Yes! Subscribe me to your eBilling Insight Newsletter

 
Newsflash #22 4th October 2005
Why Secure eBilling is Unphishable

'Phishing' is increasingly becoming a topic of conversation, with many companies and organizations feeling vulnerable to this very real security threat. This was overwhelmingly evident to us after various conversations with senior executives at some of the largest banks in North America.

Webopedia defines Phishing as: (fishing) (n.) The act of sending an email to a user, falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

The email directs the user to visit a website where they are asked to update personal information, such as credit card, social security, and bank account numbers, as well as passwords, which the legitimate organization already has. The website, however, is bogus and set up only to steal the user's information.

'Why securely encrypted email billing is unphishable'

One of the fundamentals of 'push' email billing & statements is that the recipient is NOT required to visit or log-in to any website. This in itself is the major strategic reason why such a 'DELIVERY' mechanism cannot be phished.

There are however many additional and compelling reasons why a securely encrypted email bill / statement is unphishable:

  • Phishers only ever have your email address, however a secure eBill is fully personalized in many ways:
    • The subject line can contain your name. For example: "Mr. Paul Smith: Your January America Express Credit Card Statement"
    • Your name is also included in the greeting in the mail body: "Dear Paul"
    • The mail body can contain your full physical address, as well as the last four digits of your credit card number . E.g.: ****-***-1234
  • Striata emails are digitally signed to authenticate the 'sender'. Click here for more information on the 'Striata Signed' process.
    and action consistent with all relevant federal statutes.
  • The securely encrypted email bill / statement is attached. It is not possible for a phisher to have this detailed information.
  • Authentication / decryption is an offline process with NO sensitive data passing over the Internet or being entered into a publicly accessible website.
  • Once decrypted, the bill or statement is viewed in an offline format on the user's local machine.
  • Should payment of a bill be required, the Striata BillPay functionality allows payment directly from within the encrypted document, without the need to enter any sensitive payment information into a website.

Financial institutions and other billers that rely on email notifications to drive their consumers to their websites will continue to be targets for phishing and other fraudulent activities. Secure eBilling completely eliminates this threat whilst offering simple and convenient bill presentment & payment.

We'd welcome the opportunity to get your views and discuss this subject further. We look forward to hearing from you.

Regards,

 
 

Garin Toren
Chief Operating Officer

Toll free: +1 88 88 USAPAY

Striata ~ North, Central & South America
Messaging innovation

Striata.com | Contact us | Unsubscribe | Press Office | Past Newsflashes | Striata BillPay
Editorial: 48 Wall Street, Suite 1100, New York, NY, 10005. Visit our Press Office here

(c) 2005 Striata North America. You may forward this newsletter without cutting. All other rights reserved. Contact us for reprints/story use at usa @ striata.com, or call +1 88 88 USAPAY.

To unsubscribe: Send a blank email to leave-usanews @ usa.striata.com or call us at (877) 531 9666 for assistance.
Have you received this email from a friend or colleague? Why not get your own copy of our bi-monthly Newsflash about 'Electronic Invoice Presentment & Payment'. To join now Go here