Credit Reporting using Equifax

Equifax is used to find out the information pertaining to customers to evaluate his / her credit status and validity about information provided by the customer.  It provide consumer data taken from a wide range of sources to enable its users to make informed decisions. Walking Tree has used Equifax services to create automatic loan application for one of its UK customer. Before we get into the details of how Equifax works, let’s understand few important things about using Equifax:

Supplied Current Address

The current address of the customer for whom the business need to verify the credit.

Linked Address

Equifax also stores linked addresses that are on the database associated with the named individual’s current address. It stores upto 4 previous addresses. Linked addresses assist you in finding adverse data at an undisclosed previous address, or finding a potential ’empty house’ fraud via a more recent address than the declared current address. Also, if you have asked user to supply his / her previous address then it helps you verify their validity as well.

Search Cost

Every call to Equifax server has a cost. Hence, it is recommended for the business to build some logic – if at all possible – to minimize the need to go for Equifax validation all the time. Also, the development should happen in such a way that all the required data should be retrieved in one call to the Equifax Server. You can ask for the data to be accumulated into a single, powerful, Risk Navigator score – which you can later parse to create your own business rules.

In order to get the credit report we have to send a request to Equifax server with the list of parameters that we desire to obtain from Equifax. Equifax service returns the requested data, plus a number of elements not included in the input message, i.e. supplied address and linked address. Electoral roll, court judgment, CIFAS, council of mortgage lenders, Notice of correction, Insight raw data information can be requested for supplied for linked address and supplied address. Telephone information can be requested for supplied address.

All searches carried out by clients using Equifax bureau data are recorded at the address inquired on. Any access to the consumer file online will leave a real time footprint on the file. We must specify the search type on the input message.

Equifax is permitted to hold a file of county court judgment information and data remains on this file for a maximum of 6 years. This file includes satisfied Country Court Judgment (CCJ), bankruptcies and other types of    court action supplied by Registry trust. This file is updated on a weekly basis. The Equifax search data is delivered through bespoke characteristics (QCB) data blocks.

Electoral roll is a list of adults over 18 or attainers that are eligible to vote in UK locals. Equifax will capture this information annually.

Fraud scan can be used to help with the identification of application fraud. Source data sets are available at Equifax to validate supplied application data like:

  • Home Telephone number
  • Employer name and telephone number
  • Date of birth
  • Bank sort code and
  • Bank account number

Coded characteristics (QCB) data group is used to supply a coded consumer credit data from the Equifax.

Applicant details will be mentioned in “applicant_details” element which contains the name details for the applicants being searched.

Notice of correction is used to substantiate an entry recorded against a consumer. It is a method where the customer has the right to record personal statements about their credit information. Notice of correction text will be delivered via the ‘notice_of_correction’ (NCR/NCV) data groups.

When Equifax receives a search request a number of validation checks will be performed to ensure that the input message contents are appropriate for the enquiry. If any errors are found during validating the request appropriate error message will be thrown from Equifax server.

The input message sent to Equifax must comply with the following rules,

  • The input message should contain user id, domain id, password and must be valid with in the Equifax architecture.
  • An operator id must be entered.
  • The operator id field on the input message header record must contain sufficient information to uniquely identify the individual performing the search.
  • The operator id supplied will enable Equifax to provide an audit trail of the individuals who are accessing the Equifax consumer data. Its our responsibility to provide a unique operator id for the individuals who accesses Equifax consumer data.

If the data supplied for Equifax request failed in this validation, enquiry is terminated.

The Opt  in/ Opt out has been include in the input request in order to assess the credit score independently from their family or financial associates (opt out) or alternatively for this data to be specifically included(opt in). The opt in/opt out flag is mandatory field and this value should be either I(opt in) or O(opt out) or space for non credit product.

In the event of two names being supplied associate/joint flag tag describes the relationship between two – either a joint application or a declared financial associate who is not party to this application. The associate/joint flag is a mandatory field and its values should be in ‘A’(associate),J(joint),or space if name count is equal to one.

