The following entities are not consumer reporting agencies for purposes of the Credit Report Protection Act and are not required to place a security freeze under section 8-2603 or 8-2603.01:
(1) A check services or fraud prevention services company that issues reports on incidents of fraud or authorizations for the purpose of approving or processing negotiable instruments, electronic funds transfers, or similar methods of payment;
(2) A deposit account information service company that issues reports regarding account closures due to fraud, substantial overdrafts, automatic teller machine abuse, or similar negative information regarding a consumer or protected consumer, to inquiring banks or other financial institutions for use only in reviewing a consumer's, protected consumer's, or representative's request for a deposit account at the inquiring bank or financial institution; and
(3) A consumer reporting agency that acts only as a reseller of credit information by assembling and merging information contained in the database of another consumer reporting agency, or multiple consumer reporting agencies, and does not maintain a permanent database of credit information from which new credit reports are produced. A consumer reporting agency shall honor any security freeze placed on a file by another consumer reporting agency.