The big three national credit reporting companies want to reassure people
that their data is secure.
To that end, Equifax, Experian and TransUnion are
engaged in a joint effort to develop a single encryption standard for
reporting data to the credit agencies that will protect sensitive customer
The joint effort approach will include a base minimum of 128-bit key
encryption and utilize the Triple Data Encryption (3DES) and Advanced
Encryption Standard (AES).
Equifax, Experian and TransUnion each already
have security in place that meets FCC regulations; the new effort is aimed
at furthering consumer data protection by giving those that report data a
single standard for encryption.
“This cooperative effort to simplify, clarify and accelerate the use of
industry-level encryption standards is progressive and necessary. said
Stuart Pratt, president and CEO of the Consumer Data Industry Association,
in a statement.
“These standards address the goals being advanced by the
credit-reporting industry of encryption use by all data furnishers and make
the implementation of encryption a single straight-forward choice for all —
from the largest financial institutions to the smallest market lenders.”
The security of consumer credit data has been under attack for several
In February, credit-check company ChoicePoint notified 145,000 people that their consumer data could be at risk.
Those breaches led to public outcry culminating in the Personal Data Privacy and Security Act of 2005, which is currently before Congress.