These days, innocuous bits of personal information can be used to protect—or compromise—your cybersecurity. What may astonish readers to learn is that your postal code information is currently being used to strengthen fraud protection against cyberattacks. Having been embedded in e-commerce systems, identity verification checks and logistics operations, postal codes have slowly become a bulwark against bad actors when employed in conjunction with a system analysis of the user’s location. However, unlike traditional personally identifiable information, postal codes are not being treated by users as particularly sensitive data—a perspective that might be worth reevaluating.
When it comes to fraud detection, payment processors and banks have been utilizing postal code matching as a security measure for years. Credit card processing, for instance, often requires a matching postal code with what is on file at the issuing bank. One example of this kind of verification occurs when a gas station machine asks you to verify your postal code when filling up at the pump. E-commerce fraud prevention systems also analyze postal code matching to detect suspicious behavior, meaning that they can be used both for prevention and detection. In this respect, postal codes are a kind of quasi-meta data for personal protection: no one ever considers that their postal code information might constitute a critical piece of information about their lives. After all, it does not even necessarily correspond to a user’s current location data.
However, postal codes can be utilized for fraud prevention, which means that they are also privacy-sensitive and might potentially qualify as personally identifiable information. This suggests that organizations may be obligated to protect your postal code data, especially in lieu of the fact that black hat actors have begun to exploit location metadata to carry out cyberstalking, phishing and spear-phishing attacks. For organizations, this means it is important to limit internal access to location data and use secure APIs when validating addresses; otherwise, users may be subjected to the sale or breach of their location information. For individuals, this means it is critical to update your postal codes whenever you move and to stay up to date on your personal information—you do not want a leak of old information to compromise your current life.