The QCB data group is flexible mechanism that enables Equifax to supply a selection of coded consumer credit data from the risk navigator engine. Each customer can have access to upto 6 different QCB blocks, each containing a combination of characteristics, although only one QCB block can be requested for a single enquiry. Each enquiry then simply requests the appropriate QCB block number and the corresponding characteristics will be returned.

Six standard QCB blocks have been set upto support different types of search.

  • QCB block for applicant only searches.
  • QCB block for applicant plus associate searches.
  • QCB block for applicant plus associate plus attributable/potential associate household searches.

These 3 variations are available for supplied address(es) only, or supplied address(es) plus linked address/es. (total 6)

The scoring element contains the information relating to any scores and score related information that is to be returned.

The data type element details the data groups to be requested from Equifax and will determine the structure and content of output response.

Display requirements element can be used to restrict the name match levels of raw data on output response except public data groups electoral roll, rolling register and CIFAS which by their nature allow access to all name match levels. There are number of different name match level flags each with the option to include or exclude depending upon whether a score has been calculated using data in that name match level.

Application data, associate data, potential associate data, attributable data and family are mandatory fields and values may be “Y”,”N” or “S”, with following meaning

  • Y – required
  • N – not required
  • S – only required when one or more scores uses this name match level data

The Equifax information-sharing database (Insight) contains details of credit agreements, supplied by subscribing members covering all sectors of the credit industry. Insight data can be delivered via the ‘insight’ (INR/INV) and bespoke characteristics (QCB) data groups.

Non financial details held on the Insight database can be used by non-insight members to assist with identity verification. Insight data for identity verification can be delivered via the ‘coded_insight_for_identity_verification’ (IDC/IDV) data groups.

Equifax Request

The request should be in the form of  XML. ‘request’ is the document root element. The “service_request”  is a container element for a one of a number of different service requests. Equifax request provides five services, they are

1)      Session service.

2)      Address matching service.

3)      Bank validation service.

4)      Company matching service.

5)      Consumer bureau service.

Services should be mentioned in “service_request” element of Equifax request.

Session service is a login service which helps us to login the Equifax service .To login this service we need Equifax credentials, which are provided by the Equifax server.





<logon_request domain_id=”xxxx” user_id=”xxxx”                                                                        Password=”xxxx” />


By using the session service we will get session token from Equifax server which will be used for another services .

Address matching service is used to find out the address based on house number and postcode. Credit reference data (bureau data) is mainly related to an individual’s current and previous addresses. Equifax bureau data is managed using a proprietary key value that uniquely identifies each known address (PTC-Abs: post town code, absolute house ID).

Bank validation service is used to validate the bank details based on bank account number and sort code provided during the request. This service should be included in “bank_validation_service” element. In order to validate the bank details of a customer then we have to include the request in “bank_details_request” element.



<bank_account_details sort_code=”xxx” account_number=”xxxxxx”>




Consumer bureau service is used to find out  the  address , credit score and      fraud scan details of a customer. All input application data with in the              consumer bureau request should be capital letters.

There will be one ‘consumer_bureau_request’ element on each message sent to Equifax. Here is the complete example of equifax request.

The request xml  is as shown bellow.

<?xml version=”1.0″ standalone=”yes”?>


<request_header interface_version_no= “1.0”  dtd_version_no=”1.0″>



<service_request id=”3″>


<consumer_bureau_request domain=”***” usercode=”***”                                                                    password=”***” operator_id=”***” >

<consumer_search search_type=”SE” opt_in_out_flag=”I”                                                       associate_jointapp_flag=””>

<scoring qcb_option=”1″ same_company_insight=””>

<score_product code=”RNISF02″/>                                                                                                                </scoring >


<data_type id=”ADO” maximum=”00″ />

<data_type id=”ELR” maximum=”00″ />

<data_type id=”CJR” maximum=”00″ />

<data_type id=”INR” maximum=”00″ />

<data_type id=”NCR” maximum=”00″ />

<data_type id=”ASR” maximum=”00″ />

<data_type id=”RRR” maximum=”00″ />

<data_type id=”QCB” maximum=”00″ />


<display_requirements applicant_data=”Y” associate_data=”Y”                                                             attributable_data=”N” potential_associate_data=”N”                                                                family_data=”N” />

