Federal Privacy Commissioner Jennifer Stoddart released a report recently that said several mortgage brokerages need to better secure their customers' personal information from theft. The release consisted of five brokerage audits to see what measures had been taken since incidents in 2008 left hundreds of their clients' private finances vulnerable to theft.
The report emphasizes that some mortgage brokerages should improve their security processes to protect client information. “If I was a professional criminal, a mortgage broker would be my main target,” said Greg Viger, accredited mortgage professional with Dominion Lending Centres Financial Ltd. in Burnaby, B.C. who also worked in the IT sector.
“Bad press like this can dramatically change our business and destroy confidences,” Viger said. “Consumers, who may not have realized before, may suddenly become afraid of mortgage brokers, and decide to go to a big bank where they might feel more sure of privacy protection. And we have to be careful about painting the entire industry with one brush.”
Viger is the complete opposite of brokers in Stoddart’s report who left files in parking garages and used the blank reverse side of past mortgage applications to photocopy new ones. All Viger’s files are secured in his home office and none left in a remote location.
Viger believes that many of the issues identified in the audit have already been resolved, such as ensuring stricter licensing practices so fraudulent persons are not mistakenly hired. But mortgage professionals need to be more conscious about the significance of the information they carry and how easily it can be accessed, particularly on their laptops and computers, without anyone noticing. Viger is always careful to have his laptop by his side at all times, even when he’s stopping at the mini-mart.
Ultimately, Viger believes the industry would benefit from having a national privacy officer that brokerages can subscribe to. "Right now everyone has to recreate the wheel. That's one of the challenges we all face," he said.
Currently, mortgage industry practices are provincially regulated. The five Greater Toronto Area mortgage brokers audited in Stoddart’s report has revealed security cracks that likely exist in all industries, but now mortgage professionals’ resolve to manage the risk must match the publicity of this highly lucrative criminal idea. -Heather Li
Read Stoddart's full audit on selected mortgage brokers.
More agents weigh in:
River City Financial Services President David Armstrong weighs in on the report and talks to CMP reporter Nick Lypaczewski about what the audit did right and what the Privacy Commission can improve.
What are your thoughts on the security concerns brought up by the audit?
I agree with a lot of the concerns, although I do feel they're singling out mortgage brokers to a certain extent. This is a problem, I think, in the entire credit industry, not just brokers. Many financial institutions, banks included, they have cubicle-type offices where personal information is often out and about. I do agree with the concerns, but I don't think that it's right to single out mortgage brokers; I think they should have focused on the entire credit industry.
How do you think imposter-brokers are so easily able to rip-off customers?
In Alberta, we have very stringent licensing requirements and I think it's something that the entire country should follow. Before you can obtain a license in Alberta, you not only have to go through the course, you also have to get a certified criminal record check completed where you're actually fingerprinted. It's a lot more thorough in making sure the people who are being registered are who they say they are and, because you have to go through that process, you can't register someone to work for you as a mortgage broker until they've been cleared by our provincial licensing body. We, as a mortgage broker, can't put somebody onto our employ and register them until they've been cleared by the Real Estate Council of Alberta through this process.
Are there any other security concerns you can think of that Stoddart's report didn't address?
The problem is, we work in a very competitive environment so financial institutions access credit bureaus without obtaining signed authorization up front. You can't restrict one entity and not restrict another because it makes for an unlevel playing field. I think you need to bring about some new strict rules for the entire credit industry and then, if it was a level playing field and everybody had to follow those same rules, everybody would be better protected. My main concern, frankly, over the security of information is on the paper side of things. We are required to maintain client files far too long and it's really a duplicate file that the lender has. Our provincial licensing bodies and various government agencies actually require us to keep these paper files for a long period of time and that's your biggest risk. We should be allowed once the mortgage funds to destroy the file in its entirety other than maybe the client's authorization and a couple of other things because the lender has all that information already.
Do you think Stoddart's recommendations will stop the problem and to what extent?
I don't think they go far enough. I think, again, the biggest issue is around the storage of files. Why are we keeping them for so long? We don't need to have this information. I've been in business for six years; I've never had somebody come to me asking me to view this information i.e Revenue Canada, a lender, auditor, that kind of thing. I think that [the report] will help and it certainly brings awareness to the problem but I think we need to really address this not as a mortgage broker industry but as a credit industry. You can't single out just mortgage brokers; you have to have the same rules for everybody that's lending money and everybody that's accessing this information and you need to tighten the rules
5 Ways to Protect Your Laptop From Identity Theft
By Tina L. Douglas
1. Purchase security cables for your laptop. This is one of the most affordable yet effective laptop security device that you can use with your mobile gear. This security cable works just like a bicycle lock which attached itself into your laptop. You can then put this cable around anything that is stationary like a desk or a drawer so that if in case someone tries to steal your laptop, they will not immediately take with them without destroying the lock, or destroying your laptop.
2. Install laptop tracking programs. This software works with the GPS technology which will allow you to know the exact location of your laptop as soon as the thief goes online with it. You will not only get hold of your laptop's exact physical location, but some of these programs have built in capabilities which will allow you to send your data remotely from the stolen laptop and crash the hard drive so that the thief will not have access to the valuable information that is stored in your laptop. These programs are very effective measures against identity theft.
3. Create a BIOS password. A BIOS password is prompted whenever you boot up your computer. Often, BIOS passwords allow the user to enter it three times before it locks you out of the system and refuse to boot.
4. Set up Login Passwords. Although this may be easy to crack especially for identity theft criminals who have enough technical knowledge, it can still serve as a deterring force for identity thieves to immediately steal your personal information which can render you long hours of work fixing your credit report when you become a victim of identity theft.
5. Install encryption programs. These programs on the other hand will secure your data because before any file is accessed, a password will be required. When you send your documents online, even if is intercepted, the third party will not be able to read your data because unless they have your password.
Mortgagebrokernews.ca news brief on Stoddart's report that mortgage brokers need to improve customer security.
MORTGAGEBROKERNEWS.CA WEB EXCLUSIVE: CMP reporter Nick Lypaczewski talks to River City Financial Services president David Armstrong about his reaction to Stoddart's security concerns.