Fleur Baars, senior consultant at Prime Competence, discusses the issues surrounding modern mailbox security and what can be done to protect the postal network
It started with a simple question from a leading postal operator: “Do you have any strategies that can discourage invoice fraud in our mail network?” Today, following a proof-of-concept project in postal smart access management headed by Prime Competence and a major European post, the answer to this question is ready to be shared with other operators who can employ the same methods – and share the same benefits.
The interception of mail for criminal purposes is unfortunately on the rise. In the case of invoice fraud, the trend is global in nature, with the majority of research indicating staggering losses for SMEs. What’s more, according to a 2016 study by 3GEM and Tungsten Network, over half of UK businesses (54%) view it as their single biggest threat, while 47% have actually received a fraudulent or suspicious invoice.
Invoice fraud relies on criminals intercepting the mail, typically direct from the mailbox in locations that receive a lot of commercial post. Invoices are identified and key details modified, such as the billing address and bank account numbers for receiving payments. These invoices re-enter the mail-stream via the mailbox network and are delivered as originally intended. In many cases, the initial modified invoice leads to many fake future invoices, multiplying the impact of this type of fraud.
The new proof-of-concept focused on the challenges of current mailbox security, identifying weaknesses and highlighting areas for improvement. Utilizing the latest developments in technology, it not only demonstrated enhanced security, but advantages from monitoring access, proving your compliance and providing a data platform for future innovations.
Mailboxes the world over tend to rely on simple mechanical locks, or even special keys. So, how can postal services control access in this environment? Who has access, and when? It is a complex issue and an administration problem as much as a security one. However, postal services can play a key part in prevention by securing all steps during distribution in a smart way and eliminating the possibility of criminals intercepting the mail, impacting the problem at source.
Some suggest that a solution already exists in electronic billing. However, fraud involving e-billing is accelerating faster than ever, so it’s certainly no silver bullet to fix the invoice fraud issue, especially in the SME sector. A 2015 report from Financial Fraud Action UK exposed the growing trend, ranging from emails with fake invoices to invoices that contain malicious software which can log financial information and be used to steal funds. Several experts in the field are even suggesting a return to paper billing as a solution to e-billing fraud.
Protecting integrity and security
Ultimately, trust is at the heart of this issue, and more than ever postal services need to act to protect the integrity and security of their distribution networks.
The aforementioned proof-of-concept comprises a secure AES-256 (advanced encryption standard) electronic lock combined with a cloud-based management platform that activates and deactivates access for mailmen, connecting their existing smart devices to overall workforce planning.
The smart lock within the mailbox includes a control board and battery power supply that enables additional functionality such as mailbox fill-level detection, air quality and noise measurements, while LAN and WAN networking with other assets/devices creates a postal data network. A mailbox network with a dense coverage is able to connect with other devices, thus enabling the collection and exchange of information; information that is valuable to third-parties interested in security, healthcare and public services, for example.
Pre-requisites for the development were low cost, size and ability to be retrofitted to existing mailboxes, PO boxes, parcel lockers and unmanned locations – and even existing handheld devices used in today’s process.
The cloud-based management platform provides a scalable back-end for running the solution, connecting to the smart device of the mailman and ensuring that only an authorized individual may open specific mailboxes. At device level, the application can be easily integrated in your existing application.
From a traceability perspective, the solution not only records who accessed a mailbox and when, but whether it was emptied or not closed correctly, for example. Every transaction is registered in the system log, and in cases where action needs immediate attention, an alert is created automatically.
A connected future
The latest Gartner study forecasts there will be 20.8 billion “connected things” in use by the year 2020. This mega-trend in IT is highly relevant for the dense networks operated by postal services. Today, connected things may be cars, refrigerators or light bulbs, but tomorrow why not mailboxes, delivery trucks, mailmen devices, cages and bags?
Administering access to infrastructure such as mailboxes can be a headache, especially in an environment where the workforce is increasingly flexible or utilizing agency staff rather than long-term employees. Furthermore, the management of keys and ensuring the right person can access the mailbox locations at the right time can be a considerable administration overhead. Today, these issues can be alleviated via a system where users are authorized remotely from a central IT system, based on specific working days, times of day and location. Equally, access can be revoked at any time, live.
Prime Competence and its partner would like to share their findings of this proof-of-concept with other postal operators, such that security across the industry may be enhanced. After all, every postal service has a responsibility to take all necessary steps to prevent security breaches in its distribution network.
December 16, 2016