This article appeared in the November/December, 2018 issue of Mailing Systems Technology.
The United States Postal Service has a mandate to protect both the mail in general and the privacy of its customers. Considering the growing risk of identity theft with the current change of address (COA) service, the Postal Service continues to evaluate a variety of additional controls to enhance the security of the USPS.
A recent development raised the awareness of this potential area of vulnerability. As reported by the Chicago Tribune earlier this year, a manual COA form was filed, claiming that UPS had moved its headquarters from a business park in Atlanta to a tiny apartment in the Rogers Park neighborhood of Chicago. According to the article, “Not only did the change go through, but it also took months for anyone to catch on. In the meantime, so many thousands of pieces of First-Class Mail meant for UPS poured into the [the] apartment.”
What’s the Magnitude of the Potential Risk?
Let’s put this into perspective. In FY 2017, the Postal Service processed 36.8 million COA requests; 20.6 million were hard copy requests, while 16.2 million were processed online through the Mover’s Guide platform. Roughly 96% were residential changes, while only four percent were business changes.
Jim Wilson, USPS Manager of Address Management, leads the change of address support group in Memphis. This group is dedicated to responding and investigating all COA-related questions. According to Wilson, in FY 2017, 46,200 COA related complaints were handled by this support group, with 92% resolved as valid changes and the remaining eight percent, or 3,557 COA requests, treated as “unauthorized COA” and handed over to the U.S. Postal Inspection Service.
According to the USPS Office of the Inspector General, the United States Postal Inspection Service has received nearly 25,000 COA complaints since January 2016, including 8,900 in 2016, 11,000 in 2017, and 5,000 in the first three months of 2018 alone. It appears that the problem is growing each year. So, the question must be asked – what is the Postal Service doing about it?
At the October 2018 Mailers’ Technical Advisory Committee (MTAC) meetings, Wilson provided an update on additional security measures that are currently implemented or being considered. Some of these include:
· Requiring all business COAs to use the online Mover’s Guide and establishing minimum lead times prior to the move.
· Adding business partner addresses to the COA watch list. The Postal Service’s Business Alliance team is then alerted when COAs are detected so they can conduct a local review.
· Use of further pattern analytics.
· Implementation of a disaster response option on the COA website. They also activated an emergency COA function that allows USPS personnel to submit COAs for persons temporarily living in shelters.
· Adding a rapid key process to the online COA, which resulted in significant improvement in the quality of customers’ input data.
· Directly reaching out to customers who input invalid addresses.
· Implementing COA retail kiosk stations to assist people in filing their requests.
· Developing a USPS webpage to allow customers to view, update, or cancel their change requests. You can find that website here:
Also, MTAC will be initiating a workgroup to focus on details surrounding business COAs. The workgroup will focus on needs, features, and capabilities that may impact business customers with an overall objective to provide recommendations that improve the COA process for these customers and Hold Mail for businesses.
Wilson is committed to continuing to look for additional security measures, including the utilization of Informed Visibility, eDocumentation, and the Full Service IMb to assist them in analyzing issues around the Change of Address process.
So, What More Can Be Done?
In August of this year, the USPS Office of the Inspector General (OIG) issued an audit report titled, “Change of Address Identity Verification Internal Controls” (Report Number MS-AR-18-005). The audit was self-initiated but was fueled by concerns expressed by Congress, customer complaints, and news outlets. Concerns were raised about the security related to the COA service and the conceivable risk that the service could be used for fraudulent activities.
In the report, the OIG recommended that USPS management develop and implement a national policy requiring customers to present a government-issued form of identification when submitting a hard copy, in-person COA request. The Postal Service agreed with this recommendation and committed to this policy with a target implementation date of March 31, 2019.
The OIG also made a recommendation to develop and incorporate certain changes into its online COA process. Although parts of the audit report are redacted, as it’s likely that the specific security measures would be rendered ineffective if they were made public, an example of a commonly used practice like requiring a customer to enter a random eight-digit code sent to a separate email or cell phone account linked to that customer was presented. This OIG recommendation was also accepted by USPS management, and a target implementation date was set for September 30, 2019.
What About Non-COA Moves?
Although industry-provided COA solutions don’t lend themselves to the same security concerns, the data can be an invaluable resource to keep up with people who do not file their move information with the Postal Service. It is estimated that nearly 40% of US moves are not filed in a timely manner, if at all.
Competition for marketing budgets requires organizations to produce measurable results for their customers. Ensuring a customer’s data is compliant with USPS regulations by utilizing CASS and NCOALink is now only the first step, which is why some software providers provide data quality tools that allow mailers to correct addresses and locate move information from private, third-party resources. These tools allow you to go beyond compliance to ensure you have the most complete, correct, and current data available, making a measurable difference in improving campaign performance and increasing your return on investment.
Be on the lookout for these new policies and updates to the change of address process as 2019 progresses.
Anita Pursley is Senior Manager of Industry Affairs, BCC Software.