The top three U.S. credit reporting companies announced Thursday they were joining forces to develop tough new encryption standards to protect the huge amounts of sensitive financial and personal data they electronically transfer each day.
Equifax Inc., GUS Plc subsidiary Experian and privately held TransUnion LLC, which maintain huge databases filled with information on hundreds of millions of Americans, said the joint effort would include the development and use of computer codes built on encrypted algorithm and 128-bit secret key technologies.
In a statement, the companies insisted they have "long employed information security tools and programs." But they said that by creating and adhering to a single, beefed-up industry standard, they would "further assure the protection of sensitive consumer data when transmitted between data furnishers and credit reporting companies."
The coordinated effort by the three traditional rivals is the latest indication of the unprecedented struggle the financial services and information industries are in to fight back against identity thieves and Internet-enabled crooks.
According to a report released earlier this week by Symantec Corp., the world's biggest maker of security software, viruses designed to steal confidential information accounted for three-quarters of the top 50 viruses, worms and Trojans during the first half of 2005, up from 54 percent in the last six months of 2004.
The credit reporting agencies are not alone. Speaking at a credit-card conference this week in Memphis, the top security experts at Visa and MasterCard, two of the world's biggest credit-card associations and long-time rivals, said that they, too, were cooperating to crack down on fraud.
Visa and MasterCard said the unity was required given the increasing sophistication of the threat, which they said was being perpetrated by organized crime rings employing rogue software designers and former Soviet KGB cryptographers.
One of the challenges the financial services industry faces is the emergence of highly sophisticated "sleeper crimeware" programs that infect a computer and then wait — quietly —for the user to log into a highly secure site such as an online banking or brokerage account.
Once the infected user is inside, the sleeper program wakes up and swings into action, launching what is known in the industry as a man-in-the-middle attack, sending instructions to the secure server — which the server believes to be legitimate and the user cannot see — to liquidate the account and transfer the balance overseas using automatic clearing house services.