It's the kind of situation you always hope to avoid. Imagine waking up and discovering that your personal information has been compromised, leaving you vulnerable to hackers and the world at large.
The fear of having your mail and data comprised is greater today than ever before. This is why it's crucial to prioritize security measures for your virtual mailbox.
Here at VirtualPostMail (VPM), the safety of your mail, packages, and data is of the utmost priority. See how VPM’s advanced security features stack up against other popular virtual mailbox providers.
VirtualPostMail
VPM is committed to protecting your mail and sensitive information. In addition to offering on-site mail processing, which prevents the need for an additional leg of transit, all VPM locations are equipped with around-the-clock surveillance, secure access controls, and alarm systems to safeguard your mail and packages.
VPM protects your mail by eliminating extra steps
Each VPM location is a central processing center, ensuring that your mail is handled directly at the facility it arrives at. All mail and packages are scanned, sorted, and stored on-site. This unique approach reduces the chances of your mail being lost or stolen, since it avoids unnecessary transits through third-party processing centers. It also allows you to access your mail up to 2 weeks sooner.
VPM provides universal security standards at all locations
VPM owns and operates all of its locations, providing a consistent, top-tier security standard across all locations. All of VPM’s secure facilities feature alarms, 24/7 audio and video surveillance, and restricted access to the general public as there is no local pick-up allowed at any location. Only a select few employees, rigorously vetted through pre-screenings and background checks, have access to your mail and packages.
VPM offers HIPAA and BAA support for businesses
VPM maintains ongoing compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) and is able to process, maintain, and store protected health information for any entities restricted by these regulations. On request, VPM will sign a BAA with your organization. Please note that HIPAA support is currently only available on a Business Plan and above. Furthermore, the BAA is only for review and must be signed by both parties before it can go into effect.
VPM hosts its entire infrastructure on Amazon Web Services (AWS)
VPM's infrastructure is hosted on Amazon Web Services (AWS), a highly scalable cloud computing platform renowned for its inherent privacy and end-to-end security features. AWS is also HIPAA compliant and provides the option to sign a BAA.
VPM uses two-factor authentication (2FA) to protect sensitive data
For an added layer of mail security, VPM offers users the option to set-up two-factor authentication (2FA) when logging into your accounts. 2FA prevents unauthorized users from attempting to access confidential data by necessitating the use of two distinct methods to verify the user’s identity.
VPM offers free, on-site shredding to securely dispose of mail
All unwanted mail is shredded on-site using mobile shredding services. Your mail leaves the VPM facility in millions of pieces to prevent your personal information from landing in the wrong hands. Document destruction certificates are available upon request.
| Billing & Personal Data | • Bank level SSL encryption • PCI Data Security Standard • Passwords are encrypted with high level SHA-256 algorithm and never stored as cleartext |
| SSL Certificates | Certificate #1: RSA 2048 bits (SHA256withRSA) (Grade A) Certificate #2: RSA 4096 bit (SHA256withRSA) |
| Two-Factor Authentication | Yes |
| On-Site Shredding | Yes |
| In-Person Pickup | No |
Earth Class Mail
In terms of protecting your digital data, both VPM and Earth Class Mail implement rigorous measures to ensure the protection of sensitive information. There is, however, a major difference when it comes to how each company utilizes processing centers. Additionally, Earth Class Mail is not fully HIPAA compliant, since they do not sign business associate agreements (BAAs).
Earth Class Mail forwards your mail to a central processing center
Earth Class Mail redirects your mail and packages from their original destination to a central mail processing facility in Oregon. Since this introduces an additional location for your mail to pass through, there is a higher likelihood that your mail could get lost or damaged in transit.
Earth Class Mail does not sign BAAs
While Earth Class Mail's team is HIPAA-trained, they do not sign BAAs. In a healthcare context, you can use Earth Class Mail’s services to receive mail, but opening and scanning the contents would be prohibited without a BAA. If you plan to store or transmit Protected Health Information (PHI), you’ll want to be extra cautious when using their services.
