"Grupo Santander, a banking firm based in Spain, has reported to the Financial Services Authority (FSA) a system glitch with its printers that led to the distribution of 35,000 bank statements to wrong recipients, risking millions of pounds in fine for the data breach."Whether this would be classed as a physical or IT or privacy incident is a moot point: there were elements of all three. Arguably it might even represent the failure of integrity checking on the mainframe or printing subsystems that should perhaps have identified and blocked the duplication of 35,000 records.
Banks generally take care over physical security - after all, it has been core business for them for centuries. However when it comes to sending confidential information to customers, they still rely heavily on the ordinary post. New credit and debit cards, for example, are commonly sent out by post but the recipients are normally required to acknowledge receipt in order to activate the cards, and the acknowledgement process includes some authentication albeit relatively weak. Alternatively the banks could send new cards to the customer's nearest branch for collection, where a stronger form of authentication (perhaps an official photo ID or passport) would be possible. However, the customer inconvenience factor evidently outweighs any reduction in card fraud due to the interception and misuse of new cards in the post. When it comes to sending out bank statements, the argument for postal delivery is even stronger ... but in the Santander incident, the privacy disclosure could prove very costly for the bank and its customers.
There are numerous security vulnerabilities in the postal system. Here are just a few to illustrate my point:
- Post can be wrongly addressed or delivered to the wrong address
- Post sometimes goes missing or gets delayed (that is, delayed even longer than it normally takes to deliver a letter given that the postal system does not run on Internet time!)
- Post can be redirected, perhaps maliciously (although most post offices do at least make an effort to validate redirection requests)
- Post can be stolen or tampered with by postal workers, couriers or other carriers, including 'authorized interception' by the security services or other authorities (e.g. in prisons)
- Post can be stolen or tampered with in the sender's outbox and/or the recipient's inbox (unlocked post boxes are highly vulnerable to this)
- Junk mail was the original spam.
Speaking personally, I prefer to get my bank statements electronically through an encrypted network connection. Not only is it more secure, I'm also helping to cut CO2 emissions and save the planet one electron at a time. I hope the bank's savings on postal fees contributes to reducing their charges, and not just to increasing their profits.