The Credit Bureaus are moving towards a new standard to protect personal identity information in credit reports.

Experian has adapted the PCI-DSS and renamed it Experian Independent Third Party Assessment (EI3PA). Trans Union and Equifax are expected to follow suit.

The EI3PA is an annual assessment of a reseller’s ability to protect the Experian-provided personal sensitive information. It also has quarterly scans for network vulnerabilities. Although similar to the PCI DSS, and QSAs will be doing the assessments, approval comes from Experian only, not from a card issuer or issuing bank.