Posts Tagged ‘E-mail security’

Not the Right Way to Use E-Mail

Thursday, February 19th, 2009
Looks Innocent Enough

Looks Innocent Enough

You package a great deal of sensitive information about yourself in one bundle when you apply for a mortgage. And that information is re-transmitted whenever a mortgage broker works on your behalf or when your mortgage is sold and re-sold again in secondary markets. You would hope that financial institutions would handle such private information in the appropriate manner, but your hope might be misplaced. Wolters Kluwer Financial Services surveyed executives from 350 odd banks, credits unions and mortgage companies as to how they transmit financial data. (This particular company sells secure document delivery software to financial institutions.) Almost two-thirds of those surveyed use traditional e-mail services rather than secure encrypted online delivery technologies, thereby exposing mortgage applicants to greater risk for identity theft and other forms of financial fraud. You must never transmit sensitive information by e-mail. Automated algorithms, known as “bots” routinely hack into e-mail messages searching for 16-digit and 9-digit numerical sequences in the hope of finding valid credit card and social security numbers. The damage to your credit rating and reputation can be devastating.

I had this experience in the aftermath of 9-11 when a non-profit organization based in Lower Manhattan, which had the contract for processing certain disaster relief programs, transmitted my social security number in an e-mail message to a government agency. I learned of this when the recipient forwarded the e-mail message to me and I traced the thread of attachments. I brought this to the attention of the relevant federal government agency (which funded this particular disaster relief program) to no avail. I had hoped that the federal government would sanction or terminate contracts with providers that fail to handle sensitive information in a responsible manner. It is bad enough to experience a major disaster, but when the agencies paid to “help” you act recklessly and expose you to greater losses, that is inexcusable. To end the story, I received the letter from the federal government agency in question who punted the matter to the New York City agency coordinating disaster relief efforts which, in turn, wrote to me assuring me that the matter was under investigation. That was six years ago. I am still waiting for the results of this investigation which were promised to me.

Your customers won’t likely be as forgiving of irresponsible data handling practices. We are small businesses, not large, indifferent bureaucracies. So never transmit sensitive financial information via e-mail. Use a secure, encrypted online service instead.