Credit reference agencies build industry encryption standard

Equifax, Experian and TransUnion are developing an encryption standard to protect sensitive customer data.

Equifax, Experian and TransUnion are developing an encryption standard to protect sensitive customer data.

The standard will be based on the widely used Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES) encrypted algorithms plus a minimum of 128-bit key encryption.

The co-ordinated approach means that banks, credit card companies and mortgage firms that supply data to the credit reference firms will be able to use a single encryption standard to protect data.

The three companies have established a joint encryption taskforce to keep adopted standards in line with technological developments.
Stuart Pratt, chief executive of the Consumer Data Industry Association, said, “This is an important step for the credit reporting industry. This co-operative effort to simplify, clarify and accelerate the use of industry-level encryption standards is progressive and necessary.”

The credit firms have been targeted by fraudsters. In 2002, hackers stole the private information and credit ratings of 13,000 people from Experian.

Later the same year, in one of the largest identity theft scams in US history, Philip Cummings was charged with the theft of personal financial information for more than 30,000 people while working at the customer helpdesk of Teledata Communications, which makes the software used by banks to request credit reports.

Read more on IT risk management