BLOG VIEW: It’s been noted that college football fans have stormed the field more times in the 2021 season than in recent memory. Despite measures in place at the stadiums, the fans often overwhelm security, and it only takes a few minutes for the field to be filled with 70,000 fans celebrating together.
As the mortgage industry continues to celebrate its technological innovations and advances in the digital space, many lenders are developing e-closing and full e-mortgage systems and policies. These e-mortgage systems rely heavily on both digital and physical security measures to ensure data integrity and confidentiality. It’s important to ensure that the security measures are so airtight even 70,000 college football fans couldn’t get past them.
Vendor Security
Most, if not all, lenders will need to work with third parties to ensure these e-mortgage security measures and best practices are deployed at the highest level. Additionally, lenders need to verify that their e-mortgage vendors are security conscious and can stand up to fans storming the field. After all, if technology vendors don’t have excellent security, lenders can’t be sure their data is protected. While the exact regulations pertaining to each vendor may differ slightly, the outline for e-mortgage vendor security is the same across the board.
Data Encryption
E-mortgage systems include e-closing, e-vault and e-note creation, processing and storage systems. These systems should all prevent the unauthorized viewing of sensitive data and documents through restricted access. Lenders can use encryption algorithms and X.509 digital certificates, which are used to encode and decode the information being exchanged and to secure it effectively when transmitted. Additionally, data should be transferred over Hypertext Transfer Protocol Secure (HTTPS) protocol and should use Transport Layer Security (TLS) 1.2 or higher.
User Authentication
Many e-mortgage systems will be storing or processing sensitive data and should support multi-factor authentication methods. Some examples of multi-factor authentication methods include unique combinations of user ID and password; S/Key, a one-time use password system; password tokens; and biometrics and smart card authentication. Recommended best practices for internal user credentials include using encryption methods to store user passwords; activating a system lockout after 3 unsuccessful login attempts and requiring approval of accounts by authorized management prior to granting system access.
Physical Security
Oftentimes, physical security measures are overlooked or undervalued in the digital space. A super secure password does little good if someone can just walk into the office and peer over someone’s shoulder. Lenders can and should bolster e-mortgage security by ensuring that physical security is just as tight as the digital security measures in place. The Mortgage Industry Standards Maintenance Organization (MISMO) e-mortgage Vaulting Guide provides details on industry-standard access control, surveillance, fire suppression, water detection, and natural disaster protections. In addition to compliance with the MISMO e-mortgage Vaulting Guide, e-mortgage systems should use discreet building signage; physical access devices such as locks, keys and card readers; security guards; monitored entrances and exits; two forms of authentication for authorized staff and restricted visitor access.
Backup Systems
All e-mortgage systems processing or storing sensitive data should have a backup system to prevent the loss of data or access to data in the event of a system, facility or data failure. Common best practices recommend lenders store at least two backup copies of loan documents at all times; ensure that data centers and technology are accessible and recoverable in the event of a disaster and have at least one disaster recovery site physically separated from the primary location in case of regional disasters. Additionally, lenders should backup all electronic records regularly and restore records that are damaged, corrupted or lost.
Trust the Process
Security may not be the most exciting aspect of implementing an e-mortgage process, but it is key to long-term success. In college football, when 70,000 fans overwhelm security and storm the field, there’s a range of monetary fines that could be levied against the school. For lenders, the price of a security breach is much steeper. If a lender’s e-mortgage security is overwhelmed, the lender has not only lost data, it has lost the borrower’s trust. Borrowers entrust sensitive data to lenders every day, assuming rigorous security measures will be taken to protect the borrower and their data. With both integrity and competence in e-mortgage security, lenders can earn trust from borrowers with confidence, knowing the borrower’s data will be safe from all attempts to storm the field.
Mark Mackey is CEO of IDS, a provider of solutions to the ever-changing demands of the mortgage industry. The company’s document preparation software, idsDoc, is supported by professional compliance personnel, responsive customer service representatives, efficient data processors, and experienced software developers.
