Keeping the rabbits out of the gardenAnn Schmidthackers, spyware, keylogger, firewalls, fraud detection
Maintaining security in the mortgage
industry
As the days grow long and summer swings into bloom, gardeners
everywhere are watching the vegetable seeds they carefully planted
take root and send up sprouts. With warm weather, regular watering
and weeding the harvest ahead will be plentiful -- as long as the
gardener can keep the rabbits from eating away the greenery every
night.
Though the analogy is simple, lenders face a similar threat.
They've cultivated consumer relationships and built successful
businesses, but the personal financial information they possess is
valuable and there are people who will do just about anything to
steal it. If that information is not protected, not only can it be
devastating for our customers and their consumers, but it will
destroy everyone's long-term harvests.
Internet rabbits: hackers and spyware
Spyware, the hacker's most powerful and dangerous tool, is a
computer program that installs itself on computers without the
owner's knowledge. Once installed, it secretly transmits
information back to the person who created the program. One of the
most damaging types of spyware is a keylogger, which records every
keystroke made on a computer -- including passwords -- and
transmits that information to thieves. This is the weapon most
often utilized by those in the identity theft business. If a
keylogger is running on a loan processor's computer, all passwords,
Social Security numbers of borrowers and their other personal
financial information can be harvested.
Once thieves have a borrower's personal financial information,
they can open accounts in that person's name and borrow funds. They
can set up fictitious borrowers, addresses, houses, credit reports,
bank statements and even income verifications.
Putting up fences
Because the threats come from many different directions, security
efforts must be widespread -- protecting data from both inside and
out. Every mortgage institution that receives personal financial
information needs to:
-Develop policies and procedures to ensure against the loss or
sharing of personal financial information. Policies should cover
such things as access controls, password changes, access approval
and more. Procedures should spell out actions to take if a
compromise occurs. Along with this, employees must receive training
so they clearly understand what information must be protected and
how to protect that information.
-Restrict access to paper files and limit employee access to
information on a need-to-know basis. Using loan file numbers on
documents instead of the borrower's name or Social Security number
also provides confidentiality.
-Shred documents so that information doesn't end up in a dumpster
to be collected by thieves.
-Erase disks and magnetic tapes to make sure data can't be
harvested from them.
-Encrypt data before it is sent. Encryption is an extremely
powerful tool for protecting information that is exchanged online.
Before messages are sent, the information is encoded using a
mathematical formula that scrambles the data -- and ensures
confidentiality.
-Firewalls, anti-virus software and anti-spyware software are
necessary to prevent unauthorized access to your information.
-Automated underwriting can also be useful in fraud protection.
Because many underwriting programs ask for more information instead
of simply denying a loan, the additional information has, in some
cases, identified fraudulent activity.
-Fraud detection software can validate the borrower's identity,
employer, financial information, property address, etc. By using
historical data, this software detects fraud by making comparisons
between loans and detecting activity patterns.
-Automated valuation models can help identify fraud associated
with inflated appraisals.
-Centralized storage is an off-site central database that provides
24/7 security for your confidential customer information.
The payoff is a healthy harvest
As information thieves get more and more sophisticated, it becomes
all the more imperative for mortgage institutions to embrace
security at all levels. Even then, the moment you think you're
totally protected, thieves will find another new way to get access
to personal financial information. At times, it may feel like a
never-ending battle just to stay in place. This is all the more
reason to remain diligent with your efforts. By taking a proactive
approach, you'll find that not only are you keeping the rabbits out
of the garden, but your plants are flourishing and your long-term
harvest of customers and closings will be better than ever.
Ann Schmidt is vice president and director of business
process with Greystone Residential Funding Inc. She may be reached
at (888) 766-4734.
