There's nothing less valuable than a false sense of security. And it's constantly peddled in a vain attempt to make us feel like something is being done (flown through an airport recently).

At work, we received letters from the bank saying they were trying to deliver something, but failed. This is likely our corporate credit cards, which we sorely need. These were addressed to my boss, however I opened them so that I could see what they were and if it was urgent.

The letters give a URL and a tracking number, where you can go on, and arrange for redeliver to any location and to any person. So I updated the details and told them to deliver it to me on Monday.

So brilliant security. Or no real security. If you can intercept these mails from the bank (and they all look quite obvious and the same) then you need a fake ID once and then you can start collecting peoples credit cards.

They have their security model or wrong. You shouldn't need any security on the card. It's just a bit of plastic. But that's all it should be, until you activate it. Then you can happily doll them out to anyone, through normal post. But they should be dormant bookmarks until the rightful user activates it, and that's much easier to verify identity.