating individuals for the purpose of employment.

7. The Member hereby acknowledges that The Company cannot guarantee the accuracy of any Consumer Report and accepts all information “AS IS”. Member acknowledges and agrees that The Company obtains its data from third-party sources, which may or may not be completely thorough and accurate, and The Member shall not rely on The Company for the accuracy or completeness of information supplied through The Company’s services.

8. The Member acknowledges that where a question of identity arises regarding same name on a report, the Member must conduct further due diligence to determine if there is a match. Member further acknowledges that there are many same named Individuals and may not necessarily be the named subject on the rental application.

9. The Member is hereby advised that there is an Operating Guide available to assist with the due diligence on same name issue after login at www.dev.tenantverification.com and hereby acknowledges that same will be reviewed in its entirety.

10. In no way shall The Company, its directors or employees be liable in any manner whatsoever for any loss or injury to The Member resulting from the obtaining or furnishing of a Consumer Report. The Member agrees to save and hold The Company, its directors and employees harmless and indemnify them from any claims, losses, damages or costs arising from the publication or disclosure of an Report from The Company to The Member.

11. The Member agrees that it shall obtain written authorization from the prospective tenant before requesting a Consumer Report from The Company. If requested by the consumer, The Member will provide the consumer with the name, address and telephone number of The Company.

12. The Member agrees to hold Experian provided data in strict confidence and not to resell Experian provided data or share Experian provided data in whole or in part with any unauthorized person.

13. The Member agrees that he/she will take every precaution to protect the end-user information (user name and password) and acknowledges liability and responsibility for same.

14. All terms, conditions, warranties or transactions under this agreement are subject to the Fair Credit Reporting Act and any provision of this agreement not in compliance therewith shall be deemed to be amended so as to comply.

15. The Member understands and agrees that in order to ensure compliance with the Graham-Leach Bliley Act (15 U.S.C. 6801 et seq.), and the Driver’s Privacy Protection Act (19 U.S.C. 2721 et seq.), other similar state or federal laws, regulations or rules, regulatory agency requirements, the terms and conditions of the Agreement and The Company’s obligations under it contracts with its data providers, The Company may conduct periodic reviews of The Member’s use of The Company’s Services and may upon reasonable notice audit The Member’s records, processes and procedures related to The Member’s use, storage and disposal of The Company’s services and information received there from. The Member agrees to cooperate fully with any and all audits. Violations discovered in any review and/or audit by The Company will be subject to immediate action including, but not limited to, suspension or termination of the use of The Company’s services, legal action, and/or referral to federal or state regulatory agencies.

16. This agreement shall continue in effect from year to year unless terminated by breach or canceled by either party.

17. The Member agrees to completed the Lexis Nexis ID questionnaire that The Company deems necessary for the purpose of evaluating this application and establishing The Member’s identity as required by the Credit Bureaus and to maintain compliance with the Fair Credit Reporting Act. The Member is hereby made aware that this process prevents identity thieves from gaining access to Consumer Reports via The Company.

18. Member hereby agrees to all of the terms in the FCRA (Fair Credit Reporting Act) and certifies that he/she has a permissible purpose for obtaining Consumer Reports as defined by Section 604 of the Federal Fair Credit Reporting Act (15 USC 1681b) as amended by the Consumer Credit Reporting Act of 1996, hereinafter called “FCRA”.

19. The Member will maintain copies of all written authorizations for a minimum of three (3) years from the date of inquiry. This includes written authorizations for all applicants where Experian provided data was received.

20. The FCRA provides that any person who knowingly and willfully obtains information on a consumer from a consumer reporting agency under false pretenses shall be fined under Title 18, or imprisoned not more than two (2) years, or both.

21. The Member agrees to report any change in location, ownership or control of The Member to The Company. Upon receipt of said notification, The Company will re-qualify The Member as an end user of Experian provided data. This will include a new physical site inspection if The Member changes location.

20. The Member acknowledges that it is a criminal offence to obtain consumer credit information from The Company by fraudulent means and is hereby notified that The Company will report all fraudulent applications for membership to the appropriate police jurisdiction for criminal action. The Member is hereby notified that as part of its due diligence, The Company will verify and confirm this application and your status and permissible purpose as a landlord, property manager, real estate agent, retail sales business or a legitimate business.

