RealTime IT News

Credit Companies Tighten Encryption

The big three national credit reporting companies want to reassure people that their data is secure.

To that end, Equifax, Experian and TransUnion are engaged in a joint effort to develop a single encryption standard for reporting data to the credit agencies that will protect sensitive customer data.

The joint effort approach will include a base minimum of 128-bit key encryption and utilize the Triple Data Encryption (3DES) and Advanced Encryption Standard (AES).

Equifax, Experian and TransUnion each already have security in place that meets FCC regulations; the new effort is aimed at furthering consumer data protection by giving those that report data a single standard for encryption.

"This cooperative effort to simplify, clarify and accelerate the use of industry-level encryption standards is progressive and necessary. said Stuart Pratt, president and CEO of the Consumer Data Industry Association, in a statement.

"These standards address the goals being advanced by the credit-reporting industry of encryption use by all data furnishers and make the implementation of encryption a single straight-forward choice for all -- from the largest financial institutions to the smallest market lenders."

The security of consumer credit data has been under attack for several years.

In 2002, Experian was hacked in an incident that ultimately impacted more than 30,000 consumers whose credit information was stolen.

In February, credit-check company ChoicePoint notified 145,000 people that their consumer data could be at risk.

A data breach at LexusNexus in April, exposed 310,000 customer accounts. And in June, some 40 million customer accounts were exposed by CardSystems.

Those breaches led to public outcry culminating in the Personal Data Privacy and Security Act of 2005, which is currently before Congress.