Friday, June 03, 2011


Trusted identities

The U.S. Postal Service (USPS) now has a way to do a change of address online, on their web site. Nicely, it’s even all using https (SSL/TLS), keeping it encrypted, which is good.

On the first page, you select whether it’s a permanent change or a temporary one, and specify the dates.

On the second page, you select whether the change is for an individual or a whole family.

On the third page, you give the old and new addresses.

On the fourth page, you get this:

For your security, please verify your identity using a credit card or debit card. We’ll need to charge your card $1.00.
[? Help]

To prevent Fraud, we need to verify your identity by charging your card a $1.00 fee. The card’s billing address must match your current address or the address you’re moving to.

If you click the ? Help link, here’s what it tells you:

Identity Verification — Credit/Debit Card

In order to verify your identity, we process a $1 fee to your credit/debit card. The card’s billing address must match either the old or new address entered on the address entry page. This is to prevent fraudulent Change of Address requests.

Please note that the Internet Change of Address Service uses a high level of security on a secure server.

I have a few problems with this:

  1. They’re asking for credit card information in a transaction where no one expects it. They’re assuring you that it’s secure, but how does one know? This is a classic phishing tactic.
  2. They’re assuming you have a credit card to give them. Lots of people don’t have credit cards. I know some.
  3. They’re charging you a dollar to change your address online, a mechanism that’s surely cheaper for them than to have you walk into the post office to do it. That’s nuts.

To be sure, they do have to do something to make sure that people don’t change each other’s addresses as pranks, or worse. But do they really need to charge you a dollar for it? They could make a charge and then rescind it. They could give you an alternative to use a bank account, and verify it the way PayPal does, by making a withdrawal of a few cents and then depositing it back. That would also help for people who have no credit cards, but do have bank accounts — still not everyone, but it’s something.

Or you can just say, Eff this; I’m not giving the post office my credit-card information and paying them a dollar for what I can do for free, and then go into the office and waste a clerk’s time on it.

This is why there are proposals for secure identity verification. The U.S. National Institute of Standards and Technology (NIST) has an initiative called National Strategy for Trusted Identities in Cyberspace (NSTIC) that covers this sort of thing. Whether or not NSTIC is the right answer, we need to get to where we have this kind of verification available, without having to hack the credit-card system for it.


The Ridger, FCD said...

That's odd. They don't charge you to put your mail on hold.

Filip Navara said...

How does this scheme prevent me from changing someone else's address to mine (that I have registered card for)?

Suppose I have the same surname as someone and I want to do a prank on them. I could enter their address with my name, select that I want to apply this to whole family, and finally use my address as the new address. It would be verified against my card.

Barry Leiba said...

Indeed, Filip. That's an attack that the USPS system won't block, and people with common surnames are especially vulnerable to it.

Of course, it would eventually be tracked back to you through your card, but if you can get a stolen card belonging to someone with a common surname, you could steal a lot of mail, possibly leading to some real "identity theft".

HRH said...

Last time I changed my address (Jan of 2008), I filled a change of address card at the local post office, dropped it in the mail box and my address was changed. That simple! There was no identity verification in the process which leaves the current system vulnerable to pranks.

Nathaniel Borenstein said...

The credit card system permits you to run an authorization on your credit card without actually charging you anything -- this is the mechanism typically used when you make a hotel reservation, etc. It has all of the same authentication characteristics as an actual charge, without costing you a cent. The postal service is charging you the $1 because it wants your money, and it sees the credit card authentication feature as a nice excuse.

To be fair, the USPS might actually be paying a fraction of a cent for the authorization. But they're charging you two orders of magnitude above their cost.

Mind you, I have no problem with them charging a dollar for the service; it's probably a reasonable price. But blaming the charge on security strikes me as kind of sleazy.

Barry Leiba said...

«Mind you, I have no problem with them charging a dollar for the service; it's probably a reasonable price.»

The problem I have with it is that they only charge you $1 to do it the way that's cheaper for them, and it's still free to do it the old, manual, expensive way. That's not only sleazy, but nonsensical.

D. said...

I also have to wonder how much the credit card companies are charging the USPS to do this. I highly doubt that they're getting it at a good deal, so the card companies are making money off it as the USPS continues to lose money every year.

Nathaniel Borenstein said...

The charge resembles ATM fees -- they charge you more for using a mechanism that costs them less than your using a teller for free, and as a socialist (mostly) I have a problem with that. But capitalism is based on the premise that you charge what the market will bear, and I have no doubt the market could bear a $1 charge here.

Basically, I don't think the $1 charge is at odds with the logic and premises of modern capitalism. But lying to your customers is supposed to be.

Also, in response to D's comment: I suspect that the USPS produces enough volume in credit card transactions to get a very, very good rate, even if government is usually a terrible negotiator about such things. It's all about the volume.