Illustration: Sarah Grillo/Axios
Credit reporting agency TransUnion is testing new token-based technology to prevent sensitive customer information from being shared whenever a third party requests a credit report, the vendor behind the report said. technology at Axios.
Why is this important: If adopted, the token could allow TransUnion to encrypt sensitive customer data and limit its spread, adding another layer of security to the hordes of data the credit reporting agency collects on people.
Details: Spring Labs’ new service, TrueZero, encrypts sensitive user information into tokens before it lands on a customer’s servers.
- Once encrypted, the token ensures that “no third party can steal or see any of this sensitive data,” says John Sun, CEO of Spring Labs.
- In the case of TransUnion, this could mean that any provider requesting someone’s credit report should only see relevant information such as payment history or collection information.
- Sun tells Axios that “anything used universally as an identifier for this customer” is considered sensitive information, including social security numbers, dates of birth, phone numbers, and email addresses.
The big picture: Financial institutions have slowly but surely adopted tokenized technology to better secure customer data in recent months.
- Visa said in august that the company had issued more than 4 billion network tokens globally, exceeding the number of physical cards in circulation. The tokens replace the traditional 16-digit account number with an encrypted code.
What they say : “Obviously, there will always be entities that need to collect information about you,” Sun says. “But our goal is to make sure it doesn’t spread throughout the whole ecosystem every time there’s a question about your history or your credit or something like that.”
Between the lines: Credit reporting agencies have been at the center of several data breaches in recent years, highlighting the need for new security measures.
Sign up for the Axios Codebook cybersecurity newsletter here.