USPS to block emails containing cardholder data
Starting Feb. 19, the Postal Service will begin blocking all emails that contain credit or debit card data sent to external recipients, to further protect customer and employee information from potential cyberthreats.
This will include emails with #sensitive# in the subject line.
Postal Inspection Service emails containing credit and debit card data for investigatory purposes will be permitted, as well as test emails that contain cardholder data and payment device logs sent to external recipients.
USPS employees and contractors who have a critical need to send credit or debit card data electronically should email the Payment Compliance team to submit a request for an exception.
Exception requests will be evaluated by the Payment Compliance team and the Corporate Information Security Office.
The Postal Service is also reminding employees and contractors that credit or debit cardholder information should never be sent electronically.
USPS-issued personal card numbers, travel card numbers and customer credit and debit card numbers can be exposed to hackers and other cyberthreats when sent in text messages, instant messaging and emails, including emails with #sensitive# in the subject line.