The United States Postal Service has been the mise-en-scène of a dramatic hike in identity-related crime made possible by insufficient verification controls on the company’s Moversguide page.
The Moversguide page provides an online form to order a change of address; it works, but the service allows anyone to process the application without verifying their identity. This means that criminals can easily change someone’s address, redirect the victim’s mail to themselves, and use the victim’s mail to commit identity-related crimes.
The opportunity has not been neglected by criminals: Cases of fraudulent Change of Address requests have increased from 8,857 in 2020 to 23,606 in 2021. It only costs about a dollar to process the form. There is no impediment.
There is the obvious cost to victims, but the poorly thought-out service is yet another dent in the USPS brand, which has been on a public relations losing streak for quite some time. Identity verification is a critical security measure to combat fraud, and this latest security failure puts a spotlight on an antiquated federal service.
While management has claimed the identity protections provided are sufficient, the USPS Inspector General admitted the Change of Address feature had failed to implement sufficiently rigorous identity verification features.
While the strength of the security measures may be in dispute, the current rise of data breaches and identity theft is not. As the risk of fraud escalates, it is critical that USPS (and any other organization that stores or processes consumer data) bolster their security measures and protect the personal information of their customers.
