FYI: Credit bureaus to adopt data protection standard

[Heyman, Michael]

Credit bureaus to adopt data protection standard

By Reuters
http://news.com.com/Credit+bureaus+to+adopt+data+protection+standard/210
0-1029_3-5877870.html 

Story last modified Thu Sep 22 21:58:00 PDT 2005 



The top three U.S. credit reporting companies said on Thursday they
would adopt a single, shared encryption standard to better protect the
huge amounts of sensitive electronic data they receive every day from
banks, retailers and credit-card companies. 
Equifax, Experian and TransUnion, which maintain huge databases on
hundreds of millions of Americans, said the joint effort would involve
the development and adoption of a data-cloaking code built on an
encrypted algorithm and 128-bit, secret-key technologies.

In a statement, the companies insisted they have "long employed
information security tools and programs" to ensure the information they
compile from third parties isn't intercepted by thieves.

But they said that by creating and adhering to a single, beefed-up
industry standard, they would "further assure the protection of
sensitive consumer data when transmitted between data furnishers and
credit reporting companies."

"We're trying to make it easier for them so they don't have to juggle
three different standards when they're dealing with us," said Colleen
Tunney, a spokeswoman for Chicago-based TransUnion.

The coordinated effort by the three traditional rivals is the latest
proof of the serious threat posed by identity thieves and
Internet-enabled crooks--and the unprecedented lengths business is going
to in order to fight back.

According to a report released earlier this week by Symantec, the
world's biggest maker of security software, programs designed to steal
confidential information accounted for three-quarters of viruses during
the first half of 2005, up from 54 percent in the last six months of
2004.

The credit reporting agencies aren't alone in seeking strength in
numbers. Speaking at a credit-card conference earlier this week in
Memphis, Tenn., the top security experts at Visa and MasterCard, the
world's two biggest card associations and long-time rivals, said that
they, too, were cooperating to crack down on fraud.

Visa and MasterCard said the unity was required given the growing
sophistication of the thieves, who, they said, were increasingly acting
in concert and hiring former Soviet KGB cryptographers to help crack
security codes.

 
 
 
 
Previous Next Among the challenges the financial services industry faces
is the emergence of highly sophisticated "sleeper crimeware" programs
that infect a computer and then wait--quietly--for the user to log into
a highly secure site such as an online banking or brokerage account.

Once the infected user has run the gauntlet of passwords and
authentication hurdles and is inside, the sleeper program wakes up and
swings into action, launching what is known as a man-in-the-middle
attack.

In the case of an online bank account, for instance, it might send
instructions to the secure server--which the server believes to be
legitimate and the infected user cannot see--to liquidate the account
and transfer the balance overseas using automatic clearing-house
services.

"We're making it tougher and tougher for the bad guys," John
Shaughnessy, senior vice president for fraud prevention at Visa USA,
told the Memphis conference on Monday.

"But the Russians are good."

Story Copyright (c) 2005 Reuters Limited. All rights reserved.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com