The USPS Office of the Inspector General recommends stricter identity verification controls online, while management disagrees.
Fraudulent changes of address conducted online via digital tools provided by the U.S. Postal Service skyrocketed from 2020 to 2021, linked to cases of ineffective identity verification within the agency’s technology.
Outlined in a new report from the USPS Inspector General, the Postal Service reportedly did not implement stringent enough identity verification controls on its Moversguide page, a website specifically intended to help complete a formal online change of address.
This can lead to identity theft with the interception of sensitive information via mail.
“Identity verification is an important security measure to combat fraud, because it ensures that a person is who they claim to be when performing online transactions,” the report reads. “With data breaches and identity theft on the rise, it is important that businesses ensure that they protect customer information from identity fraud.”
The total number of cases of identity fraud recorded jumped from 8,857 to 23,606 between 2020 and 2021. Using the service costs $1.10 per customer submitting a change of address, bringing the total refundable sum to $21,828,827 for identity validation services that were not provided during this time.
USPS management told the third party authors of the report that the Moversguide webpage was initially designed to not implement robust identity verification controls to ensure the request for a change of address is legitimate. The chief recommendation is to implement more effective identity verification technology on the Moversguide application to prevent fraud.
“Ineffective identity verification controls allow bad actors to use Moversguide to facilitate mail and identity theft against Postal Service customers, which could result in a financial loss to customers and negative impact on the Postal Service brand,” the report said.
USPS management ultimately disagreed with the observations noted in the report, primarily the monetary impact of the instances of identity fraud. Officials stated that they conducted a thorough assessment of the control in place to verify identities of customers requesting a change of address, and found them to be “sufficient.”
Management also noted that following through with the OIG’s recommendations to implement stricter identity controls would harm millions of customers “to achieve an incremental risk reduction for several thousand customers.”