How Safe Is Your Personal Data When You Apply for a Mortgage?
You provide reams of personal and financial information to your mortgage lender when applying for a home loan or refinance. But how safe is this information?
It's a legitimate question, and one that might give you pause as you're gathering copies of your paycheck stubs and tax forms as you're applying for a new mortgage.
Brian Seibert, president of Michigan First Mortgage in Waterford, Mich., says that he understands the concerns of consumers. Applying for a mortgage loan, and providing the necessary paperwork for refinance, can be an intimidating process.
"There is a fear out there," Seibert said. "Why do we want so much information? Is someone else looking at it? It does become a concern that we do see from consumers."
Seibert, though, says that lenders need this personal information to make sound lending decisions. The days of borrowers sailing through the mortgage process without having to prove their financial health are long gone, Seibert said.
"We are asking for more information these days to make sure that borrowers can pay back their mortgages," Seibert said. "Before, lenders were too lenient. The documentation wasn't as important. There was little fear out there. But we saw where that led us. Today, lenders are far more meticulous when it comes to having their borrowers verify their information."
Lenders say that they do take steps to protect the personal information of their borrowers. tThe federal Gramm-Leach-Bliley Act says that financial institutions must notify consumers of how much or little of their financial information that they share with third parties.
But is there enough protection? A lot of that depends on how mortgage lenders and borrowers communicate with each other.
Risks of submitting information by e-mail
More than 70 percent of mortgage lenders might be putting consumers' sensitive financial data at risk during the mortgage-loan application process, according to a study released last year by Schaumburg, Ill.-based HALOCK Security Labs. That's how many lenders the study found permitted borrowers to send their personal and financial information through unencrypted e-mail as attachments. In other words, they let borrowers send their tax and bank information as messages that cybercriminals can easily access.
The reason? According to HALOCK, it's because lenders are more interested in making the application process an easy one than they are in making it a secure one.
The HALOCK study recommends that consumers instead upload their personal information through secure online portals created by their lenders, making it far less likely to be intercepted by cybercriminals.
"It's no longer feasible to rely on unsecure e-mail for the transfer of financial documents," said Terry Kurzynski, senior partner at HALOCK Security Labs, in a written statement. "Any type of weak link in a system involving sensitive information exposes people to unnecessary risk. It takes months to recover from an identity theft and minutes to log into a secure portal. Do the math."
If you're ready to apply for a mortgage what can you do to protect yourself? For one thing, you can insist on submitting copies of your documents through secure online portals that require passwords and log-ins.
If that's not an option, you can instead mail your information and documents to lenders or drop them off in person.
What safeguards does your lender take?
You can also ask your lenders what steps they're taking to protect your information.
Eric Meadow, chief operating officer and general counsel with Oak Brook, Ill.-based Midwest Equity Mortgage, said that his company sends consumers a dedicated Web address and log-in information to an account created for their mortgage application. They can then upload their sensitive documents into this secure online portal.
And when Midwest Equity Mortgage sends e-mail messages to consumers, the company uses encryption software to protect personal information, Meadow said.
Once Midwest Equity Mortgage has this personal information from its consumers, it makes sure to secure it internally, Meadow said. This means that Midwest Equity also relies on secure online portals when providing borrowers' information to outside parties such as credit bureaus, lawyers or title companies.
It also means that the company's servers and databases are locked down and password-protected, and that only those company officials who are directly working on a loan can access the information.
"We know, of course, that some of the most sophisticated companies in the world have been breached," Meadow said. "Whether you're talking about banks or stores like Target, there is no 100-percent-foolproof way to secure and lock down data. But there needs to be multiple steps taken to protect it and identify breaches quickly."
And if you have the option to either send personal information through e-mail or through an online portal, always go with the portal.
Make sure when applying for a home loan, you ask to read your lender's privacy and security policies.
Can your information be sold?
Seeing your information fall into criminal hands is just one risk. You also need to worry about whether your mortgage lender might sell your personal information to third parties that would love to sell you credit cards, life insurance or other financial products.
Your lender wants copies of your bank statements. It wants copies of your last two years of tax returns and W2 statements. You need to send your two most recent paycheck stubs. And even after you send in all these documents, your lender will run your credit report, a report that tells lenders how many credit-card accounts you have, the balances of these accounts and your history of paying your bills on time.
That's a lot of sensitive personal and financial information.
This is where the Gramm-Leach-Bliley Act comes into play. When you apply for a mortgage loan, your lender should provide you with a document stating exactly what it does with your personal information and if they share it with others.
This document should state why your lender shares your information, whether it's to help third parties perform the services they need to help your lender close your loan, or to help your lender identify financial products that might interest you, or to help third parties do the same.
Much of this sharing is necessary. For instance, you lender has to provide your basic personal information to one of the three credit bureaus to receive your credit report.
You should also have an option to limit the amount of sharing your lender does. The document should list a phone number, Web site or mailing address that you can access to tell lenders that you don't want them to share your personal information for marketing or promotional purposes. You should be able to check options that, for example, forbid your lender from sharing information about your credit score with their affiliated credit-card branches.
Make sure to ask for this paperwork, and to ask your lender to explain how it shares your personal information, before you close your mortgage.
Paperwork not going away
Even with concerns about security and sharing, don't expect lenders to limit the amount of paperwork you'll need to present during the mortgage process.
Your lender needs this personal information to verify your monthly income and debts, job status and your bill-paying history. Your lender's job is to make sure that you can afford your monthly mortgage payments. That's why lenders request copies of your paycheck stubs, W2 forms, tax returns and bank statements. It's also why they access your credit reports.
Seibert says that without accessing this information, lenders would make far too many loans to consumers who couldn't afford their payments.
"The goal here is to make sure that everyone we lend to can pay back their loan on time," Seibert said. "We do ask for a lot of information. But we do it for a reason."