Credit bureaus to adopt data protection standard By Reuters http://news.com.com/Credit+bureaus+to+adopt+data+protection+standard/210 0-1029_3-5877870.html
Story last modified Thu Sep 22 21:58:00 PDT 2005 The top three U.S. credit reporting companies said on Thursday they would adopt a single, shared encryption standard to better protect the huge amounts of sensitive electronic data they receive every day from banks, retailers and credit-card companies. Equifax, Experian and TransUnion, which maintain huge databases on hundreds of millions of Americans, said the joint effort would involve the development and adoption of a data-cloaking code built on an encrypted algorithm and 128-bit, secret-key technologies. In a statement, the companies insisted they have "long employed information security tools and programs" to ensure the information they compile from third parties isn't intercepted by thieves. But they said that by creating and adhering to a single, beefed-up industry standard, they would "further assure the protection of sensitive consumer data when transmitted between data furnishers and credit reporting companies." "We're trying to make it easier for them so they don't have to juggle three different standards when they're dealing with us," said Colleen Tunney, a spokeswoman for Chicago-based TransUnion. The coordinated effort by the three traditional rivals is the latest proof of the serious threat posed by identity thieves and Internet-enabled crooks--and the unprecedented lengths business is going to in order to fight back. According to a report released earlier this week by Symantec, the world's biggest maker of security software, programs designed to steal confidential information accounted for three-quarters of viruses during the first half of 2005, up from 54 percent in the last six months of 2004. The credit reporting agencies aren't alone in seeking strength in numbers. Speaking at a credit-card conference earlier this week in Memphis, Tenn., the top security experts at Visa and MasterCard, the world's two biggest card associations and long-time rivals, said that they, too, were cooperating to crack down on fraud. Visa and MasterCard said the unity was required given the growing sophistication of the thieves, who, they said, were increasingly acting in concert and hiring former Soviet KGB cryptographers to help crack security codes. Previous Next Among the challenges the financial services industry faces is the emergence of highly sophisticated "sleeper crimeware" programs that infect a computer and then wait--quietly--for the user to log into a highly secure site such as an online banking or brokerage account. Once the infected user has run the gauntlet of passwords and authentication hurdles and is inside, the sleeper program wakes up and swings into action, launching what is known as a man-in-the-middle attack. In the case of an online bank account, for instance, it might send instructions to the secure server--which the server believes to be legitimate and the infected user cannot see--to liquidate the account and transfer the balance overseas using automatic clearing-house services. "We're making it tougher and tougher for the bad guys," John Shaughnessy, senior vice president for fraud prevention at Visa USA, told the Memphis conference on Monday. "But the Russians are good." Story Copyright (c) 2005 Reuters Limited. All rights reserved. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]