Let me give you a simple, harmless example: You want to perform a remote transaction, say changing your address at a bank. You have three options:
(1) Online banking: it runs over an encrypted connection, with full mandatory activity logging, and is authenticated with an online password, and authorized with the security measure of the bank (multiple passphrases, single-use hardware-generated transaction access number, etc).
(2) Telephone banking: it runs over an unencrypted connection, recording is optional, and it authenticated and authorized with a single 4-digit passcode.
(3) Fax banking: it runs over an unencrypted connection, and requires merely that the sender has a photocopy of your signature handy to affix to the correct location on a letter. Fax quality is so high, that even a photocopy or printout of a such letter with pixellized signature copy would suffice.
… The same applies for other official requests, often with even more lenient acceptance standards, such as submitting tax documents, or issuing business purchase orders.
Perhaps – if security is really a concern – it is time to put the axe to some of these alternate transaction methods, or at least to bring authorization and authentication up to par with digital standards?
(Photo source: https://www.flickr.com/photos/arabani/4297542257/sizes/m/in/photostream/ )