<applicant_details title=”” forename=”Alok”  second_name=””                                                              surname=”Ranjan” >

<address_details time_at_address=”” address_match_flag=””                                                  address=”77  High Street , Wiltshire,Westbury , BA13                                                                   3BN” >








We can include the appropriate data types in data type element to get the bureau information from Equifax. We have mentioned certain attributes to “Y” in display requirements element to restrict the output response to this details.

We have mentioned the qcb option as “1” because we are only searching the applicant only details.

Equifax Response

It is generated by Equifax and contains the information requested by us. If the inquiry is unsuccessful, only header element will be returned containing the error code and its description. If the error code is”00” then the response is successful and requested information will return within appropriate section of the response structure as defined in the xml schema.

There are number of fundamental blocks within the Equifax response, as follows.

Header information

Non-address specific data types

Supplied address raw data types

Linked address raw data types

Fraud scan data types

Alias/associate logging information.

Length of the output message will be different from each enquiry. Each requested data type will be appeared in the Equifax response along with the scoring data group if requested.  Data will be returned for the first address, followed by the second address and then each linked address.

Address matching :

According to the supplied address input, the result will be one of the three possible situations. “Unique Match”, “Multiple Match” ,”Non-Match”.

Unique Match : The supplied address matches to single address on equifax database. When a unique match is made , the match indicator on the address_details element in the output message will be set to “L” if all data returned on the output message (OR) “R” if more data is available via subsequent message. Once the address match is done then required data retrieval activities will be performed for the enquiry.

Multiple Match : the supplied address matches to more than one address on the equifax database. When a multiple match is made, the match_indicator on the address_details element is set to “M” and no consumer data will be returned for the enquiry. To receive the address text of the multiple addresses that have been matched, the data type “MUL” must be included within the list of requested data types. This facility can be used to present a list of options to users to re submit the enquiry with the unique address.

Non Match : The supplied address cannot match to the addresses in equifax database. At this situation the , the match indicator on the address_details element should be set to ‘X’ and no consumer data will be returned for the enquiry.

Consumer Equifax Response:

We get the response from the Equifax as shown bellow

<?xml version=“1.0” encoding=“ISO-8859-1”?>





<service_response id=“3” success_flag=“1”>



<header error_code=“00” error_message=“” reference=“”/>


<supplied_address id=“ADS” sequence_number=“1” noc_indicator=“N”/>

<score id=“SCO” label=“RNISF02” sign=“+” score=“402”/>

<bespoke_characteristics id=“QCB” qcb_field=“M M M  M        M M        _____________M M M  M        M M        _____________01__M __M M __00020100C 000003____M M M ____M M M M M MM_M MM_0001C        C 0048C C   C C C   C   0101C C C  C  SSSSSS01C 01C C C        000000275C        C        C        0048SC01C 01C C C C C                                                                                           ________________________M M M        M M   M M   M M M   M   M M M M M  M  MMMMMMM M M M M M        M        M        M        M        M   MMM M M M M M M M M        M        M        M        M        M        M        M        M        M        ________________________M M M M M M M M M M M __M M M M M M M M M M M __M  M  M  M  M  M  M  M  YC        C        C C        C        C        M        M        M M        M        M        C        C        C        M        M        M        C CC        C CC        ________________________M MM M______C        C        C        M        M        M        C        C        C        M        M        M        CC        C        C        C      C C CC        C        C        C      C C MM        M        M        M      M M MM        M        M        M      M M C        C        C        M        M        M        C C01S______M        M MM        M M________________________                                                                                               XXNNNNNNNM “/>


<address_details sequence_number=“1” match_indicator=“L”>

<address_matched id=“ADO” address_key=“58150004076” house_name=“” house_number=“00077” street_1=“HIGH ST” street_2=“” district=“” posttown=“WESTBURY” county=“WILTS” postcode=“BA133BN” address_type=“”/>

