Over the past year or so we worked on a project based on a request from Experian, related to how credit data pulled from Experian is stored on CU*BASE. In a nutshell, Experian requires that for credit unions who pull credit* from them, personally identifiable information about members must be encrypted while “at rest” in the database, and revealed only to authorized users – meaning CU employees, not data center support staff.

What that means is that with this release we added infrastructure that encrypts and protects the following data where it is stored in the CU*BASE credit report tables** ONLY:
  • Credit score
  • Employment information
  • Debt information
  • SSN/TIN
  • Text file of the entire credit report

The changes prevent anyone other than a credit union user from being able to view this data, whether via a CU*BASE screen or by using Query. So credit union employees*** do not notice any difference when accessing credit data via various CU*BASE features. However, data center employees, including CSRs, programmers, etc., see only masked data on those screens or when performing queries of the affected tables. For example, we see all 9s for a SSN, and masking characters for alphabetic information. This requires us to adjust how we work with you on troubleshooting potential issues, but your employees should not need to make any changes to how they do their day-to-day work.

* If you pull from Experian as either your primary or secondary provider.
** A complete list of affected tables includes: CBTRPTH, CRBCSH, CRBDSN, CRBDTL, CRBHST, CRBRPT, CRBSUM, CRBTRD, and OPENDLF
*** This encryption is governed only by a general categorization of employee profile – CU employee versus non-CU employee. There can be no differentiation between one particular type of CU employee (like a manager or a loan officer) versus another. Your credit union will still use CU*BASE Employee Security controls to govern an employee’s access to a particular tool or feature.