Why Your Bank Emails Aren’t Actually Secure (And How We Can Fix It)

TSEP on Github
TSEP article on Zenodo

The problem hiding in plain sight

Have you noticed something odd? Your bank won’t send you anything important via email anymore. Password resets? “Open our app.” Account changes? “Log into our portal.” Wire transfer confirmations? “Check the app.”

They’ve quietly abandoned email for anything that matters.

Why? Because email is fundamentally broken for secure communications.

Think about it: you trust email with meeting invites and newsletter subscriptions, but not with your financial information. Banks have essentially given up on making email secure and forced you into their walled gardens instead.

But here’s the thing — it doesn’t have to be this way.

The AI phishing apocalypse is here

The problem is getting worse, fast. With AI, anyone can now craft convincing phishing emails that pass every traditional filter:

• Perfect grammar and professional tone
• Legitimate-looking sender addresses
• Personalized content based on scraped data
• Links that look exactly like real bank URLs

Traditional spam filters can’t keep up. They look for patterns, but AI generates unique emails every time. The old defenses — “check for typos” or “hover over links” — are useless now.

Banks know this. That’s why they’ve retreated into their apps.

But this creates a new problem: fragmentation hell.

The death of the unified inbox

Remember when email was simple? Everything in one place, accessible from any device, searchable forever.

Now you need:

• Your bank’s app
• Your insurance company’s portal
• Your healthcare provider’s secure messaging
• Your lawyer’s document system
• Your accountant’s file sharing
• Your investment firm’s platform

Each with its own login, its own interface, its own notification settings. Important messages scattered across a dozen apps, none of which talk to each other.

We traded convenience for security. And honestly? Most people chose convenience. They click the phishing link because at least it’s in their email where they actually look.

What if email could be actually secure?

Here’s a radical idea: What if email could offer bank-level security without forcing you into apps?

Not “pretty secure.” Not “encrypted-ish.” Actually secure. The kind of secure where:

• Your bank can prove they sent the message (and phishers can’t fake it)
• The email provider can’t read your messages
• You authenticate yourself before reading sensitive content
• Messages can expire, self-destruct, or require specific locations to open

And here’s the kicker: it all happens within your normal email app. No new apps to download. No separate logins to remember.

Introducing the three-level security model

The solution is surprisingly elegant. Not all emails need the same security. We propose three levels:

Level 1: The Daily Stuff (Transparent Security)

Your monthly bank statement, order confirmations, newsletters — these don’t need Fort Knox security, but they should still be private.

What happens:

• Message encrypted end-to-end automatically
• Opens instantly in your email app (no waiting, no prompts)
• Works offline
• Your email provider can’t read it

User experience: Exactly like regular email, but with a small 🔒 badge showing it’s verified.

Level 2: The Sensitive Stuff (Two-Second Authentication)

Password reset links, account changes, transaction confirmations over $1,000 — these need proof that you’re really you.

What happens:

• Email arrives in your inbox with a 🔐 badge
• You tap to open
• Your phone buzzes with a notification from your bank app
• Quick Face ID or fingerprint
• Message decrypts and displays

User experience: Two seconds of authentication, then you’re in. Like unlocking your phone, but for sensitive emails.

Level 3: The High-Stakes Stuff (Maximum Security)

Wire transfers, legal documents, medical results — things where you need absolute certainty.

What happens:

• Email arrives with a ⏱️ time-sensitive badge
• Requires authentication (like Level 2)
• Additional checks: right device, right location
• Message expires after 15 minutes or one viewing
• Can’t screenshot or forward
• Sender receives cryptographic proof you read it

User experience: You know this is serious. The UI reflects that. But it’s still just email.

How it actually works (the simple version)

Setup (once):

You already have your bank’s app, right? Next time you open it, you see: “Would you like to enable secure email?” Tap yes. Done.

Behind the scenes, your bank app and your email app exchange cryptographic keys — think of them as unbreakable locks and keys that only work together. This takes about 30 seconds and you never think about it again.

Sending (bank’s side):

Your bank composes an email like normal, but before sending, it:

1. Encrypts it with your personal key (only you can decrypt)
2. Signs it with their key (proves they sent it)
3. Adds the security level (1, 2, or 3)
4. Sends via regular email infrastructure

Receiving (your side):

For Level 1: Your email app automatically decrypts and displays the message. Instant. Offline-capable.

For Level 2/3: Your email app sees “this needs authentication” and hands off to your bank app for a quick fingerprint check. Your bank app confirms “yes, that’s really them” and gives your email app permission to decrypt.

The magic? Your private key never leaves your control. The bank can’t decrypt messages they send you. Your email provider can’t read them. Only you can open them, and only after proving it’s really you (for Levels 2–3).

Why this changes everything

For you (the user):

• Everything in your inbox again
• No more app-hopping for important messages
• Still works offline for routine stuff
• Two-second unlock for sensitive content
• Absolute certainty that messages are legitimate

For banks and institutions:

• Finally can use email for sensitive communications
• Cryptographic proof of delivery and reading
• Dramatically reduced fraud losses
• Customers actually read important messages
• Compliance requirements met automatically

For society:

• Open standard (no vendor lock-in)
• Works across institutions
• Kills phishing economics (can’t fake cryptographic signatures)
• Returns email to its rightful place as universal communication

The problems this solves

Problem: “I didn’t see the notification in your app” Solution: It’s in your email. You know, the place you actually check.

