Equifax, Experian and TransUnion are developing
an encryption standard to protect sensitive customer
data.
The standard will be based on the widely used Advanced
Encryption Standard (AES) and Triple Data Encryption Standard
(3DES) encrypted algorithms plus a minimum of 128-bit key
encryption.
The co-ordinated approach means that banks, credit card
companies and mortgage firms that supply data to the credit
reference firms will be able to use a single encryption standard to
protect data.
The three companies have established a joint encryption
taskforce to keep adopted standards in line with technological
developments.
Stuart Pratt, chief executive of the Consumer Data Industry
Association, said, “This is an important step for the credit
reporting industry. This co-operative effort to simplify, clarify
and accelerate the use of industry-level encryption standards is
progressive and necessary.”
The credit firms have been targeted by fraudsters. In 2002,
hackers stole the private information and credit ratings of 13,000
people from Experian.
Later the same year, in one of the largest identity theft scams
in US history, Philip Cummings was charged with the theft of
personal financial information for more than 30,000 people while
working at the customer helpdesk of Teledata Communications, which
makes the software used by banks to request credit reports.