Snail mail more secure than email?

Postal services are now looking at how they can adapt to the evolving communications paradigm; searching for a niche they can fill to keep the business afloat; looking for ways to turn the tide on electronic communications. Recent internet security scares have provided a straw for USPS to grasp at and their recent advertising campaign has focused on the safety and security of snail-mail; “A refrigerator [with a paper bill stuck to it with a magnet] has never been hacked,” they tell us. Some USPS executives suggest focusing on the hand delivery of documents too sensitive to be entrusted to email.

Certainly web-portals can be hacked and so, there is concern that phishing attacks can compromise the security of such sites. Such security breaches can be on a massive scale, as has been recently observed. But how about secure email delivery of bills and statements, policies and other sensitive documents?

It comes down to 256-bit encryption vs. the trusty postman

The delivery of password protected, encrypted documents via email is fundamentally the safest, most secure option. Why? Because there is no central repository to hack into, and should the email somehow fall into the wrong hands, 256-bit encryption ensures that it can’t be opened without the password. How long do you think a hacker would be prepared to spend to open just one eBill or eStatement, with no facility to go any further once he’s “in”?

And the idea that human involvement in the delivery process is more secure than using electronic channels, is also flawed. Here in Hong Kong, we have an excellent Post Office, but in the past two weeks, I’ve had two letters delivered to my house by mistake. One was a credit-card bill addressed to someone in the next village – the postman clearly misread the address, and the other was an insurance policy, where the recipient name wasn’t mine, but the address was – a data error at the insurance company. In both cases, I’d opened the envelopes and read the documents before I’d realised they weren’t for me. In the electronic world, the credit-card statement would never have been sent to me because email servers don’t “misread” email addresses, and had I received the insurance policy due to a data entry error, I wouldn’t have been able to open it without the required password.

So, while I feel for the plight of the Post Office and I enjoy the friendly wave from my postman as he does his rounds, running a PR and Marketing campaign that smears email security and focusing on the delivery of sensitive documents isn’t going to provide the necessary lifeline to stop the decline in postal figures.

I don’t have the answer to the Post Offices’ problems, but I suggest the following: if you’re looking to deliver documents to your customers, sensitive or otherwise, perhaps you should consider the following questions:

• What is the fastest method of delivery available?
• What’s the most cost-effective method of delivery?
• What level of security is required to ensure the safety of the data being delivered?
• What can I do to encourage my customers to adopt the most appropriate delivery channel?

And if the answers aren’t immediately clear, don’t “go postal”