When you make a purchase with a credit card, your data is protected by sophisticated security software and hardware, and exacting industry regulations. Yet mortgage applications, which can potentially reveal far more information, are often carried out without even basic security protections.
7 of 10 mortgage companies allow applicants to use unencrypted email to send loan applications, according to a recent investigation. Only 12% offer a secure portal — and most portals are insufficiently secure anyway. It’s a good bet that even fewer offer more secure client-side encryption.
The lack of basic financial data security controls makes mortgage brokers extremely vulnerable to hackers. By recording the unencrypted traffic coming in and out of your server, a bad actor can retrieve far more information than a credit card transaction contains, including:
- Personally identifiable information (name, social security number, and address)
- Employment information (job title, location, position)
- Financial data (income, expenses, assets and liabilities, credit score)
That’s more than enough to leave your clients struggling with identity theft for years.
Regulatory Pressure to Protect Financial Data Security are Growing
CFPB compliance laws like Fair Credit Reporting Act and the Gramm Leach Bliley Act require mortgage brokers and lenders to keep Non-Public Information (NPI) confidential. Although real estate enforcement hasn’t historically focused on financial data security, just mortgage brokers and lenders.
Consumer complaints have quadrupled in 5 years, and CFPB settlements have increased from 21 in 2013 to 59 in 2015. With the increasing attention paid to cybersecurity, the CFPB finally turned its eyes to financial data security in 2016, with an enforcement action against Dwolla — an online payment service — for misrepresenting its security. In spite of the fact that the company had not suffered a breach, the organization levelled a $100,000 fine for misrepresenting its data security practices.
As CFPB director Richard Cordray said, “It is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices.” The CFPB already collects hundreds of millions annually from the mortgage industry, and there’s every reason to believe financial data security enforcement is on the way.
Virtru Email and File Encryption Keep Financial Data Secure
Virtru is an Encryption as a Service (EaaS) provider, offering enterprise-grade email and file security. Virtru is not a secure client portal, but an email encryption add-on that works with your existing email. Once installed, Virtru adds an encryption button to your message composition window, allowing you to encrypt emails and attachments with the click of a button. There’s no extra login or new interface to learn, and you can send secure emails to anyone — even recipients who don’t have Virtru installed.
Virtru file encryption works with email encryption, protecting client NPI in the cloud. This reinforces native Google Drive encryption, ensuring that hackers can’t intercept mortgage applications, credit reports and other sensitive documents stored on your cloud drive.
Learn More About Cloud Financial Data Security
Email and file encryption need to be partnered with good internal security. Mortgage brokers need to learn about cyber security best practices, and educate their employees and partners. Use these financial data security resources to learn how to stay safe in the cloud:
Security and Compliance
- What is CFPB Compliance?
- Baird & Warner Meets CFPB Compliance With Virtru [Case Study]
- How Employees Compromise Enterprise Data Security
- GLBA Compliance and Financial Data Encryption
Contact us to learn more about how Virtru can protect your client’s financial data security.