Each
company already uses security tools to protect information being
transferred between it and its data furnishers, but these are
unique to the respective firms, and mean that data furnishers have
to make sure that they are compliant with three separate sets of
requirements.
The new standard is designed to make it easier for customers of
the three rival agencies by giving them one encryption standard to
comply with, rather than three. It is hoped this will also increase
the protection afforded to the data.
Data merchants have been under pressure following several
high-profile data losses at firms such as Acxiom and a LexisNexis
subsidiary, and politicians are on the warpath, calling for greater
regulation of data-brokering companies – including credit reporting
agencies.
The new coordinated approach will include Advanced Encryption
Standard (AES) and Triple Data Encryption Standard (3DES) encrypted
algorithms and a minimum of 128-bit key encryption, which are
widely accepted commercial standards to protect sensitive financial
data.
The three firms have also established an ongoing encryption task
force to ensure the adopted standards reflect the continuing
progress of technologies and methods.
"This is an important step for the credit reporting industry,"
said Stuart Pratt, President and CEO of the Consumer Data Industry
Association. "This cooperative effort to simplify, clarify and
accelerate the use of industry-level encryption standards is
progressive and necessary."
