If I request a Password Request Code (PRC) using the Internet, why can’t SSA send me a code by email instead of U.S. mail?
Question
If I request a Password Request Code (PRC) using the Internet, why can’t SSA send me a code by email instead of U.S. mail?
Answer
When conducting a secure transaction, outside privacy experts have advised the Social Security Administration that using an out-of-band means of communication from the original contact adds a level of security. In general language, "out-of-band" refers to communications which occur outside of a previously established communications method or channel. Out-of-band security and validation dramatically decreases online fraud by ensuring the rightful user is controlling the credentials used to access payment type services.
Further, security and privacy experts recommend U.S. mail as there is a well settled legal history of enforcing U.S. mail fraud law if a person should use it to gain access to information to which they are not entitled. Fraud prosecutions involving email and other electronic communications are more difficult to prosecute. Most banks and other financial institutions also use the mail to send pins/passwords. For example, if you have an ATM card and forget your PIN and call your bank, the bank will generally mail you a new PIN, even though you have made the request via the phone.