Equifax, Experian and TransUnion Announce Coordinated Encryption Standards

The three national credit reporting companies, Equifax, Experian and TransUnion, today announced a cooperative effort to adopt coordinated encryption standards to further assure the protection of sensitive consumer data when transmitted between data furnishers and credit reporting companies.

Each of the three major credit reporting companies has long employed information security tools and programs, including programs designed to meet the Safeguards Rule of the Federal Trade Commission. Today’s announcement further advances consumer data protection by providing data furnishers with the choice of a single standard of encryption that can be used when reporting data to Equifax, Experian and/or TransUnion.

“This is an important step for the credit reporting industry,” said Stuart Pratt, President and CEO of the Consumer Data Industry Association. “This cooperative effort to simplify, clarify and accelerate the use of industry- level encryption standards is progressive and necessary. These standards address the goals being advanced by the credit reporting industry of encryption use by all data furnishers and make the implementation of encryption a single straight-forward choice for all — from the largest financial institutions to the smallest market lenders.”

This coordinated approach includes Advanced Encryption Standard (AES) and Triple Data Encryption Standard (3DES) encrypted algorithms and a minimum of 128-bit key encryption. AES and 3DES encrypted algorithms which use 128-bit key encryption are widely accepted commercial standards to protect sensitive financial data. Both standards are governed by the National Institute of Standards and Technology.

The three national credit reporting companies have also established an ongoing encryption task force to ensure the adopted standards reflect the continuing progress of technologies and methods.