The FCRA never even mentions the terms "hard" or "soft" pull. This distinction depends on how the inquiry is coded.
What is commonly referred to as a "soft pull" is couched in FCRA language under FCRA 604(c)(2) as to how much information the CRA may provide.
The classic statutory "soft pull" limits the person to only your name and address when it involves an offer for credit that is not intiatiated by the consumer. The so-called unsolicited offers that flood your mailbox.
Other than that, it gets a bit murky. Existing creditors can pull your full CR at any time, under FCRA 604(a)(3)(F)(ii), to conduct an account review. Normal business practives of creditors is to uniformly report these with a code identifying it as such, and FICO thus ignores it in scoring as a so-called "soft pull."
A murkier situation might be, for example, a request you make for a credit line increase (CLI). This is clearly a request for additional credit intiated by the consumer, and thus full access to your CR is authorized under FCRA 604(a)(3)(A). Some creditors will code this in such a way that it is picked up by FICO scoring ("hard pull"), and others report it with code that FICO does not include in scoring ("soft pull").
If you apply for a new apartment, that is a "business transaction intiated by the consumer," and provides access to your full CR under FCRA 604(a)(3)(F)(i), Some will report it with a code that FICO recognizes as a "soft" pull, which others code it such that FICO recognizes it as a "hard" pull.
It is advisable that if you are entering into any type of business transaction, you ask the creditor or postential creditor for advance statement of how they code the transaction when pulling your credit. For the most part, it is not regulated by the FCRA,
