A new report from the United States Postal Service (USPS) Office of Inspector General (OIG) is calling on the agency to improve its online identity verification controls after finding the number of fraudulent change of addresses (COAs) has increased by 167 percent.
The report is also drawing pushback from the Postal Service, which says the OIG’s recommended fix would be costly and potentially harmful to many customers.
Specifically, the OIG report says that the total number of fraudulent COAs jumped from 8,857 to 23,606 between 2020 and 2021. The report found the USPS “did not implement effective identity verification controls” on its Moversguide application, which allows customers to submit a COA request online.
The USPS charges customers $1.10 to use the service, totaling a refundable revenue amount of $21.8 million for identity validation services that were not provided.
“Identity verification is an important security measure to combat fraud because it ensures that a person is who they claim to be when performing online transactions,” the report says. “With data breaches and identity theft on the rise, it is important that businesses ensure that they protect customer information from identity fraud.”
The OIG recommended that USPS develop controls – and ensure those controls are in place – to verify that online change of address requests are authorized by the resident of the address.
“Ineffective identity verification controls allow bad actors to use Moversguide to facilitate mail and identity theft against Postal Service customers, which could result in a financial loss to customers and negative impact on the Postal Service brand,” the report says.
However, USPS management disagreed with the OIG’s findings, saying its current controls are “sufficient.”
“Management’s analysis concludes that the OIG recommendation would harm several million customers to achieve an incremental risk reduction for several thousand customers and incur higher costs for the USPS,” the agency said in response to the OIG report.
The OIG said it considers the USPS management’s comments “nonresponsive to the findings and recommendations in the report” and will plan to pursue its “unresolved” recommendations through the audit resolution process.