Credit Bureaus Promise New Security

The three largest credit reporting companies in the U.S. will move to adopt a single, coordinated encryption standard to afford greater protection for the reams of electronic data they receive from banks, marketers and credit card companies.

Equifax, Experian and TransUnion announced Thursday that the joint effort will include developing and deploying robust 128-bit secret key technology.

The three national credit-reporting powers said they will also set up an ongoing encryption task force to make sure that encryption standards adopted by the industry remain up to date.

In announcing the joint effort to come up with new data security standards, the companies pointed out that they have already implemented security measures in accordance with the Safeguards Rule of the Federal Trade Commission. The new encryption standard, when developed, will simplify the job of protecting that data by letting the companies transmitting information to Experian, Equifax and TransUnion use a single encryption protocol to do so.

“This is an important step for the credit reporting industry,” said Stuart Pratt, president and CEO of the Consumer Data industry Association. “These standards address the goals being advanced by the credit reporting industry of encryption use by all data furnishers and make the implementation of encryption a single straight-forward choice for all -- from the largest financial institutions to the smallest market lenders."

The effort to better protect the data the companies maintain comes after a series of high-profile data break-ins, including one at ChoicePoint in Fenruary that exposed as many as 145,000 consumer records. Data thefts at LexusNexus in April and CardSystems in June contributed to the introduction of legislation in Congress to protect consumer information being held by credit-reporting companies and other data aggregators.