Securing the Data and Trust of Mortgage Borrowers

Securing the Data and Trust of Mortgage Borrowers

Here we go again.

Another massive lapse in data security.

This time it was Capital One, and a misconfigured firewall, that allowed a hacker to access the personal information of 106 million people.

That’s just the latest.

Earlier this year an independent researcher discovered an unprotected database, maintained by mortgage servicer Ascencion, that contained more than 24 million mortgage and banking documents stretching back 10 years.

Name, social security number, date of birth, address – all just sitting there, exposed, due to no fault of the consumer.

Let’s also not forget that Equifax is now paying out hundreds of millions of dollars in settlement to the 147 million consumers who were affected by their data breach in 2017.

Why is this such a big deal for mortgage professionals?

Lenders and mortgage professionals themselves handle sensitive borrower documentation on a daily basis. This is the same personally identifiable information that was exposed in the incidents described above and is the type of data that hackers seek to exploit.

There are several reasons that mortgage lenders, brokers, originators, and their teams all have an ethical obligation to not just care about the security of that information but to take every step to protect it.

The first reason is simple: trust.

If your clients don’t believe you have their best interests in mind, including protecting their information, they will look elsewhere. It’s that simple. Because when their information is compromised, their trust (and lives) are violated.

In the wake of the 2008 crisis, and a series of damaging scandals, Wells Fargo has been spending on advertising to try to fix not just their image, but their relationship with their customers.

Why? Because consumers lost trust and went elsewhere.

Not only has Wells relinquished their position as the top lender in the country (to Quicken), but they’ve also seen their origination volume plummet and new loan applications aren’t streaming in like they used to.

Actions speak louder than words, and if Wells didn’t think their profits were at risk due to the issue of compromised trust and brand image, would they have spent the money to produce ads like this? Doubtful.

The second reason the mortgage industry should be hyper-focused on issues of data security is also a no-brainer, but from the balance sheet perspective: cost.

Equifax reported in May of this year that their 2017 data breach has already cost them nearly $1.4 billion, plus legal fees, and they still haven’t reached the end of the process with hundreds of lawsuits still active.

So not only does a company lose the trust and business of their customers, but they’re also paying out huge sums due to their negligence.

How can you protect your client’s data?

Hackers are not omnipotent. They rely upon human error, negligence, and systemic failures in order to find vulnerabilities that they can use to their advantage.

There are certain systems that we know are not secure methods of transferring or storing client’s data/PII. Email is by far the biggest culprit with issues ranging from phishing scams to in-transit vulnerabilities.

Websites that aren’t secured with SSL are dangerous for the transmission of data (if you’re a Google Chrome user you’ve likely seen the “Your Connection is Not Secure” warning screen of doom when trying to access pages without SSL).

Avoiding the use of these kinds of vulnerable systems for sensitive data transmission is a low-hanging necessity for anyone charged with protecting information.

Furthermore, mortgage professionals should always do at minimum some basic security vetting for any potential vendors they might use.

• Do they encrypt during transit AND at rest?
• Are the servers where data is being stored adequately protected?
• Does the vendor have a clear and accessible security statement detailing the steps they’ve taken to provide a secure data environment? (Floify does)

When Floify was first conceptualized, one of the major reasons was that there was a startling lack of information security being practiced in the mortgage industry.

Send my tax returns, W2s, and paystubs via email? No, thanks.

Now we’ve grown, and so have other modern mortgage point-of-sale systems favored by the industry, but we’ve continued to put the security of our customers and their clients at the forefront of everything we do.

Using a secure system for data management is no longer just a nice-to-have.

But it is peace-of-mind that you’re doing what needs to be done to protect your clients, and you may just find a more efficient and profitable workflow at the same time.