WEB EXCLUSIVE: Protecting your clients' information
By
|
09/06/2010 1:44:00 AM
|
11
comments
Federal Privacy Commissioner Jennifer Stoddart released a report recently that said several mortgage brokerages need to better secure their customers' personal information from theft. The release consisted of five brokerage audits to see what measures had been taken since incidents in 2008 left hundreds of their clients' private finances vulnerable to theft.
The report emphasizes that some mortgage brokerages should improve their security processes to protect client information. “If I was a professional criminal, a mortgage broker would be my main target,” said Greg Viger, accredited mortgage professional with Dominion Lending Centres Financial Ltd. in Burnaby, B.C. who also worked in the IT sector.
“Bad press like this can dramatically change our business and destroy confidences,” Viger said. “Consumers, who may not have realized before, may suddenly become afraid of mortgage brokers, and decide to go to a big bank where they might feel more sure of privacy protection. And we have to be careful about painting the entire industry with one brush.”
Viger is the complete opposite of brokers in Stoddart’s report who left files in parking garages and used the blank reverse side of past mortgage applications to photocopy new ones. All Viger’s files are secured in his home office and none left in a remote location.
Viger believes that many of the issues identified in the audit have already been resolved, such as ensuring stricter licensing practices so fraudulent persons are not mistakenly hired. But mortgage professionals need to be more conscious about the significance of the information they carry and how easily it can be accessed, particularly on their laptops and computers, without anyone noticing. Viger is always careful to have his laptop by his side at all times, even when he’s stopping at the mini-mart.
Ultimately, Viger believes the industry would benefit from having a national privacy officer that brokerages can subscribe to. "Right now everyone has to recreate the wheel. That's one of the challenges we all face," he said.
Currently, mortgage industry practices are provincially regulated. The five Greater Toronto Area mortgage brokers audited in Stoddart’s report has revealed security cracks that likely exist in all industries, but now mortgage professionals’ resolve to manage the risk must match the publicity of this highly lucrative criminal idea. -Heather Li
Read Stoddart's full audit on selected mortgage brokers.
More agents weigh in:
River City Financial Services President David Armstrong weighs in on the report and talks to CMP reporter Nick Lypaczewski about what the audit did right and what the Privacy Commission can improve.
What are your thoughts on the security concerns brought up by the audit?
I agree with a lot of the concerns, although I do feel they're singling out mortgage brokers to a certain extent. This is a problem, I think, in the entire credit industry, not just brokers. Many financial institutions, banks included, they have cubicle-type offices where personal information is often out and about. I do agree with the concerns, but I don't think that it's right to single out mortgage brokers; I think they should have focused on the entire credit industry.
How do you think imposter-brokers are so easily able to rip-off customers?
In Alberta, we have very stringent licensing requirements and I think it's something that the entire country should follow. Before you can obtain a license in Alberta, you not only have to go through the course, you also have to get a certified criminal record check completed where you're actually fingerprinted. It's a lot more thorough in making sure the people who are being registered are who they say they are and, because you have to go through that process, you can't register someone to work for you as a mortgage broker until they've been cleared by our provincial licensing body. We, as a mortgage broker, can't put somebody onto our employ and register them until they've been cleared by the Real Estate Council of Alberta through this process.
Are there any other security concerns you can think of that Stoddart's report didn't address?
The problem is, we work in a very competitive environment so financial institutions access credit bureaus without obtaining signed authorization up front. You can't restrict one entity and not restrict another because it makes for an unlevel playing field. I think you need to bring about some new strict rules for the entire credit industry and then, if it was a level playing field and everybody had to follow those same rules, everybody would be better protected. My main concern, frankly, over the security of information is on the paper side of things. We are required to maintain client files far too long and it's really a duplicate file that the lender has. Our provincial licensing bodies and various government agencies actually require us to keep these paper files for a long period of time and that's your biggest risk. We should be allowed once the mortgage funds to destroy the file in its entirety other than maybe the client's authorization and a couple of other things because the lender has all that information already.
Do you think Stoddart's recommendations will stop the problem and to what extent?
I don't think they go far enough. I think, again, the biggest issue is around the storage of files. Why are we keeping them for so long? We don't need to have this information. I've been in business for six years; I've never had somebody come to me asking me to view this information i.e Revenue Canada, a lender, auditor, that kind of thing. I think that [the report] will help and it certainly brings awareness to the problem but I think we need to really address this not as a mortgage broker industry but as a credit industry. You can't single out just mortgage brokers; you have to have the same rules for everybody that's lending money and everybody that's accessing this information and you need to tighten the rules
5 Ways to Protect Your Laptop From Identity Theft
By Tina L. Douglas
1. Purchase security cables for your laptop. This is one of the most affordable yet effective laptop security device that you can use with your mobile gear. This security cable works just like a bicycle lock which attached itself into your laptop. You can then put this cable around anything that is stationary like a desk or a drawer so that if in case someone tries to steal your laptop, they will not immediately take with them without destroying the lock, or destroying your laptop.
