I have been working on this matter for a while and its causing me more grief than I expected. There is no such thing as secure email unfortunately despite the best efforts from Yahoo, Yahoo and AOL, and others. But when it comes to Banks securing their customer correspondence there is only one general way, and that’s using a web browser, 128 bit encryption, and some type of browser based form.

Even the alternative vendors, and despite the hyperbole, that’s all they can offer too. So you can build or buy, and you will get secure correspondence using web forms, but you will NOT get secure email.

Background

Its obvious that email is pervasive and a core part of what we consider internet. In fact email is older that the www as we know it, but that doesn’t matter now. What we know is that the web is pervasive and email is pervasive.

However we all value our privacy, and we know that regular email while convenient, is not secure. It sits on ISP servers, and while they do their best, its not difficult for a hacker to search those servers, and locate any confidential information that is there. Fortunately we collectively have avoided email for core confidential information so that does not appear to have been a priority for criminals.

Meanwhile online banking has evolved over a 10 year period, now and a core part of the functionality is the ability to communicate with the bank using secure web forms within online banking. We trust those forms because

1. customer has authenticated
2. the browser session is secured by 128 bit encryption

But here is the dilemma – online banking requires a log in. Bank personnel and customers use regular email all the time and its handy. So the motivation for either employee or customer to use regular email is strong.

On the Bank side, few Banks, if any have employed secure web forms that can be accessed by any employee;  this is a massive undertaking and requires CRM integration, integration to employee directories etc.