WITH THE HELPAND OFMARKETING THE PRODUCT TEAMS PREPARED BYTODD HOUGAARD
S A F E D A T A TRANSFER WHITE PAPER THE BIGGEST SHELL GAME IN THE MORTGAGE LENDING INDUSTRY COLLABORATION CENTER PAGE 1
EXECUTIVE SUMMARY
One of the biggest investments for the US consumer is the purchase of a home, primarily funded through a purchase loan, whereby borrowers are providing all of their most critical personal information to lenders.
The mortgage industry processes trillions of dollars in financial transactions and handles massive amounts of borrower’s personal information every year. No banking product offers more information to In fact, cyber bad guys can even work the lender about the consumer than backwards through an email recipient the mortgage loan. list to hack anyone in the transaction -- even businesses with a ‘private network’ In one single transaction, critical – so there is much more at stake than personal data is floating back and borrower identity theft. This is equally forth between individuals and about your businesses security, financial service providers for the loan. And viability and reputation. while these businesses may have their own secure and private Everyone involved in the mortgage loan network, HOW the information is transaction is at risk when they being transferred between all those communicate in any way outside of an entities involved in the transaction enclosed, private ecosystem. is the core problem. With so few lenders and title companies Email, the tool that is most relied truly understanding that the success or upon for messaging and document failure of their business is resting on transfer between these entities, is their ability to deliver an where there lies a broken link in the uncompromised loan transaction, there process. Email isn’t secure… at all. is a unique opportunity to position your brand promise around an unparalleled safe and easy transaction. It’s through the transfer of data via TODD HOUGAARD email that cyber crime Product Management Manager lives and thrives. Mortgage Cadence COLLABORATION CENTER PAGE 2
3 CHANGING MARKET FORCES
There are three changing market forces that are driving the need for a solution now.
#1 SOCIAL FORCES With the devastating 2017 Equifax data breach, where 143 million American’s sensitive personal data was compromised, consumer confidence is low that organizations are being good stewards of their private data. Consumers expect that an organization puts their safety first in every transaction. They expect insurance, products for both lender and that their data will be managed with the consumer, quality assurance and utmost integrity. What they will soon closing, to name just a few. Meanwhile, learn is the dirty little secret -- that the other outside parties, including the real mortgage lending industry are laggards in estate sales professional, attorneys and data security. the borrower are contributing to the process with documents and messages. #2 ECONOMIC FORCES Data breaches and privacy laws prompted For each transaction, either all parties new regulations like the Gramm-Leach- succeed together (and are safe), or all Bliley Act and new regulatory agencies parties fail together (and lose data, lose like the Consumer Financial Protection money, sully their reputation, lose Bureau. These government “solutions” market share or incur fines). seek to hold financial services companies responsible when they expose their customers to identity theft and other potential cyber crimes. Your organization is responsible for protecting the consumer. Your success or failure is resting on your ability to manage this Borrowers expect that risk. their sensitive personal data will be managed The lending process is built upon a framework of partnerships with third- with the utmost integrity. party providers of data, products and services. These parties provide information for underwriting, COLLABORATION CENTER PAGE 3
#3 TECHNOLOGY FORCES exposing customer information to data Wire Fraud: In 2016, a 480% increase in thieves, cyber-fraudsters and other complaints filed by title companies about online attacks has been made business email compromise scams that impossible with the use of a common target all participants in RE transactions piece of technology – email. As long as – including buyers, sellers, agents & the mortgage industry depends upon lawyers. email for communication related to a mortgage transaction, cybersecurity will AN ILLUSTRATION continue to be a challenge. Imagine each of the parties in the lending process are on their own private and Instead, we propose that the entire secure island, seemingly safe from cyber mortgage industry must adopt a new crime, with a nice privacy network paradigm for working together, protecting the perimeter. While the communicating, and managing the information at rest on each island may be overall real estate purchase process. protected, it’s when data and messages flow between these islands (like notes in a bottle) the data gets picked up by pirates. They are eager to take even the smallest amount of information and parlay it into monetary gain on the dark As long as the mortgage web. industry depends upon email for communication, It is true that every service provider in a mortgage transaction has a responsibility cybersecurity will continue to to protect both the client’s personal be a challenge. information and the security of the entire transaction, but finding a way to reduce the risk of COLLABORATION CENTER PAGE 4
● Pretexting: Asking a person for The Unintended information under the guise of a person who would likely request that Consequences of information, tricking the consumer into giving up information that would Email otherwise be private.
