Credit Reporting Companies to Use Coordinated Encryption Standard
Posted by Lance Koonce
Equifax, Experian and TransUnion announced today that they will each adopt a single standard for protection of data provided to them by financial institutions and merchants, in order to protect the massive quantity of sensitive data that the three companies maintain. Published reports on the coordinated effort state that it will involve "the development and adoption of a data-cloaking code built on encrypted algorithm and 128-bit, secret-key technologies."
In the statement released by the three companies, the President and CEO of the Consumer Data Industry Association was quoted as saying:
This cooperative effort to simplify, clarify and accelerate the use of industry-level encryption standards is progressive and necessary. These standards address the goals being advanced by the credit reporting industry of encryption use by all data furnishers and make the implementation of encryption a single straight-forward choice for all – from the largest financial institutions to the smallest market lenders.
This comment highlights the fact that entities that serve as clearinghouses or chokepoints for large amounts of consumer information, from sources that may have varying degrees of protection for the data being transmitted, may face an enhanced risk of data breach. No doubt the Choicepoint and other very public data breaches earlier this year played a significant role in pushing this new program to the forefront.