0
0
A few months ago, we learned the one of the nation’s three credit repositories, Equifax, had been hacked. This provided the cyber thieves with valuable personal information on about 145 million consumers. Now, we learn more.
According to report from Senator Elizabeth Warren, (D/MA) the thieves not only accessed the personal data of these consumers in Equifax’s database, they actually removed (downloaded) the information. This means they have the stolen info forever and can use it to impersonate consumers for a myriad of reasons and transactions.
This is scary stuff in a digital age. Many financial transactions, including mortgage financing, are now being done digitally. Applications are done online with related consumer information validated electronically.
Loans are underwritten and approved through automated systems with digital closings done online via cloud technology. Humans may not physically interact at all during these transactions.
With the cyber thieves having more consumer data and transaction information easily available and accessible online, it is easy to infiltrate a loan transaction to impersonate any of the parties involved.
This can be done to create a fraudulent loan transaction or to re-route funds, like down payments and closing costs, into fictitious accounts held by the hackers. What happens when everyone gets to the digital table but no money arrives?
History tells us that in a purchase market, especially one with rates on the rise, fraud increases. Everyone pushes the envelope to make the deal. Now, a new player enters the game. One who has access to and in many cases owns consumer data.
What are you doing to:
- Verify the identity of each applicant?
- Validate employment, income, and asset data? (Remember Day 1 Certainty is voided by fraud)
- Authenticate all parties to the transaction?
- Ensure money is wired/provided to the proper entities for closing?
It’s one thing for you as the lender to have cybersecurity controls in place. But, what about your vendors, including those who conduct the loan closings? Are you sure they have all the necessary controls to protect any consumer, or company, information entrusted to them?
In addition to detailed, complete pre and post-close reviews, do you conduct careful reviews of all your vendors to ensure the safety and soundness of their operations? You better!
In the end, it is you, the lender, who is the one left holding the bag in the event of fraud.
It’s evident to me that if Equifax, one of nation’s largest repositories of consumer personal information, can get hacked, it can happen to anyone. We need to all take the necessary precautions to avoid it happening to us.
The game has changed. Play different.