Section 1785.14(a), as amended, states that a consumer credit reporting agency does not have reasonable grounds for believing that a consumer credit report will only be used for a permissible purpose unless all of the following requirements are met:

Section 1785.14(a)(1) states: “If a prospective user is a retail seller, as defined in Section 1802.3, and intends to issue credit to a consumer who appears in person on the basis of an application for credit submitted in person, the consumer credit reporting agency shall, with a reasonable degree of certainty, match at least three categories of identifying information within the file maintained by the consumer credit reporting agency on the consumer with the information provided to the consumer credit reporting agency by the retail seller. The categories of identifying information may include, but are not limited to, first and last name, month and date of birth, driver’s license number, place of employment, current residence address, previous residence address, or social security number. The categories of information shall not include mother’s maiden name.”
Section 1785.14(a)(2) states: “If the prospective user is a retail seller, as defined in Section 1802.3, and intends to issue credit to a consumer who appears in person on the basis of an application for credit submitted in person, the retail seller must certify, in writing, to the consumer credit reporting agency that it instructs its employees and agents to inspect a photo identification of the consumer at the time the application was submitted in person. This paragraph does not apply to an application for credit submitted by mail.”

Section 1785.14(a)(3) states: “If the prospective user intends to extend credit by mail pursuant to a solicitation by mail, the extension of credit shall be mailed to the same address as on the solicitation unless the prospective user verifies any address change by, among other methods, contacting the person to whom the extension of credit will be mailed.”

In compliance with Section 1785.14(a) of the California Civil Code, “End User” hereby certifies to Consumer Reporting Agency as follows:

End User IS NOT a retail seller, as defined in Section 1802.3 of the California Civil Code (“Retail Seller”) and issues credit to consumers who appear in person on the basis of applications for credit submitted in person (“Point of Sale”).

End User also certifies that if End User is a Retail Seller who conducts Point of Sale transactions, End User will, beginning on or before July 1, 1998, instruct its employees and agents to inspect a photo identification of the consumer at the time an application is submitted in person.

End User also certifies that it will only use the appropriate End User code number designated by Consumer Reporting Agency for accessing consumer reports for California Point of Sale transactions conducted by Retail Seller.

If End User is not a Retail Seller who issues credit in Point of Sale transactions, End User agrees that if it, at any time hereafter, becomes a Retail Seller who extends credit in Point of Sale transactions, End User shall provide written notice of such to Consumer Reporting Agency prior to using credit reports with Point of Sale transactions as a Retail Seller, and shall comply with the requirements of a Retail Seller conducting Point of Sale transactions, as provided in this certification.



Although the FCRA primarily regulates the operations of consumer credit reporting agencies, it also affects you as a user of information. We have included a copy of the FCRA with your membership kit. We suggest that you and your employees become familiar with the following sections in particular:

§ 604. Permissible Purposes of Reports
§ 607. Compliance Procedures
§ 615. Requirement on users of consumer reports
§ 616. Civil liability for willful noncompliance
§ 617. Civil liability for negligent noncompliance
§ 619. Obtaining information under false pretenses
§ 621. Administrative Enforcement
§ 623. Responsibilities of Furnishers of Information to Consumer Reporting Agencies
§ 628. Disposal of Records

Each of these sections is of direct consequence to users who obtain reports on consumers.

As directed by the law, credit reports may be issued only if they are to be used for extending credit, review or collection of an account, employment purposes, underwriting insurance or in connection with some other legitimate business transaction such as in investment, partnership, etc. It is imperative that you identify each request for a report to be used for employment purposes when such report is ordered. Additional state laws may also impact your usage of reports for employment purposes.

We strongly endorse the letter and spirit of the Federal Fair Credit Reporting Act. We believe that this law and similar state laws recognize and preserve the delicate balance between the rights of the consumer and the legitimate needs of commerce.

In addition to the Federal Fair Credit Reporting Act, other federal and state laws addressing such topics as computer crime and unauthorized access to protected databases have also been enacted. As a prospective user of consumer reports, we expect that you and your staff will comply with all relevant federal statutes and the statutes and regulations of the states in which you operate.

We support consumer reporting legislation that will assure fair and equitable treatment for all consumers and users of credit information.



We must work together to protect the privacy and information of consumers. The following information security measures are designed to reduce unauthorized access to consumer information. It is your responsibility to implement these controls. If you do not understand these requirements or need assistance, it is your responsibility to employ an outside service provider to assist you. Capitalized terms used herein have the meaning given in the Glossary attached hereto. The credit reporting agency reserves the right to make changes to Access Security Requirements without notification. The information provided herewith provides minimum baselines for information security.

In accessing the credit reporting agency’s services, you agree to follow these security requirements:

1. Implement Strong Access Control Measures

1.1 Do not provide your credit reporting agency Subscriber Codes or passwords to anyone. No one from the credit reporting agency will ever contact you and request your Subscriber Code number or password.
1.2 Proprietary or third party system access software must have credit reporting agency Subscriber Codes and password(s) hidden or embedded. Account numbers and passwords should be known only by supervisory personnel.
1.3 You must request your Subscriber Code password be changed immediately when:

• any system access software is replaced by system access software or is no longer used;
• the hardware on which the software resides is upgraded, changed or disposed of

