Across industries, organizations are routinely communicating with customers electronically – it’s quick, cost-effective and convenient for all parties involved. And when customers are eager to complete a transaction involving personal documentation containing sensitive information, it seemingly makes sense to transfer documentation around these happenstances digitally to save time and eliminate hassle. However, far too many people aren’t aware of the risks associated with electronic document transfer, and more specifically, the risks associated with transferring documents containing their social security number.
The vast majority of people understand the importance of keeping social security numbers private – they just don’t think about it when they’ve requested to receive documents from various service providers via email.
For instance, when people are in the process of purchasing homes and are anxious to meet the closing deadline, they are understandably inclined to request electronic documents from their mortgage broker to speed up the process. Or, if a person needs a copy of a transcript for a job interview and can’t wait the requisite 10 business days to receive it via mail, electronic document transfer seems like an attractive option.
What people don’t realize is that it’s not about the content of the email – it’s about the attachments that typically contain the social security number within the body of the document. So, if these documents aren’t encrypted during electronic transmission, they’re vulnerable to breach.
If hackers are able to get their hands on documents containing social security numbers sent by banks, insurers, educational institutions and others as a “convenience” to customers, it’s not a pretty situation. It’s essentially akin to these folks handing over their social security cards.
Once a hacker has access to customer social security numbers, the damage will be swift and significant. This is because a person’s social security number is the foundation of identity authentication- any thief can use it to gain more even more personal information and apply for credit. Even worse, if a customer experiences identity theft due to email breach with a third party organization, they won’t realize it until serious harm is inflicted.
It’s the responsibility of the organization to ensure that electronic documents are transmitted securely, and that sensitive information – including social security numbers transmitted in attachments – are properly encrypted.
Customers don’t understand the risk for two reasons. Firstly, they assume that any communication that they receive from a reputable, branded party is safe and secure. And secondly, they don’t realize that the danger lies in the captured attachment, not in the body of the email.
This is why it’s critically important for organizations to be fully abreast of the sensitive information contained within the confidential documents that they are sending to their customers. If organizations are going to offer the option to receive documents containing social security numbers and other sensitive information, it’s unethical to put the onus around secure document delivery on the customer – encryption is critical.