Are Virtual Mailboxes Safe From Identity Theft?

I may make commissions from purchases made through some links. Read here for more information.

Virtual address services handle all your mail, including personal and sensitive information.

However, are virtual mailboxes safe?

Summary:

In short, virtual mailboxes are secure depending on what sort of service you use. If you use a virtual mailing provider that uses third-party CRMAs, your mail may be less secure. However, you will need dive deeper into what makes a service secure before choosing your provider.

In this guide, you’ll learn about whether virtual mailboxes are safe. You’ll learn about each aspect of these services and their security measures. Moreover, you’ll learn about how these companies handle your private information.

First, Learn About Commercial Mail Receiving Agencies

Otherwise known as CMRAs, receive mailing items from the Postal Service on behalf of third parties like virtual mail service providers. These services collect your mailing items, scan them, and handle your mail.

Sometimes, virtual mailbox services will use third-party providers to give the service more addresses to handle. While other times the provider will only maintain one address, which is at a facility they have complete control over.

How Secure Are Commercial Mail Receiving Agencies?

When registering to become a CMRA, they must provide two forms of identification and fill out PS Form 1583 to receive your mail. 

The security of each CMRA differs. For example, on a virtual address provider’s website, they’ll usually tout the security measures they have in place at their facilities. However, the same doesn’t go for third-party providers.

You’ll need to contact your provider to ask them what security measures their outsourced CMRAs have in place to secure incoming mail.

Also, here are a couple of tidbits to keep in mind:

If a CMRA were to go out of business, they must notify customers to fill in a change of address form within 10 days of the notification.

CMRAs can’t refuse mail.

Brief Explanation of 256-Bit Encryption

256 Bit Encryption is one of the best encryption types out there. It uses a 256-bit key to decrypt and encrypt data transferred between servers and clients. Moreover, as of now, 256-bit encryption hasn’t been cracked.

So if a company claims they use this type of encryption, you’re in good hands.

Virtual Mailing Service Encryption Methods

To handle the delivery of your digitized mail, many companies will use software like Amazon Web Services, which employs 256-bit encryption. However, each virtual address service differs. You will also want to pay attention to their Secure Sockets Layer (SSL) certificate.

Here’s a blog post that’ll give you more information on identifying SSL certificates.

Who Will Handle Your Mail and Can You Trust Them?

Not all virtual mail companies do this, but many perform background checks before hiring employees. While they don’t specify what criteria they follow when hiring, you can at least know they won’t hire someone with a criminal record.

Moreover, these companies will also train their employees to adhere to HIPAA standards. These training sessions will teach employees about the various HIPAA rule types, including data disclosure and violation consequences.

What You Should Know About Secure Shredding

Almost all virtual mailing providers offer secure onsite shredding. Many providers will ensure that someone supervises the staff members who shred your mail to prevent theft.

Online Account Two-Factor Authentication

Unfortunately, no platforms use hardware security keys. However, some virtual mailing services allow you to set up SMS or app-generated code two-factor authentication (2FA).

If you have a hardware authentication key like Yubikey, you can use the Yubico Authenticator application to store your 2FA account. Or, you can download a mobile application like Aegis Authenticator.

Do Virtual Mail Companies Share Your Data With Third Parties?

You will need to read through the virtual address service’s Privacy Policy page to see if they share your information and who they share it with.

However, commercial mail receivers must share a list of their former and current customers with their local postmasters every three months.

Frequently Asked Questions About Virtual Mailbox Security

You still may have many questions running through your mind. However, I’ve aggregated questions from around the internet to help you gauge the safety of using virtual mailbox services.

Are Virtual Mailboxes HIPAA Compliant?

Whether virtual mailboxes are HIPAA compliant determines what provider you’re using. Most companies train their teams on HIPAA compliance protocols and opt for web hosting services that are also HIPAA compliant.

Some plans will require you to upgrade to make the company execute a Business Associate Agreement (BAA). In short, a BAA is an agreement between an individual or organization and a healthcare provider to enable a company to receive access to store Protected Health Information (PHI).

Understand How To Protect Yourself While Abroad

Depending on what provider you choose, you can rest assured that your information is in good hands. Always read through a provider’s Terms of Service and Privacy Policy pages before purchasing to see how they handle and secure your data.

person standing on top of Taipei 101 tower in Taiwan City, Taiwan

About Tee

Tee began first experienced the wonders of traveling when visiting Vietnam. Afterward, he went crazy and ventured to at least… More about Tee