1.4 Protect credit reporting agency Subscriber Code(s) and password(s) so that only key personnel know this sensitive information. Unauthorized personnel should not have knowledge of your Subscriber Code(s) and password(s).
1.5 Create a separate, unique user ID for each user to enable individual authentication and accountability for access to the credit reporting agency’s infrastructure. Each user of the system access software must also have a unique logon password.
1.6 Ensure that user IDs are not shared and that no Peer-to-Peer file sharing is enabled on those users’ profiles.
1.7 Keep user passwords Confidential.
1.8 Develop strong passwords that are:

• Not easily guessable (i.e. your name or company name, repeating numbers and letters or consecutive numbers and letters)
• Contain a minimum of seven (7) alpha/numeric characters for standard user accounts

1.9 Implement password protected screensavers with a maximum fifteen (15) minute timeout to protect unattended workstations.
1.10 Active logins to credit information systems must be configured with a 30 minute inactive session, timeout.
1.11 Restrict the number of key personnel who have access to credit information.
1.12 Ensure that personnel who are authorized access to credit information have a business need to access such information and understand these requirements to access such information are only for the permissible purposes listed in the Permissible Purpose Information section of your membership application.
1.13 Ensure that you and your employees do not access your own credit reports or those reports of any family member(s) or friend(s) unless it is in connection with a credit transaction or for another permissible purpose.
1.14 Implement a process to terminate access rights immediately for users who access
credit reporting agency credit information when those users are terminated or when they have a change in their job tasks and no longer require access to that credit information.
1.15 After normal business hours, turn off and lock all devices or systems used to obtain
credit information.
1.16 Implement physical security controls to prevent unauthorized entry to your facility and
access to systems used to obtain credit information.

2. Maintain a Vulnerability Management Program

2.1 Keep operating system(s), Firewalls, Routers, servers, personal computers (laptop and
desktop) and all other systems current with appropriate system patches and updates.
2.2 Configure infrastructure such as Firewalls, Routers, personal computers, and similar
components to industry best security practices, including disabling unnecessary services or features, removing or changing default passwords, IDs and sample files/programs, and enabling the most secure configuration features to avoid unnecessary risks.
2.3 Implement and follow current best security practices for Computer Virus detection
scanning services and procedures:

• Use, implement and maintain a current, commercially available Computer Virus detection/scanning product on all computers, systems and networks.
• If you suspect an actual or potential virus, immediately cease accessing the system and do not resume the inquiry process until the virus has been eliminated.
• On a weekly basis at a minimum, keep anti-virus software up-to-date by vigilantly checking or configuring auto updates and installing new virus definition files.

2.4 Implement and follow current best security practices for computer anti-Spyware scanning services and procedures:

• Use, implement and maintain a current, commercially available computer anti-Spyware scanning product on all computers, systems and networks.
• If you suspect actual or potential Spyware, immediately cease accessing the system and do not resume the inquiry process until the problem has been resolved and eliminated.
• Run a secondary anti-Spyware scan upon completion of the first scan to ensure all Spyware has been removed from your computers.
• Keep anti-Spyware software up-to-date by vigilantly checking or configuring auto updates and installing new anti-Spyware definition files weekly, at a minimum. If your company’s computers have unfiltered or unblocked access to the Internet (which prevents access to some known problematic sites), then it is recommended that anti-Spyware scans be completed more frequently than weekly.

3. Protect Data

3.1 Develop and follow procedures to ensure that data is protected throughout its entire
information lifecycle (from creation, transformation, use, storage and secure
destruction) regardless of the media used to store the data (i.e., tape, disk, paper, etc.)
3.2 All credit reporting agency data is classified as Confidential and must be secured to
this requirement at a minimum.
3.3 Procedures for transmission, disclosure, storage, destruction and any other information
modalities or media should address all aspects of the lifecycle of the information.
3.4 Encrypt all credit reporting agency data and information when stored on any laptop
computer and in the database using AES or 3DES with 128-bit key encryption at a minimum.
3.5 Only open email attachments and links from trusted sources and after verifying legitimacy.

4. Maintain an Information Security Policy

4.1 Develop and follow a security plan to protect the Confidentiality and integrity of
personal consumer information as required under the GLB Safeguard Rule.
4.2 Establish processes and procedures for responding to security violations, unusual or
suspicious events and similar incidents to limit damage or unauthorized access to
information assets and to permit identification and prosecution of violators.
4.3 The FACTA Disposal Rules requires that you implement appropriate measures to
dispose of any sensitive information related to consumer credit reports and records that
will protect against unauthorized access or use of that information.
4.4 Implement and maintain ongoing mandatory security training and awareness sessions
for all staff to underscore the importance of security within your organization.

