When Is Tracking a Package a Security Risk?
Who doesn’t like to track packages? As soon as we order something from Amazon, we eagerly count down the days until it arrives. The USPS wants to make tracking packages, and all forms of mail, easier with their Informed Delivery service.
By signing up for Informed Delivery, you are able to view scanned images of all your letter-sized mail before it arrives in your mailbox and manage incoming packages. Informed Delivery is meant to keep consumers informed about their mail and reduce mail theft. Unfortunately, this service can pose a major security risk, security experts warn.
Private investigators, stalkers, identity thieves, and ex-partners could take advantage of this service to collect information on their targets. USPS insists they are taking steps to protect consumers who sign up for Informed Delivery, but at the moment, their security system leaves much to be desired. Signing up for the service is as simple as providing a resident’s name, address, and email, then validating with four knowledge-based authentication (KBA) questions. Using KBA questions as a form of security is a heavily criticized practice, considering the answers to these questions can be easily found through social media.
Furthermore, USPS does not notify a household when someone signs up for Informed Delivery at their location. Someone could be viewing all mail sent to your home or office, and you would have no way to know.
The USPS claimed consumers could request the service not be provided to anyone at their household by visiting the USPS Help Desk online. However, when security expert Brian Krebs ran the story on his blog back in October, readers commented saying that when they contacted the Help Desk, they were told, “There is no way to make your home address ineligible for Informed Delivery.” It seems the best way to make sure other people aren’t able to sign up for the service in your name is to sign up for Informed Delivery yourself, first.
Most experts advise avoiding the service until the security improves, but considering how easy it would be for someone else to sign up in your name, ignoring the service can be equally damaging. In his aforementioned blog, Brian Krebs recommended consumers address this problem by freezing their credit files with the major consumer credit reporting bureaus. This way, you cannot be asked the KBA questions, and your household cannot be signed up for Informed Delivery.