<electoral_roll id=“ELR” name_match_indicator=“A” title=“” forename=“Alok” second_name=“J” surname=“Ranjan” date_of_birth=“” period=“07-10” junior_senior=“”/>


<electoral_roll id=“ELR” name_match_indicator=“Z” title=“MR” forename=“A” second_name=“” surname=“OSMAN” date_of_birth=“” period=“91-93” junior_senior=“”/>

<insight id=“INR” name_match_indicator=“C” title=“MRS” forename=“Alok” second_name=“L” surname=“RANJAN” date_of_birth=“YYYY-MM-DD” company_class=“FN” account_type=“03” account_number=“” start_date=“2006-08-01” end_date=“2007-12-01” update_date=“2009-08-01” credit_limit=“0” current_balance_sign=“+” current_balance=“0” start_balance=“0” default_balance=“0” credit_terms=“275” repayment_period=“300” payment_frequency=“M” payment_history=“S” delinquent_date=“” client_number=“” quality_flags=“” quality_indicator_1=“” quality_indicator_2=“” credit_card_payment_amount_sign=“” credit_card_payment_amount=“” credit_card_previous_statement_balance_sign=“” credit_card_previous_statement_balance=“” credit_card_cash_advance_value=“” credit_card_cash_advance_count=“” credit_card_limit_change_flag=“” credit_card_minimum_payment_flag=“” credit_card_promotional_rate_flag=“”/>

——————— One or more insights ———————






Well, we may get the large xml file as response for our request. Specifically, if we include the fraud scan data, the response xml is going to be huge. So, if we want get any information, we must specify the datatypes in data type tag as below

<data_type maximum=”” />

<data_type maximum=”” />

After getting the Equifax response, we have to check the bureau rules with the QCB characteristics . The bureau rules file will be received by the  company who have the credentials with Equifax. There is one more file which is used to get the condition variable positions from the QCB raw data. Based on the positions you can compare the bureau rules variable values (from Equifax)  with the bureau conditions.

For our loan application process, we have stored bureau rules in the database. Dynamically we are getting the conditions from the database and mapping these conditions to Equifax QCB data by using an associated array, which contains name value pairs. Name must be same as the database condition variable name and the value is condition variable value from Equifax.

In the bureau rules there  are 3 types of rules mentioned.

1.Credit decision logic

2.AML logic (Anti-money Laundering logic)

3.Risk navigator score

Your business can use various combination of above data to build further logic. For example – for loan application we can decide criteria based on which we must reject a loan. You can mix these criteria with your own criteria to ensure that you have covered yourself from risk as well as you are able to do a lot of business. In fact – we built mini Business Rule Engine (BRE) kind of application which allows our customer to change the conditions without any code changes and without any dependency on Walking Tree.

Following is the sample XML request node which we may need to send for one of the request:

PHP code :

function constructConsumerXML(){

$xml_data='<?xml version=”1.0″ standalone=”yes”?>



interface_version_no= “1.0”  dtd_version_no=”1.0″>



<service_request id=”3″>


<consumer_bureau_request domain=”***” usercode=”***”

password=”***” operator_id=”0000-0044″ >

<consumer_search search_type=”SE” opt_in_out_flag=”I” associate_jointapp_flag=””>

<scoring qcb_option=”1″ same_company_insight=””>

<score_product code=”RNISF02″/>

</scoring >


<data_type id=”ADO” maximum=”00″ />

<data_type maximum=”00″ />

<data_type id=”CJR” maximum=”00″ />

<data_type maximum=”00″ />

<data_type maximum=”00″ />

<data_type maximum=”00″ />

<data_type maximum=”00″ />

<data_type maximum=”00″ />


<display_requirements applicant_data=”Y” associate_data=”Y” attributable_data=”N” potential_associate_data=”N” family_data=”N” />

