Anti-Phishing Protection
Financial institutions and other billers that rely on email notifications to drive consumers to their websites will continue to be targets for phishing and other fraudulent activities. Secure eBilling completely eliminates this threat, whilst offering simple and convenient bill presentment and payment.

The single, most phishable process is to teach customers to expect an email once a month saying "Your Statement is now ready - click here to view it" which takes the recipient to a login page.

One of the fundamentals of 'push' email billing and statements is that the recipient is not required to visit or log-in to any website. The entire contents of the bill or statement are delivered in the email package. This in itself is the major strategic reason why such a 'delivery' mechanism is not susceptible to phishing.

There are however many additional and compelling reasons why a secure (encrypted) email bill / statement is unphishable:
Phishers only ever have your email address, whereas a secure eBill is fully personalized and thus secure in many ways:
  • The subject line can contain your name. For example: "Mr. Paul Smith: Your January America Express Credit Card Statement"
  • Your name is also included in the greeting in the email body: "Dear Paul"
  • The email body can contain your full physical address, as well as the last four digits of your credit card number . E.g.: ...1234 in the form of the Striata Antiphishing Device.
    antiphishing_personalisation.jpg

This is a selected and known area on the face of the email (above the fold), that contains personal information that is easily identifiable by the recipient. Provision of this information is proof that the sender of the email has intimate knowledge of the recipient.

  • The secure (encrypted) email bill / statement is attached to the email. It is not possible for a phisher to have this detailed information.
  • Authentication / decryption is an offline process with NO sensitive data passing over the Internet or being entered into a publicly accessible website.
  • Striata's Encrypted solution provides an extra layer of phishing protection, as only Striata is able to generate .emc files that work with the Striata Reader.
  • Once decrypted, the bill or statement is viewed in an offline format on the user's local machine.
  • Should payment of a bill be required, the Striata BillPay functionality enables payment directly from within the encrypted document, without the need to enter any sensitive payment information onto a website.
  • Striata emails are digitally signed to authenticate the 'sender' using industry standard protocols.

US Postal Service Electronic Postmark

  • In the USA, Striata emails can include a United States Postal Service Electronic Postmark (USPS EPM): An EPM Trusted Transaction combines the digital signature of the sender with a unique official digital signature and timestamp issued by the USPS. The EPM is embedded cryptographically inside the graphical postmark certificate attached to the message. EPM Trusted Transactions bring together the following attributes:
    • Trusted USPS Branding - The USPS brand is ubiquitous and trusted by consumers
    • Accreditation - Senders must agree to abide by USPS guidelines, the federal Mail statutes, and the CAN-SPAM Act.
    • Authentication - All messages are signed cryptographically by the sender and by the USPS. The attributes of the email transaction are incorporated into the EPM certificate.
    • Verification - A variety of mechanisms are provided to verify the authenticity of incoming mail, including 'forward to verify' and 'click to verify'.
    • Enforcement - Should fraudulent use of USPS EPM be detected, the matter will be referred to the Postal Service Inspection Service for possible review and action - consistent with all relevant federal statutes.

      epostmark_stamp.jpg