The three major US credit reporting agencies, Equifax, Experian and TransUnion, yesterday announced that they would protect sensitive consumer data by using a single encryption standard for data being transferred to and from the firms.
Each company already uses security tools to protect information being transferred between it and its data furnishers, but these are unique to the respective firms, and mean that data furnishers have to make sure that they are compliant with three separate sets of requirements.
The new standard is designed to make it easier for customers of the three rival agencies by giving them one encryption standard to comply with, rather than three. It is hoped this will also increase the protection afforded to the data.
Data merchants have been under pressure following several high-profile data losses at firms such as Acxiom and a LexisNexis subsidiary, and politicians are on the warpath, calling for greater regulation of data-brokering companies – including credit reporting agencies.
The new coordinated approach will include Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES) encrypted algorithms and a minimum of 128-bit key encryption, which are widely accepted commercial standards to protect sensitive financial data.
The three firms have also established an ongoing encryption task force to ensure the adopted standards reflect the continuing progress of technologies and methods.
"This is an important step for the credit reporting industry," said Stuart Pratt, President and CEO of the Consumer Data Industry Association. "This cooperative effort to simplify, clarify and accelerate the use of industry-level encryption standards is progressive and necessary."
