Quantcast

Lenders Have Risky Information Sharing Practices:Study

MAR 14, 2014 10:57am ET
Print
Email
Reprints
Comment (1)
Twitter
LinkedIn
Facebook
Google+

 

Study Shows 45 Mortgage Lenders Have Risky Information Sharing Practices

Facts: On March 4, a new study by a cybersecurity firm indicates that many large and small mortgage lenders are being careless with customers’ personal and financial data.

A probe by Halock Security Labs of 63 U.S. mortgage lenders found that 45 allowed risky information-sharing practices such as letting applicants send personal and financial information over unencrypted email as attachments. (You should be using https at a minimum.) Eight out of the 11 largest U.S. lenders allowed the same unsecure practices as smaller lenders, the study found.

Halock also found that nearly 70% of surveyed lenders encouraged faxing sensitive data–a practice which reduces risk but still isn't as secure as encryption. More than 40% gave customers the option of sending sensitive information by postal mail, but only 12% offered a secure email portal.

One anonymous lender told Halock that less-than-secure practices were easier for lenders as well as customers. "Oftentimes it was easier to have my clients send documents like W-2's through email because everyone has access to an email account," the lender says. "Most of us didn’t want to take the time to explain what a secure portal was and how to use it. Everyone understands what email is."
But Halock senior partner Terry Kurzynski says convenience was no excuse for sloppiness with customers' personal data. 

"We understand the business need to smooth the way for our customers, but there are many secure file transfer technologies that are both easy for customers to use, and safe from network snooping. And as the public becomes more demanding of their banks to ensure privacy and security, it’s no longer feasible to rely on unsecure email for the transfer of financial documents," Kurzynski says. "Any type of weak link in a system involving sensitive information exposes people to unnecessary risk. It takes months to recover from an identity theft and minutes to log into a secure portal. Do the math.”   (mpa3414)

Moral: Without the identity theft and safeguarding privacy manuals whether purchased from us or others you risk federal violations by CFPB, state violations by the licensing agency of your state such as CALBRE, DFI, etc., personal liability by the consumers. As you can see from the above study, 45 out of 63 had issues, meaning they did not have or ignored the information in the manuals. One of the first things we look for in an audit is the "https". If you are taking in consumer financial information and the determining who will be audited. How long the screen remains on when a loan officer is not in attendance and the paper in the trash. 

Two Arrested for Hacking Into Servers and Stealing Borrower Information

Facts: On Feb. 28, two men were charged with hacking into the computer servers of a major U.S. mortgage broker to steal personal information and use it to siphon funds from the brokerage accounts of thousands of victims.

Jason Ray Bailey and Victor Alejandro Fernandez were charged in a two-count indictment with conspiracy to commit wire fraud and computer hacking.

According to charging documents, both men are part of a Tijuana-based conspiracy that hacked the computer servers of a mortgage broker and obtained mortgage applications containing customers' personal information, including names, birth dates, Social Security numbers, addresses, assets, tax information and driver's licenses. Approximately 4,200 customers had their information stolen between December 2012 and June 2013, and the conspiracy dates back to July 2011, the charging documents say. The hackers illegally accessed Blitzdoc, a program the mortgage company used to store the personal information of its customers.

Members of the conspiracy used victims’ stolen information to impersonate the mortgage customers, open credit lines in their names, and steal their assets, according to the charging documents. For example, members of the conspiracy identified multiple victims' brokerage accounts and fraudulently took control of the accounts by first calling the brokerage companies and providing the victims' personal identification information and then changing the victims' passwords and contact information. Once the defendants gained control of the accounts, members of the conspiracy allegedly wired funds from the victims’ brokerage accounts to coconspirators' U.S. bank accounts in the San Diego and Calexico areas. Several of these wires were over $20,000 and $30,000 each. (usattycasd22814)

Moral: And you thought the mortgage originator had a good firewall to protect your personal information. Since you are entitled to a free credit report from each bureau once a year, do it once every four months, one from each bureau. Better safe now than sorry later.

"Real Housewives of New Jersey" Couple Pled Guilty to Mortgage Fraud and More

Facts: Teresa and Giuseppe "Joe" Giudice, who were featured on the reality television show "Real Housewives of New Jersey" have changed their respective pleas to guilty from not guilty. They were originally accused of dozens of charges including bank fraud, wire fraud and bankruptcy fraud.

The couple is accused of exaggerating income while applying for loans before the show was put on TV in 2009, then hiding their fortunes in a bankruptcy filing after their first season aired.

They are also accused of submitting fraudulent mortgage and loan applications and fabricating tax returns and W-2 forms. Joe Giudice also allegedly failed to file federal tax returns for several years beginning in 2004. (ap3414)

Moral: Busy little beavers, weren’t they? Usually based upon my experience, if you do not file your tax returns for a set number of years, the federal agents come visiting. If it is a revenue agent it is generally civil. However, if it is a special agent it has gone criminal and they usually do not negotiate at that stage.

Two "Sovereign Citizens" of Georgia Found Guilty, Face 40 Years in Prison

Facts: Susan Lorraine Weidman and Matthew Lowery, two self-described "sovereign citizens" from Georgia are each facing up to 40 years after being convicted on mortgage fraud and racketeering.

Comments (1)
Actually the aspect of security is of the vital importance for me, I do use online personal loan lenders providing services in US from time to time, but at least try to check their policy and security measures they take. I can hardly understand people, who are not careful enough in money matters to protect themselves.
Posted by Jull S | Tuesday, March 18 2014 at 6:54PM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Twitter
Facebook
LinkedIn
Already a subscriber? Log in here
Please note you must now log in with your email address and password.