The recent data breach at Equifax, which is believed to have impacted over 143 million U.S. consumers, set off a firestorm of discussion about how to keep credit reporting data secure.
Not only did Equifax wait too long to reveal the breach, but it also wasn't well prepared for the consequences and backlash from consumers and the government. But there are signs of improvement for the entire industry. Investments in blockchain technology and a wave of acquisitions could give the credit reporting industry more tools to combat breaches in the future.
The blockchain decentralizes security efforts, making it harder for breaches to occur because there is no single failure point. Civic Technologies, founded in 2015, has raised $2.75 million to date to build a platform that uses a decentralized authentication model. SecureKey, which is tackling identify verification using blockchain technologies, raised $27 million CDN from a consortium of Canadian banks in 2016.
The advent of blockchain technology may prove to be disruptive to traditional credit reporting agencies by decentralizing data aggregation and allowing consumers to take ownership of their data through a personalized wallet they could share with prospective lenders. This concept would allow individuals and businesses to store their data on their own devices and efficiently share that data with anyone who needs to review or validate it.
TransUnion and Equifax have joined in a trial with many of Canada’s largest banks to use blockchain technology for identity verification. The trial network maintains transaction records and confidential data is shared with parties only when the consumer authorizes a release of information.
A more efficient ecosystem for credit data is on the horizon, led by new innovative technologies and startups. The most likely result will be a combination of a centralized and decentralized system, which will force existing centralized systems to operate in a more transparent manner. As long as security is strong, we anticipate a robust ecosystem could thrive as trust builds. However, we are many years away from an ideal credit reporting system.
A recent uptick in merger and acquisition deals and partnerships in the credit reporting space indicates that the credit reporting agencies understand an even greater need to improve their security, but are these partnerships enough to prevent another breach like Equifax experienced?
Experian entered into several partnerships in 2017 to bolster security. In January, they signed a multiyear agreement with cybersecurity and analytics company UST Global to develop software that is in line with global standards. To combat fraud and improve cybersecurity, Experian also partnered with Daon, a biometric authentication company, in March.
Before announcing the credit data breach, Equifax acquired ID Watchdog for $63 million. This transaction closed on Aug. 10, and was valued at 5.6 times revenue. ID Watchdog’s technology provides identity theft protection and breach resolution to the employee benefits marketplace. These partnerships are just a few among many and indicate the growing importance that companies are placing on security in order to mitigate fraud and data breaches.
Aside from cybersecurity, other deals have focused on the need for improved analytics as credit reporting agencies and analytics companies partner to improve their predictions about consumer behavior. Collection of data is less profitable to CRAs than the analytics around that data.
New entrants to this space are nipping at the heels of incumbents, such as Dun & Bradstreet, with innovative approaches and technology. Expanding the analytics and mining rich data will help with the accuracy of credit scores and ultimately the assessment of risk. The additional analytics allow for the opening of credit to "credit invisibles," those who are underbanked or have little to no credit history.