1st class mail volumes have been dropping consistently over the last couple of years. Many people have switched to on-line banking for handling their accounts at various financial institutions. Since the early days of on-line banking there have always been security issues of one sort or anoher, but now the threats are getting more severe, since the emergence of the Clampi virus (Trojan):

from Timesonline:

Orla Cox, security operations manager with Symantec, the online security company, said: “Clampi is a complex threat. People are only just beginning to understand how it operates.”

Researchers have found that the list of sites that Clampi is monitoring includes banks, credit card companies, online casinos, e-mail, wire transfer services, retail sites, utilities, share brokerages, mortgage lenders and government sites.

Ms Cox said: “The first big wave was in the US in July, but it is spreading around the world, particularly English-language countries. We have seen samples of it targeting UK high street banks. There is potential for another wave to come.”

We agree, that there will be more waves to come. Clampi is by far not the only threat. In Europe there is a new version of Zeus (Trojan) which defeats around 75% of all up to date anti-virus programs. Additionally the digital underground now seems to team up with organized crime on a scale not yet seen. Germany implemented the i-Tan security measure for on-line banking in early 2007. i-Tan is finally hacked and there are currently 3 Trojan families which are bypassing it. In Europe consumers are getting more conscious about the use of on-line banking and some people stopped using it altogether. Will they now get their financial statements by mail again? Absolutely not. Since many years European banks charge a fee for sending statements by mail, but you can print out your statement at teller machines for free.

As for the US we think, that a sustained high security risk for on-line banking may slow down the switchover of customers to on-line banking. And some financial institutions, once their on-line system security breaches make the headlines, will see customers requesting that financial statements be sent by mail again. After all, US banks do not yet charge to send you your financial statements by mail. But even if that happens we doubt it very much that USPS will see any measurable mail volume increases due to these issues.

The main problem for on-line banking security is the requirement of typing in a password and user name. The barn doors are wide open and any half witted programmer can make use of this. We think that over time, we will see the emergence of USB dongle devices, which will execute highly encrypted challenge-response algorithms in order to allow access to on-line banking. In other words: You have to plug in an electronic USB key into your computer, in order to gain access to your on-line banking accounts. No more user names and passwords need to be typed in. Much more secure for now. Of course this can be hacked too, but only at a higher expense. In the very long run we predict highly secure wireless communication channels, in combination with encapsulated hardware devices, which cannot be affected by any user installed software. In a prior blog entry we already hinted towards the rise of such technologies. To sum it up: We think the switchover to on-line banking will slow down a little, but will not stop or even revert on a big scale.