Earth Class Mail uses two-factor authentication to secure its mail
To further protect your mail, Earth Class Mail allows its users to opt into two-factor authentication, or 2FA. Once enabled, your account will be safeguarded in the event that your password becomes compromised, since the person trying to access it will have to provide a unique, one-time verification code.
EarthClassMail offers free, on-site shredding for all plans
All of Earth Class Mail’s plans offer free, on-site shredding of unwanted mail. Any mail requested to be shredded is destroyed at their facility 7-days after the request.
| Billing & Personal Data | • 2048-bit SSL connection • 256-bit AIS encryption to store digital documents • SOC-2 certification: Covers both the physical handling of mail, the digital files they create, and the platform where their customers access postal mail online • Uses industry-standard SSL/TLS to transmit payment card information • Security standards meet the strict demands of large corporations and government agencies, and their compliance is verified by 3rd parties like AccountableHQ |
| SSL Certificates | Certificate #1: RSA 2048 bits (SHA256withRSA) (Grade B) Certificate #2: EC 256 bits (SHA256withECDSA) |
| Two-Factor Authentication | Yes |
| On-Site Shredding | Yes |
| In-Person Pickup | No |
PostScanMail
While VPM processes mail on-site at each location, PostScanMail forwards all mail and packages to their central processing center in Anaheim, California. This introduces an additional leg of transit, increasing the potential for mail loss or damage.
PostScanMail also allows in-person pickup at several locations, which may pose a security risk to your mail and data.
PostScanMail redirects your mail to a central processing center
PostScanMail forwards all mail and packages from their intended destination to a central processing center in California. This puts your mail and packages at an increased risk of being lost or damaged, since an additional journey opens the door for more things to go wrong. Not to mention more additional time for your mail to get to your online account.
PostScanMail allows local pickup at many of their facilities
Several of PostScanMail’s locations offer a local pickup option for customers. While this may seem like a perk for those living within driving distance of an office, allowing non-employees to access your mail and packages compromises the security of your personal data and information.
PostScanMail is HIPAA compliant
One of the biggest benefits of PostScanMail is that they are able to comply with HIPAA requirements and sign a BAA for you. It's important to note that HIPAA support is only available at their Anaheim, CA location.
PostScanMail uses Amazon Web Service (AWS) for all application hosting and data storage
PostScanMail uses Amazon Web Service (AWS) for all of their application hosting and data storage similar to VPM. AWS, a globally recognized cloud computing platform, provides a highly secure and compliant solution to help safeguard users’ sensitive information.
| Billing & Personal Data | • All communications between the customer and PostScan Mail are encrypted using the Secure Socket Layer (SSL) and HTTPS protocol SOC 1 and SOC 2 security certifications • All data is encrypted using the 256-bit Advanced Encryption Standard (AES) • All personal or financial info given is protected under advanced data encryption, user authorization systems, and backup solutions |
| SSL Certificates | Certificate #1: RSA 4096 bits (SHA256withRSA) (Grade A+) |
| Two-Factor Authentication | No |
| On-Site Shredding | No |
| In-Person Pickup | Yes |
iPostal1
Both VPM and iPostal1 put a high emphasis on protecting your mail and packages, as well as digital data. However, VPM owns all of their locations, putting them at a major advantage.
iPostal1 licenses its platform to third-party mail centers
Since iPostal1 does not own or retain control over the addresses they partner with, they cannot ensure a universal safety standard across locations. Many locations allow you to pick up your mail during business hours, which may compromise the security of your mail and packages.
iPostal1 is not HIPAA compliant
Unfortunately, iPostal1 is not HIPAA compliant, nor do they provide you with the opportunity to sign a BAA. For this reason, iPostal1 is not an ideal option if you are in the healthcare sector.
iPostal1 offers on-site mail shredding for an additional cost
If you want your mail shredded on-site, there’s good news: iPostal1 offers this service to all customers. However, it’ll come at a cost. You’ll be required to pay $2.25 per letter, up to 10 pages.
