An overwhelming majority of mortgage lenders utilize systems that enable borrowers to provide sensitive private data through insecure delivery channels.
The findings, released on Wednesday, were based on an investigation of 63 mortgage lenders conducted by a cyber security firm.
Of all the mortgage companies investigated, 45 allowed loan applicants to send personal and financial information — including tax documents and W-2s — over unencrypted e-mail as attachments.
HALOCK Security Labs, which reported the findings, said that eight of the top 11 lenders utilized the same unsecure practices as smaller lenders.
Faxing of sensitive data was encouraged by 70 percent of the lenders even though the medium is not as secure as encryption.
Just 12 percent of the group offered a secure e-mail portal, while more than 40 percent provided a postal mail option.
Many of the lenders that don’t offer a secure e-mail portal said that it was a matter of what the customer was most comfortable with.
“Oftentimes it was easier to have my clients send documents like W-2’s through e-mail because everyone has access to an e-mail account,” an anonymous former lender was quoted as saying. “Most of us [lenders] didn’t want to take the time to explain what a secure portal was and how to use it. Everyone understands what e-mail is.”
HALOCK Senior Partner Terry Kurzynski says that the Schaumburg, Ill.-based service provider offers “many secure file transfer technologies that are both easy for customers to use, and safe from network snooping.”
The company is online at www.halock.com.
