'Why securely encrypted email billing is unphishable'

One of the fundamentals of 'push' email billing & statements is that the recipient is NOT required to visit or log-in to any website. This in itself is the major strategic reason why such a 'DELIVERY' mechanism cannot be phished.

There are however many additional and compelling reasons why a securely encrypted email bill / statement is unphishable:

• Phishers only ever have your email address, however a secure email bill is fully personalized in many ways:
  • The subject line can contain your name. For example: "Mr. Paul Smith: Your January America Express Credit Card Statement"
  • Your name is also included in the greeting in the mail body: "Dear Paul"
  • The mail body can contain your full physical address, as well as the last four digits of your credit card number . E.g.: ****-***-1234
• Striata secure emails are digitally signed to authenticate the 'sender'. Click here for more information on the 'Striata Signed' process.
• Striata secure emails include a United States Postal Service Electronic Postmark (USPS EPM):
  • An EPM Trusted Transaction combines the digital signature of the sender with a unique official digital signature and timestamp issued by the USPS. The EPM is embedded cryptographically inside the graphical postmark certificate attached to the message. EPM Trusted Transactions bring together for the first time in a single solution all the attributes of a complete email authentication solution:
    • Trusted USPS Branding - The USPS brand is ubiquitous and trusted by consumers.
    • Accreditation - Senders must agree to abide by USPS guidelines, the federal Mail statutes, and the CAN-SPAM Act.
    • Authentication - All messages are signed cryptographically by the sender and by the USPS. The attributes of the email transaction are incorporated into the EPM certificate.
    • Verification - A variety of mechanisms are provided to verify the authenticity of incoming mail, including 'forward to verify' and 'click to verify'.
    • Enforcement - Should fraudulent use of USPS EPM be detected, the matter will be referred to the Postal Service Inspection Service for possible review and action consistent with all relevant federal statutes.
• The securely encrypted email bill / statement is attached. It is not possible for a phisher to have this detailed information.
• Authentication / decryption is an offline process with NO sensitive data passing over the Internet or being entered into a publicly accessible website.
• Once decrypted, the bill or statement is viewed in an offline format on the user's local machine.
• Should payment of a bill be required, the Striata BillPay functionality allows payment directly from within the encrypted document, without the need to enter any sensitive payment information into a website.

Financial institutions and other billers that rely on email notifications to drive their consumers to their websites will continue to be targets for phishing and other fraudulent activities. Secure email billing completely eliminates this threat whilst offering simple and convenient bill presentment & payment.