2. Install laptop tracking programs. This software works with the GPS technology which will allow you to know the exact location of your laptop as soon as the thief goes online with it. You will not only get hold of your laptop's exact physical location, but some of these programs have built in capabilities which will allow you to send your data remotely from the stolen laptop and crash the hard drive so that the thief will not have access to the valuable information that is stored in your laptop. These programs are very effective measures against identity theft.
3. Create a BIOS password. A BIOS password is prompted whenever you boot up your computer. Often, BIOS passwords allow the user to enter it three times before it locks you out of the system and refuse to boot.
4. Set up Login Passwords. Although this may be easy to crack especially for identity theft criminals who have enough technical knowledge, it can still serve as a deterring force for identity thieves to immediately steal your personal information which can render you long hours of work fixing your credit report when you become a victim of identity theft.
5. Install encryption programs. These programs on the other hand will secure your data because before any file is accessed, a password will be required. When you send your documents online, even if is intercepted, the third party will not be able to read your data because unless they have your password.
Mortgagebrokernews.ca news brief on Stoddart's report that mortgage brokers need to improve customer security.
MORTGAGEBROKERNEWS.CA WEB EXCLUSIVE: CMP reporter Nick Lypaczewski talks to River City Financial Services president David Armstrong about his reaction to Stoddart's security concerns.
Latest Comments
Total:
11
comment(s)
Steve Garganis on
09 Jun 2010 05:13 PM
“If I was a professional criminal, a mortgage broker would be my main target,”
Steve Garganis on
09 Jun 2010 06:34 PM
“If I was a professional criminal, a mortgage broker would be my main target,” Greg Viger.... Greg, this kind of comment is 'Bad Press' and will hurt confidences and our business....I think you're comment is way out of line....The report identified some issues and made recommendations...and since the review, Ontario Brokers are now working with an updated set of regulations administered by FSCO... and also tighter Equifax member standards....These changes are welcome by me and all reputable Mortgage Brokers... Let's go back in time...remember 2008...wasn't there a Big Bank that had a company laptop stolen with client mortgage information? And this year, didn't BMO bring massive fraud charges against it's own employees and many others? Doesn't that question the Banking industry's reputation? Maybe we should say 'If I was a professional criminal, a Bank would be my main target'? Silly, isn't it...? I have a question for CMP..is Greg Viger a full time Mortgage Agent or a Full time Real Estate Agent? I see his office address is home to both.
Greg on
09 Jun 2010 07:13 PM
What careless speak from supposedly "professional" Look I am all for speaking whats on your mind but it seem like fearmongering to get attention is a bit much.
There are enough changes going on in the industry that allows for better security for our clients data. Its not the brokers and agents who can't protect client files have you noticed that its the banks who are having security issues.
Since the advent of the computer security has been a top priority for all concerned. All computer users by now know about thier computer security and so does brokers and agents so stop bringing so much attention to your self by fear mongering Greg Viger
Karen A. Boies on
09 Jun 2010 07:31 PM
I have to agree with the others that commented on this article, security breaches happen everywhere, Big Banks, The White House, BC Legislature. As a mortgage professional it stay up to date with the privacy rules and take all appropriate steps to protect the privacy of the my clients information. Our office has gone paperless in an effort to protect our clients confidential information. I am sure the majority of professionals do their best to avoid an embarrassing situation and violation of privacy rules.
Christopher on
10 Jun 2010 09:45 AM
I don't keep any files on my laptop. There are USB hard drives and flash drives that can be better encrypted and are also good for back up, if you have several.
Greg Viger on
10 Jun 2010 01:03 PM
First, this was a call to comment. I don't have control of which comments are used and was asked for my opinion. I also didn't expect to be the only one quoted.
Greg Viger on
10 Jun 2010 01:03 PM
Second,
Kevin on
10 Jun 2010 01:36 PM
Dont neccessarily agree with everything David says about keeping funded files. I have had Rev can wanting to see an old file that was done under an equity/stated program & had to walk thru the process how we obtained the financing for the borrower. I think we definitely need to responsibly maintain files on funded transactions for many reasons. Set a standard & then penalize those that dont meet minimum Industry standards. RECA in Alberta requires that if a deal was approved but crashed & didnt fund that we are required to maintain that file for 3 years! And that's on a file not even funded.
