Credit Companies Tighten Encryption

The big three national credit reporting companies want to reassure people
that their data is secure.

To that end, Equifax, Experian and TransUnion are
engaged in a joint effort to develop a single encryption standard for
reporting data to the credit agencies that will protect sensitive customer
data.

The joint effort approach will include a base minimum of 128-bit key
encryption and utilize the Triple Data Encryption (3DES) and Advanced
Encryption Standard (AES).

Equifax, Experian and TransUnion each already
have security in place that meets FCC regulations; the new effort is aimed
at furthering consumer data protection by giving those that report data a
single standard for encryption.

“This cooperative effort to simplify, clarify and accelerate the use of
industry-level encryption standards is progressive and necessary. said
Stuart Pratt, president and CEO of the Consumer Data Industry Association,
in a statement.

“These standards address the goals being advanced by the
credit-reporting industry of encryption use by all data furnishers and make
the implementation of encryption a single straight-forward choice for all —
from the largest financial institutions to the smallest market lenders.”

The security of consumer credit data has been under attack for several
years.

In 2002, Experian was hacked in an incident that ultimately impacted more than 30,000 consumers whose credit information was stolen.

In February, credit-check company ChoicePoint notified 145,000 people that their consumer data could be at risk.

A data breach at LexusNexus in April, exposed 310,000 customer accounts. And in
June, some 40 million customer accounts were exposed by CardSystems.

Those breaches led to public outcry culminating in the Personal Data Privacy and Security Act of 2005, which is currently before Congress.

News Around the Web