| Billing & Personal Data | • All credit card data is securely transferred and hosted off-site by payment vendors like First Data, and PayPal in compliance with Payment Card Industry Data Security Standards (PCI DSS) • 256 bit extended-validation SSL security certificate • Their databases, including images of the mail items, are further protected by access restrictions and are encrypted. SSL (HTTPS) is used throughout the application |
| SSL Certificates | Certificate #1: RSA 2048 bits (SHA256withRSA) (Grade B) Certificate #2: EC 256 bits (SHA256withECDSA) |
| Two-Factor Authentication | No |
| On-Site Shredding | Yes |
| In-Person Pickup | Yes |
Anytime Mailbox
VPM and Anytime Mailbox have a few major differences when it comes to security. One of the biggest factors is a lack of universal safety standards: Anytime Mailbox’s policies vary from one address to the next, creating inconsistency across the board.
Anytime Mailbox’s safety policies vary depending on the address
Anytime Mailbox’s policies are dependent on how each address partner decides to secure their building, conduct background checks, and/or train them on the disposal of mail. Additionally, the majority of Anytime Mailbox’s partner facilities allow for in-person mail pick up during business hours.
Anytime Mailbox is not fully HIPAA compliant
As mentioned above, Anytime Mailbox does not rely on universal security measures. Due to the inconsistency of each location, Anytime Mailbox is not HIPAA compliant. You’ll want to be careful using them if you'll be storing or transmitting PHI. In a healthcare context, you can use Anytime Mailbox to receive mail, but opening and scanning would be prohibited without a BAA.
Anytime Mailbox offers secure, on-site mail shredding
Most Anytime Mailbox locations offer on-site shredding of unwanted or confidential mail for an extra fee.
| Billing & Personal Data | • All images uploaded and viewed in the browser are transmitted over a 2048-bit SSL connection • Every exchange of information between the mailroom operator, end user, web browser, and smartphone is secured with HTTPS • Use industry-standard SSL/TLS to transmit payment card information • Physical servers are housed in a highly secure colocation facility in the USA with over 20 years of experience in cloud-based storage |
| SSL Certificates | Certificate #1: RSA 2048 bits (SHA256withRSA) (Grade A+) Certificate #2: RSA 2048 bits (SHA384withRSA) and RSA 4096 bits (SHA384withRSA) |
| Two-Factor Authentication | No |
| On-Site Shredding | Yes |
| In-Person Pickup | Yes |
Traveling Mailbox
VPM and Traveling Mailbox both offer two-factor authentication and on-site mail shredding, showing a high level of dedication and commitment to protecting your mail and data. However, one major feature that sets the two services apart is how your mail is processed.
Traveling Mailbox forwards their mail to a single central processing center
Traveling Mailbox redirects all mail and packages from their initial destination to a central processing center in North Carolina. This provides an opportunity for your mail and packages to get damaged, lost, or stolen while in transit.
Traveling Mailbox is not fully HIPAA compliant
While the Traveling Mailbox team is HIPAA-trained, they do not sign BAAs. Opening and scanning mail related to users' PHI would be prohibited without a BAA. For this reason, they are not an ideal option in healthcare.
Traveling Mailbox offers two-factor authentication
When you log in to your Traveling Mailbox account, you’ll be presented with the option to set up two factor authentication (2FA) using an SMS text or an authentication app. You can also opt into 2FA using Face ID via their iOS App.
Traveling Mailbox does not offer local pickup
Local pickup is not available for security reasons. They do offer all of the standard UPS, FedEx, and USPS options that allow you to have your mail delivered to your doorstep.
| Billing & Personal Data | • Secure connection using 256 bit SSL encryption • All customer data is securely encrypted and replicated multiple times to other targets • Adopts appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on their site |
| SSL Certificates | Certificate #1: RSA 2048 bits (SHA256withRSA) (Grade B) |
| Two-Factor Authentication | Yes |
| On-Site Shredding | Yes |
| In-Person Pickup | No |
Making the final call
When it comes to virtual mailbox security, there’s one standout: VPM.
From all locations serving as central processing centers to offering safety features like on-site shredding, HIPAA/BAA compliance, 2FA, VPM leaves no room for compromise when it concerns the security of your mail, packages, and data.
Don't let your confidential information fall into the wrong hands. Get a secure address you can trust.
