Credit providers, being banks (Members) and non-banks (Users) apply and gain access to the DEA system. A customer will apply with them for credit, and as part of that process their bank statements will be required. The customer’s consent to request their bank statements will be obtained. The customer will also provide their banking details to the credit provider. The credit provider will then encrypt a requesting message with the disclosing bank’s security keys. This message is sent to the DEA which then switches and routes the request to the disclosing bank. Normal internet and web service technologies are utilised.

The disclosing bank de-crypts and validates the request. The disclosing bank then prepares a bank statement (or an error message), and encrypts this with the requesting entity’s security keys. The answer is sent to the DEA who routes it back to the requesting entity for their use.

The disclosing bank also send a message via sms or e mail to its customer to inform them that a statement has been provided to the credit provider, subject to their credit application and their consent.

The DEA has a formal constitution and set of operating rules. A defined management structure exists. The DEA has an IT contractor, namely Comcorp Online (Pty) Ltd, who operates the system.

The DEA has a formal dispute mechanism and escalation process for those customers who dispute that they have given consent for their personal information to be shared. This mechanism allows the query to be resolved. The banking Ombudsman is aware of the service and has the appropriate knowledge to assist with disputes.