FRAUD MONITORING POLICY

PURPOSE

To mitigate and prevent fraud on the part of consumers making payments through Kredit’s platform.

OVERVIEW

Kredit utilizes third-party infrastructure and banking service providers to enable consumer to make payments through its platform. Given that payments will made at the direction of individual consumers, there is an inherent risk of fraudulent behavior by those consumers, as well as the possibility that individuals’ accounts may become compromised and non-authorized users could make payments in individuals’ names. The Fraud Monitoring Policy contains the measures that Kredit takes to ensure payments have (i) originated with an account owner and (i) constitute only good intent.

POLICY

The policy is organized into five sections: prevention, management, monitoring, reporting, and recovery.

PREVENTION

• All consumers are required to provide identifying documentation before authorization is provided for them to originate payments.

• All recipients of funds are required to be registered and validated organizations on Kredit’s platform before funds can be directed to them. (see Service Provider Oversight Policy for vendors and AML/KYC Policy for clients)

• All individuals seeking to make payments through Kredit’s platform will be required to directly provide account login information into Plaid’s onboarding flow before they can be authorized to make payments out of any accounts.

• All individuals must provide and verify a personal email address or phone number for notifications to be sent to as payments are made and processed, which Kredit will then send an email or text alert to any time a payment is made within that users account.

MANAGEMENT

Fraud will be the dual responsibility of Kredit’s CEO, Dave Hanrahan, and CTO, Kenny Lai, to ensure thorough oversight and redundant responsibility in the care of our customers information and funds.

MONITORING

• Kredit will monitor transactions in real-time for suspicious individual payments uncharacteristic of an individuals’ financial standing.

• Payments trends will be regularly analyzed for suspicious activity and trends over time.

• Proprietary risk and behavior models will be internally managed to highlight and escalate problem payment originators or recipients to the designated policy managers for individual manual review.

REPORTING

• Payment originators will receive confirmation of each payment that is made using Kredit’s platform; those notices will include directions to reach out to the SUPPORT@TRYKREDIT.COM email address if they suspect fraudulent activity.

• The policy managers will be required to monitor the SUPPORT@TRYKREDIT.COM email account at all times, with notification infrastructure in place to escalate issues which are not immediately responded to.

• All fraudulent or potentially fraudulent events are required to be logged and documented following their occurrence for perpetuity.

RECOVERY

Individuals or organizations with Kredit accounts who are suspected to be attempting fraudulent actions through Kredit’s platform will have their account immediately frozen to allow for a full investigation into the circumstances and events involved and a determination of whether they constitute fraud.

AUDITS

Kredit will periodically engage outside auditors to review its Fraud Monitoring Policy and compliance with the policy by the managing individuals and their supporting teams.

VIOLATIONS

Should an individual’s or organization’s actions be deemed to be fraudulent, that individual’s account will be permanently deactivated and Kredit reserves the right to pursue the maximum legal action allowed under the relevant jurisdiction.

CHANGE SUMMARY

Purpose: Internal Policy

Category: Regulatory

Policy Name: Fraud Monitoring Policy