Credit Companies Promise Tighter Security

The big three U.S. credit reporting firms -- Equifax, Experian, and TransUnion -- promised last week that they would come up with an encryption standard all would use to protect sensitive customer data as it's moved between information providers and themselves.

"This cooperative effort to simplify, clarify, and accelerate the use of industry-level encryption standards is necessary," said Stuart Pratt, the head of the Consumer Data Industry Association. "These standards make the implementation of encryption a single straight-forward choice for all, from the largest financial institutions to the smallest market lenders."

The three will work out a standard scheme that includes Consumer Data Industry Association (AES) and Triple Data Encryption Standard (3DES) algorithms, and a minimum of 128-bit key encryption.

Experian was hacked three years ago, when some 13,000 consumers had credit report information stolen. However, 2005's wave of disclosed data breaches -- caused by the California law that requires consumers be informed when their personal information is put at risk -- have not directly affected the three credit reporting firms. Still, the hope is that the single standard will boost encryption at data furnishers, such as credit card companies, banks, and mortgage firms, which report findings to Equifax, Esperian, and TransUnion.

Americans are guaranteed free access to their credit report yearly through the AnnualCreditReport.com site that's hosted by the three firms.