● When the first email system to include an Phishing: An email designed to look inbox was developed at MIT in 1965 it like it came from a company the was true innovation. (1) People had been consumer would normally be working sticking notes in other people’s with that then requests information directories on a shared network for years from the borrower that would not before this, but something about having a normally be disclosed. mailbox where all your messages would land had perfection written all over it. And it’s not just the consumer being The idea caught fire and today, email is duped. Often, it’s employees working the most prolific tool in use on the within the industry that fall prey to Internet. fraudsters using email. The Financial Crimes Enforcement Network cited the Who could have predicted that one day FBI in a targeted advisory notice that nefarious parties would create pointed to email compromise fraud technologies that could scan or divert schemes targeting financial institutions’ information packets traveling through the commercial customers in over 22,000 network that read email in transit reported cases since 2013 at a cost of between parties. It’s not just that emails $3.1 billion. (3) are, by default, transmitted over the public Internet in plain text, emails can In total, the FBI says email-related be intercepted, spoofed and compromised. financial crimes have cost U.S. financial The three most common email attacks are: institutions well over $5 billion over (2) the last four years. The past two years saw a 2,370-percent increase in losses ● Baiting: When an email promises one thing but delivers another, often a malicious software program that is then secretly downloaded onto the system, compromising it from the inside. As long as the mortgage industry depends upon email for communication, cybersecurity will continue to be a challenge.
1-(2017). Nethistory.info. 2- Elamawy, S. (2017). The 3 Main Types of Email Security Threats. Cwps.com. 3- The Growing Convergence of Cyber-Related Crime and Suspicious Activity Reporting. (2017). LawJournalNewsletters.com. COLLABORATION CENTER PAGE 5
from phishing attacks. The FBI reported altogether and switch to a solution that real estate-related wire fraud with total transaction security attacks increased last year by 480 integral to its design and function. percent. Email hacks account for more The only solution to the most serious than three-fourths of all social-based information security problem in the attacks. And our industry is situated mortgage industry today is to simply right in the fraudster’s crosshairs. stop using email.
Part of the reason email fraud has been on the increase is the recent improvements in information security infrastructure that have made system- Taking a Page From to-system hacking much more difficult for them. In short, it’s our ability to Other Industry make companies look like fortresses that have driven criminals to exploit Playbooks this weakest link in online communication. Connecting groups of people and organizations into one secure network is The resurgent focus on email as a not new territory. Many companies primary attack vector has spawned recognized long ago this need to create an entire new categories of crime—such as enclosed environment that protects their the Business Email Compromise (BEC) customers and members. Companies like and the Email Account Compromise PayPal, Amex, Google Accounts, Facebook, (EAC)—leading to enormous increases in VISA, WhatsApp, ACH Payment and Uber wire fraud within the financial services have built their businesses on the promise sector. that users are protected when they do business with them. As the incidence of fraud continues to grow, many companies are redoubling The only way for these companies to their efforts to lock down email and uphold that brand promise is to bring their retrain users. In spite of the numerous users into their enclosed, encrypted, bolted-on security measures companies private and secure island. deploy to make email incrementally safer, they will never be enough. Every These companies have successfully changed new fix is inevitably followed by a how online users are connecting to one creative new way to defeat it. anotherstuff in an environment with a secure perimeter around it. But these examples are It’s time for everyone involved in the stand-alone companies, right? mortgage lending industry—lenders, title companies, closing professionals, Getting a borrower into their home takes a real estate agents, appraisers, and village of third-party providers of data, everyone else—to abandon email products and services designed to move a loan smoothly down a production conveyor belt from application to closing. COLLABORATION CENTER PAGE 6
And these service providers are long The economic shift from public to overdue in coming together and private networks is here and it’s time agreeing to communicate in a safe for the participants in the mortgage place so that NO ONE involved in the industry to have a private network of loan process is exposed to cyber crime. their own. But what would that have to From the buyer’s agent to the seller’s look like to work for the mortgage agent to attorneys to the lender to the industry? appraiser to the title company and anyone else involved in getting that loan funded have got to link arms and work collaboratively to ensure everyone’s safety. Meeting the Unique Needs of the Mortgage Lending Industry The Big Idea In addition to the requirements With the stakes high to abandon an common to other private networks, unsafe and outdated step in the the mortgage industry has several process, the answer is a private unique needs. Some of these include: network. 1. Risk management: An industry- Just think about all the private specific private network needs to be networks accessed regularly by able to identify and authenticate the consumers—each one requiring its own bona-fide parties in a transaction, username and password. Financial ensuring that only legitimate services companies like Visa, American companies are allowed to Express, PayPal, Square and Venmo— communicate and exchange and even digital currencies like Bitcoin information on the network. Knowing —all operate within private networks who is on the other side of a connected to the public Internet. transaction and that they have been Internally, financial services have used verified is a key part of risk and benefitted from private networks management and third-party for some time. Systems like the ACH oversight.stuff Parties that are not network (used by banks for clearing verified are treated as guest users funds) and the SWIFT Network (for and are limited in their network international wire transfers) operate as activities. private digital networks and have been very safe and successful. COLLABORATION CENTER PAGE 7
