Mortgage Insights Blog

Seldom is so much private financial information divulged as when you apply for a mortgage. Yet a recent survey suggests that not all providers of home loans may be handling such private material as carefully as they should be, and surprisingly the bigger the bank, the less control there is to keep your private information safe.

The survey, conducted late last year by Wolters Kluwer Financial Services of Minneapolis, asked executives from roughly 350 banks, credit unions and mortgage companies how they transmitted financial data. About 62 percent used the Internet, but nearly two-thirds of that group said they typically used traditional e-mail services rather than secure online delivery technologies, like e-mail stored at a password-protected Web site.

Art Tyszka, the director of document services at Wolters Kluwer, which sells secure document delivery software to financial institutions, said that the traditional transmission methods could leave borrowers at heightened risk for identity theft and other forms of financial fraud.

Although the survey was conducted by a company trying to sell enhanced security programs to such lenders, it is still valid enough data to point out the possible holes that currently exist in most major banks data systems. In fact, any good 5^th grade hacker can easily intercept financial information transmitted by email these days, either on the sending side or even the receiving side – which it turns out is exactly where most cyber criminals have been directing their attention these days.

E-mail messages typically travel over a network of Internet servers, and hackers can prey on the data at many different levels – at the most poorly protected of those servers or from the origin of the email, the residential internet customer’s own router which is usually provided directly by Comcast or AT&T and is extremely outdated and easily corrupted. Use of e-mail provides hackers easy access to scan messages for Social Security numbers, bank account numbers, passwords, loan terms or other commonly used mortgage information.

The more secure systems allow users to upload important personal information directly to secured servers in an encrypted form or direct a recipient to a Web site where information can be accessed only with a password. This way any hackers scanning for information over easily accessible servers will only find encrypted information and not your bank account or social security numbers.

But even these secure methods are not completely foolproof. As it can be difficult to control a staff of tens of thousands, so some communications can squeak outside the normal secure channels.

Though larger banks usually use the more secure e-mail method, while smaller community banks or credit unions may not want to pay for encryption systems, consumers may actually be safer using a broker than a big bank – since with banks, hackers know exactly where to go for the largest amounts of information.

Added, many smaller brokers are using cost efficient loan origination systems that help them transmit documents securely by encrypting the data before it is sent out over less protected servers.

Information used to write this post appeared on page P - 1 of the San Francisco Chronicle