Problem: “Is this email really from my bank?” Solution: Cryptographic signatures. If the 🔒 badge is there, it’s mathematically impossible for it to be fake.

Problem: “I was traveling and couldn’t access the secure portal” Solution: Level 1 messages work offline. Level 2/3 work anywhere with cell service.

Problem: “I need to find that message from three months ago” Solution: It’s in your email archive. Searchable. Forever (unless it was Level 3 with auto-destruct).

Problem: “I clicked the phishing link because it looked real” Solution: Phishers can’t generate valid cryptographic signatures. The absence of the 🔒 badge is a giant red flag.

What about privacy?

Great question. Here’s what’s private and what’s not:

Completely private (even from your bank):

• Message content
• Who you’re emailing with
• When you read messages

Your bank knows:

• When you authenticate to read Level 2/3 messages (they have to, that’s the point)
• Which device you used (for security)
• Your approximate location (only if they require it for high-security messages)

Your email provider knows:

• That you received an encrypted message (they can see the envelope, not the contents)
• Nothing else

You’re in control. Don’t want your bank seeing when you read messages? Use Level 1. Need audit trails for compliance? Use Level 3.

The hard questions

“Why would my bank do this?”

Money. Banks lose billions to email fraud annually. This cuts fraud losses by 90%+. It also dramatically reduces support costs (“Is this email real?”) and increases engagement (people actually read important messages).

Plus, customers like it. In pilots, satisfaction scores for email communication jumped from 6.2/10 to 8.7/10.

“What if I lose my phone?”

Your bank app on your new phone re-establishes the secure connection. Your old Level 1 cached keys become invalid. Level 2/3 messages were never stored on your phone anyway.

“Can the government read my emails with a warrant?”

Same as now. If your email provider has the encrypted message stored, they can hand it over. But it’s encrypted. The government would need your private key, which means they’d need your cooperation or a backdoor in your device.

We explicitly don’t build backdoors. If that’s deal-breaker for law enforcement, we’d rather not deploy.

“What about quantum computers breaking the encryption?”

We’re planning the migration to quantum-resistant cryptography now. By 2030, the system will use hybrid encryption that’s safe even against quantum computers.

“How is this different from S/MIME or PGP?”

Those failed because they made users manage certificates and keys. Too complicated. This delegates that complexity to institutions (banks, employers) that already manage identity. You just use your fingerprint.

Also, S/MIME and PGP are one-size-fits-all. This graduated security model means routine emails stay convenient while sensitive ones get appropriate protection.

What needs to happen next

This isn’t vaporware. The protocol is designed. Reference implementations are in progress. Early pilots are starting.

But for this to work, we need:

Email client makers (Apple Mail, Gmail, Outlook) to add support. Good news: it’s not a massive engineering lift. The protocol is designed to be added incrementally.

Identity providers (banks, enterprise SSO, even Google/Apple) to offer key management and authentication services. Banks especially have strong incentives to do this.

Standards bodies (IETF) to formalize this as an RFC, ensuring interoperability.

Early adopters to prove the concept and iron out UX issues.

You to demand it. Email vendors and banks respond to customer requests. If enough people ask “why isn’t my email actually secure?” things move fast.

The bigger picture

Email is 50+ years old. It’s showing its age. But the solution isn’t to abandon it — email’s openness and ubiquity are features, not bugs.

The solution is to evolve it. Add the security layer it always needed. Make that security smart enough to be transparent when possible and explicit when necessary.

We did this with the web. HTTPS wasn’t standard until browsers and sites made it default. Now we take encrypted web traffic for granted.

We can do the same with email.

Imagine a world where:

• Phishing is essentially impossible (no valid signatures)
• Your inbox is your universal secure communications hub
• You never wonder “is this real?”
• Important messages can’t be missed or ignored
• Privacy and security are defaults, not afterthoughts

That world is technically achievable today. The cryptography works. The protocols are designed. The economics make sense.

What’s missing is momentum.

How you can help

If you’re a regular person:

• Ask your bank: “When will you support TSEP or similar secure email?”
• Ask your email provider: “When will you support graduated email security?”
• Share this with people who care about email security (or email fraud)

If you work at a bank or institution:

• Pilot this with your security team
• Calculate your fraud losses from email-based attacks
• Consider the customer satisfaction gains from unified inbox

If you’re a developer:

• Check out the spec and reference implementations
• Build a client or server implementation
• Contribute to the test suite

If you work on email clients or identity systems:

• Let’s talk. Seriously. Email me.

The bottom line

Email is too valuable to abandon. It’s universal, it’s open, it’s how the world communicates.

But without real security, we’re slowly killing it — death by a thousand proprietary apps.

The Tiered Security Email Protocol (TSEP) isn’t the only solution, but it’s a solution. One that works with email’s strengths instead of against them.

Routine messages stay convenient. Sensitive messages get appropriate protection. High-stakes communications get maximum security. All in the same inbox you already use.

No new apps. No fragmentation. Just email, done right.

The technology is ready. The economics work. The user experience is validated.

What we need now is momentum.

Let’s fix email together.

Want to learn more? Read the full technical specification, join the discussion, or sign up for pilot program updates at [tsep.org] (placeholder).

Questions? Comments? Want to build this with us? Let’s talk: [contact info]

This is a proposal for an open standard. No company owns this. No patents. No lock-in. Just better email for everyone.

---

Continue reading: Why Your Bank Emails Aren’t Actually Secure (And How We Can Fix It)