<applicant_details title=”” forename=”Marc”  second_name=”” surname=”Brookes”  >

<address_details time_at_address=”” address_match_flag=”” address=”77  High Street , Wiltshire,Westbury , BA13 3BN” >









//fields of post data

$fields = array(

‘xml_request’ => $xml_data


//preparing key=value pairs

foreach($fields as $key=>$value) { $fields_string = $key.’=’.$value; }

return $fields_string;


//url for equifax

$url = ‘;;


$data = constructConsumerXML();

//calling method

$doc = httpsPost($url,$data);

$decisionFlag = decisionLogic( $doc );

if( $decisionFlag == true ){

echo “Credit search of the customer is positive”;


echo “Credit search of the customer is negative”;



constructConsumerXML() this function is used to construct the equifax request.

HttpsPost() is used to send the request to url by using Curl(Client URL used to issue web page requests and handle web server responses) functions.We have mentioned the url” which is used to execute the equifax xml request and produces equifax response. After getting the xml response, we have to get the attributes and values of the xml response. For this purpose we are using a function SimpleXMLElement() which provides the attributes and values defined within an XML tag.

We hope you found this article useful. We will be happy to hear your feedback on this. Walking Tree is a professional organization and it will be happy to assist you in using Equifax to enable you to take informed decision. You can find our contact details on our Contact Us page.

Tagged with: , , , , , , , , ,
Posted in General
9 comments on “Credit Reporting using Equifax
  1. Ali Yasir says:

    Can I get CIBIL score api as well ?

  2. Ali Yasir says:

    Do we have api for CIBIL report as well ?

  3. Alok Ranjan says:

    We used this API long time ago and we have no idea about how it might be working now. However, Equifax team was able to help us with required details. Please try contacting them.

  4. steve fred says:

    I am looking at using a software API solution to obtain Equifax credit scores that can be used with the Microsoft .Net Framework 4.5 library. The company I am working for is looking at developing a WPF Microsoft PC application, and a MVC 4 and 5 internet application with both using the .Net 4 and 4.5 libraries.
    Can this API Solution be used with both those technologies?

  5. sayeedchoudhury says:

    how do u interpret this:

  6. Alex says:

    Great post guys. Right now i read equifax API from PDF and your detailed intructions helped me a lot.

  7. sula says:

    This is really a great post to understand the Equifax integration. I am referring this article to integrate Equifax in Adempiere.

    One question………. seems to be a servlet…is there a Web services interface available which I can test using soapUI?


  8. wtcindia says:

    It seems that Equifax security forces the customers to change password every one month. If that is the case then as part of your application logic you need to ensure that you keep track of this date and change password as per the expectation from equifax. Following API can be used “Change Password Request”.

    For this you need to understand following:

    1. Log-in into Equifax and obtain a Session Token. The session token is supplied in the request_header.
    2. Each password must contain at least two alphabetic characters and at least one numeric or special character.
      “Alphabetic” refers to all upper or lower case letters.
    3. A Password must be at least 6 characters in length (20 characters maximum).
    4. A Password must not contain the User ID (Operator ID), the name associated with that Operator ID or
      the domain name associated with that Operator ID.
    5. Passwords are case sensitive and the password must be of mixed case
    6. The new_password has an configurable expiry period, the default expiry time for which is 30 days.
    7. The new_password must be different from previous passwords used for this account. The number of previous passwords to be checked is configurable, the default number is 12.

    Alright, now that you have got idea about how the new password should look like, all you need to supply is
    1) your current password and
    2) New password – make sure it follows the criteria mentioned above

    Following is the XML for the change password request

      <change_password_request current_password="DUMMY PASSWORD"
      new_password="NEW DUMMY PASSWORD"/>

      Once the request is served, you get following XML response node:

      <service_response id="1" success_flag="1">

      Based on the value of success_flag, you can decide further logic in your application.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

We Have Moved Our Blog!

We have moved our blog to our company site. Check out for all latest blogs.

Sencha Select Partner Sencha Training Partner
Xamarin Authorized Partner
Recent Publication
%d bloggers like this: