Your private information may not be safe with your own mortgage lender, even a small one, says cybersecurity firm HALOCK Security Labs. The leak may occur when data goes from applicant to lender.
Seventy percent of the 63 U.S. mortgage lenders that HALOCK investigated allowed applicants to send private and financial data (like tax documents) as e-mail attachments—over unencrypted e-mail. Seventy percent also promote faxing sensitive data—not nearly as secure as encryption.
Private Info Leaked?
While more than 40 percent provided a snail mail option, only 12 percent offered encryption. Several survey participants, when the subjects were asked why they didn’t offer a secure e-mail portal, replied it was an issue of what the applicant was “most comfortable with.” (Certainly, who’d be comfortable with a leak of their most private information?)
While lenders place customer comfort ahead of security, they fail to realize that customers have been steadily losing confidence in their banks’ commitment to privacy.
Another consideration is whose comfort is really at issue? In a study, one former mortgage lender stated that it was a time hassle to explain to customers about secure portals; unprotected e-mail was quick and convenient.
But it’s well-worth the time to hassle with this, says security expert Graham Cluley. Regular e-mail, by definition, is non-secure.
There’s no shortage of methods to send e-mail securely. It’s just that they’re underutilized by organizations. Decision makers want to make things easy for customers, but this doesn’t have to be at the expense of their security.
Security measures that are customer-friendly exist. Bank customers are more demanding than ever for security, even though they usually do not understand about encryption. What bank wants a weak link in the form of a gaping hole through which customer data can leak? An ounce of prevention (secure portal log-in) is worth a pound of cure (identity theft).