2. Process automation: To bypass the inbox bottleneck, all communication about each transaction should be Key Elements of a treated as an integral part of the loan. In addition to the security risks, Private Network for another major drawback about email is that messages are stored in separate the Mortgage systems—and not along with the other loan information. Users shouldn’t have to manually associate each message to Lending Industry its respective loan file. Documents and other inbound information should auto- It’s a given that a private network for associate with each loan so they can be the mortgage industry should replace easily integrated with other systems email with a system of integrated and processes. communication that makes it easy for network members (and trusted guests) 3. Consumer protection: Limiting to communicate. network access to only trusted participants—and facilitating safe, The network should also provide value- email-free communications between added capabilities that simply don’t trusted parties—will automatically exist in current industry production make transactions (and the data, systems. These features must be documents, and communications they available on the desktop, through web contain) more secure. Eliminating email browsers, and on mobile devices, via means that non-public personal client apps and widgets. information and transaction details no longer move through public networks, In addition, a viable industry-specific where it can be intercepted and used private network must support a robust for nefarious purposes. If hackers can’t application programming interface see a transaction, they can’t attack it. (API) that will allow industry software If they aren’t tipped off to an upcoming developers to extend the diverse ways closing, they can’t inject themselves that members and guests (and the into the communications to commit trusted systems they use) interact with fraud. Partitioning documents, data and each other. transactions from the public Internet is the best way to protect consumers from predatory hackers. stuff COLLABORATION CENTER PAGE 8
Living Folders: After establishing Key Components requirements for membership on the network, there must be a dynamic of a Premium bridge for each transaction that connects the members and guests at Network the transaction level. After all, the transaction is the common bond between all of the parties. It’s where Network Membership: In any high-value the work on a loan actually happens. network, the foundation is trust. Credentialed network users, as well as This bridge is provided through a trusted parties invited to participate in concept called “living folders.” transactions, need to be able to trust each other. For the mortgage industry, A living folder is a secure workspace this trusted network needs to scale to where all the elements of a transaction hundreds of thousands of businesses (of can be accessed by authorized parties. all sizes) and to millions of consumers. It can contain documents, data files, messages, notifications, and chat To provide this trust, only businesses conversations. It also maintains a that can be verified for legitimacy context-specific list of the contacts should be allowed membership on the that each member and guest has network. Banks, credit unions, interacted with on the transaction, mortgage bankers—and other verifiable making it easy for the parties to know companies like title insurance who else is involved and how to reach underwriters, licensed title agents and them. other service providers— must be individually reviewed and approved Living folders are not virtual rooms or before they are granted full online vaults where information is membership to the network. stored, and where visitors virtually These verified businesses now become enter, and information is checked in network members, giving them and out. Rather, living folders are permission to do four things: dynamic network places where everything happening with a 1. Initiate new transactions on the transaction is linked together so that it network. can be viewed and exchanged between multiple systems. The living folder 2. Invite individuals and businesses automatically manages the access onto the network as guest users, with permissionsstuff and content controls, access limited to the specific eliminating the need for users to transactions in which they’re involved. manually determine who can see what. The mechanism is as easy as email, but 3. Invite the businesses and vendors without any of the drawbacks. with which they do business to apply for network membership. Network Intelligence: After establishing trust, adding members and 4. Directly integrate their systems guests, and setting up a transaction, using the API. the power of the network can be COLLABORATION CENTER PAGE 9
