The present invention relates to mail payment and evidencing systems, and more particularly to a controlled acceptance mail (CAM) fraud detection system.
In a high volume production mail system environment, where large batches of mailpieces (i.e.  greater than 200 pieces) are produced, the entire batch of mail is required to be directly delivered to a postal clerk at an acceptance facility instead of being deposited in a street letter box. This direct delivery of the batch of mail is referred to as CAM. CAM constitutes over 60% of the mail in the industrial world and consequently the prevention of fraudulent activities which lead to the delivery of unaccounted and unpaid for mailpieces in the CAM environment is considered critical.
U.S. Pat. No. 5,675,650 (hereinafter the ""650 patent), which is hereby incorporated by reference, describes a CAM payment and evidencing system which provides a mechanism for detecting counterfeit and duplicate postage indicia. The ""650 patent requires a digital postage mark (i.e. postage indicia) to be imprinted on each mailpiece of a particular batch of mail. The digital postage mark includes a digital token (also known as a cryptographic validation code), which is encrypted data that authenticates the value, and other information imprinted on the mailpiece. Examples of system for generating and using digital tokens are described in U.S. Pat. Nos. 4,757,537, 4,831,555, and 4,775,246. The digital tokens are uniquely associated with the individual mailpiece data such that the printing of counterfeit indicia is easily detectable by a standard verification procedure.
In addition to the imprinting of a digital token on each mailpiece, the system described in the ""650 patent also requires that the batch of mail be delivered together with a statement of mailing (SOM) which identifies the number of mailpieces in the batch by weight and postage categories as well as the totals for batch weight, batch postage, and number of mailpieces in the batch. The SOM, which is created by the mailing device, is cryptographically signed so that its authenticity and data integrity can be validated. The SOM therefore allows the postal clerk, upon receipt of the SOM and the batch of mail, to first validate the SOM and then weigh the total batch to verify if its weight matches the total weight in the SOM. If there is a significant discrepancy (e.g. a difference larger than a pre-defined threshold) this may indicate that there are unpaid and unaccounted for mailpieces in the batch of mail submitted for acceptance. This process helps to detect if mail items carrying copied valid indicia have been included in the batch of mail. Moreover, by using sampling techniques an estimated weight distribution of the sample of mail from the batch of mail can be compared to an actual weight distribution obtained from the SOM in order to detect substitution of high weight mailpieces by multiple lower weight mailpieces. Thus, for example, the sampling is directed to detection of the substitution of ten 0.1 ounce mailpieces with fraudulent digital postage marks in lieu of a single 1 ounce mailpiece carrying a legitimate 32 cents payment.
While the system of the ""650 patent certainly improves the ability to detect unpaid and unaccounted for mailpieces in a CAM environment, it still has certain deficiencies. From a practical viewpoint, the key management infrastructure needed to implement the digital token during individual mailpiece generation and for the token verification process is quite costly and negatively impacts the effectiveness of the entire mailpiece processing system. Moreover, the trustworthiness of the SOM/weighting parameter process depends on the integrity of the postal clerk charged with the responsibility of verification of CAM. Unscrupulous postal clerks, who in exchange for compensation, accept mailings without any verification (referred to as a collusion attack) represent significant danger to the integrity of the CAM postal payment system. That is, once the unverified CAM mailing has been accepted and sorted into individual mailpieces they are delivered within a few days leaving no trace of the fraud (collusion activity). While the individual mailpieces still have the encrypted digital postage mark which can be used to detect counterfeit marks, its use for detecting fraudulently copied authentic indicia is minimized by the massive infrastructure that would have be created to support its use for that purpose.
Accordingly, what is needed is a method and system for detection of a collusion attack in a CAM environment. It is also desirable that such method and system be flexible, economically justifiable and avoid the employment of hardware as much as possible.
The instant invention overcomes the deficiencies of the prior art by providing a method for processing controlled acceptance mail that includes creating, at a first location, a batch of mail including a plurality of mailpieces, each of the plurality of mailpieces having unique indicia data printed thereon which identifies a source of creation of the batch of mail and a unique identifier for a corresponding one of the plurality of mailpieces upon which the unique indicia data is printed; generating, at the first location, a manifest containing all of the unique indicia data for each of the plurality of mailpieces; cryptographically protecting the manifest; sending the cryptographically protected manifest to a second location; verifying the authenticity of the cryptographically protected manifest at the second location; providing the batch of mail to a carrier distribution system for distribution; as part of the carrier distribution system reading unique indicia data from selected mailpieces being distributed therein and sending the unique indicia data for each of the selected mailpieces to the second location; and comparing, at the second location, the unique indicia data received from the carrier distribution system for each of the selected mailpieces with all of the unique indicia data in the manifest to determine if any one of the unique indicia data received from the carrier distribution system matches any of the unique indicia data in the manifest.