This blogger recently updated his mailing address with two large financial institutions. Both residences were still in use, which allowed for receipt of the confirmation letters. As a general security precaution, it is standard practice to send a letter about the address change to both addresses. In case the change of address proves unauthorized this gives the legitimate owner a fighting chance to realize something is wrong. The two letters revealed a difference in risk management:
Institution A had a chatty, verbose style congratulating the account-holder on the recent move– which was not the case here. “As an added safeguard, would you please take a moment to verify the address change you requested. New address: <…> “ The letter was interesting enough signed by Fraud Operations and concluded with good-luck wishes at the new address. (This being NYC it’s understandable all the luck is necessary.)
Institution B sent a more brief one paragraph message, with phone numbers prominently shown on the upper-right hand corner. “For your protection the new address is not disclosed on this mailing. If … this change was made without your authorization, please visit …. or call the numbers listed above.”
Is printing the new address a security problem? If the customer moved, the new occupant at the same residence probably knows at least their name because a ton of junk mail will arrive addressed to the previous, and sometimes even earlier residents. Junk mailers seems to be slowest in updating their databases probably because the data made its way there after going through a series of intermediaries. In other words it is ancient. Learning their new address on the other hand is not as easy, unless there was direct interaction: for example if the new occupants bought the house from the previous family in which case the address was likely disclosed as part of the paperwork. But there are cases when one family member or person moves out on less than friendly terms, and wants to avoid being tracked.