Different note, RECA sends out a news letter & it touched on its response to the big BMO Fraud & how it works to ensure that industry members be aware of these potential situations. Ironically, they stated one of the flags for fraud is if the mortgage broker was also the realtor or someone who plays a multi role in the transaction. Yet, they issue mortgage agent licences to licensed realtors!
Realestate Brokers/owners are grandfathered & are able to get Mortgage Broker Licences with ease. Then they recruit agents to run & service their realtors so they can kick back incentives to the realtors that use the inhouse agent.
Some things just gotta change, until then, greed breeds fraud.
Finally, maybe I'm wrong, but isnt Jennifer Stoddart the one pressing the Canadian Realestate Industry to open up the MLS that they have developed & invested all these years to Joe public because it is an unfair playing field. Then we have lenders giving us way tougher requirements for private sales because the increased fraud potential is higher on private sales. Whats next?
Greg Viger on
10 Jun 2010 01:47 PM
Sorry, hitting return submits the page in Firefox.
Second, my comments are aimed to bring attention of the seriousness of issue to the industry, not outsiders. In hindsight and seeing this as a web posting vs a print article, this might give some bad guys an idea. However the dozen articles on the topic in major papers is already giving them ideas. The identity theft pros look for the easy way and they now have a bunch of new ideas.
What has happened with respect to press on the topic has always been my concern and issue. While physical file management is one major issue it is electronic information management that is my real concern. Mainly because it is very difficult to detect when your data has been compromised. I have 15 years of IT experience for large organizations and it is from that experience I see how we should be operating our businesses vs how they are operated in many cases. I have a good understanding of how easy it can be for someone to gain access to a lot of confidential information with little detection. Most brokers don't realize it. The purpose of my comments is to build awareness of areas brokers should be concerned.
I agree 100% that other industries are just as at risk and that we have been singled out. But it is the singling out that has created the issue for all of us and consumer confidence in us. Combine this bad press with the negative image established by brokers taking blame for a lot of the US's problems as well as the BMO case where brokers are listed as defendants.
I also made the comments (which were not quoted) that the major issue the report identified have been largely corrected. As another comment referenced, Alberta has thorough licensing practices as does BC and now Ontario. Many other provinces also do or are in the process of putting in place these changes. Equifax has also improved their requirements for gaining access to CBs. I feel the report is punishing the industry for errors of years ago without a lot of reference to the fact that changes have already been made. Clearly there is more that should be done.
We can't do anything about what is out there now. We can only do damage control and improve our practices. The major challenge we all face is that it only takes one broker to screw up and get bad press to further degrade consumer confidence in all our businesses. This is now at risk of becoming the topic of the day. Where it didn't catch press in the past, even small breaches may not be turned into major articles. That is where my concern and frustration is.
The above is about best practices. There is the aspect of compliance that is also of issue. This report will likely increase the burdens on broker owners related to privacy legislation and I see a huge opportunity for CAAMP to provide resources that make it more efficient for all brokers and agents to comply with what will likely be a greater level of scrutiny of compliance to federal and provincial privacy legislation. We all have the same requirements to comply. A partnered approach to preparing information handling policies and procedures that address our responsibilities as defined by our business and legislation and possibly even a Privacy Officer from a national level is worth considering to gain economies of scale.
For the record I am a full time mortgage broker and have been for 5 years (licensed 6 years). I do hold a real estate license for some web based real estate systems I continue to operate part-time. I do not practice real estate. I am just as serious and fully committed to the mortgage broker industry as anyone else that has taken the time to comment here.
Greg
Greg on
10 Jun 2010 08:36 PM
Truecrypt
www.truecrypt.org
Prepare a part of your hard drive for encryption and store your data there. You can mount it when you need it and dismount it when you don't need it.
You may also bring your pc offline for more security when you are mounting your drive for use. Although it may not be accessed by outsiders when in use. See the website for more information.
Cheers
JOhn on
02 Sep 2010 03:17 PM
I agree wholly with Greg's comments. I actually had a call from a potential client and after the cursory questions (rates, etc.) she asked what security I had to protect her files. I responded: motion detectors alarmed to my house and the police; locked and barred filing cabinets in a room that is locked with no window access, still covered by the motion detector; no information on laptops, we will not do house calls for this reason. Desktop computers secured by a bios password (seven key strokes) and a sign on password (10 key strokes. Strong firewall monitored by my computer geeks. I got her business. I push security big time here.