USPS keeping identities safe one delivery at a time

The U.S. Postal Service, like many agencies, employs the use of technology in a wide variety of different applications. From package scanners to internal information systems, the Postal Service relies on well-honed management to keep its users and workers’ identities protected.

As an agency with thousands of stakeholders, the ID management strategy becomes even more important, according to the USPS vice president.

“[With] 600,000 users, identity plays a significant role in being able to help assure that the Postal Service is properly managing our infrastructure,” Gregory Crabb, VP and chief information security officer, said on Identity Governance Month. “In doing so, it’s important that we put strong internal controls over our identity management infrastructure.”

What does that entail? Refined verification, as well as a newer service offered by USPS called informed delivery, currently available to 7.5 million citizens.

According to the website, this service allows users to “digitally preview your mail and manage your packages scheduled to arrive soon. Informed Delivery allows you to view greyscale images of the exterior, address side of letter-sized mail pieces and track packages in one convenient location.”

Should a user not be able to answer security questions or provide the information, they are able to verify their identity in-person at a retail location with proper documentation, he said.

ID governance techniques

The Postal Services uses hundreds of applications starting from the time information is relayed at the beginning of a transaction to the knock on the door and the actual delivery. Technologies, like behavioral analytics and two-factor authentication, ensure that identities and access are managed correctly.

Crabb said it is very important that the postal service be able to deliver packages as quickly as possible with the most efficiency. Before modern technology, this was quite a big challenge. Through new applications and verification systems, the USPS is able to bypass manual entry of identification information.

“If every time a letter carrier had to put their username and password into their mobile device to scan a bar code on a package, that would really slow down how fast we can get packages delivered around the country,” he said. “We are looking more and more at predictive authentication: making sure that the device is in the right hands at the right location in order to do the right transaction.”

The Postal Service uses a variety of geo-location and frequency distribution analyses to ensure the above. A warning message pops up on their radar if the package activity doesn’t match the plan, Crabb said.

But identity security is not just a method to protect letter carriers or prevent loss of packages. Two-factor authentication is used in agency headquarters and the retail stores around the country.

What are the two factors? Password protection and depending on the case, hard or soft digital tokens such as 6-digit codes sent to a cellphone or other human verification techniques.

Biometrics

The government operates on a wide variety of partnerships between agencies, and the Postal Service is no different.  Partnerships with other agencies, such as the State Department, have helped the postal service conduct background checks on its employees in order to validate information more securely.

“Each year we accept more than 5 million passport applications for the State Department, and … in some cases, collect photographs to accompany those passport applications,” Crabb said. “So that’s a very simple example of biometric collection to support another government agency.”

The internal Revenue Service and the Treasury Department have a strong relationship with the Postal Service.

USPS is also working on an identity management strategy service that it will offer to other agencies and organizations as well as expanding its biometric collection in terms of fingerprinting and facial recognition.

“Any opportunities  that we can use to leverage that infrastructure to provide services to other government agencies is very much in line with our internal business objectives when it comes to facial image capture,” Crabb said. “We’re very interested in understanding what we can do to improve.”

The agency is interested in not only biometric collection for external partnerships, but also for internal use cases in terms of background checks and identification of contract and regular employees.

Crabb said the new service will hopefully feature facial recognition for authentication purposes in a way that is quick and not intrusive to the user.