Another sign this week that security standards are continuing their slow, painful growth towards maturity. But is it enough?
Global credit-scoring agencies Equifax, Experian and TransUnion are reported to be looking at developing a joint system for exchanging customer data in encrypted form. They currently secure data using their own encryption schemes, but apparently dont necessarily move it around to the same levels of security.
The standard proposed would be 3DES or AES, the minimum youd hope for as a starting point.
Despite sounding dull, credit scoring is the foundation of the modern economy because it dictates who gets to borrow money, and on what terms, and who doesnt. This makes the information especially valuable, and failures potentially disastrous if it is not secured when being exchanged.
The credit scoring industry has had similar problems in the past, though not so far on the same gargantuan scale. Of course, the bigger problem in all this is that there is still no legislation on compelling companies to reveal data theft disclosure (though the U.S. has some in the pipeline).
Until that happens across the developed world, consumers will still be vulnerable to the cover up, and new developments in encryption will continue to be seen as public relations exercises. As ever, legislation will move more slowly than technology.