5. Build and Maintain a Secure Network

5.1 Protect Internet connections with dedicated, industry-recognized Firewalls that are
configured and managed using industry best security practices.
5.2 Internal private Internet Protocol (IP) addresses must not be publicly accessible or
natively routed to the Internet. Network address translation (NAT) technology should be used.
5.3 Administrative access to Firewalls and servers must be performed through a secure
internal wired connection only.
5.4 Any stand-alone computers that directly access the Internet must have a desktop
Firewall deployed that is installed and configured to block unnecessary/unused ports,
services and network traffic.
5.5 Encrypt Wireless access points with a minimum of WEP 128 bit encryption, WPA
encryption where available.
5.6 Disable vendor default passwords, SSIDs and IP Addresses on Wireless access points
and restrict authentication on the configuration of the access point.

6. Regularly Monitor and Test Networks

6.1 Perform regular tests on information systems (port scanning, virus scanning,
vulnerability scanning).
6.2 Use current best practices to protect your telecommunications systems and any
computer system or network device(s) you use to provide Services hereunder to
access credit reporting agency systems and networks. These controls should be
selected and implemented to reduce the risk of infiltration, hacking, access penetration
or exposure to an unauthorized third party by:
- protecting against intrusions;
- securing the computer systems and network devices;
- and protecting against intrusions of operating systems or software.

Record Retention: The Federal Equal Opportunities Act states that a creditor must preserve all written or
recorded information connected with an application for 25 months. In keeping with the ECOA, the credit
reporting agency requires that you retain the credit application and, if applicable, a purchase agreement for a period of not less than 25 months. When conducting an investigation, particularly following a breach or a consumer complaint that your company impermissibly accessed their credit report, the credit reporting agency will contact you and will request a copy of the original application signed by the consumer or, if applicable, a copy of the sales contract.

“Under Section 621 (a) (2) (A) of the FCRA, any person that violates any of the provisions of the FCRA may be liable for a civil penalty of not more than $2,500 per violation.”



Term Definition

Computer Virus A Computer Virus is a self-replicating computer program that alters the way a computer operates, without the knowledge of the user. A true virus replicates and executes itself. While viruses can be destructive by destroying data, for example, some viruses are benign or merely annoying.
Confidential Very sensitive information. Disclosure could adversely impact our company.
Encryption Encryption is the process of obscuring information to make it unreadable without special knowledge.
Firewall In computer science, a Firewall is a piece of hardware and/or software which functions in a networked environment to prevent unauthorized external access and some communications forbidden by the security policy, analogous to the function of Firewalls in building
construction. The ultimate goal is to provide controlled connectivity between zones of differing trust levels through the enforcement of a security policy and connectivity model based on the least privilege principle.
InformationLifecycle (Or Data Lifecycle) is a management program that considers the value of the information being stored over a period of time, the cost of its storage, its need for availability for use by authorized users, and the period of time for which it must be retained.
IP Address A unique number that devices use in order to identify and communicate with each other on a computer network utilizing the Internet Protocol standard (IP). Any All participating network devices - including routers, computers, time-servers, printers, Internet fax machines, and some telephones - must have its own unique IP address. Just as each street address and phone number uniquely identifies a building or telephone, an IP address can uniquely identify a specific computer or other network device on a network. It is important to keep
your IP address secure as hackers can gain control of your devices and possibly launch an attack on other devices.
Peer-to-Peer A type of communication found in a system that uses layered protocols. Peer-to-Peer networking is the protocol often used for reproducing and distributing music without permission.
Router A Router is a computer networking device that forwards data packets across a network via routing. A Router acts as a junction between two or more networks transferring data packets.
Spyware Spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the consent of that machine's owner or user. In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet.
SSID Part of the Wi-Fi Wireless LAN, a service set identifier (SSID) is a code that identifies each packet as part of that network. Wireless devices that communicate with each other share the same SSID.
Subscriber Code Your seven digit credit reporting agency account number.
WEP Encryption (Wired Equivalent Privacy) A part of the wireless networking standard intended to provide secure communication. The longer the key used, the stronger the encryption will be. Older technology reaching its end of life.
WPA (Wi-Fi Protected Access) A part of the wireless networking standard that provides stronger authentication and more secure communications. Replaces WEP. Uses dynamic key encryption verses static as in WEP (key is constantly changing and thus more difficult to break than WEP).



I certify that I have read and understand the above agreements and will take all reasonable measures to enforce them within my facility. I certify that I will use the Experian product information for no other purpose other than what is stated above. I will not resell the report to any third party. I understand that if my system is used improperly by myself or company personnel, or if my access codes are made available to any unauthorized personnel due to carelessness on the part of myself or any employee of my company, I may be held responsible for financial losses, fees, or monetary charges that may be incurred and that my access privilege may be terminated.

Continuing with the registration process constitutes The Member’s consent to conduct a binding electronic transaction with The Company and further consents to receiving notices and related services electronically. Clicking on I Agree below constitutes The Member’s electronic signature and is legally effective and will be used by The Company as if it is a written signature

.