Equifax to utilise authorisation database for ecommerce

Credit rating agency, Equifax, is to start using the financial records of UK consumers to authenticate online transactions. The move has provoked concerns from UK data protection registrars.

Full details have not yet been disclosed, but one senior executive at Equifax said the service would enable retailers of restricted goods to ensure their online customers were legal.

"It'll be useful for selling age-related stuff like firearms or adult videos," he told Silicon.com.

The authentication service will check consumers are eligible to make their purchase by firing questions at them, based on financial information held in Equifax's master database. Online retailers would pay Equifax for the service.

Consumers will be given the option to refuse access to their personal data, but if they do, they won't be able to complete the sale. Equifax stores information on all UK consumers, supplied by leading financial services, utilities and the electoral roll.

"We call this 'shared secrets'", the senior executive continued. "It authenticates the user, without identifying them in the way a digital signature does. We can find out if they're under 18 or if they have a criminal record, by using pattern-matching technology."

David Kerr, CEO Internet Watch Foundation, commented: "This sounds like a useful service because it ensures that where adult videos are being sold, they are being sold legally."

But David Smith, an assistant registrar at the UK Data Protection Registrar, was alarmed that Equifax could be infringing on data protection laws. He told Silicon.com: "Consumers who want to secure a mortgage or a personal loan have to give consent for Equifax to use their data for credit decisions, fraud prevention and debt tracing. It would be unfair for Equifax to then put the consumer in a position where they had to give their consent for the data to be used for another purpose."

He said he would investigate the issue further, under the new data protection laws.