The U.S. Postal Service (USPS) now has a way to do a change of address online, on their web site. Nicely, it’s even all using https (SSL/TLS), keeping it encrypted, which is good.
On the first page, you select whether it’s a permanent change or a temporary one, and specify the dates.
On the second page, you select whether the change is for an individual or a whole family.
On the third page, you give the old and new addresses.
On the fourth page, you get this:
For your security, please verify your identity using a credit card or debit card. We’ll need to charge your card $1.00.
To prevent Fraud, we need to verify your identity by charging your card a $1.00 fee. The card’s billing address must match your current address or the address you’re moving to.
If you click the
? Help link, here’s what it tells you:
Identity Verification — Credit/Debit Card
In order to verify your identity, we process a $1 fee to your credit/debit card. The card’s billing address must match either the old or new address entered on the address entry page. This is to prevent fraudulent Change of Address requests.
Please note that the Internet Change of Address Service uses a high level of security on a secure server.
I have a few problems with this:
- They’re asking for credit card information in a transaction where no one expects it. They’re assuring you that it’s secure, but how does one know? This is a classic
- They’re assuming you have a credit card to give them. Lots of people don’t have credit cards. I know some.
- They’re charging you a dollar to change your address online, a mechanism that’s surely cheaper for them than to have you walk into the post office to do it. That’s nuts.
To be sure, they do have to do something to make sure that people don’t change each other’s addresses as pranks, or worse. But do they really need to charge you a dollar for it? They could make a charge and then rescind it. They could give you an alternative to use a bank account, and verify it the way PayPal does, by making a withdrawal of a few cents and then depositing it back. That would also help for people who have no credit cards, but do have bank accounts — still not everyone, but it’s something.
Or you can just say,
Eff this; I’m not giving the post office my credit-card information and paying them a dollar for what I can do for free, and then go into the office and waste a clerk’s time on it.
This is why there are proposals for secure identity verification. The U.S. National Institute of Standards and Technology (NIST) has an initiative called National Strategy for Trusted Identities in Cyberspace (NSTIC) that covers this sort of thing. Whether or not NSTIC is the right answer, we need to get to where we have this kind of verification available, without having to hack the credit-card system for it.