leveraged to be smart about each loan. In the current state of the art, documents move back and forth between lenders, title and settlement companies, real estate agents and other parties using a number of different technologies. It’s easy to lose track of what changes are made from version to version. Optimally, this information should be automatically analyzed to detect even the most minor changes and then dynamically present those revisions to the individual parties to the transaction. The network also features automated For example, the mortgage-industry notifications to provide timely status private network should automatically updates to the transactional parties. highlight modifications in mortgage This keeps all parties up to date with loan documents. As things are today, the latest developments, allowing them each new version of a given document to more effectively prioritize their (such as a Closing Disclosure or workflow. Eliminating email and settlement statement) requires a person integrating all communications directly to “stare and compare” to detect crucial into the loan’s living folder differences. The content-aware private streamlines the process and helps get network eliminates this by loans closed more quickly. automatically highlighting changes from revision to revision so every party Real-time Connections: Mortgage stays informed. transactions still involve real people, and with living folders and the power Auto-organized Communications: Within of the network, these individuals can the mortgage industry private network, communicate in real time using the communications between the parties system’s integrated chat features. In an handling the transaction happen inside on-demand economy, consumers want the living folder, not in separate email their questions answered immediately. programs. Instead of landing in Now, those parties helping them with disconnected inboxes, messages are their transaction have the ability to sent, received and stored in the context assist them in real-time. of the transaction to which they stuff pertain. In addition, messages can be Secure, loan specific, multi-party chat shared by multiple people involved in capability happens from within the the transaction, reducing living folder, encouraging expedience communication logjams that result from and facilitating easy communication all waiting for others to dig through their around. Best of all, the content of the inboxes. chats automatically becomes a permanent part of the transactional record, as chat logs are automatically saved in the folder specific to the transaction they concern. COLLABORATION CENTER PAGE 10
Bringing People, Process & Technology Together
Introducing Collaboration Center The Private Network for the Collaboration Center by Mortgage Cadence is the only communication hub Mortgage Industry for the entire lending process, from application to closing, where all Given the clear need for a better parties involved in a single transaction solution for mortgage communication can safely share conversations and than email, a private network for documents in a private network. mortgage has already been created. It provides risk management, process It’s data and messaging between all automation, and consumer protection— parties for each loan, all in real-time, along with all of the functionality by invitation only, all secure, everyone described above. safe, no exposure to risk from the cyber bad guys who are trolling around Collaboration Center, from Mortgage looking to steal money or identities. Cadence, an Accenture Company, is a private network designed from the Collaboration Center is a solution for ground up for the entire mortgage two key stakeholders in the mortgage industry. lending process: Title companies and lenders. Both are vested on protecting Provided as a true Software as a the borrower's identity and internal Service (SAAS) network, Collaboration assets. Center is an enterprise- grade communication and collaboration tool With Collaboration Center, your brand that meets the needs of mortgage promise just extended to lenders,stuff title and settlement agents, security around the entire perimeter of real estate professionals, and others your network. It’s the new baseline in working in the mortgage lending arena. your brand promise to ensure the borrower's personal data is safe. The system automates processes, manages documents and data, enables When parties involved are invited into communication and fosters real-time one cozy little island in the interwebs interaction—all within a secure that is private and secure, everyone is environment that all parties can trust protected from the cyber bad guys and rely on. It also includes a safe way trolling around outside. to correspond with customers COLLABORATION CENTER PAGE 11
throughout the mortgage process, keeping them in the loop while ensuring that their information is protected.
Perhaps most importantly, Collaboration Center does away with the email inbox! This reduces the chance that employees might inadvertently expose private customer information by sending it via email. Eliminating email also decreases the risk of phishing, Business Email Compromise, Email Account Compromise, and wire fraud. It makes your entire business more secure while About Mortgage Cadence, bolstering the mandate to take good- faith steps to protect your customer’s an Accenture Company information. Mortgage Cadence, an Accenture With a full-featured API that’s ready to Company, provides the best people, integrate with your production system, process and technology for enterprise Collaboration Center represents a and mid-market lenders who desire to robust network that adds assurance and deliver an exceptional borrower efficiency to each loan transaction. The experience. We have been champions of system is an entirely new approach to the lending process since 1999. security, communication and cooperation in the real estate finance Our comprehensive suite of products industry. produces loans faster and easier, which results in happiness for the borrower Email is simply an unacceptable link in and increased profits for our the multi-trillion-dollar mortgage customers. industry. Now, with Collaboration Center, there is a superior alternative. Your borrowers deserve more… let’s The entire mortgage industry has a deliver it together. private network they can call their own, and its name is Collaboration Center, For stuffmore information about from Mortgage Cadence. Collaboration Center and its features, contact Mortgage Cadence at Data security is more than a brand 303.991.8200 or promise for any entity involved in the [email protected] lending process, it’s a baseline expectation.