17 things to know about sending email with secure documents

Secure-Documents-email-suppliers

I don’t need to preach the advantages of email, but it seems many of its clear advantages are not being utilised when it comes to communicating with customers on confidential matters – such as sending them a statement or insurance contract document.

The confidential nature of these documents has prevented them from being emailed over the “public” internet.

The basics of document security and why you should care
The result? These documents are housed on a secure website and a transactional  email notification is sent to customers to login (or even register first) to retrieve them. This is not a great experience for customers who then quickly opt to receive paper documents again.

The solution to this problem is to protect the confidential information by encrypting the document and applying a password to open it, before attaching this secure document to an email.

This immediately takes the pain away from the customer, allowing them to replace the opening of an envelope with clicking on an attachment directly from the email – so much easier than having to visit a website and login. It also plays to the strengths of email.

Benefits of an email secure document include:

1. Customer adoption
Due to the nature of email, it’s so much easier to get customers to opt-in to receive documents via email, compared to asking them to register and then visit a portal. This requires the customer to remember yet another username and password which is a barrier.
2. Reduce phishing concerns
Since you’re not asking customers to visit a website from an email, the phishing concerns are reduced significantly. The document is attached and the email contains authentication information on each customer.
3. Ease of use
It’s easy for the customer to open and save these documents. No registration is required, instead the document password is a “Shared Secret” which is a mixture of known information about the customer (birth date and postal code as an example).
4. Reduce payment time
Email bills arrive quickly and most often sooner than the paper. In our experience we’ve found that more than 50% of customers pay within two days of receiving the email bill, which is a significant improvement on paper processes.
5. Increase self service
Advanced functionality can be included in the attachment, such as payment calculators, change of address forms, call-back request forms, cross-selling tools and basic dispute resolution.
6. Archiving & Control
The customer can quickly and easily save their document to their own PC and back up those documents without reliance on third parties.
7. Reduce operations costs
The solution significantly reduces paper, printing and postage costs by substituting email for paper delivery.
8. Security
An email bill is totally secure, using the latest encryption technology and remains encrypted when not in use, protecting confidentiality.
9. Marketing
Personalised and relevant marketing can be included to cross sell and up sell customers, a touch-point that is often missed in a notification.

Finding the right ESP to help you with secure email documents

Partnering with the right supplier is crucial when it comes to data security and privacy of sensitive information sent over email. The vendor you choose should have the following abilities:
1. Accept multiple data formats and feeds and create different document formats
2. Encrypt the document (ask for the encryption method and strength. It should be at least 128bit encryption, but 256bit is of course better, depending on your requirements).
3. Add password protection to the document
4. Provide 2 factor authentication
5. Ensure the data used to create the document is encrypted when it is at rest on the email platform
6. Able to provide Proof of Delivery of the document
7. Digitally sign the email
8. Automatically notify the customer if the message is not delivered

And specifically for financial institutions ask if:
• the data centre is PCI compliant
• the software can be deployed within the company’s data centre into the future?

Deliverability is a key factor, as these documents must reach the end recipient, therefore the supplier should have the ability to set up SPF, DKIM and DMARC. Automated processes back to the printer should be available when an email bounces, so that there is never an instance when a customer doesn’t receive their information.

Evaluating Email Service Providers

While you’re evaluating your options, think about the user experience and whether all the benefits of using email as a medium have been explored (automated triggers, relevant marketing included, etc). Then look at the various types of documents that you want to convert to email and establish what level of security needs to be applied to each one, as they won’t all carry the same amount of confidential information.

And last, but not least, partner with a company that has the experience in sending secure documents over email. Just as in email marketing, there are specialists in this field. It’s too important to get wrong.

Mia Papanicolaou

About Mia Papanicolaou


I work in and with email and I love what I do. I am constantly inspired by cool new ideas and new thinking, as well as new ways in which we can adapt to help our clients wow their customers. I am passionate about ensuring that my customers get great strategy advice and consultation. As the COO for Striata in the US, I get to steer the team to do just that! Among the customers Striata serves are the biggest and most innovative across a wide range of vertical sectors. If you're looking for more innovative and efficient ways to reach your customers, contact me.

  • Pete Austin

    “the document password is a “Shared Secret” which is a mixture of known
    information about the customer (birth date and postal code as an
    example) …  An email bill is totally secure, using the latest encryption technology
    and remains encrypted when not in use, protecting confidentiality.”

    Please do not follow this advice. A password based on publically available information is *not* secure.

  • Mia Papanicolaou

    Your point about absolute security is correct – which is why we go to lengths to explain that this is a ‘Shared Secret’ and not a typical password. This allows us to drive paperless adoption with out the requirement for registration.

    However many of our clients provide the option of selecting a user chosen password that meets strong password criteria and replaces the Shared Secret for those clients. Where the content of the document is not deemed to be highly confidential, then the Shared Secret is 100% appropriate.

    We must remember that the Shared Secret / encryption is replacing spit on an envelope…