[Psml] PIN Codes

John R. Bradley jrb at accurecord.com
Sun Apr 26 15:05:04 EDT 2009 

Most people understand that logging on (as you must do before reaching the
member only part of the USPS website) using a certificate number and ZIP
code is far from secure. To make this identification process more certain,
we elected to assign a unique PIN to every member.  Now we could have sent a
notification letter to each member via first class mail, but the costs would
have been prohibitive.  Instead, to save money, we elected to include the
PIN code notification as part of the dues renewal package that goes to each
member a couple of months before their membership renewal date.
Unfortunately, members have either discarded the mail without reading it;
wrongly inferred from the fact that it came with the dues renewal package
that it was now necessary to use the PIN to logon to pay dues online; or
read the instructions on the yellow insert and followed them.
Because we were getting so many questions, we put up a lengthy explanation
on the Information Center pages explaining how to recover from a lost PIN,
etc. That seemed to do more harm than good. One response sent to the C/C
from certificate number ******* ZIP 03246 was the following:

This is the first negative thing I have come across with USPS.  I just read
a huge dissertation on how I can get on a "secure portion " of the National
website.  In the past, it has just been my membership number and mailing zip
code. EVEN my credit card company wants less proof of who I am (last four
numbers of CC and zip code)..
I had a TS/C (Top Secret/ Crypto) security clearance when I was in the
service with less crap.
Please. What is the logic behind the complexities?

While this response substantially underplays the identification process
required by credit card companies and the FBI/DIA, what the member also
forgets is that the credit card company originally mailed the credit card to
him so he would know what the last 4 digits were. Also, when they speak to
you on the phone, they know, outside of callerID, the phone number you are
calling from and can determine from that in many cases if you are who you
say you are.

So, to bring this brouhaha to a close, The PIN code has nothing to do with
paying dues. Sometime within the next year when you receive your dues
renewal, look for the PIN code and yellow insert and follow the instructions
on it. 

When all of this has settled down, and everyone has a PIN code and has
chosen a security question and answer, we will be able to create web based
facilities that require absolute identification of the member on the other
end of the connection.

R/C John R. Bradley, SN
Chair USPS Information Technology Committee
60 Old Brook Road 
Dix Hills, NY 11746-6432 
(800) 777-3770 ext.203 Office 
(631) 546-5768 Home 
(631) 274-2103 FAX 
jrb at accurecord.com

More information about the PSML mailing list