The race is on and so is the pressure to attract a younger, more tech-centric borrower through a digital end-to-end mortgage lending process. Few, if any, handle more personal identifiable data, regulatory scrutiny and public trust than the mortgage industry—all of which make mortgage companies an enticing target for hackers.

The concern is real—hackers could potentially steal data on an estimated 60 million U.S. mortgage records with a possible financial loss of close to $60 billion.1 But protecting personal information isn’t a new challenge for mortgage companies, since even a paper process demands rigorous controls for all who touch the process. What the shift to a more digital process will do is force lenders to reevaluate those controls and plan for the vulnerabilities created by new technologies and, in particular, the people interacting with those technologies across the process--vendors, suppliers, partners, employees and customers.

Vendors and suppliers: “Trust, but verify”

A digital end-to-end process will mean more third parties involved in an already complex supply chain, each with varying degrees of data security capabilities. The financial technology (fintech) providers that lenders rely on generally have more robust safeguards than other partners you share customer data with, such as title companies and appraisers. But companies shouldn’t rule out the potential weaknesses of anyone in their supply chain. Managing vendors, suppliers and partners in the new world of a digital process will require a comprehensive plan—one that includes:2

  • Assessing the security frameworks and policies of all third parties that could possibly be the source of a breach.
  • Using tools and analytics that continuously monitor a vendor’s security risk in real time—point-in-time audits won’t be enough.
  • Improving contractual provisions that will increase security performance, keeping in mind that these provisions won’t fully eliminate your risk—especially your reputational risk.
  • Developing a response plan for how you’ll communicate with customers and the media if a breach occurs.

Sightline Magazine Issue 01

Employees and the surge of insider threats

Statistics show that employees, whether aware or unaware of their role in a data breach, are the weakest link in your supply chain. Phishing scams that lead to downloaded malware into an organization’s systems are most prevalent. A 2017 analysis by Willis Towers Watson says that employee negligence and malicious acts account for two-thirds of cyber breaches in banks, while less than 20 percent are directly driven by an external threat.3

Therefore, employees should be a focal point when expanding digital processes. For example:

  • Step up employee training to make sure they know how to recognize and respond to threats.
  • Make cyber security training stand out from the other employee compliance training—be sure it’s interactive and informative.
  • Create a culture that supports data security awareness and reporting.

Customers and their role in data security

While it might feel like customers are the ones driving the industry toward a fully digital mortgage process, not all of them are ready for it. In a recent HousingWire survey, consumers couldn’t define a “digital mortgage” in their own words, and more than one in four strongly disagreed with the statement that they’d be completely comfortable with a digital mortgage.4

Customers have good reason to be skittish about a digital mortgage—their financial data is extremely valuable on the black market. The mortgage industry can help protect borrowers and make them more comfortable with a digital process, partly because they’ll need to participate in combatting data breaches. Like employees, they can be unwitting accomplices in putting personal data in the hands of bad actors.

Consumer education and communication is key:

  • Tell customers what’s happening with their personal information throughout the process—how it’s being sent and who should and shouldn’t see it—so they can do their part in preventing fraud and cyber-attacks.
  • Be sure they’re aware of the vulnerability of personal e-mail, which is the easiest place for hacking to occur.
  • Be transparent and straightforward about your security capabilities, and actively communicate with customers about data security protocols.

Moving to a digital mortgage process will benefit both lenders and borrowers with the efficiencies and convenience it promises. There’s much to gain, but much to lose for both—serious life consequences for customers and the reputation of not just individual mortgage lenders, but the industry as a whole. Prepare your organization with a multi-layered strategy that creates an informed, conscientious cyber security coalition made up of everyone involved in the process.

For more information about significant trends and issues affecting the mortgage industry and future borrowers, visit Freddie Mac Single-Family Insights.

Sources

  1. Santos, Alex, “Mortgage data isn’t secure: Here’s why and how to fix it.” Rewired. May 18, 2017.
  2. Ibid.
  3. Willis Towers Watson.
  4. Martin, Craig. “Lenders, you’ve got hurdles to overcome on the path toward the digital mortgage,” HousingWire. February 7, 2019.